[ تم حل المشكله ] لدي مشكلة في جهازي تاتي لي عند تشغيل الجهاز رسالة خطأ فيها هذه المعلومة

mehrez01 · 2 مايو 2009

بسم الله الرحمان الرحيم

اخوان اعضاء منتدى زيزوم
مساء الخير
لدي مشكلة في جهازي
تاتي لي عند تشغيل الجهاز رسالة خطأ فيها هذه المعلومة
explorer .exe a rencontrer un probleme et doit fermer
و رسالة اخري
drwlsn 32.exe a rencontrer un probleme et doit fermer
وعند الضغط علي عدم ارسال رسالة الخطأ الي مكرسوفت يعلق الجهاز و يبقي هكذا الي لن اعيد تشغيل الجهاز
وهذا تقرير هايجاك
مع العلم انني اذهب الي ادارة المهام و اقوم بانهاء كل من هذه explorer .exe و drwlsn 32.exe
فتحل مشكلة الجهاز
مع العلم ان جهازي اصبح بطئ
سؤال اخر هل ان الانتي فيروس تبعي جيد ام لا
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:38, on 02-05-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4150 bytes

أعتز بك · 2 مايو 2009

هلا وغلا

التقرير سليم

يا ليت صوره للرساله

بالآآنتظآآر,,

mehrez01 · 2 مايو 2009

مساء الخير عليك
لا استطيع ان اريك صورة لتقرير الخطا لان عندما يضهر تقرير الخطأ يجمد الجهاز و لا استطيع فعل شئ
عند فتحي للجهاز اول مرة و اشغل المودام تضهر التقرير الخطا فاضطر الي انهاء عمل كل من هاتين العمليتين explorer .exe و drwlsn 32.exe
فيعود الجهاز طبعيعي و لكن ببطئ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:05, on 02-05-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4084 bytes

أعتز بك · 2 مايو 2009

قوم بعمل التالي

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه

انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

mehrez01 · 2 مايو 2009

لم استطع تحميل الاداة

أعتز بك · 2 مايو 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

mehrez01 · 2 مايو 2009

هاهو التقرير و لكن بعد الفحص بهذه الاداة تجمد الجهاز فاضطررت الي اعادة تشغيله و شكرا

ComboFix 09-05-02.4 - user 05/02/2009 15:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.478.151 [GMT 2:00]
Running from: c:\documents and settings\user\Bureau\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\.#
c:\documents and settings\user\Application Data\addons.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 14:06 . 2009-05-02 14:06 7168 ----a-w c:\windows\system32\drivers\utewndy0.sys
2009-05-02 14:04 . 2009-05-02 13:27 2082848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-02 14:04 . 2009-05-02 14:04 -------- d-----w c:\windows\LastGood
2009-05-02 14:04 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\31451251.sys
2009-05-01 16:12 . 2009-05-01 16:12 -------- d-----w c:\program files\MSXML 4.0
2009-05-01 12:05 . 2001-08-23 15:47 87040 ----a-w c:\windows\system32\wiafbdrv.dll
2009-05-01 11:36 . 2009-05-01 11:36 -------- d-----w c:\documents and settings\user\Application Data\URSoft
2009-05-01 11:36 . 2009-05-01 12:08 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-30 23:22 . 2009-04-17 18:23 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-30 23:22 . 2009-04-17 18:23 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-30 23:22 . 2009-04-30 23:24 -------- d-----w c:\program files\File Recover
2009-04-28 18:43 . 2009-04-28 18:43 -------- d-----w c:\documents and settings\user\Application Data\Druide
2009-04-28 18:29 . 2009-04-28 18:29 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-04-28 18:22 . 2009-04-28 18:22 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-27 19:20 . 2009-04-27 19:20 -------- d-----w c:\windows\system32\help
2009-04-27 18:58 . 2009-04-27 18:58 -------- d-----w c:\documents and settings\user\Application Data\ESET
2009-04-27 18:56 . 2009-04-27 18:56 -------- d-----w c:\program files\ESET
2009-04-27 18:56 . 2009-04-27 18:56 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-27 11:57 . 2009-04-27 11:57 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-26 18:52 . 2009-04-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-26 12:17 . 2009-05-01 12:08 -------- d-----w c:\program files\USB Disk Security
2009-04-26 11:00 . 2009-04-26 11:00 -------- d--h--w c:\windows\PIF
2009-04-25 08:51 . 2009-05-01 15:07 -------- d-----w c:\documents and settings\user\Application Data\dvdcss
2009-04-25 08:41 . 2009-04-25 08:41 -------- d-----w c:\documents and settings\user\Application Data\vlc
2009-04-25 08:40 . 2009-04-25 08:40 -------- d-----w c:\program files\VideoLAN
2009-04-25 08:33 . 2009-04-25 08:33 -------- d-----w c:\documents and settings\user\Application Data\ATI
2009-04-25 08:33 . 2009-04-25 08:33 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-25 08:33 . 2009-04-25 08:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ATI
2009-04-24 18:48 . 2009-04-24 18:50 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-04-24 14:08 . 2009-04-24 14:08 -------- d-----w c:\documents and settings\LocalService\Bureau
2009-04-24 14:01 . 2009-05-01 18:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-24 13:06 . 2009-04-24 13:06 0 ----a-w c:\windows\ativpsrm.bin
2009-04-23 19:14 . 2009-04-27 18:42 -------- d-----w c:\program files\ATI
2009-04-23 18:42 . 2009-04-23 18:42 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-23 18:42 . 2009-04-23 18:42 -------- d-----w c:\documents and settings\user\Application Data\TuneUp Software
2009-04-23 18:41 . 2009-04-23 18:41 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-23 18:41 . 2009-04-23 18:41 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-23 17:33 . 2009-04-23 17:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ashampoo
2009-04-23 17:33 . 2009-04-23 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-04-22 18:24 . 2009-04-28 17:52 -------- d-----w c:\program files\Microsoft FrontPage Express
2009-04-22 12:39 . 2009-04-22 12:39 -------- d-----w c:\documents and settings\user\Application Data\JLC's Software
2009-04-21 18:53 . 2009-04-27 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-20 18:45 . 2009-04-26 18:16 -------- d-----w c:\documents and settings\user\Application Data\DMCache
2009-04-20 18:19 . 2009-04-20 18:19 -------- d-----w c:\documents and settings\user\Application Data\IEPro
2009-04-20 17:46 . 2004-08-11 13:55 110602 ----a-w c:\windows\system32\xcdsfx32.bin
2009-04-20 17:46 . 2004-09-28 09:13 526184 ----a-w c:\windows\system32\XceedCry.dll
2009-04-20 17:46 . 2005-01-12 09:19 456536 ----a-w c:\windows\system32\XCEEDZIP.DLL
2009-04-19 17:20 . 2004-08-19 14:09 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-19 17:12 . 2009-04-20 18:42 -------- d-----w c:\program files\Fichiers communs\Akamai
2009-04-19 17:11 . 2009-04-23 17:34 -------- d-----w c:\documents and settings\user\Application Data\Ashampoo
2009-04-19 16:52 . 2009-04-19 16:52 -------- d-----w c:\windows\Sun
2009-04-19 16:51 . 2009-04-19 16:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 16:51 . 2009-04-19 16:51 -------- d-----w c:\program files\Java
2009-04-19 16:12 . 2009-04-19 16:12 -------- d-----w c:\documents and settings\user\Application Data\Reallusion
2009-04-19 16:11 . 2009-04-19 16:11 -------- d-----w c:\documents and settings\user\Application Data\MakeUpPilot
2009-04-19 16:02 . 2009-04-26 18:18 -------- d-----w c:\program files\MakeUp Pilot
2009-04-19 15:54 . 2009-04-19 15:54 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Help
2009-04-18 22:47 . 2009-04-18 22:47 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-18 22:47 . 2009-04-18 22:47 -------- d-----w c:\windows\system32\LogFiles
2009-04-18 22:42 . 2009-04-18 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\SRSLabs
2009-04-18 22:40 . 2009-04-18 22:40 -------- d-----w c:\program files\Fichiers communs\SRS
2009-04-18 22:28 . 2009-04-18 22:28 275456 ----a-w c:\windows\system32\gfbaksm.dat
2009-04-18 22:21 . 2000-10-01 22:00 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-04-17 17:10 . 2009-04-17 17:14 0 --sha-w c:\windows\system32\sys_drv.dat
2009-04-17 13:41 . 2009-04-18 13:02 -------- d-----w c:\windows\Lhsp
2009-04-15 17:07 . 2009-04-24 18:37 -------- d-----w c:\documents and settings\user\Application Data\CVitae
2009-04-14 18:03 . 2009-04-17 13:41 -------- d-----w c:\windows\speech
2009-04-14 18:01 . 2009-04-14 18:01 172032 ------w c:\windows\Setup1.exe
2009-04-14 18:01 . 2009-04-14 18:02 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-13 17:49 . 2009-04-13 17:49 -------- d-----w c:\documents and settings\All Users\Application Data\Estsoft
2009-04-13 17:49 . 2009-04-14 17:56 -------- d-----w c:\documents and settings\user\Application Data\ESTsoft
2009-04-12 11:48 . 2009-04-12 11:48 -------- d-----w c:\windows\Downloaded Installations
2009-04-12 11:36 . 2009-04-20 17:55 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-12 11:36 . 2009-04-12 11:48 -------- d-----w c:\program files\Broadcom
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w c:\windows\system32\DRM
2009-04-11 14:54 . 2009-04-11 14:54 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\BVRP Software
2009-04-09 18:53 . 2003-06-18 23:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-09 18:52 . 2009-04-09 18:52 -------- d-----w c:\program files\Microsoft.NET
2009-04-09 18:52 . 2009-04-09 18:52 -------- d-----w c:\windows\SHELLNEW
2009-04-09 16:33 . 2009-04-09 16:34 -------- d-----w c:\documents and settings\user\Application Data\PenProtect
2009-04-09 13:21 . 2009-04-09 13:21 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-04-09 13:21 . 2009-04-09 13:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-04-09 13:21 . 2009-04-09 13:21 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-04-09 13:18 . 2009-04-09 13:18 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-04-09 13:10 . 2009-04-09 13:10 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\IM
2009-04-08 21:06 . 2009-04-10 17:48 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\IM
2009-04-08 21:06 . 2009-04-08 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2009-04-08 21:06 . 2009-04-08 21:06 -------- d-----w c:\program files\IncrediMail
2009-04-08 20:48 . 2009-05-01 18:38 -------- d-----w c:\program files\FaxTools
2009-04-08 20:48 . 2009-04-08 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-04-08 20:46 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-08 20:46 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-08 20:45 . 2009-04-08 20:45 -------- d-----w c:\documents and settings\user\WINDOWS
2009-04-08 18:32 . 2009-04-08 18:32 -------- d-----w C:\ATI
2009-04-08 18:21 . 2009-04-08 18:21 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-08 18:21 . 2009-04-08 18:21 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Google
2009-04-08 18:21 . 2009-04-08 18:21 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-08 18:21 . 2009-04-08 18:21 -------- d-----w c:\program files\Real
2009-04-08 18:18 . 2009-04-08 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-04-07 17:58 . 2009-04-07 17:59 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-07 12:23 . 2009-04-18 21:41 64464 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 18:58 . 2009-04-06 19:18 -------- d-----w c:\documents and settings\All Users\Application Data\Prism
2009-04-06 18:46 . 2009-04-06 18:46 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Identities
2009-04-05 19:27 . 2001-09-28 12:00 1677824 ----a-w c:\windows\system32\chsbrkr.dll
2009-04-05 19:27 . 2001-09-28 12:00 838144 ----a-w c:\windows\system32\chtbrkr.dll
2009-04-05 19:27 . 2001-09-28 12:00 70656 ----a-w c:\windows\system32\korwbrkr.dll
2009-04-05 19:27 . 2001-09-28 12:00 98304 ----a-w c:\windows\system32\msir3jp.dll
2009-04-05 19:26 . 2001-09-28 12:00 218112 ----a-w c:\windows\system32\c_g18030.dll
2009-04-05 19:26 . 2001-09-28 12:00 6144 ----a-w c:\windows\system32\kbd101a.dll
2009-04-05 19:26 . 2001-09-28 12:00 6144 ----a-w c:\windows\system32\kbdlk41j.dll
2009-04-05 19:26 . 2001-09-28 12:00 6656 ----a-w c:\windows\system32\kbdlk41a.dll
2009-04-05 19:26 . 2001-09-28 12:00 9216 ----a-w c:\windows\system32\kbdnecAT.dll
2009-04-05 19:26 . 2001-09-28 12:00 7168 ----a-w c:\windows\system32\kbdnec95.dll
2009-04-05 19:26 . 2001-09-28 12:00 7680 ----a-w c:\windows\system32\kbdnecNT.dll
2009-04-05 19:26 . 2001-09-28 12:00 7168 ----a-w c:\windows\system32\f3ahvoas.dll
2009-04-05 19:26 . 2001-09-28 12:00 7168 ----a-w c:\windows\system32\kbdibm02.dll
2009-04-05 19:26 . 2001-09-28 12:00 6144 ----a-w c:\windows\system32\kbd106n.dll
2009-04-05 19:26 . 2001-09-28 12:00 6144 ----a-w c:\windows\system32\kbdax2.dll
2009-04-05 19:26 . 2001-09-28 12:00 6144 ----a-w c:\windows\system32\kbd101.dll
2009-04-05 19:16 . 2009-05-02 13:42 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-05 19:12 . 2008-06-14 17:59 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-04-05 18:05 . 2009-04-05 18:05 -------- d-----w c:\documents and settings\All Users\Application Data\zyz Kaspersky Lab setup files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 14:04 . 2009-05-02 14:04 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-02 14:00 . 2009-04-23 18:44 484 ----a-w c:\windows\Tasks\الصيانة بنقرة واحدة.job
2009-05-02 13:25 . 2009-04-05 15:35 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 15:42 . 2001-09-28 12:00 72094 ----a-w c:\windows\system32\perfc00C.dat
2009-05-01 15:42 . 2001-09-28 12:00 460916 ----a-w c:\windows\system32\perfh00C.dat
2009-04-23 19:13 . 2009-04-05 15:40 -------- d-----w c:\program files\ATI Technologies
2009-04-17 11:39 . 2009-04-05 15:30 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 17:58 . 2009-04-05 17:58 1172 ----a-w c:\windows\mozver.dat
2009-04-05 17:55 . 2009-04-05 17:55 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-05 17:52 . 2009-04-05 17:52 0 ----a-w c:\windows\nsreg.dat
2009-04-05 15:50 . 2009-04-05 15:50 -------- d-----w c:\program files\Analog Devices
2009-04-05 15:40 . 2009-04-05 15:37 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-04-05 15:38 . 2009-04-05 15:38 -------- d-----w c:\program files\CONEXANT
2009-04-05 15:37 . 2009-04-05 15:37 -------- d-----w c:\program files\Dell
2009-04-05 15:31 . 2009-04-05 15:31 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 15:30 . 2001-09-28 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-05 15:29 . 2009-04-05 15:29 -------- d-----w c:\program files\Services en ligne
2009-04-05 15:27 . 2009-04-05 15:27 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:46 . 2004-08-19 14:09 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-02 18:10 . 2009-04-05 17:55 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-20 08:31 . 2004-08-19 14:09 663552 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:31 . 2004-08-19 14:09 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:17 . 2004-08-19 14:00 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2004-08-19 16:04 2017792 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2004-08-19 14:04 2138112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2004-08-19 14:09 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-19 14:09 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-19 14:09 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-19 14:09 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-19 14:10 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-09-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:10 . 2004-08-19 14:09 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\user\Menu D‚marrer\Programmes\D‚marrage\
is-HH2F1.lnk - c:\documents and settings\user\Bureau\Virus Removal Tool\is-HH2F1\startup.exe [2009-5-2 65536]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1460:TCP"= 1460:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1413:TCP"= 1413:TCP:Akamai NetSession Interface

R3 zlportio;ZLPORTIO - Allow user access to I/O ports; [x]
S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3456]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 is-HH2F1drv;is-HH2F1drv;c:\windows\system32\DRIVERS\31451251.sys [2008-07-08 148496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS-HH2F1DRV
*NewlyCreated* - UTEWNDY0
*Deregistered* - utewndy0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\8g9ltd6d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-02 15:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-02 15:28
ComboFix-quarantined-files.txt 2009-05-02 13:28

Pre-Run: 145,947,049,984 octets libres
Post-Run: 145,939,841,024 octets libres

276 --- E O F --- 2009-05-01 18:48

mehrez01 · 2 مايو 2009

تفرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:00, on 02-05-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-HH2F1.lnk = C:\Documents and Settings\user\Bureau\Virus Removal Tool\is-HH2F1\startup.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3808 bytes

mehrez01 · 2 مايو 2009

ماذا افعل

mehrez01 · 3 مايو 2009

ماذا افعل

mehrez01 · 3 مايو 2009

ماذا افعل

mehrez01 · 3 مايو 2009

ألا يوجد احد يساعدني

Corporation · 3 مايو 2009

تقرير هايجاك جديد

mehrez01 · 3 مايو 2009

مساء الخير عليك شكرا لتجاوبك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:04, on 03-05-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 3877 bytes

أعتز بك · 3 مايو 2009

التقرير سليم

كيف الأوضاع الآآن

mehrez01 · 3 مايو 2009

لا زالت تاتيني نفس رسائل الخطأ عند بداية التشغيل و يتجمد الجهاز
لكن عندما اقوم بانهاء عمل كل من هاتين العمليتين يذهب التجميد

أعتز بك · 3 مايو 2009

حمل الاداة التالية

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وأغلق جميع البرامج

شغلها فتظهر لك واجهة الاداة

اختر خيار التنظيف فتظهر شاشة الدوس للفحص

اتركها حتى تنتهي ويظهر التقرير

انسخه والصقه بمشاركتك القادمة

وبعدها شوف كيف وضع الجهاز

mehrez01 · 3 مايو 2009

الرابط لا يعمل معي

mehrez01 · 3 مايو 2009

هاهو التقرير

Engine Version : 5300.2777
Engine Load Time : 22437 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 11 جانفي, 2009
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan

Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\NTUSER.DAT : Scan Failed
c:\Documents and Settings\user\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8g9ltd6d.default\parent.lock : Scan Failed
c:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8g9ltd6d.default\places.sqlite-journal : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\user\Local Settings\temp\etilqs_1L0p1RVECrBaLl8Jrs0t : Scan Failed
c:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_d8c.dat : Scan Failed
File : c:\System Volume Information\_restore{FE69D14D-856A-4F84-B214-6694E47C0054}\RP57\A0017781.exe : contains "Trojan" called "Generic PWS.y" (Deleted )
c:\System Volume Information\_restore{FE69D14D-856A-4F84-B214-6694E47C0054}\RP57\A0017781.exe : Deleted
File : c:\System Volume Information\_restore{FE69D14D-856A-4F84-B214-6694E47C0054}\RP65\A0022456.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{FE69D14D-856A-4F84-B214-6694E47C0054}\RP65\A0022456.exe : Deleted
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_290.dat : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 30733
FilesScanned : 23386
FilesNotScanned : 7347

ObjectsFound : 67018
ObjectsInfected : 2
ObjectsCleaned : 0
ObjectsDeleted : 2

FilesInfected : 2
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 2

Started at : 12:34:01 03 ماي, 2009
Ended at : 13:00:34 03 ماي, 2009
Duration : 26 minutes 32 seconds
4680 MB scanned in 1592 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 34141 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 11 جانفي, 2009
Extra DAT : 0 detections

File : f:\programme\IE.Motivational.Poster.Maker.v1.04__wASIME900_\IE.Motivational.Poster.Maker.v1.04 by shanu\motivational.exe : contains "Trojan" called "Generic.dx" (Deleted )
f:\programme\IE.Motivational.Poster.Maker.v1.04__wASIME900_\IE.Motivational.Poster.Maker.v1.04 by shanu\motivational.exe : Deleted

Summary :-
FilesFound : 2759
FilesScanned : 1251
FilesNotScanned : 1508

ObjectsFound : 3135
ObjectsInfected : 1
ObjectsCleaned : 0
ObjectsDeleted : 1

FilesInfected : 1
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 1

Started at : 13:01:10 03 ماي, 2009
Ended at : 13:02:32 03 ماي, 2009
Duration : 1 minutes 21 seconds
620 MB scanned in 81 seconds = 7 MB/s

mehrez01 · 3 مايو 2009

ماذا الان

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي نشيط

زيزوومى محترف

توقيع : أعتز بك

زيزوومي نشيط

زيزوومى محترف

توقيع : أعتز بك

زيزوومي نشيط

زيزوومى محترف

توقيع : أعتز بك

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

زيزوومى محترف

توقيع : أعتز بك

زيزوومي نشيط

زيزوومى محترف

توقيع : أعتز بك

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم