خطا ويوجد صورهـ ارجو الحل

ترتيب حسب التاريخ ترتيب حسب الأصوات
توقيع : AbOdy
تأييد 0
نزلت التحديث ومافي فايده
 
تأييد 0
الصورة تخرج كل مايفتح الجهاز اتمنى الحل
 
تأييد 0
بعد اذن الاخوان عطني تقرير للهايجاك​
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:53 ص, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-602162358-1202660629-1417001333-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'عذبني غيابكـ')
O4 - HKUS\S-1-5-21-602162358-1202660629-1417001333-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'عذبني غيابكـ')
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 3786 bytes
 
تأييد 0
عطل برامج الحماية وشغل الأداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes



اثناء الفحص ممكن يعاد تشغيل الجهاز



وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
ComboFix 09-06-14.02 - Login 5175476 06/15/2009 10:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.974.1033.18.1015.743 [GMT -7:00]
Running from: c:\documents and settings\Login 5175476\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\vbsuct32.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\program files\MSBuild
2009-06-15 13:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-15 13:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-15 13:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-15 13:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-15 13:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-15 13:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-15 13:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-15 13:33 . 2009-06-15 13:33 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\Windows Search
2009-06-15 13:32 . 2009-06-15 13:55 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\windows\system32\GroupPolicy
2009-06-15 13:31 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-06-15 13:31 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-06-15 13:31 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-06-15 13:31 . 2009-06-15 13:31 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-15 13:29 . 2009-06-15 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-15 13:28 . 2009-06-15 13:28 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-15 13:06 . 2009-06-15 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcaBit
2009-06-15 13:04 . 2009-06-15 13:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\ArcaBit
2009-06-15 13:02 . 2009-06-15 13:51 -------- d-----w- c:\program files\ArcaBit
2009-06-15 12:29 . 2009-06-15 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-14 23:51 . 2009-06-14 23:51 -------- d-----w- c:\program files\Windows Live
2009-06-14 23:51 . 2009-06-14 23:51 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-14 23:05 . 2008-04-14 00:12 32866 -c--a-w- c:\windows\system32\dllcache\slrundll.exe
2009-06-14 23:05 . 2008-04-14 00:12 32866 ----a-w- c:\windows\slrundll.exe
2009-06-14 22:56 . 2009-06-14 22:56 -------- d-----w- c:\program files\CCleaner
2009-06-14 14:36 . 2009-06-14 14:36 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\PCToolsFirewallPlus
2009-06-14 14:36 . 2009-06-14 14:36 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\PCToolsSpamMonitorPlus
2009-06-13 13:35 . 2009-06-13 15:48 -------- d-----w- c:\program files\Trojan Remover
2009-06-13 11:52 . 2009-06-13 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-10 14:23 . 2009-06-13 15:46 -------- d-----w- c:\documents and settings\Login 5175476\Local Settings\Application Data\Conduit
2009-06-10 14:23 . 2009-06-13 15:46 -------- d-----w- c:\program files\Conduit
2009-06-10 14:23 . 2009-06-13 15:46 -------- d-----w- c:\program files\Hotspot_Shield
2009-06-10 14:06 . 2009-06-10 14:06 -------- d-----w- c:\program files\temp
2009-06-09 12:44 . 2009-06-09 12:44 -------- d-----w- c:\documents and settings\Login 5175476\Local Settings\Application Data\Thinstall
2009-06-09 12:41 . 2009-06-09 12:42 -------- d-----w- c:\documents and settings\Login 5175476\Local Settings\Application Data\RegCure
2009-06-08 21:01 . 2009-06-08 21:01 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-06-08 21:01 . 2009-06-08 21:01 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-06-08 21:01 . 2009-06-08 21:01 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-06-08 21:01 . 2009-06-08 21:01 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-06-08 21:01 . 2009-06-08 21:01 1986560 ----a-w- c:\windows\system32\akll.dll
2009-06-08 21:01 . 2009-06-08 21:01 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-08 21:01 . 2009-06-08 21:01 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-06-08 21:01 . 2009-06-08 21:01 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-06-08 21:01 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-08 21:01 . 2009-06-08 21:01 -------- d-----w- c:\program files\Real_SC
2009-06-08 21:01 . 2009-06-08 21:01 -------- d-----w- c:\windows\system32\RMBin
2009-06-08 20:56 . 2009-06-08 20:56 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-07 21:59 . 2008-06-01 10:00 75008 ----a-w- c:\windows\system32\drivers\sscvf.sys
2009-06-07 21:59 . 2008-06-01 10:00 41472 ----a-w- c:\windows\system32\vfcfg.exe
2009-06-07 21:59 . 2008-06-01 10:00 110676 ----a-w- c:\windows\system32\vfcfgsh.dll
2009-06-07 21:33 . 2009-06-13 15:45 -------- d-----w- c:\program files\jv16 PowerTools 2008
2009-06-07 21:21 . 2009-06-07 21:21 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-07 21:21 . 2009-06-14 23:05 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-06-07 21:12 . 2009-06-07 21:12 -------- d-----w- C:\Linksys Driver
2009-06-07 20:39 . 2009-06-07 20:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-07 20:39 . 2009-06-07 20:39 -------- d-----w- c:\windows\system32\KB905474
2009-06-07 13:18 . 2009-06-08 07:03 -------- d-sh--w- C:\Diskeeper
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\program files\Diskeeper Corporation
2009-06-07 11:00 . 2009-06-07 11:36 -------- d-----w- c:\windows\BDOSCAN8
2009-06-07 10:59 . 2009-06-07 10:59 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\QuickScan
2009-06-07 10:03 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-07 10:03 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-06 22:43 . 2009-06-07 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-06 22:42 . 2009-06-07 12:19 -------- d-----w- c:\program files\Lavasoft
2009-06-06 22:34 . 2009-06-06 22:34 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\Lavasoft
2009-06-04 22:11 . 2009-06-04 22:11 -------- d-----w- c:\documents and settings\Login 5175476\ErrorLogs
2009-06-04 19:36 . 2009-06-04 19:36 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\SlipStream
2009-06-04 19:16 . 2009-06-04 19:16 -------- d-----w- c:\documents and settings\Login 5175476\Local Settings\Application Data\Shareaza
2009-06-04 16:04 . 2002-12-10 16:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
2009-06-04 10:09 . 2009-06-04 13:41 -------- d-----w- c:\program files\Common Files\Filseclab
2009-06-04 10:09 . 2009-06-04 10:09 -------- d-----w- c:\program files\Filseclab
2009-06-03 11:24 . 2009-06-04 19:25 -------- d-----w- c:\documents and settings\Login 5175476\Local Settings\Application Data\Ares
2009-06-03 11:15 . 2009-06-10 14:36 -------- d-----w- c:\program files\Hotspot Shield
2009-06-03 09:46 . 2009-06-04 21:59 -------- d-----w- c:\program files\GRETECH
2009-06-02 20:49 . 2009-06-02 20:49 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-02 15:30 . 2009-06-02 15:30 -------- d-----w- c:\program files\Common Files\delet
2009-06-02 14:50 . 2009-06-02 14:50 -------- d-----w- c:\program files\Trend Micro
2009-06-02 14:40 . 2009-06-09 12:44 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\Thinstall
2009-06-02 13:26 . 2009-06-02 15:06 -------- d-----w- c:\program files\Spyware Terminator
2009-06-02 09:26 . 2009-06-14 22:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-02 09:20 . 2009-06-10 14:19 -------- d-----w- c:\program files\WinASO
2009-06-02 09:11 . 2009-06-02 09:11 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\TuneUp Software
2009-06-02 09:11 . 2009-06-02 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-02 09:11 . 2009-06-14 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-02 07:55 . 2009-06-02 07:55 -------- d-----w- c:\program files\SuperSpeed
2009-06-01 21:44 . 2009-06-06 23:05 -------- d-----w- c:\program files\Uniblue
2009-06-01 21:38 . 2009-06-01 21:38 -------- d-----w- c:\program files\Reference Assemblies
2009-06-01 21:33 . 2009-06-01 21:33 -------- d--h--r- C:\AHCache
2009-06-01 20:30 . 2009-06-01 20:30 53760 ----a-w- c:\windows\system\ppacklib.dll
2009-06-01 20:30 . 2009-06-01 20:30 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-01 20:30 . 2002-01-05 18:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-01 20:30 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-01 20:30 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-01 09:13 . 2009-06-01 09:21 192 ---ha-w- c:\windows\winshell.dat
2009-06-01 09:12 . 2009-06-01 11:06 -------- d-----w- c:\program files\Dachshund Software
2009-06-01 08:10 . 2009-06-01 08:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 08:10 . 2009-06-01 08:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-01 08:10 . 2009-06-08 20:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 08:10 . 2009-06-08 20:56 -------- d-----w- c:\program files\Real
2009-06-01 08:04 . 2009-06-01 08:04 -------- d-----w- c:\windows\Sun
2009-05-31 21:07 . 2009-05-31 21:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 21:06 . 2009-05-31 21:06 -------- d-----w- c:\program files\Java
2009-05-31 20:13 . 2009-06-13 16:11 -------- d-----w- c:\program files\IObit
2009-05-31 20:13 . 2009-06-13 16:06 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\IObit
2009-05-31 16:50 . 2009-05-31 20:29 -------- d-----w- c:\documents and settings\Login 5175476\DoctorWeb
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\scripting
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\en
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\l2schemas
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\bits
2009-05-31 14:39 . 2009-05-31 14:39 -------- d-----w- c:\windows\ServicePackFiles
2009-05-31 14:28 . 2004-08-04 05:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-05-31 14:26 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-05-31 13:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-31 13:48 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-05-31 13:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-31 13:48 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-05-31 13:48 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:52 . 2009-05-05 21:30 28104 ----a-w- c:\documents and settings\Login 5175476\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 12:32 . 2009-05-05 23:41 -------- d-----w- c:\program files\MSN Messenger
2009-06-14 21:23 . 2009-05-06 00:39 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\cleaner
2009-06-08 11:10 . 2009-05-06 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-07 21:59 . 2009-05-06 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 11:07 . 2009-05-05 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-01 08:09 . 2009-05-31 21:08 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\LimeWire
2009-05-31 20:29 . 2009-05-05 18:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-31 14:42 . 2009-05-05 18:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 13:44 . 2009-05-05 18:32 -------- d-----w- c:\program files\VideoLAN
2009-05-07 15:32 . 2004-08-04 07:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 07:20 . 2009-05-06 07:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-06 00:55 . 2009-05-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-06 00:41 . 2009-05-06 00:41 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\CyberScrub
2009-05-05 23:45 . 2009-05-05 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-05 18:35 . 2009-05-05 18:35 172032 ------w- c:\windows\Setup1.exe
2009-05-05 18:35 . 2009-05-05 18:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-05 18:34 . 2009-05-05 18:34 2232 ----a-w- c:\windows\java\Packages\Data\NXFPNNZR.DAT
2009-05-05 18:34 . 2009-05-05 18:34 155995 ----a-w- c:\windows\java\Packages\OZLJ3VL3.ZIP
2009-05-05 18:34 . 2009-05-05 18:34 2678 ----a-w- c:\windows\java\Packages\Data\ZD3LZ9FH.DAT
2009-05-05 18:33 . 2009-05-05 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-05 18:33 . 2009-05-05 18:33 -------- d-----w- c:\documents and settings\Login 5175476\Application Data\vlc
2009-05-05 18:25 . 2009-05-05 18:25 -------- d-----w- c:\program files\microsoft frontpage
2009-05-05 18:22 . 2009-05-05 18:22 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 04:46 . 2004-08-04 07:56 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 06:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 07:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Login 5175476\Application Data\Desktopicon\eBayShortcuts.exe
2009-03-24 23:08 . 2009-05-06 00:56 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-08 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck ???? ???????
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
R0 SscVF;SscVF;c:\windows\system32\drivers\sscvf.sys [07/06/2009 02:59 م 75008]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [04/06/2009 09:04 ص 6852]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-15 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-15 10:14
ComboFix-quarantined-files.txt 2009-06-15 17:14
Pre-Run: 34,243,399,680 bytes free
Post-Run: 34,353,020,928 bytes free
235 --- E O F --- 2009-06-15 14:39
 
تأييد 0
هايجاك جديد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:13 ص, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 3460 bytes
 
تأييد 0
خلينا نشيك اكثر على جهازك ... يويل الفيروسات اللي في جهازك من المكافي .. :hh:​



عطل استعادة النظام حسب الشرح التالي

i7549_1.png

i7550_2.png

i7551_3.png

ثم



ادخل هذه الصفحة



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وارفق رابط التحميل بمشاركتك القادمة
 
التعديل الأخير بواسطة المشرف:
توقيع : ابـــو عــبــد الــلــه
تأييد 0
ملف الصورة اللي اعطيتني اياه تالف شوف
i17610_1.png

على العموم اذا كانت مشكلتك بسبب شاشة زرقاء ادخل على هذا الموضوع
وان شاء الله تستفيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لو كانت مشكلتك غير
يا ريت لو تحددها
 
تأييد 0
كيف الوضع معك الحين​
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
نفس الحال
 
تأييد 0


....

من ابدأ اختر run واكتب الامر التالي​

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




ثم وافق على اعادة التشغيل



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى