[ مشكلة ] الريجستري يعلق

[كانو الفنان]

السلام عليكم

انا عندي الريجستري كل مابغى ابحث عن شي

اذا حطيت بحث وحطيت الكلمة الي ابغاه واضغط بحث يعلق

ماادري وش السبب اتمنى القى الحل وشكرا

 

[format]

رد: الريجستري يعلق

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]اعمل تقرير لجهازك بواسطة برنامج[/FONT][/FONT] HijackThis



[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]حمل البرنامج [/FONT][/FONT][FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]من هنـا[/FONT][/FONT]


**********************

**********************

**********************

​

 

[كانو الفنان]

رد: الريجستري يعلق

تفضل هذا هو


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:09 م, on 16/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: MessengerPlusLive Saudi Arabia TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MessengerPlusLive Saudi Arabia TB - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MessengerPlusLive Saudi Arabia TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fahess_Activation\McciBrowser.exe" -appkey=Fahess_Activation -hidden -url=file:///C:/Program%20Files/Fahess_Activation/ReportAgent.html
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\system32\microsoft\windows.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 6870 bytes

 

[format]

رد: الريجستري يعلق

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]حمل اداة[/FONT][/FONT]ComboFix



[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]من هنـــا[/FONT][/FONT]




**********************



[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]أولاً[/FONT][/FONT] :[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]أوقف برنامج الحماية لديك >>>>>> مهمة جداً هذه النقطة[/FONT][/FONT]



[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]ثاياً[/FONT][/FONT] :[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]قم بتعطيل خاصية استعادة النظام[/FONT][/FONT]



**********************

**********************



-:: [FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]انتظر قليلاً حتى تعمل الاداه[/FONT][/FONT] ::-

**********************

**********************

**********************

**********************

**********************

​

 

[كانو الفنان]

رد: الريجستري يعلق

اذا اقفت استعادة النضام هل بعدين اذا بغيت استعيد النضام بامكاني استعادته ام لا ..



لان اذا حصل مشكلة لاسمح الله استعيد النضام .. لاني محتاج لها

 

[format]

رد: الريجستري يعلق

في حال ايقاف استعادة النظام ..

لن يستعيد النسخة السابقة ..

لاتخف يالغالي .. الاداه مضمونه .. ومافي خوف
​

 

[كانو الفنان]

رد: الريجستري يعلق

ComboFix 10-12-15.07 - MHM 12/16/2010 2021.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.695 [GMT 3:00]
Running from: c:\documents and settings\MHM\سطح المكتب\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MHM\Application Data\logs.dat
c:\documents and settings\MHM\Application Data\PriceGong
c:\documents and settings\MHM\Application Data\PriceGong\Data\1.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\a.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\b.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\c.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\d.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\e.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\f.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\g.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\h.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\i.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\J.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\k.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\l.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\m.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\n.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\o.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\p.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\q.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\r.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\s.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\t.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\u.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\v.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\w.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\x.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\y.xml
c:\documents and settings\MHM\Application Data\PriceGong\Data\z.xml
c:\program files\Fun************Products
c:\program files\Fun************Products\Installr\2.bin\F3EZsetp.dll
c:\program files\Fun************Products\Installr\2.bin\F3PLUGIN.DLL
c:\program files\Fun************Products\Installr\2.bin\NPFUN************.DLL
c:\windows\system32\Bifrost
c:\windows\system32\Bifrost\logg.dat
c:\windows\system32\bifrost\server.exe
c:\windows\system32\Dr.AdNaN.exe
c:\windows\system32\Microsoft\Win_Xp.exe
c:\windows\system32\Microsoft\windows.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.
2010-12-15 23:20 . 2010-12-15 23:20 -------- d-----w- C:\ERDNT
2010-12-13 20:57 . 2010-12-13 20:57 -------- d-----w- C:\spoolerlogs
2010-12-11 16:07 . 2010-12-11 16:07 -------- d-----w- C:\Extracted
2010-12-08 21:02 . 2010-12-16 17:37 -------- d-----r- C:\Program Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2009-05-30 . 6E932D21E116B51ED9D5157E31C48E33 . 1547776 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}"= "c:\program files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll" [2010-11-13 3913000]
[HKEY_CLASSES_ROOT\clsid\{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 18:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}]
2010-11-13 18:58 3913000 ----a-w- c:\program files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}"= "c:\program files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
[HKEY_CLASSES_ROOT\clsid\{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\************browser]
"{F78A8F02-19EE-4DE8-8EA7-6138E8B524F4}"= "c:\program files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll" [2010-11-13 3913000]
[HKEY_CLASSES_ROOT\clsid\{f78a8f02-19ee-4de8-8ea7-6138e8b524f4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2010-12-09 171448]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [2009-01-21 1482240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 21:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-10-12 08:33 166424 ----a-r- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-10-12 08:33 141848 ----a-r- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 19:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-10-12 08:33 137752 ----a-r- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-27 06:20 16844800 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 13:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:bifrost
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/12/2010 11:17 ص 108289]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-MotiveReportAgent - c:\program files\Fahess_Activation\McciBrowser.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-DelThumbs_is1 - c:\program files\DelThumbs\unins000.exe
AddRemove-FAHESS-SelfSupport - c:\program files\FAHESS\unFAHESS-SelfSupport.exe
AddRemove-Flash Movie Player - c:\program files\Flash Movie Player\uninst.exe
AddRemove-GOM Player - c:\program files\GRETECH\GomPlayer\Uninstall.exe
AddRemove-KLiteCodecPack_is1 - c:\program files\K-Lite Codec Pack\unins000.exe
AddRemove-Messenger Plus! Live - c:\program files\Messenger Plus! Live\Uninstall.exe
AddRemove-MessengerPlusLive_Saudi_Arabia_TB Toolbar - c:\progra~1\MESSEN~3\UNWISE.EXE
AddRemove-MotiveReportAgent - c:\program files\Fahess_Activation\McciBrowser.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero 7\nero\uninstall\UNNERO.exe
AddRemove-RealAlt_is1 - c:\program files\Real Alternative\unins000.exe
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{BA92C79E-D68D-4906-84AC-1F6792EE019E}_is1 - c:\program files\OZOMEDIA9\unins000.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 20:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-12-16 2029
ComboFix-quarantined-files.txt 2010-12-16 17:39
Pre-Run: 46,616,940,544 bytes free
Post-Run: 46,893,228,032 bytes free
- - End Of File - - 0FCBA351AFD502537BC95EC2504235B5

 

[format]

رد: الريجستري يعلق

تمام ..

الحين هايجك جديد
​

 

[كانو الفنان]

رد: الريجستري يعلق

طيب يعني ايش .. انحلت المشكلة .. وكيف الهايجاك هذا .. كيف يعني وضح ..

 

[format]

رد: الريجستري يعلق

لا مانلحت المشكله في عندك اكثر من خطاء في الجهاز

انتظر الى حين اقول الك انحلت المشكله الك .. انا

والهايجك مثل

التقرير الاول

http://www.dev-point.com/vb/t167573.html#post1881348


​

 

[كانو الفنان]

رد: الريجستري يعلق

هل انتضر ردك ام باقي شي مطلوب مني لاني مسسسسستعجل ....؟

 

[format]

رد: الريجستري يعلق

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]حمل هذه الاداه [/FONT][/FONT][FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]من هنــا[/FONT][/FONT]

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]بعد ذلك اتبع الشرح التالي[/FONT][/FONT]

***************

***************

***************

***************

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]انسخ التقرير الناتج وضعه في ردك القادم[/FONT][/FONT]

 

[كانو الفنان]

رد: الريجستري يعلق

SmitFraudFix v2.424
Scan done at 2132.34, Thu 12/16/2010
Run from C:\Documents and Settings\MHM\سطح المكتب\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Google\googletoolbar1.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB0DBC87-2E94-4D70-9ED5-B45127DA5F84}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB0DBC87-2E94-4D70-9ED5-B45127DA5F84}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DB0DBC87-2E94-4D70-9ED5-B45127DA5F84}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[яόвίή нόόđ]

رد: الريجستري يعلق

الهايجك الاول فيه بلاوي انصحك اسمع كلام الاخ format لاني شايف اشياء في جهازك

لاكن راح يتم خلها باذن الله وانت طبق خطوه خطوه

احلى

 

[яόвίή нόόđ]

رد: الريجستري يعلق

الهايجك الاول فيه بلاوي انصحك اسمع كلام الاخ format لاني شايف اشياء في جهازك

لاكن راح يتم خلها باذن الله وانت طبق خطوه خطوه

احلى تقيم اخي format ان امكن

 

[كانو الفنان]

رد: الريجستري يعلق

بانتضااااااار format

 

[كانو الفنان]

رد: الريجستري يعلق

 

[format]

رد: الريجستري يعلق

حمل البرنامج من هنا

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]قم بتشغيل البرنامج ثم طبق كما في الصور التالية[/FONT]


~~~~~~~~~~~~~~~~~~~~~~


اول شي لازم نسوي تحديث للبرنامج

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~

في هذه الخطوة اضغط على ريموف وآنتظر قليلاً
تلقآئيآ سوف يظهر لك تقرير آلصقه في رك القآدم >> بعدهآ وآفق على آعآدة تشغيل الجهآز ليتم حذف الملفآت المصآبة والمشبوهة​

[/FONT]​

 

[format]

رد: الريجستري يعلق

ثم

[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]اعمل تقرير لجهازك بواسطة برنامج[/FONT][/FONT] HijackThis



[FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]حمل البرنامج [/FONT][/FONT][FONT=Times New Roman (Arabic)][FONT=Times New Roman (Arabic)]من هنـا[/FONT][/FONT]


**********************

**********************

**********************

​

 

[كانو الفنان]

رد: الريجستري يعلق

تقرير برنامج الحماية ..


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
17/12/2010 02:09:01 ص
mbam-log-2010-12-17 (02-09-00).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 141888
Time elapsed: 5 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BIFROST1.2 (Bifrose.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\MHM\سطح المكتب\00\bifrost dr.adnan 0.3 bypass limit.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\documents and settings\MHM\سطح المكتب\00\Coffin.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\MHM\سطح المكتب\00\مجلد جديد\برنامج تغير الايقونه.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\MHM\سطح المكتب\تشفير كلين حمودي التركي [email protected]\الستب الاصل والقيم\stub.exe.back (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\fun************products\Installr\2.bin\f3ezsetp.dll.vir (PUP.Fun************Products) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\dr.adnan.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\microsoft\windows.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\microsoft\win_xp.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012333.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012341.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012343.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012353.dll (PUP.Fun************Products) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012433.DLL (PUP.Fun************Products) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012437.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012380.EXE (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012438.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d86b07e-ec07-45c3-98b7-94883dd14ff2}\RP21\A0012513.exe (Backdoor.Bot) -> Quarantined and deleted successfully.



تقرير الهايجاك



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:14:52, on 17/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: MessengerPlusLive Saudi Arabia TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MessengerPlusLive Saudi Arabia TB - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: MessengerPlusLive Saudi Arabia TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\tbMess.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 5839 bytes




بانتضارك