ما الحل مع هذه الرسالة

wael1 · 11 أبريل 2009

ما الحل اخوانى مشرفى واعضاء منتدانا مع هذه الرسالة وما هو سببها علما بانها تظهر لى دوما

عندما افتح ملف به فيديو بصيغة flv وتغلق الصفحات دائما ولا استطيع فتح هذا الملف

ما هو سببها وهل من طريقة لعلاجها واليكم صورة المشكلة

MMA_LORD_735 · 11 أبريل 2009

حياك الله ...

هذا خطاء في الذاكرة ...

أعمل التالي ...

حمل هذه الأداءة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها و روح على أول خيار ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً و بشكل صحيح ...

و لصقه في ردك القادم ...

wael1 · 11 أبريل 2009

شكرا على ردك اخى الكريم هذا هو التقرير الذى طلبت

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:16:58 م, on 11/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\WAEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\wael source\تنظيف وصيانة\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\WAEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6097 bytes

wael1 · 11 أبريل 2009

مفيش حد يتكرم ويرد علينا يا جماعة احسن المشكلة دى خنقتنى جدا ومش عارف افتح اى ملف

KoNaMi · 11 أبريل 2009

حياك يالغلا

اعمل الاتي بالترتيب

(1)

عطل جميع برامج الحمايه

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

(2)

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

wael1 · 11 أبريل 2009

تقرير اداةcombofix

ComboFix 09-04-04.01 - WAEL 04/11/2009 21:03:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1023.712 [GMT 2:00]
Running from: c:\documents and settings\WAEL\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\d3d10core.dll
c:\windows\system32\D3DX10d_39.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 19:07 --------- d-----w c:\documents and settings\WAEL\Application Data\DMCache
2009-04-11 17:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 17:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-11 17:28 --------- d-----w c:\documents and settings\WAEL\Application Data\TeraCopy
2009-04-11 13:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-11 12:02 --------- d-----w c:\documents and settings\WAEL\Application Data\cleaner
2009-04-07 21:30 --------- d-----w c:\program files\Common Files\Common Share
2009-04-06 17:53 --------- d-----w c:\documents and settings\WAEL\Application Data\IDM
2009-04-03 03:25 --------- d-----w c:\program files\DsNET Corp
2009-04-03 03:25 --------- d-----w c:\documents and settings\WAEL\Application Data\Desktopicon
2009-04-03 02:52 --------- d-----w c:\documents and settings\WAEL\Application Data\GlarySoft
2009-04-03 01:10 --------- d-----w c:\program files\Internet Download Manager
2009-04-02 19:34 --------- d-----w c:\documents and settings\WAEL\Application Data\Avira
2009-04-02 19:17 --------- d-----w c:\program files\Avira
2009-04-02 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-01 22:32 --------- d-----w c:\program files\DFX
2009-04-01 16:35 --------- d-----w c:\program files\NSS
2009-03-28 22:27 --------- d-----w c:\documents and settings\WAEL\Application Data\QuickScan
2009-03-27 21:27 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-27 20:55 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-26 17:54 --------- d-----w c:\documents and settings\WAEL\Application Data\CyberScrub
2009-03-26 15:35 210,352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-25 11:46 --------- d-----w c:\documents and settings\WAEL\Application Data\PC Suite
2009-03-20 00:12 --------- d-----w c:\program files\Camfrog
2009-03-18 14:28 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-18 14:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-18 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-03-18 14:25 --------- d-----w c:\program files\Nokia
2009-03-18 14:24 --------- d-----w c:\program files\Common Files\Nokia
2009-03-18 14:23 --------- d-----w c:\program files\MSXML 6.0
2009-03-18 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-18 14:20 --------- d-----w c:\documents and settings\WAEL\Application Data\Nokia
2009-03-16 18:31 --------- d-----w c:\program files\Error Repair Professional
2009-03-14 22:30 --------- d-----w c:\program files\System Tools
2009-03-13 20:13 --------- d-----w c:\program files\Yahoo!
2009-03-13 20:12 --------- d-----w c:\documents and settings\WAEL\Application Data\Yahoo!
2009-03-13 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-13 13:11 --------- d-----w c:\documents and settings\WAEL\Application Data\Super-Cow
2009-03-13 13:06 2,476 ----a-w c:\program files\Common Files\unins000.dat
2009-03-13 13:05 728,858 ----a-w c:\program files\Common Files\unins000.exe
2009-03-12 17:56 --------- d-----w c:\program files\MPEG2_Decoders
2009-03-12 17:47 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-12 17:47 --------- d-----w c:\program files\Real
2009-03-12 17:34 --------- d--h--w c:\documents and settings\All Users\Application Data\{3DBA7F3A-54F5-4A48-86EE-F122FBAAB103}
2009-03-12 17:32 --------- d-----w c:\program files\DVB-S Codec Master
2009-03-12 17:32 --------- d-----w c:\program files\Codec Master
2009-03-10 19:24 --------- d-----w c:\documents and settings\WAEL\Application Data\Media Player Classic
2009-03-10 16:53 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-10 10:05 97,096 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-03-09 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-03-09 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-09 13:21 --------- d-----w c:\documents and settings\WAEL\Application Data\ooVoo Details
2009-03-09 13:20 --------- d-----w c:\program files\ooVoo
2009-03-09 13:01 --------- d-----w c:\program files\MSBuild
2009-03-09 12:57 --------- d-----w c:\program files\Reference Assemblies
2009-03-09 12:46 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-09 12:46 --------- d-----w c:\program files\DIFX
2009-03-09 12:46 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-09 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-09 12:45 402,784 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 12:45 --------- d-----w c:\program files\Java
2009-03-09 12:43 --------- d-----w c:\program files\Common Files\DFX
2009-03-09 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-03-09 12:42 --------- d-----w c:\program files\Common Files\xing shared
2009-03-09 12:42 --------- d-----w c:\program files\Common Files\Real
2009-03-09 12:40 --------- d-----w c:\program files\Foxit Reade
2009-03-09 12:39 --------- d-----w c:\program files\Extension Changer
2009-03-09 12:37 --------- d-----w c:\program files\TeraCopy
2009-03-09 12:35 --------- d-----w c:\program files\Common Files\Ahead
2009-03-09 12:35 --------- d-----w c:\program files\Ahead
2009-03-09 12:34 --------- d-----w c:\program files\Microsoft.NET
2009-03-09 12:24 --------- d-----w c:\documents and settings\WAEL\Application Data\Camfrog
2009-03-09 12:15 --------- d-----w c:\program files\PC Camera
2009-03-09 12:15 --------- d-----w c:\program files\Common Files\PCCamera
2009-03-09 12:00 --------- d-----w c:\program files\CCleaner
2009-03-09 11:16 --------- d-----w c:\program files\Realtek Sound Manager
2009-03-09 11:16 --------- d-----w c:\program files\AvRack
2009-03-09 11:15 --------- d-----w c:\program files\Marvell
2009-03-09 11:05 --------- d-----w c:\program files\microsoft frontpage
2009-03-09 11:04 --------- d-----w c:\program files\Windows Update Download
2009-03-09 11:04 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-09 11:04 --------- d-----w c:\program files\VistaPack
2009-03-09 11:04 --------- d-----w c:\program files\Unlocker
2009-03-09 11:04 --------- d-----w c:\program files\LClock
2009-02-24 10:06 69,632 ----a-w c:\windows\system32\drivers\avfwim.sys
2009-02-13 09:31 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
09/09/2006 02:00 PM 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\system32\user32.dll
09/09/2006 02:00 PM 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\system32\wininet.dll
09/09/2006 02:00 PM 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:\windows\system32\drivers\tcpip.sys
09/09/2006 02:00 PM 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\system32\ntkrnlpa.exe
09/09/2006 02:00 PM 2319232 715663447a8e6583861cc0c374da31ae c:\windows\system32\ntoskrnl.exe
09/09/2006 02:00 PM 1245184 5f46d7fe2fe7966c5d21672161be98a3 c:\windows\explorer.exe
09/09/2006 02:00 PM 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe
09/09/2006 02:00 PM 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/03/2009 03:11 AM 2794928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [09/20/2004 01:27 AM 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [03/02/2009 12:08 PM 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [09/09/2006 02:00 PM 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ObjectDock.lnk - c:\program files\VistaPack\ObjectDock\ObjectDock.exe [2009-03-09 1826885]
YzToolbar.lnk - c:\program files\VistaPack\YzToolbar\YzToolBar.exe [2009-03-09 90112]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinManager.lnk]
backup=c:\windows\pss\WinManager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^WAEL^Start Menu^Programs^Startup^ObjectDock.lnk]
path=c:\documents and settings\Default User\Start Menu\Programs\Startup\ObjectDock.lnk
backup=c:\windows\pss\ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^WAEL^Start Menu^Programs^Startup^YzToolbar.lnk]
path=c:\documents and settings\Default User\Start Menu\Programs\Startup\YzToolbar.lnk
backup=c:\windows\pss\YzToolbar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 09/09/2006 02:00 PM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 08/30/2007 05:43 PM 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 01/23/2007 11:19 AM 223232 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/09/2009 02:45 PM 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 08/20/2006 12:48 PM 6656 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 11/15/2004 12:20 PM 77824 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\WAEL\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\WAEL\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*

isabled

oVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*

isabled

oVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*

isabled

oVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*

isabled

oVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*

isabled

oVoo UDP المنفذ 37675
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-04-02 97096]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-04-02 383745]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-02 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-02 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-04-02 432897]
R2 CX88IR;DTV_DVB 1027 IR Decoder;c:\windows\system32\drivers\88XBDAIR.sys [2009-03-09 17408]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-04-02 69632]
R3 AVXBAR;DTV-DVB 1027 Analog AVStream Crossbar;c:\windows\system32\drivers\88XAxbar.sys [2009-03-09 11136]
R3 BDATUNE;DTV-DVB 1027 DVBS BDA Tuner;c:\windows\system32\drivers\88xBDATune.sys [2009-03-09 41856]
R3 CXAVSTS;DTV-DVB 1027 DVBS BDA Capture;c:\windows\system32\drivers\88xBDACap.sys [2009-03-09 22784]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-18 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-03-18 32377]
.
Contents of the 'Scheduled Tasks' folder
2009-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1757981266-839522115-1003.job
- c:\documents and settings\WAEL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [04/07/2009 11:54 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80} = 163.121.128.134,136.121.128.135
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-11 21:07:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 04/11/2009 21:09:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 19:08:58
Pre-Run: 1,466,421,248 bytes free
Post-Run: 1,399,484,416 bytes free
244

wael1 · 11 أبريل 2009

تقرير HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:59 م, on 11/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
E:\wael source\تنظيف وصيانة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5389 bytes

KoNaMi · 11 أبريل 2009

طيب الان يالغلا اعمل الاتي

حمل هذة الاداة

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

شرح الاستخدام ,,,,,,

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

wael1 · 11 أبريل 2009

تقرير اداة SmitFraudFix

SmitFraudFix v2.408
Scan done at 22:10:09.48, Sat 04/11/2009
Run from C:\Documents and Settings\WAEL\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - AvFw Packet Filter Miniport
DNS Server Search Order: 163.121.128.134
DNS Server Search Order: 136.121.128.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer=163.121.128.134,136.121.128.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer=163.121.128.134,136.121.128.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer=163.121.128.134,136.121.128.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

MMA_LORD_735 · 12 أبريل 2009

مرحبا ً ...

تمام ...

عطيني تقرير هايجك جديد ...

wael1 · 13 أبريل 2009

شكرا اخى الكريم على صبرك معى وهذا هو التقرير الجديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:57, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\internet explorer\iexplore.exe
E:\wael source\تنظيف وصيانة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer = 163.121.128.134,136.121.128.135
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4916 bytes

MMA_LORD_735 · 13 أبريل 2009

لعفوا عزيزي ...

الآن أعمل التالي ...

حدد هذه القيم و سوي لها أصلاح ...

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CS1\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CS2\Services\Tcpip\..\{A1B3EC1A-00E9-4C1D-BA6E-7033B2444E80}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

و بعدها عزيزي حمل هذا لبرنامج لتنظيف جهازك ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

و بعد ريستارد هات تقرير جديد ...

wael1 · 13 أبريل 2009

ها هو التقرير يا اخى الكريم بعد تطبيق جميع الخطوات التى ذكرت

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:23, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
E:\wael source\تنظيف وصيانة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\WAEL\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\WAEL\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Program Files\VistaPack\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4674 bytes

wael1 · 14 أبريل 2009

هو كده خلاص ولا لسه فيه حاجة تانى ؟؟؟؟

ما الحل مع هذه الرسالة

wael1

زيزوومي جديد

MMA_LORD_735

زيزوومي جديد

توقيع : MMA_LORD_735

wael1

زيزوومي جديد

wael1

زيزوومي جديد

KoNaMi

زيزوومى فضى

توقيع : KoNaMi

wael1

زيزوومي جديد

wael1

زيزوومي جديد

KoNaMi

زيزوومى فضى

توقيع : KoNaMi

wael1

زيزوومي جديد

MMA_LORD_735

زيزوومي جديد

توقيع : MMA_LORD_735

wael1

زيزوومي جديد

MMA_LORD_735

زيزوومي جديد

توقيع : MMA_LORD_735

wael1

زيزوومي جديد

wael1

زيزوومي جديد