أرجو المساعدة في مشكلة الكاسبر و بطء النت

  • بادئ الموضوع بادئ الموضوع yako
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,131
Y

yako

زيزوومي جديد
إنضم
12 مايو 2009
المشاركات
51
مستوى التفاعل
0
النقاط
50
غير متصل
السلام عليكم ورحمة الله وبركاته
إخواني الله يبارك فيكم عندي مشكلة
إمبارح قمت بتنزيل الكاسبر انتي فيروس ولما جيت أعمل له تحديث
التحديث بطيء جدا جدا جدا صار له ساعة مشان يحمل 3%
وحتى صفحات النت جد جد بطيئة
المهم هاهو تقرير الهاجيك
وشكرا مقدما

Logfile of Trend Micro HijackThis v2.0.4


Scan saved at 17:23:45, on 17/04/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fvrgmt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe
C:\WINDOWS\system32\dn.exe
C:\WINDOWS\winlogin.exe
C:\WINDOWS\mscmtl32.exe
C:\WINDOWS\system32\svhost.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\repsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\dn.exe
C:\WINDOWS\system32\iexplorer.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Salaf Guide Toolbar - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Salaf Guide - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Salaf Guide Toolbar - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinDefender] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinDefender.exe
O4 - HKLM\..\Run: [Windows Data Serivce] dn.exe
O4 - HKLM\..\Run: [UpdateShield] %windir%\System32\r2c\mIRC.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\fvrgmt.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\Run: [Remote Registry Service] repsvc.exe
O4 - HKLM\..\Run: [ViLuD1MItprjt1dCXrVeHbcrgG] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\repsvc.exe
O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\mscmtl32.exe
O4 - HKLM\..\Run: [Windows] winlogin.exe
O4 - HKLM\..\Run: [MSN] C:\windows\lsass.exe
O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\Run: [Supports RAS Connections] svhost.exe
O4 - HKLM\..\Run: [heBwGQl] \LGDjl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BeyluxeMessenger] "C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe" /hide
O4 - HKCU\..\Run: [WinDefender] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinDefender.exe
O4 - HKCU\..\Run: [ArUB4SY6xVFi0riADRZy] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\repsvc.exe
O4 - HKCU\..\Run: [Supports RAS Connections] svhost.exe
O4 - HKCU\..\Run: [ybaS886PuG6WQ] \LGDjl.exe
O4 - HKCU\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\fvrgmt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\Driver\i386\ms-java.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 10583 bytes​
 

توقيع : yako
ترتيب حسب التاريخ ترتيب حسب الأصوات
اختي التصفح صار بطيئ من يوم نزلتي الكاسبر ..
 
توقيع : YHYA -KSA
تأييد 0

بعد أذن الآخ يحيى

أحذفى هذا أختى

R3 - URLSearchHook: Salaf Guide Toolbar - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Salaf Guide Toolbar - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll


طريقة الحذف لمستخدمي الفيستا و 7

3b7ae00caf9f7ac81fda4d8ad820737e.png

ثم ضع اشارة الصح على كل القيم المطلوب منك حذفها حسب الشرح التالي​

bf28ac475e05cc3563b98b204f5a4535.png

911376dd57542a52a620006373c8483c.png

ونظفى جهازك بهذه الاداة​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبلغينا اخر النتائج​

 
تأييد 0
السلام عليكم ورحمة الله
بارك الله فيكم إخواني لاهتمامكم
أخي العقرب قمت باتباع جميع الخطوات لكن لازال الكاسبر بطيء في التحديث
حتى اليوتوب عندي بطيء أما صفحات الويب فقد تحسنت قليلا

لذلك قمت بعمل تقرير مرة أخرى
وأعتذر على الازعاج
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:52:40, on 17/04/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fvrgmt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe
C:\WINDOWS\system32\svhost.exe
C:\Program Files\Menara\dslmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinDefender.exe
C:\WINDOWS\repsvc.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Salaf Guide - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinDefender] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinDefender.exe
O4 - HKLM\..\Run: [Windows Data Serivce] dn.exe
O4 - HKLM\..\Run: [UpdateShield] %windir%\System32\r2c\mIRC.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\fvrgmt.exe
O4 - HKLM\..\Run: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\Run: [Remote Registry Service] repsvc.exe
O4 - HKLM\..\Run: [ViLuD1MItprjt1dCXrVeHbcrgG] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\repsvc.exe
O4 - HKLM\..\Run: [Microsoft Device Manager] C:\WINDOWS\mscmtl32.exe
O4 - HKLM\..\Run: [Windows] winlogin.exe
O4 - HKLM\..\Run: [MSN] C:\windows\lsass.exe
O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\Run: [Supports RAS Connections] svhost.exe
O4 - HKLM\..\Run: [heBwGQl] \LGDjl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BeyluxeMessenger] "C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe" /hide
O4 - HKCU\..\Run: [WinDefender] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinDefender.exe
O4 - HKCU\..\Run: [ArUB4SY6xVFi0riADRZy] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\repsvc.exe
O4 - HKCU\..\Run: [Supports RAS Connections] svhost.exe
O4 - HKCU\..\Run: [ybaS886PuG6WQ] \LGDjl.exe
O4 - HKCU\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\fvrgmt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\Driver\i386\ms-java.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9217 bytes

 
توقيع : yako
تأييد 0
اختي متأكده ..

ان حفتي القيم
 
توقيع : YHYA -KSA
تأييد 0
نعم أخي الكريم
 
توقيع : yako
تأييد 0
حمل هذا البرنامج

رابط مباشر ،، محمول وبدون تثبيت
محدث
9 \ 4 \ 2011

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

ef13e017c7f665988b0203b7f6263df3.png


96cdb19a12f25918281cd580e18ea6d8.png


2bf73c43713bd700fce4d3e42e53e06f.png


942c6b91ff169506f993add2690f82ed.png


a400c0bd18f19d5be03699a3b20e7a6a.png


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
توقيع : الوفاء طبعي
تأييد 0
تفضل أخي الكريم

************' Anti-Malware 1.50.1.1100
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


Database version: 6387

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

18/04/2011 12:31:38
mbam-log-2011-04-18 (12-31-37).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 184520
Time elapsed: 5 hour(s), 1 minute(s), 28 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 27
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 90

Memory Processes Infected:
c:\WINDOWS\system32\fvrgmt.exe (Backdoor.Agent) -> 760 -> Unloaded process successfully.
c:\WINDOWS\winlogin.exe (Malware.Generic) -> 1440 -> Unloaded process successfully.
c:\WINDOWS\system32\dn.exe (Trojan.Downloader) -> 1640 -> Unloaded process successfully.
c:\WINDOWS\system32\svhost.exe (Malware.Generic) -> 1724 -> Unloaded process successfully.
c:\WINDOWS\mscmtl32.exe (Trojan.Dropper) -> 1696 -> Unloaded process successfully.
c:\WINDOWS\repsvc.exe (Trojan.Agent.Gen) -> 2052 -> Unloaded process successfully.
c:\WINDOWS\dn.exe (Malware.Gen) -> 2980 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{REGQI7ID-PMFA-NSQH-4TZE-EBFPHKQMYIVF} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{REGQI7ID-PMFA-NSQH-4TZE-EBFPHKQMYIVF} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{REGQI7ID-PMFA-NSQH-4TZE-EBFPHKQMYIVF} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BJYM3OUK-7ARQ-WY6G-4SJK-V24PYUUUQ4AP} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BJYM3OUK-7ARQ-WY6G-4SJK-V24PYUUUQ4AP} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{BJYM3OUK-7ARQ-WY6G-4SJK-V24PYUUUQ4AP} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-5FCB-17CF-BAX5-81CX1C735853} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\yOLE (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_MS-JAVA (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ms-java (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Backdoor.Agent) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Backdoor.Agent) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows (Malware.Generic) -> Value: Windows -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Data Serivce (Trojan.Downloader) -> Value: Windows Data Serivce -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Malware.Generic) -> Value: Supports RAS Connections -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Supports RAS Connections (Malware.Generic) -> Value: Supports RAS Connections -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Malware.Generic) -> Value: Supports RAS Connections -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Supports RAS Connections (Malware.Generic) -> Value: Supports RAS Connections -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Device Manager (Trojan.Dropper) -> Value: Microsoft Device Manager -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefender (Trojan.Downloader) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefender (Trojan.Downloader) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Remote Registry Service (Trojan.Agent.Gen) -> Value: Remote Registry Service -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ViLuD1MItprjt1dCXrVeHbcrgG (Trojan.Agent.Gen) -> Value: ViLuD1MItprjt1dCXrVeHbcrgG -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ArUB4SY6xVFi0riADRZy (Trojan.Agent.Gen) -> Value: ArUB4SY6xVFi0riADRZy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\heBwGQl (Backdoor.Agent) -> Value: heBwGQl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ybaS886PuG6WQ (Backdoor.Agent) -> Value: ybaS886PuG6WQ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft (Trojan.Downloader) -> Value: Microsoft -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft (Trojan.Downloader) -> Value: Microsoft -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Trojan.PWS) -> Value: MSN -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASProtect\Microsoft (Backdoor.IRCBot) -> Value: Microsoft -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.IRCBot) -> Value: Windows Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\OLE\Microsoft Setup Initializazion (Backdoor.Bot) -> Value: Microsoft Setup Initializazion -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateShield (Backdoor.IRCBot) -> Value: UpdateShield -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Setup Initializazion (Backdoor.Bot) -> Value: Microsoft Setup Initializazion -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Services (Backdoor.Bot) -> Value: Windows Services -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Setup Initializazion (Backdoor.Bot) -> Value: Microsoft Setup Initializazion -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Delete on reboot.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\fvrgmt.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogin.exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svhost.exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\WINDOWS\mscmtl32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\repsvc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\dn.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\Temp\windefender.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\repsvc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\Temp\repsvc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
\LGDjl.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\LGDjl.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\ms222.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\nz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\ts.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\bn.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\hdcd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\hddd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\tpnet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\svchost.exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\winlog.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\Temp\mv.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\temporary internet files\Content.IE5\AF0XFFXV\ms1[1].exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\temporary internet files\Content.IE5\DSSPAQSJ\tra[1].exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\temporary internet files\Content.IE5\KCGQTWXD\tra[1].exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\RECYCLER\s-51-9-25-3434974274-1472494965-644317114-1374\bszhbt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\RECYCLER\s-51-9-25-3874974274-1472894765-684367174-1874\srnt.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\ggdrive32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\windows\kl1.sys.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
c:\WINDOWS\win44.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\03.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\04.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\04.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\10.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\13.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\21.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\26.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\27.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\windows\system32\28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\frgmt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\txzrm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\win44.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dmu.dll (Riskware.HideWindow) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tbcrm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wtfm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\31.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\33.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\34.exe (Worm.Palevo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\35.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\41.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\42.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\43.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\43.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\51.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\53.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\57.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\58.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\60.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\63.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\70.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\73.exe (Worm.Palevo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\73.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\80.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\83.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\84.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\87.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\???? ???????\al-issaba-fi-tamyiz-assahaba--ibn-hajar.exe (Spyware.AdaEbook) -> Delete on reboot.
c:\s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\E.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\iexplorer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mirc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully.
c:\WINDOWS\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\svc.exe (Trojan.Sisproc) -> Quarantined and deleted successfully.
c:\WINDOWS\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\local settings\Temp\service2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Driver\i386\ms-java.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 
توقيع : yako
تأييد 0
هايجاك جديد اختي لو سمحتي
 
توقيع : الوفاء طبعي
تأييد 0
الحمــــــــــــد لله الكاسبر قبل التحديث ،وصفحات النت صارت تفتح معي لكن تتعطل قليلا
بس الحمد لله لابأس

الله يجـــــــــــازيكم بألــــــــــــف ألـــــــــــف خير ، ماقصرتوا

اخي الكريم الوفاء هذا هو التقرير كما طلبت


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:47, on 18/04/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Salaf Guide - {1b53182f-27cf-4e9e-8efb-8d75d84a244a} - C:\Program Files\Salaf_Guide\prxtbSala.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BeyluxeMessenger] "C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D513439-B856-4DCB-8AE1-5898AA72FDFB}: NameServer = 62.251.229.237 62.251.229.223
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

 
توقيع : yako
تأييد 0
حمل الاداة التالية وطبق الشرح للفحص


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

3f7cd4c7c175f0cb43be958123a8084d.png

683cff01a1c397e204f951dac600cd62.png

735ee6c13608ec1741b096d2a506b0ef.png

c8d8aa32dcb91176fd4d7d5012d42957.png


اختاري y ودوسي انتر


491008fe652b22485eb5015e3df47852.png


للخروج اختي اختاري Q ودوسي انتر


61129989873864c279dcd7dc95b9cd3e.png



وبعدها عطيني هايجاك جديد اختي
 
توقيع : الوفاء طبعي
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى