1. الوررر

    الوررر عضو جديد

    إنضم إلينا في:
    ‏28 ديسمبر 2009
    المشاركات:
    20
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    0
    المشكلة هي ظهور رسالة مزعجة في حاسوبي وأعتقد أنها فيروس لأن هذه الرسالة ظهرة بعد أدخالي لفلاش في كمبيوتر صديقي ثم ظهرة الرسالة في جهازة ثم في جهازي علما بأني عملت فحص للفلاش وللجهاز ولكن الرسالة لل زالة تظهر وكل فتره تظظهر بشكل مستمر وتسبب تعليق للجهاز وأنا منزعج منها كثثثثثثيرا
    وعنوان الرسالة
    x.exe-app lication error
    ومضمون الرسالة
    The instruction 0x000000ac referenced memoryb at 0x000000ac the memory could not ba read click ok to terminate the program
    والخيار الوحيد فيها هو ok
    فأرجو منكم مساعدتي في حل هذه المشكلة المزعجة

    تعبكم معى اسف
  2. master

    master مدير المنتدى إداري

    إنضم إلينا في:
    ‏26 أكتوبر 2007
    المشاركات:
    2,805
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    38
    الجنس:
    ذكر
    الوظيفة:
    مبرمج جافا
    مكان الإقامة:
    الاسكندرية
    ما ذكرت نظام التشغيل..
    على العموم على فرض نظام التشغيل عندك وندوز اكس بي..
    حمل هالاداة واحفظها على سطح المكتب
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    سو تعطيل لكل برامج الحماية اللي عندك وقفل أي برامج مفتوحة.. بعدين شغل الأداة..
    بعد تشغيلها وافق على أي رسائل تطلع لك منها..
    انتظر لين تخلص الأداة (لا تشغل أي برنامج لين تنتهي الأداة من عملها.. ممكن تسوي إعادة تشغيل لجهازك إذا تطلب الأمر).. بعد ما تخلص بيطلع لك تقرير في المفكرة انسخه وحطه بردك الجاي
    .. ​
  3. الوررر

    الوررر عضو جديد

    إنضم إلينا في:
    ‏28 ديسمبر 2009
    المشاركات:
    20
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    0
    شكرا حضرتك
    والتقرير

    ComboFix 10-08-07.01 - ahmed1 08/08/2010 7:19.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1256.968.1033.18.2940.2354 [GMT -7:00]
    Running from: d:\********s and settings\ahmed1\My ********s\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\docume~1\ahmed1\LOCALS~1\Temp\MCCS.exe
    c:\********s and settings\ahmed1\alg.exe
    c:\********s and settings\ahmed1\autorun.inf
    c:\********s and settings\ahmed1\******s.lnk
    c:\********s and settings\ahmed1\dieewo.exe
    c:\********s and settings\ahmed1\dieewo.scr
    c:\********s and settings\ahmed1\dieewox.exe
    c:\********s and settings\ahmed1\ert.dll
    c:\********s and settings\ahmed1\g9d5d98u6.exe
    c:\********s and settings\ahmed1\x.exe
    C:\OOXD
    c:\ooxd\FILES\dc.exe
    c:\ooxd\FILES\Desktop.ini
    c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
    c:\windows\Cqogya.exe
    c:\windows\system32\drivers\multikey.sys
    c:\windows\system32\sshnas21.dll
    c:\windows\system32\W32PATCH.dll
    c:\windows\system32\win.exe
    c:\windows\system32\winjpg.jpg
    c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    c:\windows\w32dasm8.ini
    C:\winfile.jpg
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS
    -------\Service_SSHNAS
    -------\Service_multikey


    ((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
    .

    2010-08-07 11:07 . 2010-08-07 11:07 2273280 ----a-w- c:\windows\system32\xdpas000.scr
    2010-08-07 10:38 . 2010-08-07 10:38 -------- d-----w- c:\program files\Desktop Icon Toy
    2010-08-07 10:37 . 2010-08-07 10:37 124855 ----a-w- c:\windows\ActSoft Video Converter Uninstaller.exe
    2010-08-07 10:37 . 2010-08-07 10:37 -------- d-----w- c:\program files\ActiveX Soft
    2010-08-07 08:01 . 2010-08-07 08:01 26694 ----a-r- c:\********s and settings\ahmed1\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA 3FD2017A8240C5B.exe
    2010-08-07 08:01 . 2010-08-07 08:01 26694 ----a-r- c:\********s and settings\ahmed1\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
    2010-08-07 08:01 . 2010-08-07 08:01 26694 ----a-r- c:\********s and settings\ahmed1\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
    2010-08-07 08:01 . 2010-08-07 08:01 26694 ----a-r- c:\********s and settings\ahmed1\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
    2010-08-07 07:57 . 2010-08-07 07:57 -------- d-----w- c:\program files\Google
    2010-08-06 14:34 . 2010-08-06 14:34 112640 ----a-w- c:\********s and settings\ahmed1\dfdqfd.exe
    2010-08-06 09:47 . 2010-08-06 13:54 112640 ----a-w- c:\********s and settings\ahmed1\h6c1g68m8.exe
    2010-08-06 09:45 . 2009-10-21 01:47 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2010-08-06 09:45 . 2009-10-12 22:21 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
    2010-08-06 09:45 . 2009-09-10 21:55 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2010-08-06 09:45 . 2007-08-09 11:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2010-08-06 09:45 . 2010-08-06 09:45 -------- d-----w- c:\program files\Etisalat 3.5G USB Modem
    2010-08-05 15:39 . 2010-08-07 08:03 -------- d-----w- c:\********s and settings\ahmed1\Local Settings\Application Data\Google
    2010-08-03 18:59 . 2010-08-07 10:57 1196 ----a-w- c:\windows\69-0U812.BAT
    2010-08-03 18:43 . 2010-08-03 18:59 -------- d-----w- c:\program files\Photodex Presenter
    2010-08-03 18:43 . 2010-08-03 18:43 -------- d-----w- c:\********s and settings\ahmed1\Application Data\Netscape
    2010-08-03 18:43 . 2010-08-03 18:43 -------- d-----w- c:\program files\Photodex
    2010-08-03 18:42 . 2010-08-03 18:42 -------- d-----w- c:\********s and settings\ahmed1\Application Data\Photodex
    2010-08-02 16:30 . 2010-08-07 10:47 -------- d-----w- c:\********s and settings\ahmed1\Local Settings\Application Data\Babylon
    2010-08-02 16:29 . 2010-08-02 16:29 -------- d-----w- c:\program files\Babylon
    2010-08-02 16:29 . 2010-08-08 14:23 -------- d-----w- c:\********s and settings\All Users\Application Data\Babylon
    2010-08-02 16:29 . 2010-08-08 14:16 -------- d-----w- c:\********s and settings\ahmed1\Application Data\Babylon
    2010-08-02 16:27 . 2010-08-02 16:27 161434 ----a-w- c:\windows\Animated Wallpaper Maker Uninstaller.exe
    2010-08-02 16:27 . 2010-08-02 16:27 -------- d-----w- c:\program files\Animated Wallpaper Maker
    2010-08-02 16:26 . 2010-08-02 16:26 161775 ----a-w- c:\windows\Animated Screensaver Maker Uninstaller.exe
    2010-08-02 16:26 . 2010-08-02 16:26 -------- d-----w- c:\program files\Common Files\Thraex Software
    2010-08-02 16:26 . 2010-08-02 16:26 -------- d-----w- c:\program files\Animated Screensaver Maker
    2010-08-01 16:28 . 2010-08-01 16:28 -------- d-----w- c:\********s and settings\ahmed1\Application Data\EbkReader
    2010-08-01 16:26 . 2010-08-01 16:26 -------- d-----w- c:\********s and settings\ahmed1\Application Data\URSoft
    2010-08-01 16:26 . 2010-08-01 16:33 -------- d-----w- c:\program files\Your Uninstaller 2008
    2010-07-31 09:18 . 2010-07-31 09:18 -------- d-----w- C:\Temp
    2010-07-30 14:17 . 2010-07-30 14:17 452104 ------w- c:\********s and settings\ahmed1\Application Data\Real\Update\setup3.12\setup.exe
    2010-07-19 03:52 . 2010-07-19 03:52 -------- d-----r- C:\DODA

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-08-08 14:24 . 2010-02-05 07:12 -------- d---a-w- c:\********s and settings\All Users\Application Data\TEMP
    2010-08-06 12:13 . 2010-02-07 16:50 -------- d-----w- c:\********s and settings\All Users\Application Data\AVG Security Toolbar
    2010-08-01 17:11 . 2010-02-14 09:43 -------- d-----w- c:\program files\Xilisoft
    2010-07-06 08:10 . 2010-07-06 08:10 439816 ------w- c:\********s and settings\ahmed1\Application Data\Real\Update\setup3.10\setup.exe
    2010-07-06 08:10 . 2010-02-07 14:49 95744 ----a-w- c:\********s and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
    2010-07-06 06:28 . 2010-07-06 06:15 -------- d-----w- c:\program files\Oman Mobile E180
    .

    ------- Sigcheck -------

    [-] 2009-06-09 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2010-02-02 57344]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
    2010-02-05 07:12 2655736 ------w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-02-05 2803200]
    "DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2009-11-22 454656]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-02-07 2043160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
    "SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2009-03-25 136192]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-05 198160]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-04-26 3740088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
    "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-07 16:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/02/2010 06:29 ص 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/02/2010 06:29 ص 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/02/2010 06:29 ص 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/02/2010 06:29 ص 297752]
    R2 DolphinCBarSrv2;Dolphin CBar Service 2;c:\windows\system32\dolsrvcbar2.exe [04/02/2010 08:50 م 253952]
    R2 DolphinInterceptorStartup;Dolphin Utility Service;c:\windows\system32\dolserve.exe [04/02/2010 08:50 م 253952]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [04/02/2010 08:30 م 110080]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [06/08/2010 02:45 ص 100736]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-21KC2A1112233}]
    2010-04-28 05:55 61441 --sha-r- c:\doda\BEEK\april2x4.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    URLSearchHooks-*{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
    HKCU-Run-dieewo - c:\********s and settings\ahmed1\dieewo.exe
    HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
    HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
    HKLM-Run-regdiit - c:\windows\system32\win.exe
    ActiveSetup-{67KLN5J0-4OPM-01WE-AAX5-314CCA354112} - c:\ooxd\FILES\dc.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-08 07:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3912)
    c:\windows\system32\shdoclc.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\browselc.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    .
    ************************************************** ************************
    .
    Completion time: 2010-08-08 07:26:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-08 14:26

    Pre-Run: 112,331,894,784 bytes free
    Post-Run: 116,206,809,088 bytes free

    - - End Of File - - 2962ED1B180E11746A4A133E6C6E511A
  4. الوررر

    الوررر عضو جديد

    إنضم إلينا في:
    ‏28 ديسمبر 2009
    المشاركات:
    20
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    0
    ارجو الرد
    ...............
  5. master

    master مدير المنتدى إداري

    إنضم إلينا في:
    ‏26 أكتوبر 2007
    المشاركات:
    2,805
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    38
    الجنس:
    ذكر
    الوظيفة:
    مبرمج جافا
    مكان الإقامة:
    الاسكندرية
    المشكلة ليس لها علاقة بالفلاش ميموري
    و يتم التخلص منها بعد تحديث الويندوز
    كيف الجهاز الآن؟
    الأداة تخلصت من مجموعة من الفيروسات والملفات الضارة.. تشوفها كلها مكتوبة من بعد السطر هذا
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    إلى الفقرة اللي بعده..
    الحين نحتاج تقرير هايجاك علشان نتأكد تماما من سلامة جهازك..

مشاركة هذه الصفحة