[تم حل المشكلة]رسالة خطاء في نظام تظهر لي بشكل دائم

الحالة
مغلق و غير مفتوح للمزيد من الردود.
م

مواجع الم

زيزوومي جديد
إنضم
22 فبراير 2008
المشاركات
7
مستوى التفاعل
0
النقاط
0
غير متصل
بسم الله الرحـم ـن الرحيـم

انا عندي مشكلـه في نظام اكس بي كل ماجيت اسوي شي على الكمبيوتر تطلع ليا رسـاله وهذا هيا صورة الرسالــه ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




من لديـه طريقة حل هذا المشكـله لايحرمنـا من علمــه اتمني للجميع التوفيق
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
اشكـر لكـ تفاعلكـ السريع اخي ماكــس والله يوفقكـ بدنيتكـ ويجعلها لكـ صحيفة خير بوقت الضيق

اخي عملتـ مثل ماطلبت والتقرير كالتالــي :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:08 ص, on 11/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Promate\3.75G HSUPA Wireless Modem\WirelessCard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~1\apop.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~1\sensor.exe /loadrun
O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~1\acappaa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWirelessCard] C:\Program Files\Promate\3.75G HSUPA Wireless Modem\WirelessCard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Matrix Screen Locker.lnk = C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{07DCA50C-3D83-4EFB-A021-85074F304BA6}: NameServer = 84.23.102.172 84.23.101.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{07DCA50C-3D83-4EFB-A021-85074F304BA6}: NameServer = 84.23.102.172 84.23.101.84
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Online Protection System - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe (file missing)
O23 - Service: Quick Heal Total Security Mail Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE (file missing)
O23 - Service: Quick Update Service - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Total Security Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe (file missing)
O23 - Service: TwonkyMedia - Unknown owner - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (file missing)
O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 10651 bytes
 
تأييد 0
بعد إذن اخى MAAX احذف
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~1\apop.dll (file missing)

O23 - Service: Online Protection System - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe (file missing)

O23 - Service: Quick Heal Total Security Mail Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE (file missing)

O23 - Service: Quick Heal Total Security Mail Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE (file missing)

O23 - Service: Total Security Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe (file missing)

O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe (file missing)

O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثم قم بحذف الtoolbar فى المتصفح إن وجدت
+
ما اسم برنامج الحماية الذى تستخدمه
 
تأييد 0
مرحباً ...

[ عذراً بتعديل عنوان الموضوع ] ...

<< ليعطي وصف للموضوع ...

في أمان الله ...
 
توقيع : MMA_LORD_735
تأييد 0
ugugx قال:
بعد إذن اخى MAAX احذف

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)​

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)​

O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~1\apop.dll (file missing)​

O23 - Service: Online Protection System - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe (file missing)​

O23 - Service: Quick Heal Total Security Mail Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE (file missing)​

O23 - Service: Quick Heal Total Security Mail Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE (file missing)​

O23 - Service: Total Security Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe (file missing)​

O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe (file missing)​

O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم قم بحذف الtoolbar فى المتصفحإن وجدت
+
ما اسم برنامج الحماية الذى تستخدمه​
أنقر للتوسيع...

اضف للسابق هذا التقرير ايضا

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
اخواني الكرام حاليا لايوجـد بجهازي برنامج حماية كنت منصب الكاسبر ثم قمت بازالتـه حتي اجد حل لهذا المشكله

ثانياً اخي ugugx لا اعرف كيف اقوم بعملية الحذف

اما بالنسبه لا اخي ماكس قمت بتحميل الاداة ثم عملت الطريقة التي وضعتها والتقرير كالتالي :

ComboFix 09-06-11.05 - CT 06/11/2009 14:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1526.990 [GMT -7:00]
Running from: c:\documents and settings\CT\Desktop\ComboFix.exe
AV: Total Security 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.
2009-06-11 17:43 . 2009-06-11 17:43 -------- d-----w- c:\program files\Trend Micro
2009-06-11 14:32 . 2009-06-11 14:32 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-10 23:38 . 2009-06-10 23:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 23:37 . 2009-06-10 23:37 -------- d-----w- c:\program files\Quick Heal
2009-06-09 16:10 . 2009-06-09 17:07 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-09 16:10 . 2009-06-09 17:07 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-09 16:09 . 2009-06-10 22:29 270368 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-09 16:09 . 2009-06-10 22:29 2580512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-09 16:09 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-09 16:09 . 2009-06-09 16:09 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-05 12:46 . 2009-06-10 23:37 -------- d-----w- c:\program files\Quick Heal(2)
2009-05-19 04:02 . 2004-08-04 06:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-19 04:02 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-19 04:02 . 2009-05-19 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:02 . 2008-01-24 00:08 99456 ----a-w- c:\windows\system32\drivers\bsusbser.sys
2009-05-19 04:02 . 2009-05-19 04:02 -------- d-----w- c:\program files\Promate
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 21:57 . 2009-04-24 06:10 -------- d-----w- c:\documents and settings\CT\Application Data\Orbit
2009-06-11 15:10 . 2009-05-02 16:32 -------- d-----w- c:\documents and settings\CT\Application Data\skypePM
2009-06-11 14:31 . 2009-04-24 05:49 -------- d-----w- c:\program files\Common Files\Real
2009-06-11 14:31 . 2006-07-12 01:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-11 02:58 . 2009-04-24 06:13 -------- d-----w- c:\documents and settings\CT\Application Data\Skype
2009-06-10 23:37 . 2009-04-24 06:13 -------- d-----w- c:\program files\Google
2009-06-10 22:29 . 2009-06-09 16:09 23336 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 22:29 . 2009-06-09 16:09 2004 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-29 01:40 . 2009-04-24 05:33 -------- d-----w- c:\program files\AutorunRemover
2009-05-26 18:42 . 2009-04-24 06:10 -------- d-----w- c:\program files\Orbitdownloader
2009-05-22 13:38 . 2009-05-01 12:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-19 04:02 . 2009-04-24 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:02 . 2009-04-24 04:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 19:37 . 2009-04-24 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-16 19:15 . 2009-04-24 11:39 -------- d-----w- c:\documents and settings\CT\Application Data\Nokia
2009-05-16 16:56 . 2009-04-24 05:59 65144 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-05-12 20:46 . 2009-04-27 18:18 -------- d-----w- c:\program files\JetAudio
2009-05-06 07:23 . 2009-05-06 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-02 16:32 . 2009-05-02 16:32 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-01 14:11 . 2009-05-01 14:11 2678 ----a-w- c:\windows\java\Packages\Data\5VZHZ53R.DAT
2009-05-01 14:11 . 2009-05-01 14:11 2678 ----a-w- c:\windows\java\Packages\Data\53PJLVNJ.DAT
2009-05-01 14:11 . 2009-05-01 14:11 2678 ----a-w- c:\windows\java\Packages\Data\7LNXBJF3.DAT
2009-05-01 14:11 . 2009-05-01 14:11 2678 ----a-w- c:\windows\java\Packages\Data\4C63BJ7H.DAT
2009-05-01 14:11 . 2009-05-01 14:11 2678 ----a-w- c:\windows\java\Packages\Data\3FT3HNTR.DAT
2009-05-01 13:56 . 2009-05-01 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-01 12:14 . 2009-05-01 12:14 -------- d-----w- c:\program files\Cirle Developement
2009-05-01 09:43 . 2009-04-24 05:55 -------- d-----w- c:\program files\Windows Live
2009-05-01 09:42 . 2009-05-01 09:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-30 20:52 . 2009-04-30 20:52 -------- d-----w- c:\program files\BaroufaSoft
2009-04-27 23:42 . 2009-04-27 23:42 390664 ----a-w- c:\documents and settings\CT\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-27 18:31 . 2009-04-27 18:31 -------- d-----w- c:\documents and settings\CT\Application Data\COWON
2009-04-27 18:20 . 2009-04-24 05:49 -------- d-----w- c:\program files\Real
2009-04-27 18:18 . 2009-04-27 18:18 -------- d-----w- c:\program files\Common Files\COWON
2009-04-27 03:49 . 2009-04-27 03:49 -------- d-----w- c:\documents and settings\CT\Application Data\CyberLink
2009-04-26 05:54 . 2009-04-26 05:54 -------- d-----w- c:\program files\Ask Search Assistant
2009-04-26 04:17 . 2009-04-24 04:34 95216 ----a-w- c:\documents and settings\CT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 04:05 . 2009-04-26 04:05 -------- d-----w- c:\program files\Microsoft
2009-04-26 04:04 . 2009-04-26 04:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-26 03:10 . 2009-04-24 05:36 -------- d-----w- c:\program files\eTeSoft Video Converter
2009-04-26 03:10 . 2009-04-24 05:52 -------- d-----w- c:\program files\Real_SC
2009-04-25 15:18 . 2009-04-25 15:17 -------- d-----w- c:\program files\hp deskjet 845c series
2009-04-25 15:17 . 2009-04-25 15:17 376 ----a-w- c:\windows\mozregistry.dat
2009-04-25 15:17 . 2009-04-25 15:16 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-25 01:55 . 2009-04-24 14:21 -------- d-----w- c:\documents and settings\CT\Application Data\PC Suite
2009-04-25 01:55 . 2009-04-25 01:55 -------- d-----w- c:\documents and settings\CT\Application Data\Media Player Classic
2009-04-25 01:55 . 2009-04-25 01:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-25 01:55 . 2009-04-25 01:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-25 01:48 . 2009-04-25 01:48 -------- d-----w- c:\program files\Common Files\PCSuite
2009-04-25 01:48 . 2009-04-25 01:48 -------- d-----w- c:\program files\Common Files\Nokia
2009-04-25 01:48 . 2009-04-25 01:47 -------- d-----w- c:\program files\Nokia
2009-04-25 01:48 . 2009-04-25 01:48 -------- d-----w- c:\program files\PC Connectivity Solution
2009-04-25 01:43 . 2009-04-25 01:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-25 01:43 . 2009-04-25 01:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-25 01:43 . 2009-04-25 01:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-25 01:42 . 2009-04-24 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-04-25 00:21 . 2009-04-25 00:21 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-24 14:19 . 2009-04-24 14:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-24 14:19 . 2009-04-24 14:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-24 12:41 . 2009-04-24 12:41 -------- d-----w- c:\documents and settings\CT\Application Data\ACD Systems
2009-04-24 12:22 . 2009-04-24 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-04-24 12:22 . 2009-04-24 12:22 -------- d-----w- c:\documents and settings\CT\Application Data\GRETECH
2009-04-24 12:12 . 2009-04-24 04:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-24 11:18 . 2009-04-24 11:18 -------- d-----w- c:\program files\DIFX
2009-04-24 11:12 . 2009-04-24 11:12 -------- d-----w- c:\program files\MSBuild
2009-04-24 11:12 . 2009-04-24 11:12 -------- d-----w- c:\program files\Reference Assemblies
2009-04-24 11:10 . 2009-04-24 11:10 -------- d-----w- c:\program files\MSXML 6.0
2009-04-24 11:07 . 2009-04-24 11:07 -------- d-----w- c:\documents and settings\CT\Application Data\Yahoo!
2009-04-24 10:45 . 2009-04-25 01:47 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-04-24 06:12 . 2009-04-24 06:12 -------- d-----w- c:\program files\Skype
2009-04-24 06:12 . 2009-04-24 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-24 06:12 . 2009-04-24 06:12 -------- d-----w- c:\program files\Common Files\Skype
2009-04-24 06:10 . 2009-04-24 06:10 -------- d-----w- c:\documents and settings\CT\Application Data\GrabPro
2009-04-24 06:06 . 2009-04-24 05:54 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-24 05:59 . 2009-04-24 06:00 28664 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2009-04-24 05:57 . 2009-04-24 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-04-24 05:54 . 2009-04-24 05:54 -------- d-----w- c:\program files\mpegable
2009-04-24 05:54 . 2009-04-24 05:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-24 05:52 . 2009-04-24 05:52 -------- d-----w- c:\program files\GRETECH
2009-04-24 05:52 . 2009-04-24 05:52 196608 ----a-w- c:\windows\system32\maag.dll
2009-04-24 05:52 . 2009-04-24 05:52 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-04-24 05:52 . 2009-04-24 05:52 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-04-24 05:52 . 2009-04-24 05:52 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-04-24 05:52 . 2009-04-24 05:52 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-04-24 05:52 . 2009-04-24 05:52 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-04-24 05:52 . 2009-04-24 05:52 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-04-24 05:52 . 2009-04-24 05:52 1986560 ----a-w- c:\windows\system32\akll.dll
2009-04-24 05:51 . 2009-04-24 05:51 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 05:51 . 2009-04-24 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-04-24 05:50 . 2009-04-24 05:48 -------- d-----w- c:\program files\CyberLink
2009-04-24 05:48 . 2009-04-24 05:48 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-24 05:47 . 2009-04-24 05:46 -------- d-----w- c:\program files\Ahead
2009-04-24 05:47 . 2009-04-24 05:47 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-24 05:45 . 2009-04-24 05:45 -------- d-----w- c:\program files\Macromedia
2009-04-24 05:45 . 2009-04-24 05:45 720896 ----a-w- c:\windows\iun6002.exe
2009-04-24 05:37 . 2009-04-24 05:36 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-04-24 05:36 . 2009-04-24 05:36 172032 ------w- c:\windows\Setup1.exe
2009-04-24 05:36 . 2009-04-24 05:36 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-24 05:35 . 2009-04-24 05:35 -------- d-----w- c:\program files\Common Files\stardock
2009-04-24 05:35 . 2009-04-24 05:35 -------- d-----w- c:\program files\Stardock
2009-04-24 05:33 . 2009-04-24 05:33 -------- d-----w- c:\program files\Common Files\ACD Systems
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-07-10 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-07-10 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2008-07-10 114688]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-07-22 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2008-07-10 88358]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-24 113664]
Matrix Screen Locker.lnk - c:\program files\BaroufaSoft\Matrix Screen Locker\matrix.exe [2006-1-29 539136]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-23 1719496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 21:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [23/04/2009 10:59 م 65144]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [23/04/2009 11:00 م 28664]
R3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [18/05/2009 09:02 م 99456]
S2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe --> c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [?]
S2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE --> c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [?]
S2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe --> c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [?]
S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe --> c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe [?]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MyWirelessCard - c:\program files\Promate\3.75G
HKLM-Run-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
HKLM-Run-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\CATEYE.EXE
HKLM-Run-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\sensor.exe
HKLM-Run-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-11 15:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="ba"
"b"="iexplore.exe"
[HKEY_USERS\S-1-5-21-1614895754-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(768)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2009-06-11 15:03
ComboFix-quarantined-files.txt 2009-06-11 22:03
Pre-Run: 19,249,684,480 bytes free
Post-Run: 21,080,592,384 bytes free
239
 
تأييد 0
فحص الخطا
=========

لو تضغط على contr+alt+supr سيظهر وستصادف هذا الخطا حسنا

وياتي متزامنا مع مصادفة خطا او فشل في فتح المتصفح انترنت اكسبلور

حسنا
ومن علامات وجوده انه يستهلك ذاكرة كبيرة لحظة ظهوره على الشاشة وتصبح الاوامر قليلة التلبية

حسنا انه فيروس ماليوار malware
وعادة مايحمل هذا الاسم في جهازك والذي استنتج به نوعية الخطا عندك ieexplore.exe
ياتي متزامنا مع وجود ملف تجسس اسمه _wait.exe و two_file.exe
طريقة التخلص من هذا الماليوار
انصح باستعمال برنامج antimalware

او استعمال برنامج avg antispyware

مع مراعات حذف القيم التي كشفها تقرير الهايجاك وبعدها قول لي ماذا جرى
 
توقيع : volvo2008
تأييد 0
طريقة الحذف
شغل البرنامج مرة اخرى
اعمل فحص بالاختيار الثانى
بعد الانتهاء شيك على القيم المصابة فى المربع بجوارها
اضغط على Fix checked
+
تقرير جديد مرة اخرى
 
تأييد 0
تحيـه طيبـه للجمـيع واتمني لكـم جمعه مباركـه

اخي فولفو نزلت البرنامجين اللي وضعتهـا وفعلا قمت بفحص جهازي ووجـدت انه مصاب بمجموعة كبيره من ملفات التجسس

ثم قمت بحذفتهــا .

اما بالنسبه لكـ اخي ugugx

قمت بالحذف لكل المجلدات اللي وضعتها او الاوامر بنفس الطريقة اللي ذكـرتها

مع العلم ان الرساله لازالت تظهر حتي الان

والتقرير الجديد كالتالي :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:10 م, on 12/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Matrix Screen Locker.lnk = C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Total Security Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Unknown owner - C:\PROGRA~1\QUICKH~1\QUICKH~1\strtsvc.exe (file missing)
O23 - Service: TwonkyMedia - Unknown owner - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (file missing)
--
End of file - 9375 bytes
 
تأييد 0
احذف هذا البرنامج AVG Anti-Spyware 7.5
لانه متوقف من الشركة من 7 اشهر ولا فائدة منه الان

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

قبل الفحص اعمل تحديث للبرنامج
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:06 م, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 7.7.7.7:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 7474 bytes
 
تأييد 0
وهذا بعد مافحصة الجهاز

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:15 م, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 7.7.7.7:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 6653 bytes
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:22 م, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 7.7.7.7:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 6511 bytes
 
تأييد 0
اخوي ابوجوري انت صاحب الموضوع ؟
افتح موضوع خاص فيك ووضح مشكلتك فيها
 
تأييد 0
اخي ماكـــس هذا التقرير بعد الفحص بالبرنامج :



نسخة قاعدة البيانات: 2267
Windows 5.1.2600 Service Pack 2
12/06/2009 09:50:12 م
mbam-log-2009-06-12 (21-50-12).txt
نوع البحث: بحث شامل (C:\|D:\|E:\|F:\|G:\|)
تم فحص: 151546
الوقت المنقضى: 25 minute(s), 32 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
بيانات التسجيل المصابة: 0
مجلدات مصابة: 0
ملفات مصابة: 1
عمليات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
وحدات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
مفاتيح التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
قيم التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
بيانات التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
مجلدات مصابة:
(لم يتم الكشف عن أية عناصر ضارة)
ملفات مصابة:
g:\system volume information\_restore{66a5cfc9-8d81-4788-9e9b-c134e83b7c7e}\RP34\A0004809.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
تأييد 0
التقرير سليم
هل تواجه اي مشاكل الان ؟
 
تأييد 0
اخي ماكـــس اختفت الرسالـه القديمـة لكـن الان عند قيامي با ايقاف تشغيل الكمبيوتر تظهـــر لي رسالة اخري لكـن لم استطيع التقاطهـا لانهـا تظهر بعد الضغط على ايقـاف تشغيل الكمبيوتر

الرسـاله تقول : فشلة عملية مكتبة الارتباط الحيوي del

واتمني منكـ وضع رابط لا افضل برنامج حماية من وجـهة نظركـ
 
تأييد 0
حمل الكاسبر من هذا الرابط

النسخة الانجليزية
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


النسخة العربية
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


المفاتيح

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شرح التثبيت بالفيديووو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثم ثبت ملف الاعدادات التالي للكاسبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
مشكــور مــاكس الله يوفقكـ وين ماكنتـــ

ويعطيكـ العافيــه اخي
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى