السلام عليكم ورحمة الله وبركاته
مشكلة عويصه لا اجد لها حل وهى على ما اعتقد هاكر مسيطر على اللاب توب على الرغم من انى فرمت اللاب توب ونزلت وندوز جديد ولكن نفس المشكلة والمشكلة تتلخص فى (تأتينى رسالة عنوانها helloword.exe تطلب من الحفظ او الخروج فأخرج منها فتقوم بتثبيت بعض الايقونات على جهازى وهى لا تأتى الا وانا متصل بالانترنت وبعد هذه الرسالة يصبح اللاب توب غير طبيعى وكل شويه عند تحميل اى برنامج او ملف تظهر اخطأ بامتداد .dll مثل
![url]](http://[url=https://a.top4top.net/m_1046pjpi11.bmp]https://a.top4top.net/m_1046pjpi11.bmp[/url])
هذا تقرير من الكمبيوتر
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:36 ص, on 12/11/2018
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlF8.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlF9.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFA.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\SHAREit\SHAREit\SHAREit.exe
C:\Program Files\Internet Download Manager\IDMan.exe
D:\Updates.exe
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFB.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFC.tmp
C:\WINDOWS\TEMP\hrlFD.tmp
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ALALAMIA\Application Data\Microsoft\9156E1E1-F735-453D-949A-94EEC786EFA0.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sa.hao123.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHAREit] C:\Program Files\Lenovo\SHAREit\SHAREit\SHAREit.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Backup] D:\Backup.exe
O4 - HKCU\..\Run: [Updates] D:\Updates.exe
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kolnipa\Superstring.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AdobeFlashPlayer - Unknown owner - C:\WINDOWS\SysWOW64\config\audiodg.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AlphateamService - Unknown owner - C:\Documents and Settings\All Users\Application Data\AlphateamService\AlphateamService.exe
O23 - Service: Distribulgf Transaction Coordinator Service (Distribuoyo) - Unknown owner - C:\WINDOWS\system32\kiuues.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe
--
End of file - 7266 bytes
مشكلة عويصه لا اجد لها حل وهى على ما اعتقد هاكر مسيطر على اللاب توب على الرغم من انى فرمت اللاب توب ونزلت وندوز جديد ولكن نفس المشكلة والمشكلة تتلخص فى (تأتينى رسالة عنوانها helloword.exe تطلب من الحفظ او الخروج فأخرج منها فتقوم بتثبيت بعض الايقونات على جهازى وهى لا تأتى الا وانا متصل بالانترنت وبعد هذه الرسالة يصبح اللاب توب غير طبيعى وكل شويه عند تحميل اى برنامج او ملف تظهر اخطأ بامتداد .dll مثل
هذا تقرير من الكمبيوتر
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:36 ص, on 12/11/2018
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlF8.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlF9.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFA.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\SHAREit\SHAREit\SHAREit.exe
C:\Program Files\Internet Download Manager\IDMan.exe
D:\Updates.exe
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFB.tmp
C:\DOCUME~1\ALALAMIA\LOCALS~1\Temp\hrlFC.tmp
C:\WINDOWS\TEMP\hrlFD.tmp
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ALALAMIA\Application Data\Microsoft\9156E1E1-F735-453D-949A-94EEC786EFA0.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sa.hao123.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.sonic-search.com/?p=mKO...P5eDabVvp-B0NJTg6AX9wFyR29MdPJTrmi2lyKFmHl&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHAREit] C:\Program Files\Lenovo\SHAREit\SHAREit\SHAREit.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Backup] D:\Backup.exe
O4 - HKCU\..\Run: [Updates] D:\Updates.exe
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kolnipa\Superstring.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AdobeFlashPlayer - Unknown owner - C:\WINDOWS\SysWOW64\config\audiodg.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AlphateamService - Unknown owner - C:\Documents and Settings\All Users\Application Data\AlphateamService\AlphateamService.exe
O23 - Service: Distribulgf Transaction Coordinator Service (Distribuoyo) - Unknown owner - C:\WINDOWS\system32\kiuues.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe
--
End of file - 7266 bytes
