[ طلب ] تعريف لكرت الشاشة

[فهد سحاب]

السلام عليكم ورحمة الله وبركاته

شباب انا عندي مشكله انا ماني منزل كرت الشاشه وارجوا من ذوي الخبره الرد على الموضوع

هذي مواصفات جهازي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

win7 Home Premium

,وهذا كرت الشاشه الي عندي

A9500 310

GF 9500GT 1GB PCI-E

والنوع 9500GT

تكفوون الرد
​

 

[الوفاء طبعي]

افتح البرنامج ودوس على خيار logs وتلاقي التقارير هناك يالغالي

 

[فهد سحاب]

خلاص خلاص عرفت كيف اطلعها من اللوق

************' Anti-Malware 1.50.1.1100

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 5688

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06/02/11 04:36:38 م
mbam-log-2011-02-06 (16-36-38).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 279259
Time elapsed: 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\alnawah\AppData\Roaming\dll\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\Users\alnawah\AppData\Roaming\thinstall\microsoft text-to-speech engine 4.0 (english)\4000005e00002h\vcmd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\mae q'west and the sign of the stars\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\wonderburg\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\masters of mystery crime of fashion\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\mazika2day.com_autumn's treasures - the jade coin_by-m!dooooo\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\natalie brooks - the treasures of the lost kingdom\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\nick chase - a detective story\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\Desktop\العاب\pahelika - secret legends\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\alnawah\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

​

 

[الوفاء طبعي]

هايجاك جديد يالغالي

 

[فهد سحاب]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:24:54 م, on 07/02/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\hp\kbd\kbd.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=tweak&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic English FF Toolbar - {ffa0793e-3980-4be4-8234-048fa665f700} - C:\Program Files\Softonic_English_FF\tbSoft.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Softonic English FF Toolbar - {ffa0793e-3980-4be4-8234-048fa665f700} - C:\Program Files\Softonic_English_FF\tbSoft.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\Windows\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [************' Anti-Malware (reboot)] "C:\Program Files\************' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Windows Live Messenger .lnk = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.15\AVIConverter\grab.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\System32\ChgService.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10062 bytes

 

[الوفاء طبعي]

حمل الاداة التالية وطبق الشرح للفحص

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

 

[فهد سحاب]

SmitFraudFix v2.424
[/FONT]
Scan done at 3:52:33.45, Tue 03/29/2011
Run from C:\Users\alnawah\Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows [Version 6.1.7600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]SharedTaskScheduler Before SmitFraudFix
!!![/FONT]Attention, following keys are not inevitably infected!!![/FONT]
[/FONT]
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Killing process
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]hosts
[/FONT]
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]VACFix
[/FONT]
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Winsock2 Fix
[/FONT]
S!Ri's WS2Fix: LSP not Found.[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Generic Renos Fix
[/FONT]
GenericRenosFix by S!Ri
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Deleting infected files
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]IEDFix
[/FONT]
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[/FONT]
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Agent.OMZ.Fix
[/FONT]
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» 404[/FONT]Fix
[/FONT]
404[/FONT]Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]RK
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]DNS
[/FONT]
HKLM\SYSTEM\CCS\Services\Tcpip\..\{441944BC-35B4-438A-AAEA-D30393209F5C}: DhcpNameServer=8.8.8.8 4.2.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5C98A7EA-9937-4F2D-95E0-9B66199D1EB3}: DhcpNameServer=192.168.1.1 86.51.35.18 86.51.34.18
HKLM\SYSTEM\CCS\Services\Tcpip\..\{65F71B39-C87C-48DC-8251-50AF03048E0F}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{441944BC-35B4-438A-AAEA-D30393209F5C}: DhcpNameServer=8.8.8.8 4.2.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5C98A7EA-9937-4F2D-95E0-9B66199D1EB3}: DhcpNameServer=192.168.1.1 86.51.35.18 86.51.34.18
HKLM\SYSTEM\CS1\Services\Tcpip\..\{65F71B39-C87C-48DC-8251-50AF03048E0F}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{441944BC-35B4-438A-AAEA-D30393209F5C}: DhcpNameServer=8.8.8.8 4.2.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5C98A7EA-9937-4F2D-95E0-9B66199D1EB3}: DhcpNameServer=192.168.1.1 86.51.35.18 86.51.34.18
HKLM\SYSTEM\CS2\Services\Tcpip\..\{65F71B39-C87C-48DC-8251-50AF03048E0F}: DhcpNameServer=192.168.2.1
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Deleting Temp Files
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Winlogon.System
!!![/FONT]Attention, following keys are not inevitably infected!!![/FONT]
[/FONT]
"[/FONT]VMApplet"="SystemPropertiesPerformance.exe /pagefile"[/FONT]
"[/FONT]System"=""[/FONT]
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]RK.2
[/FONT]
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]Registry Cleaning
[/FONT][/FONT]
Registry Cleaning done. [/FONT]
[/FONT][/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]SharedTaskScheduler After SmitFraudFix
!!![/FONT]Attention, following keys are not inevitably infected!!![/FONT]
[/FONT]
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[/FONT]
[/FONT]
»»»»»»»»»»»»»»»»»»»»»»»» [/FONT]End