تم حل المشكلة رسالة تحذير بوجود برنامج ضار

عشاري · 13 فبراير 2012

السلام عليكم ورحمة الله وبركاته

كيف الحال معشر الزيزوووميين:d::cr:

لدي مشكلة وهي رسالة خطأ تأتي من الاكشن سنتر

action centre

تقول

potentially harmful sofware detected

أول مرة ضغطت عليها الجهاز وقف دقيقة وأعاد التشغيل

ثم لم يفتح إلا بعد تغيير الوندوز

كان تأتي في شاشة البوت بعد شعار الشركة

خط أخضر صغير وإذا ضغطت إنتر يظهر خط بنفسجي أسفله

علمت له فورمات وظهرت المشكلة مجددا

وعملت فحص له ببرنامج

malware bytes anti malware

إختفت الرسالة ثم عادت مجددا

أخاف أضغط عليها تحذف النظام مجددا

والتقارير ها هي

الهاجياك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:26 م, on 13/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\System32\actxprxy.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\عشاري\AppData\Roaming\Zain Connect\ouc.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\actxprxy.exe
C:\Windows\system32\igfxdp86.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Zain Connect\Zain Connect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [Intel Display Protocal] C:\Windows\system32\igfxdp86.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [smwcore] C:\Windows\System32\actxprxy.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Zain Connect] "C:\Program Files\Zain Connect\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [System External] RunDll32 "C:\Windows\TAPI\lsalog.dll",Init (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [System External] RunDll32 "C:\Windows\TAPI\lsalog.dll",Init (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78A8B7AD-C5EA-482F-ADF7-9391438DEEE4}: NameServer = 10.0.1.132 10.0.1.133
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\system32\Setup\en-US\svclsa.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe

--
End of file - 5200 bytes

run scanner

Runscanner logfile
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

* = signed file
- = file not found

General info
------------
Computer name : عشاري-PC
Creation time : 13/02/2012 10:15:54 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.7600.16385
OS : Windows 7 Ultimate
OS Build : 7600
OS SP :
RunScanner Version : 2.0.0.50
User Language : Arabic (Yemen)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
C:\Windows\System32\actxprxy.exe
C:\Windows\System32\actxprxy.exe
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
C:\Windows\System32\dllhost.exe (Microsoft Corporation)
C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
C:\ProgramData\DatacardService\HWDeviceService.exe
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
C:\Windows\System32\igfxdp86.exe
* C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
* C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
C:\Users\عشاري\AppData\Roaming\Zain Connect\ouc.exe (Huawei Technologies Co., Ltd.)
* C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
* C:\Zyzoom_Forum_Tools\zRunScanner.com (Runscanner.net)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
C:\Windows\System32\audiodg.exe (Microsoft Corporation)
C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
* C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
C:\Program Files\Zain Connect\Zain Connect.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe

Unrated items
-------------
002 C:\Windows\system32\igfxdp86.exe
002 C:\Windows\System32\actxprxy.exe
003 C:\Program Files\Zain Connect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
003 C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
008 C:\ProgramData\ArrothucVump.dll
010 C:\Windows\system32\Alg.exe (Application Layer Gateway Service)
010 C:\ProgramData\DatacardService\HWDeviceService.exe (DCSHOST)
010 C:\Windows\system32\ui0detect.exe (Interactive services detection)
010 C:\Windows\system32\sppsvc.exe (Microsoft Software Protection Platform Service)
010 C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE)
010 C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service)
010 C:\Windows\system32\Locator.exe (Rpc Locator)
010 C:\Windows\system32\snmptrap.exe (SNMP Trap)
010 C:\Windows\system32\vds.exe (Virtual Disk Service)
010 C:\Windows\ehome\ehrecvr.exe (Windows Media Center Receiver Service)
010 C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service)
010 C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service)
010 C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer)
010 C:\Windows\system32\wbem\wmiapsrv.exe (WMI Performance Reverse Adapter)
012 C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
012 C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
012 C:\ProgramData\ArrothucVump.dll
013 C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
013 C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
032 C:\Windows\system32\rdpclip.exe (Microsoft Corporation)
033 C:\Windows\system32\userinit.exe (Microsoft Corporation)
035 C:\Windows\System32\rundll32.exe (Microsoft Corporation) >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
035 C:\Windows\System32\ie4uinit.exe (Microsoft Corporation) >{26923b43-4d38-484f-9b9e-de460746276c}
035 C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
035 C:\Windows\system32\unregmp2.exe (Microsoft Corporation) {6BF52A52-394A-11d3-B153-00C04F79FAA6}
035 C:\Windows\system32\unregmp2.exe (Microsoft Corporation) >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
035 C:\Windows\system32\regsvr32.exe (Microsoft Corporation) {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
035 C:\Windows\System32\ie4uinit.exe (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4383}
035 C:\Windows\system32\regsvr32.exe (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4340}
042 GUID / CLSID not found {4248FE82-7FCB-46AC-B270-339F08212110}
042 GUID / CLSID not found {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
042 GUID / CLSID not found {CCF151D8-D089-449F-A5A4-D9909053F20F}
060 GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
105 Add to Anti-Banner : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
105 Download all links with IDM : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 Download with IDM : C:\Program Files\Internet Download Manager\IEExt.htm
120 NameServer {78A8B7AD-C5EA-482F-ADF7-9391438DEEE4} : 10.0.1.132 10.0.1.133
121 C:\Windows\system32\Setup\en-US\svclsa.dll
146 C:\Windows\system32\cmd.exe (Microsoft Corporation)
170 {21fdb528-55b8-11e1-8b6a-001eec85c6c4} : G:\AutoRun.exe
170 {8177e74c-5651-11e1-a20c-001eec85c6c4} : G:\AutoRun.exe
170 {afcb6cb0-5592-11e1-b3a1-001eec85c6c4} : G:\AutoRun.exe
170 {afcb6cc1-5592-11e1-b3a1-001eec85c6c4} : G:\AutoRun.exe
170 {c37bb756-5643-11e1-8a31-001eec85c6c4} : G:\AutoRun.exe
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
174 C:\Windows\system32\SystemPropertiesPerformance.exe (Microsoft Corporation)
210 C:\Windows\system32\sdclt.exe (Microsoft Corporation)
211 C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
212 C:\Windows\system32\dfrgui.exe (Microsoft Corporation)
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Missing files
-------------
008 C:\Windows\TAPI\lsalog.dll
011 c:\windows\system32\DRIVERS\ewusbdev.sys
011 c:\windows\system32\DRIVERS\ewusbnet.sys
012 C:\Windows\TAPI\lsalog.dll

uninstall list

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Comodo Dragon
Kaspersky Internet Security 2012
Kaspersky Internet Security 2012
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Mobily Connect Card
Mozilla Firefox 6.0.2 (x86 ar)
Real Alternative 1.7.5
Skype Toolbars
Skype™ 5.3
The KMPlayer (remove only)
WinRAR archiver
Zain Connect

والله يوفقكم

Ahmed Alqurashi · 13 فبراير 2012

اعمل التالي لحفظ ملف التقريرر الرن سكانر

هذا هو التقرير المطلوب

بعد حفظه قم بضغط الملف >>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفع الملف هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Ahmed Alqurashi · 13 فبراير 2012

احذف التولبار هذا

Skype Toolbars

واعمل الفحص التالي