المعلومات اللي ممكن تحتاجوها
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:37:09 م, on 3/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\DOCUME~1\UserXP\LOCALS~1\Temp\FSCapture.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
O4 - HKLM\..\Run: [GLDStart] C:\Program Files\GLDirect\gldirect.exe -filterstart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 7175 bytes
------------------------------------
Runscanner logfile
* = signed file
- = file not found
General info
------------
Computer name : PRIVE-827540FDA
Creation time : 3/1/2012 2:37:39 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.5512
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 2.0.0.50
User Language : العربية (السعودية)
User rights : Administrator
Windows folder : C:\WINDOWS
Running processes
-----------------
* C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\DOCUME~1\UserXP\LOCALS~1\Temp\FSCapture.exe
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
* C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
* C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
* C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
* C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
* C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
* C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
* C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
* C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
* C:\WINDOWS\explorer.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\Zyzoom_Forum_Tools\zyzoom.exe
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Unrated items
-------------
002 C:\Program Files\GLDirect\gldirect.exe (SciTech Software, Inc.)
002 * C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
003 * C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe (ashampoo GmbH & Co. KG)
010 * C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Guard.Mail.ru)
010 * C:\Program Files\Java\jre7\bin\jqs.exe (Java Quick Starter)
010 C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware Authorization Service)
011 C:\WINDOWS\system32\drivers\pmfilt.sys (pmfilt)
011 C:\WINDOWS\system32\drivers\pmhelp.sys (pmhelp)
011 C:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter)
052 GUID / CLSID not found {8984B388-A5BB-4DF7-B274-77B879E179DB}
052 * C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
052 * C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9}
061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
100 Start Page HKCU :
104 * C:\Program Files\Java\jre7\bin\npjpi170_01.dll (Oracle Corporation) {8AD9C840-044E-11D1-B3E9-00805F499D93}
104 * C:\Program Files\Java\jre7\bin\npjpi170_01.dll (Oracle Corporation) {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
105 ت&صدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
105 تحميل الكل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 تحميل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEExt.htm
173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\DOCUME~1\UserXP\LOCALS~1\Temp\SAS_SelfExtract\S ASDIFSV.SYS
011 C:\DOCUME~1\UserXP\LOCALS~1\Temp\SAS_SelfExtract\S ASKUTIL.SYS
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
104 C:\Program Files\Java\jre7\bin\npjpi160_31.dll
223 C:\Documents and Settings\UserXP\Local Settings\Temp\zxq2\mbamext.dll
225 C:\Documents and Settings\UserXP\Local Settings\Temp\zxq2\mbamext.dll
225 C:\Documents and Settings\UserXP\Local Settings\Temp\zxq2\mbamext.dll
--------------------------------------
====== سجل أخطاء النظام ======
Computer Name: PRIVE-827540FDA
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by +76140369 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.23:123) is working properly.
Record Number: 69
Source Name: W32Time
Time Written: 20090925020633.000000+180
Event Type: error
User:
Computer Name: PRIVE-827540FDA
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by +76140370 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.20:123) is working properly.
Record Number: 52
Source Name: W32Time
Time Written: 20090925020252.000000+180
Event Type: error
User:
Computer Name: PRIVE-827540FDA
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها.
Record Number: 37
Source Name: Service Control Manager
Time Written: 20090925020143.000000+180
Event Type: error
User:
Computer Name: PRIVE-827540FDA
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -270090 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.24:123) is working properly.
Record Number: 30
Source Name: W32Time
Time Written: 20120226105226.000000+180
Event Type: error
User:
Computer Name: PRIVE-827540FDA
Event Code: 60055
Message: واجه برنامج إعداد Windows أخطاء غير فادحة أثناء التثبيت. الرجاء مراجعة الملف setuperr.log الموجود في دليل Windows لمزيد من المعلومات.
Record Number: 6
Source Name: Setup
Time Written: 20120226104448.000000+180
Event Type: error
User:
===== سجل أخطاء البرامج =====
Computer Name: PRIVE-827540FDA
Event Code: 5603
Message: تم تسجيل الموفر Rsop Planning Mode Provider في مساحة اسم WMI root\RSOP ولم يتم تحديد الخاصية HostingModel. سيتم تشغيل الموفر باستخدام حساب LocalSystem. تم منح الامتياز لهذا الحساب وقد يتسبب الموفر في انتهاك الأمان إذا لم ينتحل طلبات المستخدم بشكل صحيح. تأكد من مراجعة الموفر بالنسبة لسلوك الأمان وقم بتحديث الخاصية HostingModel الخاصة بتسجيل الموفر بأحد الحسابات بأقل امتيازات ممكنة للوظائف المطلوبة.
Record Number: 15
Source Name: WinMgmt
Time Written: 20120226104253.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: PRIVE-827540FDA
Event Code: 5603
Message: تم تسجيل الموفر Rsop Planning Mode Provider في مساحة اسم WMI root\RSOP ولم يتم تحديد الخاصية HostingModel. سيتم تشغيل الموفر باستخدام حساب LocalSystem. تم منح الامتياز لهذا الحساب وقد يتسبب الموفر في انتهاك الأمان إذا لم ينتحل طلبات المستخدم بشكل صحيح. تأكد من مراجعة الموفر بالنسبة لسلوك الأمان وقم بتحديث الخاصية HostingModel الخاصة بتسجيل الموفر بأحد الحسابات بأقل امتيازات ممكنة للوظائف المطلوبة.
Record Number: 14
Source Name: WinMgmt
Time Written: 20120226104252.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: PRIVE-827540FDA
Event Code: 63
Message: تم تسجيل موفر, CmdTriggerConsumer, في مساحة الاسم WMI, Root\cimv2, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 13
Source Name: WinMgmt
Time Written: 20120226104252.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: PRIVE-827540FDA
Event Code: 63
Message: تم تسجيل موفر, CmdTriggerConsumer, في مساحة الاسم WMI, Root\cimv2, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 12
Source Name: WinMgmt
Time Written: 20120226104252.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: PRIVE-827540FDA
Event Code: 63
Message: تم تسجيل موفر, HiPerfCooker_v1, في مساحة الاسم WMI, Root\WMI, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 11
Source Name: WinMgmt
Time Written: 20120226104251.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
===== تقرير انهيار البرامج =====
===== تقرير الشاشة الزرقاء =====
==================================================
Dump File : Mini022712-01.dmp
Crash Time : 4/5/1433 03:21:08 م
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000000
Parameter 4 : 0x804ffa3c
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+4942
File Description : TCP/IP Protocol Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 81,920
==================================================
-----------------------------
====== معلومات نظام التشغيل ======
X86 WIN_XP 2600 Service Pack 3
====== قائمة البرامج المثبتة ======
7-Zip 9.22beta
Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Ashampoo Snap 5 v.5.0.1
Ask Toolbar
AutoPlay Media Studio 8 Trial
Bonjour
EBookWorkShop v1.5
Golden Al-Wafi Translator
Guard.Mail.ru
Intel(R) Graphics Media *********** Driver
Internet Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 1
Java(TM) SE Development Kit 7 Update 1
Media Player Codec Pack 4.1.5
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Arabic) 12
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 10.0.2 (x86 ar)
QuickTime
Realtek High Definition Audio Driver
Safari
SciTech GLDirect
swMSM
VLC media player 2.0.0
VmciSockets
VMware Player
VMware Player
WebFldrs XP
WinRAR 4.11 (32-bit)
تحديث أمان لـ Windows XP (KB923789)
k:
