يعلق بعد شاشه الترحيب!!

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

الدكتاتوري1

زيزوومي جديد
إنضم
27 نوفمبر 2007
المشاركات
51
مستوى التفاعل
0
النقاط
50
غير متصل
تعبت و انا احاول اكتب موضوع مو راضي ينزل


المهم السلام عليكم و رحمه الله و بركاته


انا احب هالمنتدى حيل دايم القى فيه اللي ابيه

ما اطول عليكم

المشكله يا اللي الله يطول بعمرمكم


جهازي يشتغل اوك

مره دخلت على التاسك منجر و سويت انهاء لوحده من العمليات <<جبت العيد

و بعدها طفيت و جيت بعدين شغلته


طلعت لي صفحه الجهاز بعدين الويندوز بعدين شاشه الترحيب بعدها تطلع شاشه سودا و المؤشر بالنص


انتظر انتظر مافيه امل

سويت اعاده تشغيل و دخلت بالسيف مود و دخل عادي و فتح

و دخلت عندكم هنا و سويت تقرير بالاداه وانا بالسيف مود و هذا التقرير بالاسفل


علما بأني حاولت ادخل اكثر من مره لكن دايم يعلق

اترككم مع التقرير:

كود: 
Deckard's System Scanner v20071014.68
Run by Dk on 2009-01-18 00:14:58
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------
[COLOR=red]Total Physical Memory: 503 MiB (512 MiB recommended).[/COLOR]
 
-- HijackThis Clone ------------------------------------------------------------
 
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2009-01-18 00:14:59
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Dk\سطح المكتب\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://www.google.com/ie[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.google.com[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.google.com.sa/[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [URL]http://www.google.com/ie[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [URL]http://www.google.com/search?q=%s[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.google.com/ie[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [URL]http://www.google.com/ie[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [URL]http://www.google.com/ie[/URL]
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 [URL="http://www.hxg001.cn"]www.hxg001.cn[/URL]
O1 - Hosts: 127.1 [URL="http://www.hxg002.cn"]www.hxg002.cn[/URL]-01-02 18:40:12    249856 --a------ C:\WINDOWS\system32\ALOQuickTimeFile.dll <Not Verified; Online 20 ------------
:q:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
ما طلع لي تقرير قفلت لحالها
 

تأييد 0
انا جربتها والمفروض يطلع تقرير

على العموم

حدد القيم التالية واحذفها

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [HBService32] System.exe

O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O20 - AppInit_DLLs: dcmmbikh.dll,jlfaeojn.dll,mconkdcc.dll,ckhmhihh.dll,fhencoki.dll,eplfhebp.dll,ej ebjlbn.dll,eldmgngo.dll,hekpojnb.dll,dfkcgeap.dll,efnpojae.dll,mamjnfme.dll,cjgn pahn.dll,cacoengd.dll,oeahggkb.dll,gibahadd.dll,aodkalnj.dll,ikcgojcn.dll,dleehd mi.dll

واحذف جميع القيم التي تبدأ بـ 021

طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم ارفع تقرير جديد
 
تأييد 0
حذفت القيم اللي قلت عنها ولكن بعض القيم رجعت

بالنسبه للتولبار ما عندي الا قوقل و كل ما ضغطت على ازاله ما يسوي شي يبقى موجود

و هذا التقرير

::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:50:41 ص, on 24/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Dk\Application Data\CyberScrub\Privacy Suite" 
O4 - HKCU\..\RunOnce: [ClearPageFileAtShutDown] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" -XP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: mconkdcc.dll,jlfaeojn.dll,dcmmbikh.dll,dleehdmi.dll,ikcgojcn.dll,aodkalnj.dll,gibahadd.dll,oeahggkb.dll,cjgnpahn.dll,efnpojae.dll,dfkcgeap.dll,fhencoki.dll,ckhmhihh.dll
O21 - SSODL: DF4C0EA9 - {DF4C0EA9-841C-46F2-BE71-E5A23A078B51} - C:\WINDOWS\system32\dfkcgeap.dll
O21 - SSODL: EF7983AE - {EF7983AE-DDC0-4471-B37D-D636758FF539} - C:\WINDOWS\system32\efnpojae.dll
O21 - SSODL: C3079A17 - {C3079A17-22CC-40FC-97C0-958E6DBBB335} - C:\WINDOWS\system32\cjgnpahn.dll
O21 - SSODL: 8EA1004B - {8EA1004B-D6A2-4A19-934F-7D3DC61E2670} - C:\WINDOWS\system32\oeahggkb.dll
O21 - SSODL: 02BA1ADD - {02BA1ADD-EF76-43FA-835C-A963160C2A6E} - C:\WINDOWS\system32\gibahadd.dll
O21 - SSODL: A8D4A573 - {A8D4A573-9716-42AE-BB5E-ABE2CB2A6DBB} - C:\WINDOWS\system32\aodkalnj.dll
O21 - SSODL: 24C083C7 - {24C083C7-A138-4235-BC61-BFACD097D18B} - C:\WINDOWS\system32\ikcgojcn.dll
O21 - SSODL: DC66B241 - {DC66B241-C629-4359-8A66-18B6B6741B5E} - C:\WINDOWS\system32\dcmmbikh.dll
O21 - SSODL: 35FAE837 - {35FAE837-1316-4125-8DD7-777F2BD90750} - C:\WINDOWS\system32\jlfaeojn.dll
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: C4161211 - {C4161211-B3B7-47C3-825D-C8A183E17A54} - C:\WINDOWS\system32\ckhmhihh.dll
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O21 - SSODL: D5EE1D62 - {D5EE1D62-2EF4-4B40-9C73-D75E0F9BE0AF} - C:\WINDOWS\system32\dleehdmi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5245 bytes
 
تأييد 0
طيب ليه داخل بالوضع الامن
سوي التقرير من الوضع العادي
 
تأييد 0
هي مشكلتي كلها انه ما يدخل من الوضع العادي

اذا جيت ادخل بالوضع العادي يعلق عند شاشه الترحيب شوي بعدها تطلع شاشه سودا و المؤشر لحاله و يعلق عندها


علشان كذا ارجع ادخل بالسيف مود علشان يشتغل
 
تأييد 0
طيب جرب الان تدخل للوضع العادي
 
تأييد 0
جربت ... نفس الشي يوقف عند الشاشه السودا
 
تأييد 0
بالله اخوي اعد الفحص باداة المكافي
وانتظر حتى ظهور التقرير
 
تأييد 0
اوك اخوي مثل ما قلت انا شغلت الاداه الحين و جالسه تحمل التحديثات وتطول شوي بعدها تبدا الفحص عن طريق الدوس لحالها


وانا عندي محاضره الساعه 8 - 10 بعدها اجي ان شاء الله و اذا في تقرير راح ارفعه


اذا ممكن اخوي تفيدني اذا انت راح تكون موجود وقتها او لا علشان اتابع و انتظر الرد الفوري ولا انزله و اجي بعدين
 
تأييد 0
اذا حملت التحديثات المرة الاولى فما رح تطول كثير ،، اقل من دقيقة
وانا ما اتوقع اكون موجود بعد الساعة 8
 
تأييد 0
اوك اخوي يعطيك العافيه عموما و لنا لقاء اخر اليوم

البرنامج جالس يفحص و فور انتهاءه و خروج تقرير سوف اضعه
 
تأييد 0
وهذا تقرير المكافي
::التقرير::
كود: 
Engine Version     : 5300.2777
Engine Load Time   : 31705 milliseconds
AV     DAT Version : 5504.0000   495717 detections   Built 27 محرم, 1430 
Extra DAT          :                  0 detections
 
Memory : Clean                               
Please wait ... building list of critical files to scan
File     : C:\WINDOWS\system32\aodkalnj.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\cjgnpahn.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\ckhmhihh.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
Terminating scan ...
Engine Version     : 5300.2777
Engine Load Time   : 25666 milliseconds
AV     DAT Version : 5504.0000   495717 detections   Built 27 محرم, 1430 
Extra DAT          :                  0 detections
 
Memory : Clean                               
Please wait ... building list of critical files to scan
File     : C:\WINDOWS\system32\aodkalnj.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\cjgnpahn.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\ckhmhihh.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\dcmmbikh.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\dfkcgeap.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\dleehdmi.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\efnpojae.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\gibahadd.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\ikcgojcn.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\jlfaeojn.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
File     : C:\WINDOWS\system32\oeahggkb.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
Critical : Repair Failed                       
Scanning the computer's ****** directories                               
******s : Clean                               
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Dk\ntuser.dat : Scan Failed
c:\Documents and Settings\Dk\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\Dk\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Dk\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Dk\Local Settings\Temp\Perflib_Perfdata_590.dat : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
File     : c:\Program Files\Messenger\msgmr.dll : contains "Trojan" called "Generic Downloader.x"  (Deleted )
c:\Program Files\Messenger\msgmr.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011549.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011549.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011550.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011550.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011551.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011551.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011552.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011552.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011553.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011553.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011554.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011554.dll : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011555.sys : contains "Trojan" called "W32/Almanahe.sys"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011555.sys : Deleted
File     : c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0014661.dll : contains "Trojan" called "Generic Downloader.x"  (Deleted )
c:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0014661.dll : Deleted
File     : c:\WINDOWS\system32\aodkalnj.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\aodkalnj.dll : Repair Failed
File     : c:\WINDOWS\system32\cjgnpahn.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\cjgnpahn.dll : Repair Failed
File     : c:\WINDOWS\system32\ckhmhihh.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\ckhmhihh.dll : Repair Failed
File     : c:\WINDOWS\system32\dcmmbikh.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\dcmmbikh.dll : Repair Failed
File     : c:\WINDOWS\system32\dfkcgeap.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\dfkcgeap.dll : Repair Failed
File     : c:\WINDOWS\system32\dleehdmi.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\dleehdmi.dll : Repair Failed
File     : c:\WINDOWS\system32\efnpojae.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\efnpojae.dll : Repair Failed
File     : c:\WINDOWS\system32\gibahadd.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\gibahadd.dll : Repair Failed
File     : c:\WINDOWS\system32\ikcgojcn.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\ikcgojcn.dll : Repair Failed
File     : c:\WINDOWS\system32\jlfaeojn.dll : contains "Trojan" called "PWS-OnlineGames.dg"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\jlfaeojn.dll : Repair Failed
File     : c:\WINDOWS\system32\oeahggkb.dll : contains "Trojan" called "Generic PWS.am"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\oeahggkb.dll : Repair Failed
File     : c:\WINDOWS\system32\oleadp.dll : contains "Trojan" called "Generic Downloader.x"  (No Action Taken (Clean failed) )
c:\WINDOWS\system32\oleadp.dll : Repair Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean                               
                                                                               
Summary :-
 FilesFound       :    20102
 FilesScanned     :    13318
 FilesNotScanned  :     6784
 
 ******sFound     :    44278
 ******sInfected  :       32
 ******sCleaned   :        0
 ******sDeleted   :        9
 
 FilesInfected    :       21
 FilesCleaned     :        0
 FilesMoved       :        0
 FilesDeleted     :        9
 
Started at : 07:04:57 ص 28 محرم, 1430
Ended at   : 08:14:40 ص 28 محرم, 1430
Duration   : 1 hours 9 minutes 42 seconds
2430 MB scanned in 4182 seconds = 595 KB/s
Engine Version     : 5300.2777
Engine Load Time   : 26298 milliseconds
AV     DAT Version : 5504.0000   495717 detections   Built 27 محرم, 1430 
Extra DAT          :                  0 detections
 
File     : d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011556.dll : contains "Trojan" called "PWS-OnlineGames.di.dll"  (Deleted )
d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011556.dll : Deleted
File     : d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011557.exe : contains "Virus" called "W32/Almanahe.c"  (Cleaned )
d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011557.exe : Repaired
File     : d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011558.exe : contains "Virus" called "W32/Almanahe.c"  (Cleaned )
d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011558.exe : Repaired
File     : d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011559.exe : contains "Virus" called "W32/Almanahe.c"  (Cleaned )
d:\System Volume Information\_restore{E8C874A8-2AF3-40EF-B7E7-6CF3C07A9B17}\RP3\A0011559.exe : Repaired
                                                                               
Summary :-
 FilesFound       :    10863
 FilesScanned     :     8499
 FilesNotScanned  :     2364
 
 ******sFound     :    13222
 ******sInfected  :        4
 ******sCleaned   :        3
 ******sDeleted   :        1
 
 FilesInfected    :        4
 FilesCleaned     :        3
 FilesMoved       :        0
 FilesDeleted     :        1
 
Started at : 08:15:08 ص 28 محرم, 1430
Ended at   : 08:37:54 ص 28 محرم, 1430
Duration   : 22 minutes 45 seconds
4483 MB scanned in 1365 seconds = 3 MB/s

و هذا التقرير مرفوع للتحميل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
اخوي تاكد من تعطيل استعادة النظام
ثم اعد تعطيل القيم السابقة بالهايجاك
ولا تعيد تشغيل الجهاز

توجه الى هذا المسار
C:\WINDOWS\system32

وابحث عن الملفات التالية واحذفها

aodkalnj.dll
cjgnpahn.dll
ckhmhihh.dll
dcmmbikh.dll
dfkcgeap.dll
dleehdmi.dll
efnpojae.dll
gibahadd.dll
ikcgojcn.dll
jlfaeojn.dll
oeahggkb.dll

اي ملف يرفض الحذف ،، احذفه بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اضغط على الملف الي بتحذفه بزر الماوس الأيمن

ثم اختر كم في الصورة :::

tutorial1.png



ثم بعد ذلك اختر بدل NO action كلمة delete ثم اضغط Unlock all وسيحذف بحول الله

tutorial2.png


ثم تقرير هايجااك جديد
 
تأييد 0
حذفت الملفات اللي قلتها كلها بمساعده الاداه و هذا تقرير الهايجاك قبل اعاده التشغيل
::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:03 ص, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Dk\Application Data\CyberScrub\Privacy Suite" 
O4 - HKCU\..\RunOnce: [ClearPageFileAtShutDown] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" -XP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: aodkalnj.dll,ikcgojcn.dll,dleehdmi.dll,dcmmbikh.dll,jlfaeojn.dll,mconkdcc.dll,ckhmhihh.dll,fhencoki.dll,dfkcgeap.dll,efnpojae.dll,cjgnpahn.dll,oeahggkb.dll,gibahadd.dll
O21 - SSODL: DF4C0EA9 - {DF4C0EA9-841C-46F2-BE71-E5A23A078B51} - C:\WINDOWS\system32\dfkcgeap.dll (file missing)
O21 - SSODL: EF7983AE - {EF7983AE-DDC0-4471-B37D-D636758FF539} - C:\WINDOWS\system32\efnpojae.dll (file missing)
O21 - SSODL: C3079A17 - {C3079A17-22CC-40FC-97C0-958E6DBBB335} - C:\WINDOWS\system32\cjgnpahn.dll (file missing)
O21 - SSODL: 8EA1004B - {8EA1004B-D6A2-4A19-934F-7D3DC61E2670} - C:\WINDOWS\system32\oeahggkb.dll (file missing)
O21 - SSODL: 02BA1ADD - {02BA1ADD-EF76-43FA-835C-A963160C2A6E} - C:\WINDOWS\system32\gibahadd.dll (file missing)
O21 - SSODL: A8D4A573 - {A8D4A573-9716-42AE-BB5E-ABE2CB2A6DBB} - C:\WINDOWS\system32\aodkalnj.dll (file missing)
O21 - SSODL: 24C083C7 - {24C083C7-A138-4235-BC61-BFACD097D18B} - C:\WINDOWS\system32\ikcgojcn.dll (file missing)
O21 - SSODL: DC66B241 - {DC66B241-C629-4359-8A66-18B6B6741B5E} - C:\WINDOWS\system32\dcmmbikh.dll (file missing)
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: 35FAE837 - {35FAE837-1316-4125-8DD7-777F2BD90750} - C:\WINDOWS\system32\jlfaeojn.dll (file missing)
O21 - SSODL: C4161211 - {C4161211-B3B7-47C3-825D-C8A183E17A54} - C:\WINDOWS\system32\ckhmhihh.dll (file missing)
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O21 - SSODL: D5EE1D62 - {D5EE1D62-2EF4-4B40-9C73-D75E0F9BE0AF} - C:\WINDOWS\system32\dleehdmi.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5587 bytes
 
تأييد 0
وهذا تقرير بعد اعاده التشغيل ولكن بنفس الوضع الامن جربت بالعادي لكن يعلق و دخلت كالعاده بالوضع الامن

::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:45 ص, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Dk\Application Data\CyberScrub\Privacy Suite" 
O4 - HKCU\..\RunOnce: [ClearPageFileAtShutDown] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" -XP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: aodkalnj.dll,ikcgojcn.dll,dleehdmi.dll,dcmmbikh.dll,jlfaeojn.dll,mconkdcc.dll,ckhmhihh.dll,fhencoki.dll,dfkcgeap.dll,efnpojae.dll,cjgnpahn.dll,oeahggkb.dll,gibahadd.dll
O21 - SSODL: DF4C0EA9 - {DF4C0EA9-841C-46F2-BE71-E5A23A078B51} - C:\WINDOWS\system32\dfkcgeap.dll (file missing)
O21 - SSODL: EF7983AE - {EF7983AE-DDC0-4471-B37D-D636758FF539} - C:\WINDOWS\system32\efnpojae.dll (file missing)
O21 - SSODL: C3079A17 - {C3079A17-22CC-40FC-97C0-958E6DBBB335} - C:\WINDOWS\system32\cjgnpahn.dll (file missing)
O21 - SSODL: 8EA1004B - {8EA1004B-D6A2-4A19-934F-7D3DC61E2670} - C:\WINDOWS\system32\oeahggkb.dll (file missing)
O21 - SSODL: 02BA1ADD - {02BA1ADD-EF76-43FA-835C-A963160C2A6E} - C:\WINDOWS\system32\gibahadd.dll (file missing)
O21 - SSODL: A8D4A573 - {A8D4A573-9716-42AE-BB5E-ABE2CB2A6DBB} - C:\WINDOWS\system32\aodkalnj.dll (file missing)
O21 - SSODL: 24C083C7 - {24C083C7-A138-4235-BC61-BFACD097D18B} - C:\WINDOWS\system32\ikcgojcn.dll (file missing)
O21 - SSODL: DC66B241 - {DC66B241-C629-4359-8A66-18B6B6741B5E} - C:\WINDOWS\system32\dcmmbikh.dll (file missing)
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: 35FAE837 - {35FAE837-1316-4125-8DD7-777F2BD90750} - C:\WINDOWS\system32\jlfaeojn.dll (file missing)
O21 - SSODL: C4161211 - {C4161211-B3B7-47C3-825D-C8A183E17A54} - C:\WINDOWS\system32\ckhmhihh.dll (file missing)
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O21 - SSODL: D5EE1D62 - {D5EE1D62-2EF4-4B40-9C73-D75E0F9BE0AF} - C:\WINDOWS\system32\dleehdmi.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5538 bytes
 
تأييد 0
اخوي اعد حذف القيم التي تبدأ بـ 021
ثم ارفع تقرير جديد
 
تأييد 0
حذفت قيم 21 راحت كلها باقي 2
وحذفت قيمه 20 راح منها كلام كثير وبقى شوي

هذا التقرير الجديد

::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:00:24 ص, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Dk\Application Data\CyberScrub\Privacy Suite" 
O4 - HKCU\..\RunOnce: [ClearPageFileAtShutDown] "C:\Documents and Settings\Dk\Application Data\cleaner\CSPSeraser.exe" -XP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: mconkdcc.dll,fhencoki.dll
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4141 bytes
 
تأييد 0
مرحباااااااااااااااا اخوووووووووووي الغالي


الحمدلله انحلت المشكله

وطلعت مثل ما كنت متوقع لان دايم ما يجيب المشاكل الا برامج الحمايه


بس حذفت الافاست حق الحمايه رجع يشتغل الجهاز اوووك


اسف تعبتك اخوي بس الحمدلله برامجك ما قصرت


مشكور يالغلا اردها لك بموقف احسن ان شاء الله


لكن عندي سؤال اخير <<<<< تحملني :q:


انا ما قدرت احذف الافاست من اضافه و ازاله البرامج لان الصفحه كانت تعلق

رحت للمجلد حقه الموجود في C:\Program Files و حذفت المجلد كامل

يا ليت اذا فيه برنامج او اداه تشيل مخلفات البرنامج او اي شي متعلق فيه

هذا تقرير اخير توني رافعه بالوضع العادي


::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:46 ص, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: mconkdcc.dll,fhencoki.dll
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4842 bytes
 
تأييد 0
الحمدلله على انتهاء المشكلة
صدقا لو انك حاط مشاركة بعدم انتهاء المشكلة بقولك احذف برامج الحماية

استخدم اداة حذف الافاست

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبلغني اخر النتائج لانهاء الموضوع

موفق يالغالي
 
تأييد 0
مشكور اخوي على الاداه الرائعه

انا حلفت ما انزل ولا برنامج حمايه واذا بغيت شي انزل الاداه تفحص مباشره و خلاص

مشكور يالغلا هذا اخر تقرير للجهاز و ان شاء الله كل شي سليم

::التقرير::
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:47:09 ص, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Dk\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-4PTR7.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://arabsgate.emkanat.com:1998/cp/files/talk5.cab[/URL]
O20 - AppInit_DLLs: mconkdcc.dll,fhencoki.dll
O21 - SSODL: 6C874DCC - {6C874DCC-77B9-44FA-8D65-F5728C0E1BAA} - C:\WINDOWS\system32\mconkdcc.dll
O21 - SSODL: F1E7C842 - {F1E7C842-DCE6-4E7C-ADD2-B4C9ABE33876} - C:\WINDOWS\system32\fhencoki.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4045 bytes
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى