مشكلة في مؤشر الماوس وشريط المهام .. ساعدوني ارجوكم

ح

حــــاير الشرقية

زيزوومي جديد
إنضم
15 مايو 2008
المشاركات
17
مستوى التفاعل
0
النقاط
20
غير متصل
السلامـ عليكمـ

انا عندي مشكله مؤشر الماوس مو راضي يتحرك من مكانه

وشريط المهام اول ما اشغل الجهاز بفتره قصيره يختفي

ابي حل واكون شاكر لكم

تحياتي ومحبتي لكم

حاير الشرقيه
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
المشاكل هذه تكون سببها عادة فيروسات

اعمل التالي لااهنت

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2)

واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

بانتظاررك

واذا صار الجهاز سليم شفنا لشريط المهام والماوس
 
توقيع : LINEZERO
تأييد 0
مشكور للردك السريع انشاء الله بجررب الحين وبرجع اقولك
 
تأييد 0
عملة اول أداة طلع عندي هذا التقرير

ComboFix 08-05-29.1 - sadeq ahmad 06/01/2008 1:37:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.88 [GMT 3:00]
Running from: C:\Documents and Settings\sadeq ahmad\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
C:\Documents and Settings\2006\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\2006\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\2006\Local Settings\Application Data\services.exe
C:\Documents and Settings\sadeq ahmad\Application Data\macromedia\Flash Player\#Shareds\8398Y953\iforex.com
C:\Documents and Settings\sadeq ahmad\Application Data\macromedia\Flash Player\#Shareds\8398Y953\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Documents and Settings\sadeq ahmad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\sadeq ahmad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 22:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-27 02:45 --------- d-----w C:\Documents and Settings\sadeq ahmad\Application Data\Chicaimreal
2008-05-27 02:44 --------- d-----w C:\Program Files\Chicaimreal
2008-05-27 02:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bait nurb roam real
2008-05-23 00:50 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-05-23 00:50 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-05-23 00:50 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-05-23 00:50 18,628,608 ----a-w C:\WINDOWS\system32\viscomavi.dll
2008-05-22 11:46 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-05-21 15:18 --------- d-----w C:\Program Files\PrtSc
2008-05-19 08:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-05-17 22:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-13 03:59 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 03:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-05-13 02:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-13 02:14 --------- d-----w C:\Program Files\Circle Developement
2008-05-07 22:50 --------- d-----w C:\Documents and Settings\sadeq ahmad\Application Data\DeskSoft
2008-05-07 22:32 47,251 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-07 22:32 2,145 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-06 16:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Disk Cleaner
2008-05-06 16:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Registry Helper
2008-05-04 08:07 --------- d-----w C:\Program Files\JetAudio
2008-05-03 18:08 --------- d-----w C:\Program Files\Common Files\COWON
2008-05-02 20:01 --------- d-----w C:\Documents and Settings\2006\Application Data\storeglue
2008-05-02 12:51 --------- d-----w C:\Program Files\LtUcx
2008-05-02 11:39 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-02 11:38 --------- d-----w C:\Program Files\Softwin
2008-05-01 16:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-20 08:27 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-04-20 08:27 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-04-20 08:27 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-04-20 08:27 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-04-16 19:04 --------- d-----w C:\Documents and Settings\sadeq ahmad\Application Data\skypePM
2008-04-14 18:30 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 18:30 32,866 ----a-w C:\WINDOWS\system32\slrundll.exe
2008-04-14 18:30 32,768 ----a-w C:\WINDOWS\system32\setupn.exe
2008-04-14 18:30 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2008-04-14 18:30 20,992 ----a-w C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 18:30 176,128 ----a-w C:\WINDOWS\system32\napstat.exe
2008-04-14 18:28 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 18:28 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 18:28 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 18:28 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-14 18:10 71,680 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 18:09 72,704 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 18:04 700,928 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 18:04 326,912 ----a-w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 07:52 --------- d-----w C:\Documents and Settings\sadeq ahmad\Application Data\Uniblue
2008-04-13 21:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 21:10 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 20:53 95,424 ----a-w C:\WINDOWS\system32\drivers\slnthal.sys
2008-04-13 20:53 404,990 ----a-w C:\WINDOWS\system32\drivers\slntamr.sys
2008-04-13 20:53 180,360 ----a-w C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-04-13 20:53 13,776 ----a-w C:\WINDOWS\system32\drivers\recagent.sys
2008-04-13 20:53 13,240 ----a-w C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-04-13 20:53 129,535 ----a-w C:\WINDOWS\system32\drivers\slnt7554.sys
2008-04-13 20:53 126,686 ----a-w C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-04-13 20:53 1,309,184 ----a-w C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-04-13 19:06 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-10 17:13 --------- d-----w C:\Program Files\Google
2008-04-09 16:43 --------- d-----w C:\Program Files\Java
2008-04-09 16:34 --------- d-----w C:\Program Files\Common Files\Java
2008-04-08 02:01 --------- d-----w C:\Program Files\edFullEditor1.3
2008-04-07 00:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 04:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:33 --------- d-----w C:\Program Files\Armor2net
2008-03-17 22:37 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-02-16 17:18 82 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-02-08 00:56 155,995 ----a-w C:\WINDOWS\java\Packages\G3HNHZLV.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 09:30 PM 1695232]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM 4670704]
"error road"="C:\DOCUME~1\SADEQA~1\APPLIC~1\CHICAI~1\GplRdrLive.exe" [05/27/2008 05:43 AM 406016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/11/2008 01:00 AM 68856]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 04:36 AM 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/07/2007 04:24 PM 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [02/07/2007 04:21 PM 54832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"ROAM REAL CLOSE OBJ"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Bait nurb roam real\copy logo.exe" [06/01/2008 01:29 AM 622592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\sadeq ahmad\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Stardock Dock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe [2005-02-21 16:56:00 1826885]
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 16:41:00 90112]
C:\Documents and Settings\All Users.WINDOWS\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 00:43:06 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [11/02/2006 04:51 PM]
.
s of the 'Scheduled Tasks' folder
"2008-05-31 22:00:03 C:\WINDOWS\Tasks\A70E4F969185C90E.job"
- c:\docume~1\sadeqa~1\applic~1\chicai~1\Remote loud blah.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-06-01 01:39:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 06/01/2008 1:44:03
ComboFix-quarantined-files.txt 2008-05-31 22:43:38
Pre-Run: 14,821,871,616 bytes free
Post-Run: 14,814,932,992 bytes free
165 --- E O F --- 2008-05-31 06:26:18
 
تأييد 0
حدثت لى مثل هذه المشكله وكان السبب الرام
جرب فكها واعادة تركيبها
 
توقيع : hgwhv.o
تأييد 0
هذا التقرير الثاني خيوـو

Logfile of HijackThis v1.99.1
Scan saved at 02:09:02 ص, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\SADEQA~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R3 - URLSearchHook: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ROAM REAL CLOSE OBJ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Bait nurb roam real\copy logo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [error road] C:\DOCUME~1\SADEQA~1\APPLIC~1\CHICAI~1\GplRdrLive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - Startup: Stardock Dock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
 
تأييد 0
يعطيك الف عافيه على حضورك

لي رجعه ... تحياتي
 
تأييد 0
معذرة اخى انا قلت الرام يعنى الرامات وليس ال Cd Rom
وان شاء الله تنحل المشلكه وبالتوفيق
 
توقيع : hgwhv.o
تأييد 0
قبل لاتفك الرام اعمل التالي

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ROAM REAL CLOSE OBJ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Bait nurb roam real\copy logo.exe
O4 - HKCU\..\Run: [error road] C:\DOCUME~1\SADEQA~1\APPLIC~1\CHICAI~1\GplRdrLive. exe
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


حدد القيم التاليه واحذفهم وعطني تقرير هايجاك جديد
 
توقيع : LINEZERO
تأييد 0
خيــــوـو لاهنت بس عندي سؤال

منين احدد القيم اللي تقول عنهم
 
تأييد 0
حــــاير الشرقية قال:
خيــــوـو لاهنت بس عندي سؤال

منين احدد القيم اللي تقول عنهم
أنقر للتوسيع...
بعد ان اخي العزيز LINEZERO
افتح اداة هايجيك من جديد وحدد القيم اللي اشار اليه المراقب العزيز LINEZERO
كتالي:

wh_31752766.png


تظهر لك نافذة اضغط على نعم

بالتوفيق
 
تأييد 0
يعطيك الف عافيه لحضورك الرائع

لي رجعه
 
تأييد 0
رجعت ومع التقرير

Logfile of HijackThis v1.99.1
Scan saved at 04:53:40 ص, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\DOCUME~1\SADEQA~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R3 - URLSearchHook: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - Startup: Stardock Dock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
 
تأييد 0
حياك اخوي

من لوحة التحكم ادخل على اضافة وازاله البرامج وقم بحذف تولبار قوقل وتولبار ياهو

ثم نزل هالااداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png


اعد التشغيل واعمل تقرير ثاني
,,,,,
 
تأييد 0
عمل التقرير مع اني متاخر بس ظروف

وهذا التقرير

Logfile of HijackThis v1.99.1
Scan saved at 05:29:53 م, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\SADEQA~1\LOCALS~1\Temp\الدليل المؤقت 2 لـ hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - Startup: Stardock Dock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
 
تأييد 0
هلا اخوي

حدد القيمة التالية ثم احذفها

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

كيف الجهاز معك؟
 
تأييد 0
هلا اخوي بعدها المشكله ما صار شي جديد

عملت خطوه خطوه وما تغير شي بالجهاز اذا في حل ثاني ياليت تعطوني وياه

تحياتي
 
تأييد 0
الغالي حمل الاداة التالية وتلقى معاها صوره فيها عدة صور اتبع الشرح في الصورة رقم 1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ورد خبر
 
توقيع : dollar989
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى