مشكلة رسالة خطأ explorer.exe وبعدها يعلق الجهاز

  • بادئ الموضوع بادئ الموضوع jjb
  • تاريخ البدء تاريخ البدء
  • المشاهدات 3,578
J

jjb

زيزوومي نشيط
إنضم
3 ديسمبر 2007
المشاركات
159
مستوى التفاعل
0
النقاط
200
غير متصل
السلام عليكم
في اليومين الاخيرين اصبحت تظهر عندي رسالة خطأ في explorer.exe

وعندما اضغط ok يعلق الجهاز واكثر الاحيان لا يعود حتى اعيد التشغيل او اسجل خروج وادخل من جديد


هذه معلومات الرسالة

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: mcavcvd.ax
ModVer: 3.0.7299.0 Offset: 000424a6


افيدوني جزاكم الله خيرا

ووفقكم وغفر لكم
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وينكم تكفون
 
تأييد 0
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
آسف على التأخير لظروف

تفضلوا


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40, on 2009-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ahmad\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video ******* with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [!ANetSpeeder] NetSpeeder
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{E20CF88F-A104-40CE-B6CE-FCCEABC65C78}: NameServer = 192.168.1.254
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8435 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
تفضل وشكرا لاهتمامك

ComboFix 09-03-10.03 - ahmad 03/12/2009 5:25:50.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.2046.1380 [GMT 3:00]
Running from: c:\documents and settings\ahmad\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ahmad\Application Data\.#
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 02:31 332,093,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-12 02:30 --------- d-----w c:\documents and settings\ahmad\Application Data\DMCache
2009-03-12 02:27 3,894,356 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-12 02:25 --------- d-----w c:\program files\BitComet
2009-03-10 18:23 --------- d-----w c:\documents and settings\ahmad\Application Data\Avant Profiles
2009-03-10 18:22 --------- d-----w c:\program files\Avant Browser
2009-03-06 15:51 --------- d-----w c:\program files\ProgDVBStd
2009-02-28 22:31 --------- d-----w c:\program files\Real Alternative
2009-02-28 22:26 319,488 ----a-w c:\windows\HideWin.exe
2009-02-28 22:19 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-28 22:06 --------- d-----w c:\documents and settings\ahmad\Application Data\dvdcss
2009-02-28 13:55 --------- d-----w c:\program files\Hide-IP-Browser
2009-02-28 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-28 12:30 --------- d-----w c:\program files\BearFlix
2009-02-28 12:28 --------- d-----w c:\program files\uTorrent
2009-02-28 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 22:15 --------- d-----w c:\documents and settings\ahmad\Application Data\GPass-3
2009-02-27 22:12 --------- d-----w c:\documents and settings\ahmad\Application Data\GPass
2009-02-27 21:17 --------- d-----w c:\documents and settings\ahmad\Application Data\Ahead
2009-02-27 14:39 --------- d-----w c:\documents and settings\ahmad\Application Data\uTorrent
2009-02-14 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 18:02 --------- d-----w c:\documents and settings\ahmad\Application Data\DivX
2009-02-09 22:53 --------- d-----w c:\program files\Propel Accelerator
2009-02-09 22:40 --------- d-----w c:\documents and settings\ahmad\Application Data\Propel
2009-01-30 13:58 --------- d-----w c:\program files\Common Files\BitSpirit
2009-01-30 13:58 --------- d-----w c:\program files\BitSpirit
2009-01-03 10:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-28 22:48 2,330,643 ----a-w c:\windows\system32\x264vfw.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 21:36 53,248 ----a-w c:\windows\system32\suppdll.dll
2008-12-17 21:36 35,363 ----a-w c:\windows\system32\windrvNT.sys
2008-11-27 12:12 22,328 ----a-w c:\documents and settings\ahmad\Application Data\PnkBstrK.sys
2008-11-03 15:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081103\index.dat
2008-11-03 15:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110320081104\index.dat
.

------- Sigcheck -------

06/20/2008 02:51 PM 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
06/20/2008 02:59 PM 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
01/29/2008 06:32 AM 360832 6698e917c13fdad5eb3d7eea8d65d93a c:\windows\$NtUninstallKB951748$\tcpip.sys
06/20/2008 01:44 PM 360960 744e57c99232201ae98c49168b918f48 c:\windows\system32\dllcache\tcpip.sys
06/20/2008 01:44 PM 360960 89bd2d68e7ee44c60298c4e82af9159c c:\windows\system32\drivers\tcpip.sys

01/27/2008 02:04 PM 1524224 e24cd37d23a71dbb9a484a50eb255462 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 01:00 PM 15360]
"IDMan"="c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe" [12/21/2007 05:46 PM 2573744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 12:58 PM 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [08/01/2008 01:53 PM 61440]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 04:35 PM 734264]
"RTHDCPL"="RTHDCPL.EXE" [06/27/2008 06:23 AM 16875008 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [06/18/2008 01:01 PM 77824 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [06/19/2008 11:42 AM 2808832 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 01:00 PM 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2008-11-06 815104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Google Update"="c:\documents and settings\ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Torrent2Exe[6b3df68048f0c7b2bccae27b616681b860af72aa]"=e:\mozilla\Madagascar_Escape_2_Africa.exe
"Steam"="c:\program files\steam\steam.exe" -silent
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearFlix"="c:\program files\BearFlix\bearflix.exe" /pause
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Propel Accelerator"="c:\program files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"d:\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24189:TCP"= 24189:TCP:*:Disabled:BitComet 24189 TCP
"24189:UDP"= 24189:UDP:*:Disabled:BitComet 24189 UDP
"49777:TCP"= 49777:TCP:BitComet 49777 TCP
"49777:UDP"= 49777:UDP:BitComet 49777 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-11-01 71592]
R1 is-G9TH2drv;is-G9TH2drv;c:\windows\system32\drivers\18893894.sys [2009-01-01 148496]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-11-01 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2008-11-01 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2008-11-01 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-11-01 41217]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-06 38144]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2008-11-01 71464]
R3 MPNatDrv;Artera NAT Driver;c:\windows\system32\drivers\mpnat2k.sys [2008-12-27 215968]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-10-18 332928]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2008-11-02 510992]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-11-25 13532]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2008-11-03 25856]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c829ce27-ce8e-11dd-bf09-00c0ca1b2651}]
\Shell\AutoRun\command - 2.exe
\Shell\open\Command - 2.exe
.
*******s of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 07:39 AM]

2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-920026266-839522115-1003.job
- c:\documents and settings\ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/15/2008 08:44 PM]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: Download FLV video ******* with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: سأ±بجط¾«ءéدآشط(&B)
IE: شريط ادوات روبوفورم
LSP: avsda.dll
TCP: {E20CF88F-A104-40CE-B6CE-FCCEABC65C78} = 192.168.1.254
DPF: Microsoft XML Parser for Java
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\ahmad\Application Data\Mozilla\Firefox\Profiles\fi1ljg3j.default\
FF - prefs.js: browser.search.selectedEngine - ****cafe - Best Videos & Funny Movies
FF - prefs.js: browser.startup.homepage - google.com.sa
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ahmad\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\ahmad\Application Data\Mozilla\Firefox\Profiles\fi1ljg3j.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
FF - component: c:\documents and settings\ahmad\Application Data\Mozilla\Firefox\Profiles\fi1ljg3j.default\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}\components\NOWImaging_Moz.dll
FF - component: c:\documents and settings\ahmad\Application Data\Mozilla\Firefox\Profiles\fi1ljg3j.default\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}\components\SDIIntegrator.dll
FF - component: c:\documents and settings\ahmad\Application Data\Mozilla\Firefox\Profiles\fi1ljg3j.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\ahmad\Application Data\Opera\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\documents and settings\ahmad\Application Data\Opera\Opera 10 Preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\documents and settings\ahmad\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: e:\downloads\program\plugins\NPOFF12.DLL
FF - plugin: e:\downloads\program\plugins\nppl3260.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin2.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin3.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin4.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin5.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin6.dll
FF - plugin: e:\downloads\program\plugins\npqtplugin7.dll
FF - plugin: e:\downloads\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-12 05:30:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{024c5725-414e-4568-8c42-276d6e680169}]
@Denied: (Full) (Everyone)
"Model"=dword:00000040
"Therad"=dword:00000016
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,66,60,1a,d6,fd,0a,24,5e,85,f1,23,b0,08,62,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):68,9a,a0,2a,04,d4,d1,ce,e2,b2,c4,ae,ec,4e,cb,7a,00,8a,56,fb,cd,
d5,1e,10,86,37,86,b1,c6,e0,93,01,d9,a4,53,28,73,87,c7,c6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\ntshrui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 03/12/2009 5:40:19 - machine was rebooted [ahmad]
ComboFix-quarantined-files.txt 2009-03-12 02:39:34
ComboFix2.txt 2008-12-23 15:37:46
ComboFix3.txt 2008-11-29 19:04:01
ComboFix4.txt 2008-11-28 12:36:10
ComboFix5.txt 2008-12-27 19:55:45

Pre-Run: 77,243,588,608 bytes free
Post-Run: 77,289,009,152 bytes free

258 --- E O F --- 2009-02-14 10:02:12
 
تأييد 0
اجيبوني لو سمحتم
 
تأييد 0
هل من مجيب
 
تأييد 0
حدد التالي واحذفه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing

O11 - Options group: [!ANetSpeeder] NetSpeeder

طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
 
تأييد 0
للاسف لازالت المشكلة تطل برأسها كل شوية


هذه معلومات الخطأ


AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: mcavcvd.ax
ModVer: 3.0.7299.0 Offset: 000424a6
 
تأييد 0
هل من حلول
 
تأييد 0
الفزعة تكفون
 
تأييد 0
وينكم يا عرب
 
تأييد 0
حياك الله عزيزي ...

بس ممكن صورة للمشكلة ؟
 
توقيع : MMA_LORD_735
تأييد 0
هي رسالة خطأ في explorer.exe

معلوماتها
هذه معلومات الخطأ


AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: mcavcvd.ax
ModVer: 3.0.7299.0 Offset: 000424a6

وان شاء الله اتي بالصورة اول ما تعاود الظهور


وشكرا
 
تأييد 0
هل من مجيب
 
تأييد 0
اخي تفضل حمل الأداة هذي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وان شاء الله تفي بالغرض

شغل الأداة بعدين تطلع لك نافذه اضغط NO

بعدين اضغط YES أو OK

وعلمنا وش يصير معك
 
تأييد 0
يكفي اهتمامكم انت وماكس والباقين

الله يعطيكم العافية
 
تأييد 0
للاسف يا اخوان المشكلة كل ما لها تزيد :er:

ولا ادري وش اسوي :cr:

على العموم جبت صورة واذا تعرفوا حل او واحد يمكن يحلها ياليت تقولوا

هذه الصورة
zyzoom-2b7ecffa37.jpg
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى