مشكلة تهنيق الجهاز

[عاشق المعالي]

السلام عليكم
الجهاز عندي يهنق بكثرة
حيث لا استطيع فتح اي شيء او تحريك الفارة
مما يجعلني اضطر لاعادة التشغيل عن طريق الزر الموجود في الجهاز

النظام عندي xp
وللمعلومية انا فاك الغطى الجانبي للجهاز ومشغل مروحة عليه عشان الحرارة

وللاسف كل مرة اغير المروحة الخلفية للجهاز مدري وش اسمها واركب اخرى والحرارة ترتفع
لكن مع المروحة التي قمت بتشغيلها بجوار الجهاز لايوجد حرارة
وركبت رام اضافي ولازالة المشكلة ؟؟؟

فما الحل

 

[KoNaMi]

حياك اخوي

اعمل الاتي


تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
​

 

[عاشق المعالي]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:23:29 م, on 25/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
D:\للتحميل\HiJackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
--
End of file - 3916 bytes

 

[KoNaMi]

احذف التالي اخوي

O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect

طريقة الحذف للاكس بي​

​

​

​

بعدين استخدم ها الاداة

التحميل من هنا​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

التوافق : ويندوز اكسبي فقط ​

​

شرح الاستخدام ,,,,,,​

​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

​

​

بعدين

عطل جميع برامج الحمايه ,,


نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة​

​

 

[عاشق المعالي]

ComboFix 09-05-04.A3 - user 05/25/2009 20:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.479.210 [GMT 3:00]
Running from: c:\docume~1\user\LOCALS~1\Temp\Rar$EX00.953\لازالة الفيروسات\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-05-25 16:46 . 2009-05-25 16:46 -------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-05-24 20:35 . 2009-05-24 20:44 -------- d-----w c:\program files\Paltalk Messenger
2009-05-24 13:13 . 2004-08-04 00:55 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-24 13:13 . 2009-05-24 13:13 -------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2009-05-24 13:12 . 2009-05-24 13:12 -------- d-----w c:\documents and settings\user\Application Data\vlc
2009-05-24 11:46 . 2009-05-24 11:46 -------- d-----w c:\windows\Sun
2009-05-24 09:04 . 2009-05-24 09:04 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Identities
2009-05-23 23:07 . 2009-05-23 23:07 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-05-23 23:07 . 2009-05-25 09:50 -------- d-----w c:\documents and settings\user\Application Data\Azureus
2009-05-23 23:06 . 2009-05-23 23:06 -------- d-----w c:\program files\Azureus
2009-05-23 22:39 . 2009-05-23 22:39 -------- d-----w c:\documents and settings\user\Application Data\Convivea
2009-05-23 22:39 . 2009-05-23 22:39 -------- d-----w c:\program files\Bit Che
2009-05-23 18:18 . 2009-05-24 07:53 -------- d-----w c:\documents and settings\user\Contacts
2009-05-23 18:17 . 2009-05-23 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-23 18:15 . 2009-05-24 20:35 -------- d-----w c:\documents and settings\user\Application Data\Paltalk
2009-05-23 15:42 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-23 15:30 . 2009-05-23 16:39 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-23 15:30 . 2009-05-23 16:39 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-23 15:29 . 2009-05-23 15:29 -------- d-----w c:\program files\Kaspersky Lab
2009-05-23 15:29 . 2009-05-25 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-23 15:29 . 2009-05-25 17:11 2268704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-23 15:29 . 2009-05-25 17:11 39456 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-23 15:26 . 2009-05-23 15:26 -------- d-s---w c:\documents and settings\user\UserData
2009-05-23 15:24 . 2009-05-23 15:24 -------- d-----w c:\documents and settings\All Users\Application DataTechSmith
2009-05-23 15:23 . 2009-05-23 15:23 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-05-23 15:23 . 2009-05-23 15:23 -------- d-----w c:\program files\TechSmith
2009-05-23 15:22 . 2009-05-23 15:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-23 15:22 . 2009-05-23 15:22 -------- d-----w c:\program files\Unlocker
2009-05-23 15:21 . 2009-05-23 15:32 -------- d-----w c:\documents and settings\user\Application Data\TeoSoft Settings
2009-05-23 15:21 . 2009-05-23 15:21 -------- d-----w c:\program files\TeoSoft.com
2009-05-23 15:18 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-23 15:18 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-23 15:18 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-23 15:18 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-23 15:18 . 2001-08-17 11:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-23 15:18 . 2001-08-17 11:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-23 15:18 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-23 15:18 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-23 14:55 . 2005-09-05 04:00 25984 ----a-r c:\windows\system32\drivers\WDMTuner.sys
2009-05-23 14:55 . 2004-01-20 01:48 61440 ----a-r c:\windows\system32\Prop713x.dll
2009-05-23 14:55 . 2003-10-29 17:30 69632 ----a-r c:\windows\system32\34TVCtrl.dll
2009-05-23 14:55 . 2003-10-29 17:30 135168 ----a-r c:\windows\system32\34API.dll
2009-05-23 14:55 . 2005-09-05 04:00 279552 ----a-r c:\windows\system32\drivers\SAA713x.sys
2009-05-23 14:55 . 2004-08-03 21:55 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-23 14:55 . 2004-08-03 21:55 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-23 14:51 . 2009-05-23 14:51 -------- d-----w c:\windows\speech
2009-05-23 14:51 . 2009-05-23 14:51 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-05-23 14:51 . 2009-05-23 14:51 172032 ------w c:\windows\Setup1.exe
2009-05-23 14:51 . 2009-05-23 14:51 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-23 14:50 . 2002-02-18 07:23 46352 ----a-w c:\windows\setdebug.exe
2009-05-23 14:50 . 2002-02-18 07:22 171280 ----a-w c:\windows\system32\jit.dll
2009-05-23 14:50 . 2002-02-18 07:22 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-23 14:50 . 2002-02-18 04:35 6550 ----a-w c:\windows\jautoexp.dat
2009-05-23 14:50 . 2002-02-18 04:34 313856 ----a-w c:\windows\system32\dx3j.dll
2009-05-23 14:48 . 2009-05-23 14:48 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-23 14:48 . 2009-05-23 14:48 -------- d-----w c:\program files\Windows Live
2009-05-23 14:46 . 2009-05-23 16:31 -------- d-----w c:\program files\GRETECH
2009-05-23 14:45 . 2007-09-04 16:56 164352 ----a-w c:\windows\system32\unrar.dll
2009-05-23 14:45 . 2009-05-23 14:45 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-23 14:45 . 2009-05-23 14:45 -------- d-----w c:\program files\Common Files\xing shared
2009-05-23 14:45 . 2009-05-23 14:45 348160 ------w c:\windows\system32\msvcr71.dll
2009-05-23 14:45 . 2009-05-23 14:45 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-23 14:45 . 2009-05-23 14:45 -------- d-----w c:\program files\Common Files\Real
2009-05-23 14:45 . 2009-05-23 14:45 -------- d-----w c:\program files\Real
2009-05-23 14:44 . 2009-05-23 14:44 -------- d-----w c:\program files\VideoLAN
2009-05-23 14:43 . 2009-05-23 14:43 -------- d-----w c:\program files\Nero
2009-05-23 14:35 . 2003-06-18 14:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-23 14:34 . 2009-05-23 14:34 -------- d-----w c:\program files\Microsoft.NET
2009-05-23 14:34 . 2009-05-23 14:34 -------- d-----w c:\program files\Microsoft Works
2009-05-23 14:33 . 2009-05-23 14:34 -------- d-----w c:\windows\SHELLNEW
2009-05-23 14:30 . 2009-05-23 14:30 -------- d--h--r C:\MSOCache
2009-05-23 14:28 . 2009-05-23 14:28 -------- d-----w c:\program files\SiSLan
2009-05-23 14:28 . 2003-08-08 15:00 32640 ----a-w c:\windows\system32\drivers\sisidex.sys
2009-05-23 14:28 . 2001-03-30 14:58 135168 ----a-r c:\windows\system32\property.dll
2009-05-23 14:28 . 2004-09-03 05:43 46464 ----a-r c:\windows\system32\drivers\SiSRaid.sys
2009-05-23 14:28 . 2009-05-23 14:28 -------- d-----w c:\program files\Silicon Integrated Systems
2009-05-23 14:26 . 2004-07-23 14:22 110592 ------w c:\windows\system32\TVMode.dll
2009-05-23 14:26 . 2004-07-23 14:18 184320 ------w c:\windows\system32\SiSApCom.dll
2009-05-23 14:26 . 2004-08-10 13:47 331776 ----a-w c:\windows\system32\sistray.exe
2009-05-23 14:26 . 2009-05-23 19:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 14:26 . 2009-05-23 14:26 -------- d-----w c:\windows\SiS
2009-05-23 14:21 . 2009-05-23 14:22 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-23 14:21 . 2009-05-23 14:21 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-23 14:20 . 2009-05-23 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-23 14:16 . 2009-05-23 14:16 -------- d-----w c:\program files\Bonjour
2009-05-23 14:09 . 2009-05-23 14:09 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-23 14:03 . 2009-05-23 19:15 -------- d-----w c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 17:11 . 2009-05-23 15:29 4424 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-25 17:11 . 2009-05-23 15:29 24020 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-23 17:07 . 2009-05-23 14:49 -------- d-----w c:\program files\Circle Developement
2009-05-23 16:40 . 2007-04-28 13:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-05-23 14:56 . 2009-05-23 14:56 -------- d-----w c:\program files\honestech
2009-05-23 14:50 . 2009-05-23 14:50 2232 ----a-w c:\windows\java\Packages\Data\B9VLVXBV.DAT
2009-05-23 14:50 . 2009-05-23 14:50 155995 ----a-w c:\windows\java\Packages\4CIDNPVH.ZIP
2009-05-23 14:50 . 2009-05-23 14:50 2678 ----a-w c:\windows\java\Packages\Data\HR7JTVZD.DAT
2009-05-23 14:50 . 2009-05-23 14:50 2678 ----a-w c:\windows\java\Packages\Data\JHB1JZDJ.DAT
2009-05-23 14:50 . 2009-05-23 14:50 2678 ----a-w c:\windows\java\Packages\Data\ZH3RL7V3.DAT
2009-05-23 14:50 . 2009-05-23 14:50 2678 ----a-w c:\windows\java\Packages\Data\GCAWNZ3P.DAT
2009-05-23 14:50 . 2009-05-23 14:50 2678 ----a-w c:\windows\java\Packages\Data\1B7B1JJN.DAT
2009-05-23 14:50 . 2009-05-23 14:49 -------- d-----w c:\program files\Java
2009-05-23 14:49 . 2009-05-23 14:49 -------- d-----w c:\program files\Common Files\Java
2009-05-23 14:49 . 2009-05-23 14:48 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-23 14:48 . 2009-05-23 13:52 94632 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 14:26 . 2009-05-23 14:25 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-23 14:26 . 2009-05-23 14:25 -------- d-----w c:\program files\SiS VGA Utilities V3.61a
2009-05-23 13:53 . 2001-09-19 15:00 39982 ----a-w c:\windows\system32\perfc001.dat
2009-05-23 13:53 . 2001-09-19 15:00 251478 ----a-w c:\windows\system32\perfh001.dat
2009-05-23 10:50 . 2009-05-23 10:50 -------- d-----w c:\program files\microsoft frontpage
2009-05-23 10:49 . 2001-09-19 15:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-23 10:49 . 2009-05-23 10:49 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-23 10:47 . 2009-05-23 10:47 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-23 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Utility Tray.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [23/05/2009 05:55 م 279552]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [23/05/2009 05:55 م 25984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 02:58 م 24344]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: أضافة إلى مضاد الأعلان - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-25 20:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(888)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
- - - - - - - > 'explorer.exe'(1132)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-05-25 20:21
ComboFix-quarantined-files.txt 2009-05-25 17:21
ComboFix2.txt 2009-05-24 13:27
Pre-Run: 35,380,662,272 bytes free
Post-Run: 35,380,043,776 bytes free
197

 

[أعتز بك]

بعد أذن الغلا كونامي

هايجاك جديد لا هنت

 

[عاشق المعالي]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:56 م, on 25/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\سطح المكتب\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
--
End of file - 3825 bytes

 

[أعتز بك]

أغلق برنامج الحماية

و قم بتعطيل استعادة النظام كما في الشرح

حمل الأداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم ألصقه بردك القادم

وبعدها تقرير هايجاك جديد

 

[عاشق المعالي]

اسف على التأخر
تقرير الفحص

Scan
----
Scanned: 235331
Detected: 0
Untreated: 0
Start time: 01/06/1430 11:58:01 م
Duration: 00:49:03
Finish time: 02/06/1430 12:47:04 ص

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----


تقرير هايجك جديد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:03 ص, on 26/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\سطح المكتب\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-607LS.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
--
End of file - 3857 bytes

 

[عاشق المعالي]

سؤال هل اعيد خيار استعادة النظام ام اجعله مغلق !!

 

[أعتز بك]

أولاً قم بحذف هذه القيمه من تقرير الهايجاك

O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثانياً

خليه أستعادة النظام كما هو الآن من شان تطبق هذا الشرح في الموضوع التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أعمل أخر شرح بالموضوع

وهات التقرير بموضوعك هنا

بالآآنتظآآر ,,,​

 

[عاشق المعالي]

تفضل تقرير التنظيف

Engine Version : 5300.2777
Engine Load Time : 22219 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\NTUSER.DAT : Scan Failed
c:\Documents and Settings\user\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_4cc.dat : Scan Failed
File : c:\Documents and Settings\user\سطح المكتب\Virus Removal Tool\is-607LS\startup.exe : contains "Trojan" called "Generic PWS.y" (No Action Taken (Clean failed) )
c:\Documents and Settings\user\سطح المكتب\Virus Removal Tool\is-607LS\startup.exe : Repair Failed
File : c:\Program Files\Ozone\Audio Converter\opt.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\Program Files\Ozone\Audio Converter\opt.exe : Deleted
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.idx : Scan Failed
c:\WINDOWS\Temp\cch~1ad8e789252b.htp : Scan Failed
c:\WINDOWS\Temp\cch~1ad8ed5427ba.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aed0bb62c38.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aed0bee7cea.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef7d86db9d.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef7ded11bd.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef7e66eb69.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef7ebb71c2.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef8b244c02.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef8b5bec66.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef8d01b5ed.htp : Scan Failed
c:\WINDOWS\Temp\cch~1aef8d3ec6e3.htp : Scan Failed
c:\WINDOWS\Temp\cch~1b094ea899b4.htp : Scan Failed
c:\WINDOWS\Temp\cch~1b094ec76aa6.htp : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 51399
FilesScanned : 33789
FilesNotScanned : 17610

ObjectsFound : 111045
ObjectsInfected : 2
ObjectsCleaned : 0
ObjectsDeleted : 1

FilesInfected : 2
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 1

Started at : 04:35:47 ص 02 جمادى الثانية, 1430
Ended at : 05:10:56 ص 02 جمادى الثانية, 1430
Duration : 35 minutes 9 seconds
3198 MB scanned in 2109 seconds = 1552 KB/s
Engine Version : 5300.2777
Engine Load Time : 23375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 438
FilesScanned : 301
FilesNotScanned : 137

ObjectsFound : 459
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 05:11:22 ص 02 جمادى الثانية, 1430
Ended at : 05:11:40 ص 02 جمادى الثانية, 1430
Duration : 18 seconds
84 MB scanned in 18 seconds = 4 MB/s

===
وهذا تقرير جديد للهاجيك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:15:09 ص, on 26/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\سطح المكتب\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
--
End of file - 3964 bytes

==
للمعلومية هذه القيمة كلما احذفها تعود
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect

 

[أعتز بك]

كيف الوضع الآن ...

أعمل هذا الشرح لتتنجنب بطء فتح وأغلاق القوائم

 

[عاشق المعالي]

تم التطبيق
وبخصوص التهنيق إلى الان لم يحصل شيء
سوف انتظر يومين ثم ارد لكم خبر هل زال ام لا
لذلك ارجوا عدم اغلاق الموضوع
وهل اعيد خاصية استعادة النظام <<< رجهم بهذا السؤال
وكل الشكر لمن قام بالمساعدة
وجعل ذلك في ميزان حسناته
تحياتي لكم

 

[عاشق المعالي]

لازال التهنيق !!!!

 

[أعتز بك]

أعمل التالي الآن

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وأغلق جميع البرامج

قم بتعطيل استعادة النظام كما في الشرح

شغلها فتظهر لك واجهة الاداة

اختر خيار التنظيف فتظهر شاشة الدوس للفحص

اتركها حتى تنتهي ويظهر التقرير

انسخه والصقه بمشاركتك القادمة

 

[عاشق المعالي]

Engine Version : 5300.2777
Engine Load Time : 22593 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\NTUSER.DAT : Scan Failed
c:\Documents and Settings\user\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_514.dat : Scan Failed
File : c:\Documents and Settings\user\سطح المكتب\Virus Removal Tool\is-607LS\startup.exe : contains "Trojan" called "Generic PWS.y" (No Action Taken (Clean failed) )
c:\Documents and Settings\user\سطح المكتب\Virus Removal Tool\is-607LS\startup.exe : Repair Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.idx : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 52551
FilesScanned : 34577
FilesNotScanned : 17974

ObjectsFound : 114604
ObjectsInfected : 1
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 1
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 01:07:43 ص 04 جمادى الثانية, 1430
Ended at : 01:35:03 ص 04 جمادى الثانية, 1430
Duration : 27 minutes 19 seconds
3221 MB scanned in 1639 seconds = 2012 KB/s
Engine Version : 5300.2777
Engine Load Time : 23329 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 475
FilesScanned : 318
FilesNotScanned : 157

ObjectsFound : 502
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 01:35:29 ص 04 جمادى الثانية, 1430
Ended at : 01:35:51 ص 04 جمادى الثانية, 1430
Duration : 21 seconds
86 MB scanned in 21 seconds = 4 MB/s

 

[عاشق المعالي]

لازال التهنيق
وزادة الان مشكلة اخرى
اصبح الجهاز يعيد التشغيل من نفسه