بعد تنظيف الجهاز والدخول الى الويندوز هذا التقرير . ارجو التحليل

الليث الضارب

الليث الضارب

زيزوومى مبدع
إنضم
7 فبراير 2008
المشاركات
1,540
مستوى التفاعل
45
النقاط
680
الإقامة
في كون الله الفسيح
غير متصل
السلام عليم اخواني اعضاء ومشرفي منتديات زيزووم

بعد ان كان الجهاز لا يرضى ان يدخل الويندوز لا من التشغيل الطبيعي ولا من الوضع الامن

قمت بانزال اسطوانة الافيرا للطوارئ من موضوع مراقبنا الغالي LINEZRO

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


والحمدلله انحلت المشكلة ودخلت الويندوز وهناك

وقعت معركة مع الادوات والفيروسات بعد ان رفض الكاسبر التنصيب بسبب الفيروسات

ونضفت الفيروسات باكثر من 15 اداة

اخر اداة هي الكاسبر

ونضفت بادوات التنضيف المهم الشغلة اخذت مني يوم وليلة

بس الان رفعت التقرير للخبراء يشوفوا الجهاز بقي فيه شيء

وهذا هو التقرير ببرنامج الهايجك

Logfile of HijackThis v1.99.1
Scan saved at 01:34:24 م, on 18/06/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\hss8.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
G:\حقيبة الاسعافات الاولية\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Howbani Internet Clubs System
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll (file missing)
O2 - BHO: (no name) - {1AB1F65A-964F-4AE7-B254-05146A0E602E} - C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll (file missing)
O2 - BHO: (no name) - {56F9B9E2-1152-4DB9-93BE-4F5E848C7E60} - C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys (file missing)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HSS] C:\WINDOWS\hss8.exe
O4 - HKLM\..\Run: [IEXPLORER] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [fmschif] C:\WINDOWS\fmschif.exe
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [LUOM] C:\WINDOWS\system32\DLD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Access Remote PC 4.7.3] "C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /server /silent
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\الأثير\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\الأثير\Application Data\CyberScrub\Privacy Suite"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\ywg32.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,yzztimsn.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: midimapqhx - {4F4F0064-71E0-4f0d-0027-708476C7815F} - (no file)
O23 - Service: Access Remote PC Service 4.7.3 - Unknown owner - C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe


لكم مني اجمل تحية
 

توقيع : الليث الضارب
ترتيب حسب التاريخ ترتيب حسب الأصوات
اعمل التالي لااهنت


(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : LINEZERO
تأييد 0
مراقبنا الغالي

حدثت مشكلة عندما فتحت الأداة الأولى وطلعت لي هذه الرسالة
مع العلم انه لا توجد برامج حماية
موجود برنامج الديب فريز بس هو الان معطل
هذه هيه الصورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وهذا تقرير برنامج الهايجك

Logfile of HijackThis v1.99.1
Scan saved at 04:41:16 م, on 18/06/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\الأثير\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Howbani Internet Clubs System
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll (file missing)
O2 - BHO: (no name) - {1AB1F65A-964F-4AE7-B254-05146A0E602E} - C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll (file missing)
O2 - BHO: (no name) - {56F9B9E2-1152-4DB9-93BE-4F5E848C7E60} - C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys (file missing)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HSS] C:\WINDOWS\hss8.exe
O4 - HKLM\..\Run: [IEXPLORER] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [fmschif] C:\WINDOWS\fmschif.exe
O4 - HKLM\..\Run: [isndntio] C:\WINDOWS\isndntio.exe
O4 - HKLM\..\Run: [LUOM] C:\WINDOWS\system32\DLD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Access Remote PC 4.7.3] "C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /server /silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\ywg32.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,yzztimsn.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: midimapqhx - {4F4F0064-71E0-4f0d-0027-708476C7815F} - (no file)
O23 - Service: Access Remote PC Service 4.7.3 - Unknown owner - C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

لك اجمل تحية مني
 
توقيع : الليث الضارب
تأييد 0
ممكن تجربها من السيف مود

ولاتنسى تحذيب برنامج الديب فريز وتعطل خاصية استعادة النظام
 
توقيع : LINEZERO
تأييد 0
حذفت برنامج الديب فريز
وحاولت افتحه بس تطلع نفس الرسالة

وحاولت ادخل من السيف مود
ولكن للاسف لم يرضى يدخل الجهاز من السيف مود

حاولت مراراُ وتكرارا ولكن بدون فائدة

مع العلم اني انسخ منه ملفات الى فلاش ميموري ثم اسحب الفلاش ميموري وافحصه في جهاز اخر فيه برنامج الكاسبر
وهو موصول بالانترنت محدث

ويطلع نظيف وليس مصاب

يعني هذا انه نضيف من الفيروسات

لك اجمل تحية مني
 
توقيع : الليث الضارب
تأييد 0
الحمدلله انحلت المشكلة كانت المشكلة في التاريخ لم يكن مضبوط ضبطته
واشتغلت الأداة

وهذا تقرير الاداة


ComboFix 08-06-16.5 - الأثير 06/18/2008 17:53:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.280 [GMT 3:00]
Running from: C:\Documents and Settings\الأثير\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\microsoft\pctools
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll.XXX
C:\Program Files\Internet Explorer\PLUGINS\Windows64.Jmp
C:\WINDOWS\Fonts\wintpo80.fon
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xfztbmsn.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPIDISK
-------\Legacy_NPF
-------\Service_acpidisk
-------\Service_Hdv32
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 08:46 153,604 ----a-w C:\WINDOWS\system32\drivers\acpidisk.sys.XXX
2008-05-16 20:18 --------- d-----w C:\Program Files\AutoPlay Media Studio 7.0
2008-05-16 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\IndigoRose
2008-05-15 23:52 --------- d-----w C:\Program Files\Faronics
2008-05-15 23:12 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-15 20:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 20:40 --------- d-----w C:\Program Files\Windows Live
2002-06-18 10:16 27 ----a-w C:\Program Files\0.pif.XXX
2004-08-08 17:41 520 --sh--w C:\WINDOWS\system32\fxcbbime.sys
2004-08-08 17:41 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2002-06-18 10:19 96,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3D698451-2015-6358-9871-2015987452D3}]
C:\WINDOWS\system32\apzhctde.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{4A698102-5904-AFD0-20DF-CD1A65829CA4}]
C:\WINDOWS\system32\zycbdime.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 03:00 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [05/02/2006 03:51 PM 3334144]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"Access Remote PC 4.7.3"="C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" [12/12/2005 12:00 AM 3101966]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/23/2004 03:00 PM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/23/2004 03:00 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/23/2004 03:00 PM 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [02/07/2006 03:39 AM 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [02/07/2006 03:36 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [02/07/2006 03:40 AM 118784]
"RTHDCPL"="RTHDCPL.EXE" [11/15/2006 04:21 AM 16270848 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/17/2006 05:04 AM 2879488 C:\WINDOWS\SkyTel.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/12/2008 06:58 PM 180269]
"HSS"="C:\WINDOWS\hss8.exe" [02/12/2006 01:48 PM 188416]
"systray "="" []
"HISS_CLT"="" []
"fmschif"="C:\WINDOWS\fmschif.exe" [ ]
"LUOM"="C:\WINDOWS\system32\DLD.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/23/2004 03:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-15 23:43:54 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ab5f91ae-daae-4472-b6ce-53755ce06a2a}"= C:\WINDOWS\system32\MMKAFNFW1102.dll [ ]
"{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}"= C:\WINDOWS\system32\wklsdd.dll [ ]
"{4A698102-5904-AFD0-20DF-CD1A65829CA4}"= C:\WINDOWS\system32\zycbdime.dll [ ]
"{3D698451-2015-6358-9871-2015987452D3}"= C:\WINDOWS\system32\apzhctde.dll [ ]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{ff96d0cd-50ce-44c4-94ec-212ca22c34b5}"= C:\WINDOWS\system32\MMDABLUU1097.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,yzztimsn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
Debugger=C:\WINDOWS\system32\wauc11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\hss8.exe"=
"C:\\Program Files\\Access Remote PC 4.7.3\\rpcsetup.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
R2 Access Remote PC Service 4.7.3;Access Remote PC Service 4.7.3;"C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-06-18 17:54:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 06/18/2008 17:56:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 14:56:07
Pre-Run: 13,340,823,552 bytes free
Post-Run: 13,255,319,552 bytes free
149


وهذا تقرير الهايجك

Logfile of HijackThis v1.99.1
Scan saved at 05:56:44 م, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\hss8.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\الأثير\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HSS] C:\WINDOWS\hss8.exe
O4 - HKLM\..\Run: [fmschif] C:\WINDOWS\fmschif.exe
O4 - HKLM\..\Run: [LUOM] C:\WINDOWS\system32\DLD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Access Remote PC 4.7.3] "C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /server /silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghkrg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,yzztimsn.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: midimapqhx - {4F4F0064-71E0-4f0d-0027-708476C7815F} - (no file)
O23 - Service: Access Remote PC Service 4.7.3 - Unknown owner - C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service (file missing)


لك مني خالص التحية
 
توقيع : الليث الضارب
تأييد 0
كان عندك اصابات وتم مسحها

اعمل التالي لااهنت :

(1)
حدد القيم التاليه واعمل لها اصلاح
كود: 
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll (file missing)
O20 - AppInit_DLLs: tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dl l,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrh hh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,ker gt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,q rhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll ,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzi jj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dl l,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.d ll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnai t.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghk rg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll ,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll, setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdh dg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fx nfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll, dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dl l,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll ,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther. dll,,yzztimsn.dll
O4 - HKLM\..\Run: [fmschif] C:\WINDOWS\fmschif.exe
O21 - SSODL: midimapqhx - {4F4F0064-71E0-4f0d-0027-708476C7815F} - (no file)
O23 - Service: Access Remote PC Service 4.7.3 - Unknown owner - C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service (file missing)

(2)
وتوجه الى اضافة وازالة البرامج واحذف اي تولبار عندك << ااذا كان فيه

(3)
واحذف البرنامج هذا>>>> Access Remote PC 4.7.3

(4)
عطني تقرير جديد هايجاك​
 
توقيع : LINEZERO
تأييد 0
LINEZERO قال:
كان عندك اصابات وتم مسحها


اعمل التالي لااهنت :​

(1)
حدد القيم التاليه واعمل لها اصلاح​
كود: 
[CENTER]O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - C:\WINDOWS\system32\zycbdime.dll (file missing)
O20 - AppInit_DLLs: tuker.dll,ujkwet.dll,asefry.dll,sdvj.dll,asfhjy.dl l,hjukrt.dll,dhdhvv.dll,asfjthj.dll,hmsdvf.dll,jrh hh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,hjdrg.dll,ker gt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,q rhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll ,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzi jj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dl l,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.d ll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnai t.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ghk rg.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll ,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,yukevg.dll, setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdh dg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fx nfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll, dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dl l,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll ,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther. dll,,yzztimsn.dll
O4 - HKLM\..\Run: [fmschif] C:\WINDOWS\fmschif.exe
O21 - SSODL: midimapqhx - {4F4F0064-71E0-4f0d-0027-708476C7815F} - (no file)
O23 - Service: Access Remote PC Service 4.7.3 - Unknown owner - C:\Program Files\Access Remote PC 4.7.3\rpcsetup.exe" /service (file missing)[/CENTER]

(2)
وتوجه الى اضافة وازالة البرامج واحذف اي تولبار عندك << ااذا كان فيه​

(3)
واحذف البرنامج هذا>>>> Access Remote PC 4.7.3

(4)

عطني تقرير جديد هايجاك​
أنقر للتوسيع...
مشكوووور اخي وبارك الله فيك

واعذرني على التأخير

اصلحت القيم اما التولبار فلا يوجد

وما البرنامج Access Remote PC 4.7.3

فهو برنامج للتحكم لا ضرر منه

وسف اوافيك بالتقرير بعد قليل

تقبل تحياتي
 
توقيع : الليث الضارب
تأييد 0
اخوي امسح برنامج التحكم هذا في برامج كثيرة احسن منه منها : logmein free
 
توقيع : العرافة
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى