مشكلة عند بداية تشغيل الـ windows xp

[algana9]

السلام عليكم ورحمة الله وبركاتة​

وبعد الأخوه الأفاضل المبدعين والأساتذة الكرام رواد منتديات زيزوم لا استغني بعد الله عن لمساتكم السحرية ومعلوماتكم القيمة شاكر لكم حسن تعاونكم​

مشكلتي إخوتي عند تشغيل الـ windows تظهر لي رسالة خطأ نصها​

(( هناك مشكلة تمنع windows من التحقق بشكل دقيق من ترخيص هذا الجهاز​

رمز الخطأ < 0X80004005> ))​

علما بأن الجهاز لابتوب ايسر والويندوز اكس بي سيرفس باك اب 3​

أرجــــو المـساعدة جـزاكم الله الـف خـير​

 

[MAAX]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[algana9]

الأستاذ الفاضل ماكس شكراً على مرورك الكريم​

المشكلة اخي الفاضل أنني لا أستطيع الدخول على النظام
لأنة عند ما يتم تحميل الإعدادات الشخصية تظهر رسالة الخطأ
وبعدها اضغط على موافق ثم يتم حفظ البينات ثم تسجيل الخروج وتبقى الشاشة على كلمة < Administrator >​

وهكذا كل ما حاولت الدخول إلى النظام تتكرر العملية .
وأنا حالياً اتصل من جهاز آخر .​

أرجــــو المــساعدة جـزاكـم الله خـير​

 

[MAAX]

هل جربت الدخول للوضع الامن

 

[أعتز بك]

ادخل عن طريق الوضع الآمن

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واعمل رد ماااكس

بالتوفيق

 

[أعتز بك]

عذراًُ اخي ماكس ,,,

 

[algana9]

الأخوة الأفاضل ماكس واعتز بك اعزكم الله ورفع من شأنكم
تمكنت من الدخول في الوضع الأمن وهذا هو التقرير​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:33 ص, on 29/06/2009
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [svchost Agent] C:\WINDOWS\system32\28463\svchost.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe
O4 - HKCU\..\Run: [SPSTEALT] "C:\Documents and Settings\Administrator\Desktop\برامج الصيانة\winsmart.exe" /stealt
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Moq3 Wallpaper Changer.lnk = C:\Program Files\Moq3 Wallpapers Changer\Moq3 Wallpaper Changer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7912 bytes​

 

[algana9]

أرجــــــو المســـــاعدة​

 

[MAAX]

حدد التالي واحذفه

F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe

O4 - HKLM\..\Run: [svchost Agent] C:\WINDOWS\system32\28463\svchost.exe

O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe

طريقة الحذف

​

ثم جرب الدخول بالوضع العادي​

 

[algana9]

الأخ الفاضل ماكس حذفت القيم التي طلبت ولكن عند محاولت الدخول بالوضع العادي اعطاني نفس رسالة الخطأ
ثم يتم حفظ البينات ثم تسجيل الخروج وتبقى الشاشة على كلمة < Administrator >

وهكذا كل ما حاولت الدخول إلى النظام تتكرر العملية .
​

 

[algana9]

هــل يـوجـد حـل يا إخواني أفيدوني جـزاكـم الله خـير​

 

[MAAX]

اعمل هذا التقرير بالوضع الامن

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

وانتبه ترفع الموضوع والا المشرفين يسكرو الموضوع :d:
​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[algana9]

آسف على التأخير إخواني لكن هذا هو التقرير​

ComboFix 09-06-29.02 - Administrator 07/04/2009 15:53.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1270.1020 [GMT 3:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\28463
c:\windows\system32\28463\svchost.001
c:\windows\system32\28463\svchost.002
c:\windows\system32\28463\svchost.exe
c:\windows\system32\setup.ini
c:\windows\system32\svchost .exe
.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-06-28 20:43 . 2009-06-28 20:43 -------- d-----w- c:\program files\Trend Micro
2009-06-28 02:43 . 2004-07-17 08:42 487 ----a-w- c:\windows\system32\login.cmd
2009-06-27 15:32 . 2008-01-25 20:35 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-27 15:32 . 2008-01-25 20:35 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-27 15:26 . 2009-06-27 15:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-27 15:26 . 2009-06-27 15:26 -------- d-----w- c:\windows\system32\DRVSTORE
2009-06-27 15:26 . 2008-05-15 07:08 104192 ----a-w- c:\windows\system32\drivers\br3gmdm.sys
2009-06-27 15:26 . 2009-06-27 15:26 -------- d-----w- c:\program files\BandRich
2009-06-27 15:15 . 2009-06-27 15:15 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-27 14:41 . 2009-06-27 14:41 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 14:41 . 2009-06-27 14:41 107272 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-27 14:41 . 2009-06-27 14:41 325128 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 14:41 . 2009-06-27 14:41 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 14:41 . 2009-06-27 14:41 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-27 14:41 . 2009-06-27 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-06-27 14:41 . 2009-06-27 14:41 -------- d-----w- c:\program files\AVG
2009-06-27 14:41 . 2009-06-27 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-27 08:34 . 2009-06-27 08:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-27 08:32 . 2009-06-27 08:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-27 07:10 . 2000-05-26 09:14 161280 ------w- c:\windows\system32\hpofax07.dll
2009-06-27 07:07 . 2000-05-26 08:57 53248 ------w- c:\windows\system32\hpousd07.dll
2009-06-27 07:07 . 2000-05-26 07:43 28672 ------w- c:\windows\system32\hpomem07.dll
2009-06-27 07:05 . 1999-10-18 07:35 317952 ------w- c:\windows\system32\roboex32.dll
2009-06-27 07:05 . 1999-03-05 09:05 54784 ------w- c:\windows\system32\INETWH32.DLL
2009-06-27 07:05 . 2000-05-26 07:41 40960 ------w- c:\windows\system32\HPOtap07.dll
2009-06-27 07:03 . 2000-05-26 07:21 15664 ------w- c:\windows\system32\drivers\hpoipr07.sys
2009-06-27 07:03 . 2000-05-26 07:21 50448 ------w- c:\windows\system32\drivers\hpoid407.sys
2009-06-27 07:03 . 2000-05-26 07:16 17360 ------w- c:\windows\system32\drivers\hpoius07.sys
2009-06-27 07:03 . 2000-05-26 07:30 57344 ------w- c:\windows\system32\hpoisn07.dll
2009-06-27 07:03 . 2000-05-26 07:29 94208 ------w- c:\windows\system32\hpoipt07.dll
2009-06-27 07:03 . 2000-05-26 07:27 53248 ------w- c:\windows\system32\hpoipr07.dll
2009-06-27 07:03 . 2000-05-26 07:26 57344 ------w- c:\windows\system32\hpoipm07.exe
2009-06-27 07:03 . 2000-05-26 07:26 61440 ------w- c:\windows\system32\hpoinw07.exe
2009-06-27 07:03 . 2009-06-27 07:03 -------- d-----w- c:\temp\W2k
2009-06-27 07:03 . 2000-05-26 07:24 73728 ------w- c:\windows\system32\hpoidr07.dll
2009-06-27 07:02 . 2009-06-27 07:02 -------- d-----w- c:\program files\ReadIRIS
2009-06-27 07:02 . 2009-06-27 07:02 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 07:01 . 2000-05-26 10:57 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-26 23:53 . 2009-06-26 23:53 96645 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-26 23:53 . 2009-06-26 23:53 87941 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-26 23:52 . 2009-07-04 13:03 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-26 23:52 . 2009-07-04 13:03 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-26 23:52 . 2009-06-26 23:52 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-26 23:52 . 2009-06-26 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-26 23:49 . 2009-06-26 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-26 23:20 . 2009-06-26 23:20 83392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 23:11 . 2009-06-26 23:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2009-06-26 23:11 . 2009-06-26 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 23:11 . 2009-06-26 23:11 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-26 22:15 . 2009-06-26 22:15 -------- d-----w- c:\windows\Icon_Patcher
2009-06-26 22:06 . 2009-06-26 22:06 -------- d-----w- c:\program files\Error Repair Professional
2009-06-26 22:01 . 2009-06-26 22:01 -------- d-----w- c:\program files\IObit
2009-06-26 21:46 . 2009-06-26 21:46 -------- d--h--w- c:\windows\ie8
2009-06-26 21:29 . 2009-06-26 21:29 -------- d-----w- c:\program files\Moq3 Wallpapers Changer
2009-06-26 21:28 . 2009-06-26 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-26 21:26 . 2009-06-26 21:26 -------- d-----w- c:\program files\MPlayer for Windows
2009-06-26 21:18 . 2009-06-26 21:18 -------- d-----w- c:\program files\Yahoo!
2009-06-26 21:18 . 2009-06-26 21:18 -------- d-----w- c:\program files\CCleaner
2009-06-26 21:06 . 2004-08-04 12:00 6144 ----a-w- c:\windows\system32\dllcache\kbdtuq.dll
2009-06-26 21:02 . 2009-06-26 21:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-26 21:02 . 2009-06-26 21:02 -------- d-----w- c:\program files\Java
2009-06-26 21:01 . 2008-01-25 20:35 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-26 20:59 . 2009-06-26 20:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-06-26 20:51 . 2009-06-26 20:51 -------- d-----w- c:\program files\ClocX
2009-06-26 20:46 . 2006-10-26 16:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-06-26 20:45 . 2009-06-26 20:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-26 20:45 . 2009-06-26 20:45 -------- d-----w- c:\program files\MSBuild
2009-06-26 20:44 . 2009-06-26 20:44 -------- d-----w- c:\program files\Microsoft.NET
2009-06-26 20:42 . 2009-06-26 20:42 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-26 20:40 . 2009-06-26 20:40 -------- d-----w- c:\windows\SHELLNEW
2009-06-26 20:36 . 2009-06-26 20:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-06-26 20:33 . 2009-06-26 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-26 20:31 . 2009-06-26 20:31 -------- d--h--r- C:\MSOCache
2009-06-26 20:25 . 2009-06-26 20:25 0 ----a-w- c:\windows\nsreg.dat
2009-06-26 20:25 . 2009-06-26 20:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-26 20:22 . 2009-06-26 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-26 20:15 . 2009-06-26 20:15 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-26 20:15 . 2008-12-11 10:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-26 20:15 . 2009-06-26 20:15 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-26 20:15 . 2009-06-26 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-26 20:14 . 2009-06-26 20:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-26 20:14 . 2009-06-26 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-26 20:12 . 2009-06-26 20:12 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-26 20:10 . 2009-06-26 20:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2009-06-26 20:10 . 2009-06-26 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-06-26 20:10 . 2009-06-26 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-06-26 20:10 . 2009-06-26 20:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-26 20:10 . 2009-06-26 20:10 -------- d-----w- c:\program files\ACD Systems
2009-06-26 19:56 . 2009-06-26 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-06-26 19:49 . 2009-06-26 19:49 -------- d-----w- c:\program files\اروع الفلاشات الاسلامية
2009-06-26 19:43 . 2009-06-26 19:43 -------- d-----w- c:\program files\System
2009-06-26 19:42 . 2009-06-26 19:42 -------- d-----w- c:\windows\KingoOo_Tools
2009-06-26 19:42 . 2009-06-26 19:42 9694 ----a-w- c:\windows\irunin.dat
2009-06-26 19:42 . 2009-06-26 19:42 720896 ----a-w- c:\windows\iun6002.exe
2009-06-26 19:42 . 2009-06-26 19:42 -------- d-----w- c:\program files\Dictionary
2009-06-26 19:41 . 2006-03-17 11:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2009-06-26 19:41 . 2006-03-17 08:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2009-06-26 19:41 . 2006-03-17 08:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2009-06-26 19:41 . 2006-03-17 08:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2009-06-26 19:41 . 2006-03-17 08:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2009-06-26 19:41 . 2009-06-26 19:41 -------- d-----w- c:\program files\Nero
2009-06-26 19:41 . 2009-06-26 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-26 19:41 . 2009-06-26 19:41 -------- d-----w- c:\program files\Common Files\Nero
2009-06-26 19:40 . 2009-06-26 19:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 19:38 . 2009-06-26 19:38 -------- d--h--w- c:\windows\$hf_mig$
2009-06-26 19:38 . 2009-06-26 19:38 -------- d-----w- C:\74368d7bcc33e26c7e14f06dfe
2009-06-26 19:38 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-06-26 19:38 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-26 19:38 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-26 19:37 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2009-06-26 19:37 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-26 19:37 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-06-26 19:37 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-26 19:37 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-26 19:26 . 2009-06-26 19:26 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-26 19:25 . 2009-06-26 19:25 -------- d-----w- c:\windows\system32\LogFiles
2009-06-26 19:25 . 2009-06-26 19:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-26 19:25 . 2008-06-12 08:27 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-26 19:24 . 2009-06-26 19:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-26 19:24 . 2009-06-26 19:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-26 19:24 . 2009-06-26 19:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-26 19:24 . 2009-06-26 19:24 -------- d-----w- c:\program files\Real
2009-06-26 19:24 . 2009-06-26 19:24 -------- d-----w- c:\program files\Common Files\Real
2009-06-26 19:22 . 2009-06-26 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 13:03 . 2009-06-26 23:52 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-04 13:03 . 2009-06-26 23:52 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-04 13:03 . 2009-06-26 18:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-26 22:23 . 2008-01-26 00:57 402944 ----a-w- c:\windows\system32\fontext.dll
2009-06-26 22:15 . 2008-01-26 00:57 1949184 ----a-w- c:\windows\system32\logonui.exe
2009-06-26 18:51 . 2009-06-26 18:51 -------- d-----w- c:\program files\WIDCOMM
2009-06-26 18:47 . 2009-06-26 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-06-26 18:47 . 2009-06-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-06-26 18:45 . 2009-06-26 18:45 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-26 18:45 . 2009-06-26 18:45 -------- d-----w- c:\program files\Atheros
2009-06-26 18:44 . 2009-06-26 18:44 -------- d-----w- c:\program files\acer
2009-06-26 18:43 . 2009-06-26 18:43 -------- d-----w- c:\program files\CONEXANT
2009-06-26 18:42 . 2009-06-26 18:42 -------- d-----w- c:\program files\Synaptics
2009-06-26 18:33 . 2009-06-26 18:33 -------- d-----w- c:\program files\Intel
2009-06-26 18:32 . 2009-06-26 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 18:32 . 2009-06-26 18:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-26 18:24 . 2009-06-26 18:16 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-26 18:17 . 2009-06-26 18:17 -------- d-----w- c:\program files\microsoft frontpage
2009-06-26 18:12 . 2009-06-26 18:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2009-06-26 22:23 1657344 2F8293C821A32545447E2810A4C77EA1 c:\windows\explorer.exe
[-] 2009-06-26 22:23 1657344 2F8293C821A32545447E2810A4C77EA1 c:\windows\system32\dllcache\explorer.exe
[-] 2009-06-26 22:24 112640 DD61C20F3116DBA466510A61AEA731F9 c:\windows\system32\wuauclt.exe
[-] 2009-06-26 22:24 112640 DD61C20F3116DBA466510A61AEA731F9 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-01-26 15360]
"SPSTEALT"="c:\documents and settings\Administrator\Desktop\برامج الصيانة\winsmart.exe" [2005-04-16 593920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 136600]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-01-26 110592]
"Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Moq3 Wallpaper Changer.lnk - c:\program files\Moq3 Wallpapers Changer\Moq3 Wallpaper Changer.exe [2009-6-27 924672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 08:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 14:41 10520 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Msn Messsenger"=c:\windows\system32\regsvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"svchost Agent"=c:\windows\system32\28463\svchost.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 32784]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/27/2009 5:41 PM 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/27/2009 5:41 PM 107272]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [10/3/2008 10:41 AM 87264]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/26/2009 11:15 PM 603904]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [6/27/2009 6:26 PM 104192]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/25/2008 8:07 PM 24592]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:36]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe​

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\piofj8sx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-04 16:04
Windows 5.1.2600 Service Pack 3, v.3300 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1343024091-796845957-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,73,b1,3d,12,5d,25,4b,a9,88,fd,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,73,b1,3d,12,5d,25,4b,a9,88,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\klogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3dlg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
.
**************************************************************************
.
Completion time: 2009-07-04 16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 13:07
Pre-Run: 21,940,420,608 bytes free
Post-Run: 21,882,601,472 bytes free
289​

 

[MAAX]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة​

 

[algana9]

جزاك الله خير اخي ماكس وهذا هو التقرير​

Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 3, v.3300
05/07/2009 12:13:22 م
mbam-log-2009-07-05 (12-13-11).txt
Scan type: Full Scan (C:\|D:\|F:\|G:\|)
Objects scanned: 81039
Time elapsed: 36 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\antiwpa.dll (Malware.Tool) -> No action taken.
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> No action taken.​

 

[AbOdy]

كيف الأوضاع عندك ؟؟

 

[algana9]

الأخ عبودي و الأستاذ الفاضل ماكس لا زال عندي نفس المشكلة​

وهي ظهور رسالة خطأ عند تشغيل الجهاز ولا يسمح لي بالدخول إلى النظام ونصها​

(( هناك مشكلة تمنع windows من التحقق بشكل دقيق من ترخيص هذا الجهاز​

رمز الخطأ < 0X80004005> ))​

شاكر لكم تعاونكم ووقتكم الثمين​

 

[FireFox]

مرحباً

مقتبس من الاخ ماكس

الله يعطيكم العافية
الاخ سلطان ما قصر وحل المشكلة

الان جربي تنشيط الوندوز من الوضع الامن

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وضعها في هذا المسار
c:\windows

واضغط عليه نقرتين واضغط بعدين كلمة باتش
ثم اعد تشغيل الجهاز

بالتوفيق

 

[algana9]

عفوا اخي الغالي فاير فوكس
هناك مشكلة في رابط التحميل يعطيني ​

عفواا الرابط غير صحيح لحظات وننتقل للموقع الجديد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

شكرا لمرورك ومساعدتك ​

 

[الـــ ج ــنــوبــي]

أخي الكريم حمل ملف الريجستري التالي :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وقم بتشغيله في الوضع الآمن وبأذن الله راح تزول المشكلة k:​