[تم حل المشكلة] فايرس يخفي الملفات وينسخ نفسه وقتحم nod32

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

الباشق1

زيزوومى متألق
إنضم
4 أبريل 2008
المشاركات
288
مستوى التفاعل
0
النقاط
360
غير متصل
السلام عليكم ورحمة الله وبركاته اخوتي جهاز فيه فايرس يخفي الملفات وينسخ نفسه في اكثر من ملف رغم وجود برنامج nod32 ومحدث ولاكن بدون فائده دخل جهازي ؟؟؟وهذا تقرير للجهازLogfile of HijackThis v1.99.1Scan saved at 01:37:21 م, on 01/08/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\WINDOWS\system32\CAP3RSK.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\CNAB4RPK.EXEC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXEC:\WINDOWS\Explorer.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\USB Disk Security\USBGuard.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Toolbar\wltuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\WISPTIS.EXEC:\WINDOWS\system32\msiexec.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\الإسطوآآنة الخرآفية\HijackThis.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dllO9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O11 - Options group: [INTERNATIONAL] International*O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
التقرير غلط وانا اخوك

اعمل تقرير جديد وارفعه بطريقه صحيحه
 
توقيع : AbOdy
تأييد 0
ابشر ولا يهمك ولاكن التقرير عن طريق برنامج HijackThis
والمشكله الثانيه انه تم تعطيل ادارة المهام ؟؟؟؟؟


Logfile of HijackThis v1.99.1
Scan saved at 02:03:58 م, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\الإسطوآآنة الخرآفية\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
اخي العزيز لا ستطيع تعديل البرنامج بسببم توقف ادرة المهام ؟؟ هل فيه طريقه اخرى
 
تأييد 0
نعم

شغل الأداة في الوضع الأمن



عند تشغيل الجهاز تبدأ بالضغط على F8



بشكل متكرر حتى تظهر هذه الشاشة


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
بعد أذن اخوي عبودي ..


يالغالي هذي احد طرق استعادة ادارة المهام .. عشان تعطل النود ..


الطريقة الاولى

اذهب الى startlrun

zyzoom-1db9ec7b8c.png


ثم انسخ هذا الكود والصقه في المربع واضغط موافق

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWO

zyzoom-d6b2ef52b9.png

 
توقيع : shaded
تأييد 0
مشكورني اخوتي ماقصرتم ولاكن كلها مانفعة هذا الفايرس قوي جدا

حتى وضع الامن لما اختاره تظهر لي شاشة زرقاء

ونسخة اخي نفس النص ولا فائده والله نفس المشكله

والمشكله الثانيه اي ملف تنفيذي يعطله او يخربه
 
تأييد 0
طيب جرب يالغالي الطرق هذي..


الطريقة الثانية

حمل هذا المفتاح فقط دبل كليك ووافق على الرسالة واعد التشغيل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



الطريقة الثالثة

اذهب الى startlrun واكتب regedit

zyzoom-1db9ec7b8c.png


zyzoom-c1493c91fd.png



ثم تابع هذا المسار

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System

من جهة اليمين اذا وجدت هذه العبارة قم بحذفها

DisableTaskMgr

zyzoom-b21b96b32d.png



ثم اعد التشغيل

الطريقة الرابعة

اذهب الى startlrun ثم اكتب gpedit.msc

zyzoom-1db9ec7b8c.png


zyzoom-d8fcedc8e2.png



ثم تابع هذا المسار

User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager

من جهة اليمين دبل كليك على هذا اخيار

Remove Task Manager

zyzoom-397f73a5e6.png



ثم اختر هذا الخيار من المربع التالي

Not Configured.

zyzoom-eb4ebff282.png



 
توقيع : shaded
تأييد 0
اخوي شغل الأداة في الوضع العادي

دون تعطيل برنامج الحماية
 
توقيع : AbOdy
تأييد 0
اخي نفس المشكله سويتها اول قبل اضع المشاركه ولاكن بدون فائده

وحملة برنامج ComboFix ويعطيني رساله خاطاء؟؟؟ والله جهازي رح فيها

انا الان قفلة برنامج الحماية والاداء لا تشتغل كمان ؟؟ شو الحل
 
تأييد 0
هذا تقرير الاول

2009-05-12 22:44:38 GetAllComputerInfo: UserName=خ
2009-05-12 22:44:38 GetAllComputerInfo: ComputerName=المحمول
2009-05-12 22:44:38 GetAllComputerInfo: IPAddress=192.168.1.65
2009-05-12 22:44:38 Usercontrol_Show 1, LanguageID = 2
2009-05-12 22:44:38 Usercontrol_Show 1, TestLauncherPath =
2009-05-12 22:44:38 Loading translation file : C:\Program Files\NCC Education\Online Support Files\ActiveXATS.mld into TOOLBAR translation dictionary
2009-05-12 22:44:38 Show: gs_LAN_Tests_DBFolder =
2009-05-12 22:44:38 About to Initialise the toolbar
2009-05-12 22:44:38 Event raised
2009-05-12 22:44:38 Event raised
2009-05-12 22:44:38 Event raised
2009-05-12 22:44:38 InitControl: DL180
2009-05-12 22:44:38 InitControl: DL450
2009-05-12 22:44:38 InitControl: DL690
2009-05-12 22:44:38 InitControl: DL720
2009-05-12 22:44:38 InitControl: DL811
2009-05-12 22:44:38 fncFileShortName: DL25
2009-05-12 22:44:38 fncFileShortName: DL30
2009-05-12 22:44:38 fncFileShortName: DL60
2009-05-12 22:44:38 fncFileShortName: DL90
2009-05-12 22:44:38 fncFileShortName: DL120


التقرير الثاني

Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1009 unused index entries from index $SII of file 0x9.
Cleaning up 1009 unused index entries from index $SDH of file 0x9.
Cleaning up 1009 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
39070048 KB total disk space.
15546868 KB in 65221 files.
21840 KB in 5021 indexes.
0 KB in bad sectors.
289488 KB in use by the system.
65536 KB occupied by the log file.
23211852 KB available on disk.
4096 bytes in each allocation unit.
9767512 total allocation units on disk.
5802963 allocation units available on disk.
Internal Info:
50 68 01 00 6d 12 01 00 17 7a 01 00 00 00 00 00 Ph..m....z......
fa 01 00 00 01 00 00 00 0e 05 00 00 00 00 00 00 ................
aa ec a3 06 00 00 00 00 9e da 2e 21 00 00 00 00 ...........!....
1e 63 a0 1a 00 00 00 00 00 00 00 00 00 00 00 00 .c..............
00 00 00 00 00 00 00 00 3e 62 66 53 00 00 00 00 ........>bfS....
99 9e 36 00 00 00 00 00 80 36 07 00 c5 fe 00 00 ..6......6......
00 00 00 00 00 d0 e7 b4 03 00 00 00 9d 13 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
 
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
توقيع : البارون
تأييد 0
ابشر خيو والله يوفقك

وكمان انا جلس بحمل برنامج ((( اسطوانة الطوارئ من قاهر الفيروسات ايفرا Avira Rescue CD (04.01.2009 )))

هل هو فعال ولا ماتنصحني فيه
 
تأييد 0
روح قسم برامج الحماية فيه 4 اسطونات مطروحة اليوم تخير اللي تعجبك
 
توقيع : البارون
تأييد 0
تسلم اخي وفقك الله ابي نصيحتك وهذا التقرير اخي بعد حذف الملفات المصابه فوق100 ملف

Malwarebytes' Anti-Malware 1.39Database version: 2421Windows 5.1.2600 Service Pack 301/08/2008 04:55:08 مmbam-log-2008-08-01 (16-55-08).txtScan type: Full Scan (C:\|D:\|E:\|)Objects scanned: 176806Time elapsed: 31 minute(s), 46 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 5Folders Infected: 4Files Infected: 63Memory Processes Infected:C:\Documents and Settings\خالد\Local Settings\temp\cmrvw.exe (Trojan.Downloader) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{c4494903-b885-4cd1-9989-086d42c2f612} (Rogue.SpyRemover) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{c4494923-b885-4cd1-9989-086d42c2f612} (Rogue.SpyRemover) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\IMMonitor (PUP.Logger) -> Quarantined and deleted successfully.c:\program files\SpyRemover Pro (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\documents and settings\all users\start menu\Programs\SpyRemover Pro v3.0.4 (Rogue.SpyRemover) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\خالد\Local Settings\temp\cmrvw.exe (Trojan.Downloader) -> Delete on reboot.c:\program files\spyremover pro\SpyRemoverPro.exe.BAK (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SRPRestart.exe (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\JetAudio\jetUpdate.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.d:\system volume information\_restore{637c489f-06d1-4085-9fd5-c2fb96e2f965}\RP2\A0000709.exe (Trojan.Agent) -> Quarantined and deleted successfully.d:\القعقاع\M\photoshop10 full-arabic\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.c:\program files\spyremover pro\BList (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\IgnoredSpywares.txt (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\l1.bmp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\l2.bmp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\l3.bmp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\l4.bmp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\l5.bmp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\News.html (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\ScanHistory.ini (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SftTree_IX86_U_50.ocx (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SpyRemover Pro_Startup.txt (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SpyRemoverPro.exe.manifest (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SRPRestart.exe.manifest (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\SS_BHR.ini (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\uninstal.log (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\WList (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46084.92_20090507124804_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46084.92_20090507124804_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46084.92_20090507124804_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46084.92_20090507124804_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46323.41_20090506125203_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46323.41_20090506125203_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46323.41_20090506125203_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46323.41_20090506125203_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46416.34_20090506125336_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46416.34_20090506125336_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46416.34_20090506125336_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\46416.34_20090506125336_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\52449.66_20081019143409_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\52449.66_20081019143409_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\52449.66_20081019143409_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\52449.66_20081019143409_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\53146.13_20081020144546_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\53146.13_20081020144546_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\53146.13_20081020144546_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\53146.13_20081020144546_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\5682.359_20080926013442_COOKIESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\5682.359_20080926013442_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\5682.359_20080926013442_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\5682.359_20080926013442_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\5682.359_20080926013442_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\61071.64_20080928165751_COOKIESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\61071.64_20080928165751_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\61071.64_20080928165751_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\61071.64_20080928165751_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\61071.64_20080928165751_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\76824.8_20080923212024_COOKIESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\76824.8_20080923212024_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\76824.8_20080923212024_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\76824.8_20080923212024_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\76824.8_20080923212024_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\82579.02_20081010225619_COOKIESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\82579.02_20081010225619_COOKIESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\82579.02_20081010225619_FILESBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\82579.02_20081010225619_FILESBK_DET.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\program files\spyremover pro\Backup\82579.02_20081010225619_REGBK.bkp (Rogue.SpyRemover) -> Quarantined and deleted successfully.c:\documents and settings\all users\start menu\Programs\spyremover pro v3.0.4\SpyRemover Pro v3.0.4.lnk (Rogue.SpyRemover) -> Quarantined and deleted successfully.</p>
 
تأييد 0
Logfile of HijackThis v1.99.1
Scan saved at 05:55:11 م, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\الإسطوآآنة الخرآفية\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:16:26 م, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\244E~1\LOCALS~1\Temp\winlkdaa.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


--
End of file - 7491 bytes
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى