مشكلة تعليق الجهاز بشكل فضيع بسبب svchost يوجد تقرير ..

[لوسيان]

سلآم عليكم ..

:b:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:32 م, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\a\HiJackThis.exe

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

--
End of file - 1650 bytes

:no:

 

[ابـــو عــبــد الــلــه]

وعليكم السلام

اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[لوسيان]

هلا ابو ريما .. تسلم يابعدي ..

مراح انسى لك الوقفه هذي

ComboFix 09-04-19.01 - Administrator 04/18/2009 22:35.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1256.966.1033.18.1015.801 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2009-03-19 to 2009-04-19  )))))))))))))))))))))))))))))))
.

2009-04-13 17:52 . 2009-04-13 17:52    --------    d--h--w    c:\windows\PIF
2009-04-12 20:09 . 2009-04-12 20:09    --------    d-----w    c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-04-10 20:52 . 2009-04-10 20:52    --------    d-sh--w    C:\FOUND.000
2009-04-10 18:13 . 2009-04-10 18:13    --------    d-s---w    c:\documents and settings\Administrator\UserData
2009-04-10 15:03 . 2004-08-03 20:08    26496    ----a-w    c:\windows\system32\dllcache\usbstor.sys
2009-04-09 12:00 . 2009-04-09 12:00    --------    d-----w    c:\windows\system32\LogFiles
2009-04-08 08:00 . 2009-04-08 08:00    --------    d-----w    c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-07 14:35 . 2009-04-07 14:35    --------    d-----w    c:\documents and settings\Administrator\Application Data\Nokia Multimedia Player
2009-04-07 13:39 . 2009-04-07 13:39    --------    d-----w    c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-07 13:36 . 2009-04-07 13:36    --------    d-----w    c:\documents and settings\All Users\Application Data\DynDNS
2009-04-07 13:21 . 2009-04-07 13:21    --------    d-----w    c:\documents and settings\Administrator\Contacts
2009-04-07 13:21 . 2009-04-07 13:21    --------    d-----w    c:\documents and settings\All Users\Application Data\Avira
2009-04-07 13:20 . 2009-04-07 13:20    25    ----a-w    c:\windows\cdplayer.ini
2009-04-07 13:19 . 2009-04-07 13:20    --------    d-----w    C:\netcat
2009-04-07 13:19 . 2009-04-07 13:19    499712    ----a-w    c:\windows\system32\msvcp71.dll
2009-04-07 13:19 . 2009-04-07 13:19    348160    ----a-w    c:\windows\system32\msvcr71.dll
2009-04-07 13:18 . 2009-04-07 13:18    --------    d-----w    c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2009-04-07 13:18 . 2009-04-07 13:18    --------    d-----w    c:\documents and settings\Administrator\Application Data\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:17    --------    d-----w    c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16    --------    d-----w    c:\documents and settings\Administrator\Application Data\shim aim support
2009-04-07 13:14 . 2009-04-07 13:14    --------    d-----w    c:\windows\system32\DRVSTORE
2009-04-07 13:13 . 2009-04-07 13:13    --------    d-----w    c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-07 13:05 . 2009-04-07 13:05    0    ----a-w    c:\windows\nsreg.dat
2009-04-07 13:05 . 2009-04-07 13:05    --------    d-----w    c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-07 12:59 . 2009-04-07 12:59    27264    ----a-w    c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 12:56 . 2003-04-09 14:43    34356    ----a-w    c:\windows\WMPrfAra.prx
2009-04-07 12:56 . 2003-04-09 14:43    57344    ----a-w    c:\windows\system32\WMErrAra.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 20:28 . 2009-04-12 20:28    --------    d-----w    c:\program files\Hotspot Shield
2009-04-12 20:08 . 2009-04-12 20:08    --------    d-----w    c:\program files\Conduit
2009-04-12 19:34 . 2009-04-12 19:34    --------    d-----w    c:\program files\مشغل الفلاش العربي
2009-04-07 13:36 . 2009-04-07 13:36    --------    d-----w    c:\program files\DynDNS Updater
2009-04-07 13:23 . 2009-04-07 13:23    --------    d-----w    c:\program files\Common Files\Adobe
2009-04-07 13:19 . 2009-04-07 13:19    --------    d-----w    c:\program files\Common Files\xing shared
2009-04-07 13:19 . 2009-04-07 13:19    --------    d-----w    c:\program files\Common Files\Real
2009-04-07 13:19 . 2009-04-07 13:19    --------    d-----w    c:\program files\Real
2009-04-07 13:18 . 2009-04-07 13:17    --------    d--h--w    c:\program files\InstallShield Installation Information
2009-04-07 13:17 . 2009-04-07 13:17    --------    d-----w    c:\program files\Common Files\PCSuite
2009-04-07 13:17 . 2009-04-07 13:17    --------    d-----w    c:\program files\Common Files\Nokia
2009-04-07 13:17 . 2009-04-07 13:17    --------    d-----w    c:\program files\Nokia
2009-04-07 13:17 . 2009-04-07 13:17    --------    d-----w    c:\program files\Common Files\InstallShield
2009-04-07 13:16 . 2009-04-07 13:16    --------    d-----w    c:\program files\Common Files\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16    --------    d-----w    c:\program files\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16    --------    d-----w    c:\program files\shim aim support
2009-04-07 13:15 . 2009-04-07 13:15    --------    d-----w    c:\program files\Circe Developement
2009-04-07 13:15 . 2009-04-07 13:15    --------    d-----w    c:\program files\Windows Live
2009-04-07 13:15 . 2009-04-07 13:15    --------    d-----w    c:\program files\Messenger Plus! Live
2009-04-07 13:14 . 2009-04-07 13:14    --------    d-----w    c:\program files\MSN Messenger
2009-04-07 12:57 . 2009-04-06 22:13    166455    ----a-w    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 22:14 . 2009-04-06 22:14    --------    d-----w    c:\program files\microsoft frontpage
2009-04-06 22:10 . 2009-04-06 22:10    21640    ----a-w    c:\windows\system32\emptyregdb.dat
2004-08-03 18:56 . 2004-08-03 18:56    96480    --sh--r    c:\windows\system32\jisggs.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 qndkky;Manager Helper;c:\windows\system32\svchost.exe [2004-08-03 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
qndkky
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\A787F4B091886EE8.job
- c:\docume~1\admini~1\applic~1\shimai~1\Jugsmailrdr.exe [2009-04-07 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ie3tve0m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ie3tve0m.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 22:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qndkky]
"ServiceDll"="c:\windows\system32\jisggs.dll"
.
Completion time: 2009-04-18 22:38
ComboFix-quarantined-files.txt  2009-04-18 19:38

Pre-Run: 8,765,505,536 bytes free
Post-Run: 8,809,259,008 bytes free

118

 

[ابـــو عــبــد الــلــه]

عطني صورة من المشكلة اللى تظهر لك​

 

[MAAX]

الله يعطيكم العافية
التقرير الاول ناقص كثير
اعد نسخه بدون كود

 

[لوسيان]

هلا ماكس حبي

تفضل





ComboFix 09-04-19.01 - Administrator 04/18/2009 22:35.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1015.801 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-13 17:52 . 2009-04-13 17:52 -------- d--h--w c:\windows\PIF
2009-04-12 20:09 . 2009-04-12 20:09 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-04-10 20:52 . 2009-04-10 20:52 -------- d-sh--w C:\FOUND.000
2009-04-10 18:13 . 2009-04-10 18:13 -------- d-s---w c:\documents and settings\Administrator\UserData
2009-04-10 15:03 . 2004-08-03 20:08 26496 ----a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-09 12:00 . 2009-04-09 12:00 -------- d-----w c:\windows\system32\LogFiles
2009-04-08 08:00 . 2009-04-08 08:00 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-07 14:35 . 2009-04-07 14:35 -------- d-----w c:\documents and settings\Administrator\Application Data\Nokia Multimedia Player
2009-04-07 13:39 . 2009-04-07 13:39 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-07 13:36 . 2009-04-07 13:36 -------- d-----w c:\documents and settings\All Users\Application Data\DynDNS
2009-04-07 13:21 . 2009-04-07 13:21 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-04-07 13:21 . 2009-04-07 13:21 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-07 13:20 . 2009-04-07 13:20 25 ----a-w c:\windows\cdplayer.ini
2009-04-07 13:19 . 2009-04-07 13:20 -------- d-----w C:\netcat
2009-04-07 13:19 . 2009-04-07 13:19 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-07 13:19 . 2009-04-07 13:19 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 13:18 . 2009-04-07 13:18 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2009-04-07 13:18 . 2009-04-07 13:18 -------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:17 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16 -------- d-----w c:\documents and settings\Administrator\Application Data\shim aim support
2009-04-07 13:14 . 2009-04-07 13:14 -------- d-----w c:\windows\system32\DRVSTORE
2009-04-07 13:13 . 2009-04-07 13:13 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-07 13:05 . 2009-04-07 13:05 0 ----a-w c:\windows\nsreg.dat
2009-04-07 13:05 . 2009-04-07 13:05 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-07 12:59 . 2009-04-07 12:59 27264 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 12:56 . 2003-04-09 14:43 34356 ----a-w c:\windows\WMPrfAra.prx
2009-04-07 12:56 . 2003-04-09 14:43 57344 ----a-w c:\windows\system32\WMErrAra.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 20:28 . 2009-04-12 20:28 -------- d-----w c:\program files\Hotspot Shield
2009-04-12 20:08 . 2009-04-12 20:08 -------- d-----w c:\program files\Conduit
2009-04-12 19:34 . 2009-04-12 19:34 -------- d-----w c:\program files\مشغل الفلاش العربي
2009-04-07 13:36 . 2009-04-07 13:36 -------- d-----w c:\program files\DynDNS Updater
2009-04-07 13:23 . 2009-04-07 13:23 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 13:19 . 2009-04-07 13:19 -------- d-----w c:\program files\Common Files\xing shared
2009-04-07 13:19 . 2009-04-07 13:19 -------- d-----w c:\program files\Common Files\Real
2009-04-07 13:19 . 2009-04-07 13:19 -------- d-----w c:\program files\Real
2009-04-07 13:18 . 2009-04-07 13:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 13:17 . 2009-04-07 13:17 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-07 13:17 . 2009-04-07 13:17 -------- d-----w c:\program files\Common Files\Nokia
2009-04-07 13:17 . 2009-04-07 13:17 -------- d-----w c:\program files\Nokia
2009-04-07 13:17 . 2009-04-07 13:17 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-07 13:16 . 2009-04-07 13:16 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16 -------- d-----w c:\program files\ACD Systems
2009-04-07 13:16 . 2009-04-07 13:16 -------- d-----w c:\program files\shim aim support
2009-04-07 13:15 . 2009-04-07 13:15 -------- d-----w c:\program files\Circe Developement
2009-04-07 13:15 . 2009-04-07 13:15 -------- d-----w c:\program files\Windows Live
2009-04-07 13:15 . 2009-04-07 13:15 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-07 13:14 . 2009-04-07 13:14 -------- d-----w c:\program files\MSN Messenger
2009-04-07 12:57 . 2009-04-06 22:13 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 22:14 . 2009-04-06 22:14 -------- d-----w c:\program files\microsoft frontpage
2009-04-06 22:10 . 2009-04-06 22:10 21640 ----a-w c:\windows\system32\emptyregdb.dat
2004-08-03 18:56 . 2004-08-03 18:56 96480 --sh--r c:\windows\system32\jisggs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 qndkky;Manager Helper;c:\windows\system32\svchost.exe [2004-08-03 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qndkky
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\A787F4B091886EE8.job
- c:\docume~1\admini~1\applic~1\shimai~1\Jugsmailrdr.exe [2009-04-07 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ie3tve0m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ie3tve0m.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 22:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qndkky]
"ServiceDll"="c:\windows\system32\jisggs.dll"
.
Completion time: 2009-04-18 22:38
ComboFix-quarantined-files.txt 2009-04-18 19:38

Pre-Run: 8,765,505,536 bytes free
Post-Run: 8,809,259,008 bytes free

118

 

[لوسيان]

المشكله يابو ريما ياقلبي

التعليق الشديد

يوم أفتح ادارة المهام ألاقي svchots.exe مرتفعه مره توصل لـ 95

 

[ابـــو عــبــد الــلــه]

الله يعطيكم العافية
التقرير الاول ناقص كثير
اعد نسخه بدون كود

:b:​

 

[MAAX]

الاول تبع الهايجاك

 

[لوسيان]

أبشر

تفضل ..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:24 م, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\Poison Ivy 2.3.2.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\Poison Ivy 2.3.2\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--
End of file - 1337 bytes

 

[ابـــو عــبــد الــلــه]

عطل نقطة الاستعادة مثل الموجود في الشرح التالي

::::



حمل اداة الكاسبر من الرابط التالي


...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

...




بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​

​

​

[/B]

​

[/B]

​

[/B]

​

[/B]

ثم قوم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[لوسيان]

يؤ ؟؟

مافي حل غيرة ؟؟؟؟؟؟؟

 

[ابـــو عــبــد الــلــه]

يؤ ؟؟

مافي حل غيرة ؟؟؟؟؟؟؟

:hh:

لازم​