مشكلة بتصفح الجهاز!!!

المصدر: مشكلة بتصفح الجهاز!!!
في منتدى : منتدى مشاكـل وحلول الحـاسب

السلام عليكم


صباح الخير

اخواني انا جهازي احسه ثقيل بالتصفح يعني لما اروح جهاز الكمبيوتر و اتنقل احس بثقل


واحس الجهاز مو طبيعي


ياليت احد يساعدني و اكون له شاكر

 

وعليكم السلام
لحل مشكلتك ارجوا عمل التالي

تقرير HijackThis

تقرير runscanner

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:26 م, on 2010/05/14
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Users\Fahad\Desktop\SBot_1.63\X_FhoodY_X\SBot_1.71.exe
C:\Users\Fahad\Desktop\SBot_1.63\war_to_death\SBot_1.71.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\Fahad\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Internet Download Manager تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 6017 bytes

 

واعمل هذا ايضاً لو سمحت ،،،

تقرير runscanner

مالوووير بااايت
​

 

تفضل اخوي

http://www.eupload.org/shared/24903a123.rar

 

حمل الملف التالي :

ZyZoOm

وطبق عليه هذا الشرح ،

تنظيف runscanner

وفي انتظار التقرير الاخر ،
​

 

^

لاتنسون تطلبون

Start Up
menu

صوره
​

 

************' Anti-Malware 1.45
www.************.org
Database version: 3972
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2010/05/15 12:43:17 ص
mbam-log-2010-05-15 (00-43-17).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 179667
Time elapsed: 27 minute(s), 58 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 20
Memory Processes Infected:
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
Files Infected:
D:\احمد\11\WinZip v10\Crack\crack.exe (Malware.NSPack) -> Quarantined and deleted successfully.
D:\احمد\11\برنامج رهيب للتحميل 5.18\IDM.5.18.Build3\Patch\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\احمد\فهد\برامج\انترنت مانجر\Patch 5.xx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\احمد\Programs\All Program\2برامج\serah_raheeqmakhtom السيرة النبوية\Setup.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
D:\احمد\Programs\All Program\2برامج\WinZip v10\Crack\crack.exe (Malware.NSPack) -> Quarantined and deleted successfully.
D:\احمد\Programs\All Program\2برامج\كراك فيستا\Vista Activation Crack AIO\Vista Automated Activation Crack v3.0\VistaActivationCrackSetup.exe (Worm.VB) -> Quarantined and deleted successfully.
D:\احمد\Programs\Internet Download Manager v5.18 Build 5_T.E.K.O\باتش1\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\برامج\انترنت مانجر\Patch 5.xx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

 

تم عمل جميع الخطوات اخوي عزوز

باقي شي يالغالي ؟؟

 

تمام الان اظغط على Quarantine ثم Delete All ،،

ثم نظف جهازك بهذه الاداه ،،

TFC

ثم اعمل هذا ،،

StartUp
​

 

Start-Up Items; List generated by Start-Up Tool. http://Soft.EM-TNT.com

msnmsgr

Name:msnmsgrCommand:"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Windows Live MessengerCompany:Microsoft Corporation


IDMan

Name:IDManCommand:C:\Program Files\Internet Download Manager\IDMan.exe /onbootReg_Path:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Internet Download Manager (IDM)Company:Tonec Inc.


TkBellExe

Name:TkBellExeCommand:"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:RealNetworks SchedulerCompany:RealNetworks, Inc.


AVP

Name:AVPCommand:"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Kaspersky Anti-VirusCompany:Kaspersky Lab


DivXUpdate

NameivXUpdateCommand:"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescriptionivX UpdateCompany:n/a


Adobe Reader Speed Launcher

Name:Adobe Reader Speed LauncherCommand:"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Adobe Acrobat SpeedLauncherCompany:Adobe Systems Incorporated


Adobe ARM

Name:Adobe ARMCommand:"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"Reg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:Adobe Reader and Acrobat ManagerCompany:Adobe Systems Incorporated


************ Anti-Malware (reboot)

Name:************ Anti-Malware (reboot)Command:"C:\Users\Fahad\AppData\Local\Temp\zxq1\mbam.exe" /runcleanupscriptReg_Path:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunStatus:enabledDescription:n/aCompany:n/a

 

شيل علامة الصح من هالبرامج ،،

msnmsgr

IDMan

TkBellExe

DivXUpdata

Adobe ARM

M alwarebytes' Anti-Malware

ثم Apply ثم Exit

ثم هذا ،،

استعادة افتراضيات الاكسبلورر

وخبرنا اخر النتائج
​

 

الله يعطيك الف عافيه اخوي عزوز



((( تــــــــــــم حـــــــــــل المـــــــشكــــــــلـــــــــه ))).....