مشكة في دخول الفيرفكس

القابض على الجمر · 13 أغسطس 2008

السلام عليكم و رحمة الله تعالى و بركاته

كل مرة أدخل متصفح الفيرفكس تطلع هذه النافذة قبل الدخول بالإضافة إلى عدم التمكن من دخول المسنجر هوتميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهاهو التقرير بعد إستعمال CyberScrub_Privacy_Suite_2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:39, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE6073AD-00F2-46D4-B1BE-8960CC354AD2}: NameServer = 208.67.222.222 193.55.10.102
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 6997 bytes

MAAX · 13 أغسطس 2008

هلااااا بك

حدد التالي وقم بحذفه

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU

O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
وارفع تقرير ثاني

القابض على الجمر · 14 أغسطس 2008

جزاك الله خيرا شرفتنا سعادة المدير إن شاء الله بخير
قمت بالمطلوب و هاهو التقرير بارك الله فيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:14, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE6073AD-00F2-46D4-B1BE-8960CC354AD2}: NameServer = 208.67.222.222 193.55.10.102
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 6215 bytes

MAAX · 14 أغسطس 2008

هلا بك حبيبي

عندك قيمتين لم يحذفوو

اعمل التالي وارفع تقرير ثاني جديد

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

القابض على الجمر · 14 أغسطس 2008

ComboFix 08-08-13.02 - Administrateur 2008-08-14 4:27:32.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.139 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\.#
C:\Documents and Settings\Administrateur\Application Data\.#\MBX@128@13339D0.###
C:\Documents and Settings\Administrateur\Application Data\.#\MBX@128@13339E0.###
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Uninstall.lnk
C:\Program Files\ActivationManager
C:\Program Files\IEToolbar
C:\Program Files\IEToolbar\شريط أدوات الدرر السنية\ltr.dll
C:\Program Files\IEToolbar\شريط أدوات الدرر السنية\uninstall.exe
C:\WINDOWS\s.ini
C:\WINDOWS\p.exe
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bnrfil.dll
C:\WINDOWS\system32\bsnlst.dll
C:\WINDOWS\system32\igefil.dll
C:\WINDOWS\system32\irmqrvlj.ini
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\lastupdate.dll
C:\WINDOWS\system32\macfil.dll
C:\WINDOWS\system32\mp3fil.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nfil.dll
C:\WINDOWS\system32\picsfil.dll
C:\WINDOWS\system32\pymsgsge.dllbox
C:\WINDOWS\system32\snetfil.dll
C:\WINDOWS\system32\srchfrgn.dll
C:\WINDOWS\system32\srchout.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ujdgbihw.ini
C:\WINDOWS\system32\utfgesgx.ini
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\xoqrveuj.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.

2008-08-13 19:17 . 2008-08-13 19:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\HiYo
2008-08-13 18:49 . 2008-08-13 18:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-13 18:49 . 2008-08-13 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-11 22:06 . 2008-08-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-11 21:51 . 2008-08-11 21:51 <REP> d-------- C:\Program Files\SweetIM
2008-08-11 21:51 . 2008-08-11 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-08 15:25 . 2008-08-14 04:36 <REP> d-------- C:\Program Files\Nakido
2008-08-01 19:58 . 2008-08-01 19:58 81,920 --a------ C:\WINDOWS\system32\MayhillFilter01.ax
2008-08-01 17:12 . 2007-09-02 20:56 1,686,016 --a------ C:\WINDOWS\system32\clinetsuitex6.ocx
2008-08-01 17:12 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-08-01 17:11 . 2008-08-01 17:11 <REP> d-------- C:\Program Files\Driver-Soft
2008-08-01 12:38 . 2008-08-08 15:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\IDM
2008-08-01 12:18 . 2008-08-01 12:19 <REP> d-------- C:\Program Files\Internet Download Manager
2008-07-24 14:48 . 2008-07-24 14:48 89,600 --a------ C:\Program Files\rnuninst.exe
2008-07-24 14:46 . 2008-07-24 14:51 <REP> d-------- C:\Program Files\All To Real Converter
2008-07-24 14:38 . 2008-07-24 14:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Styler
2008-07-21 23:17 . 2008-07-21 23:17 <REP> d-------- C:\ConTemp
2008-07-19 19:58 . 2008-07-19 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DepositFiles Uploader
2008-07-18 22:55 . 2008-08-07 16:05 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-18 22:55 . 2008-07-23 19:32 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-18 22:53 . 2008-08-14 04:33 761,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-18 22:53 . 2008-08-14 04:33 4,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-18 18:03 . 2008-07-18 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SmartFTP
2008-07-18 18:01 . 2008-07-18 18:05 <REP> d-------- C:\Program Files\SmartFTP Client
2008-07-18 10:46 . 2008-07-18 11:26 <REP> d-------- C:\VideoOutput
2008-07-16 21:47 . 2008-07-18 22:50 103 --a------ C:\WINDOWS\pro.INI
2008-07-16 21:35 . 2008-07-16 21:35 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2008-07-16 21:32 . 2008-07-16 21:36 <REP> d-------- C:\Program Files\Ultra RM Converter
2008-07-16 21:32 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-07-16 07:40 . 2008-07-16 07:40 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-07-14 19:28 . 2008-07-14 19:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xilisoft Corporation
2008-07-14 19:26 . 2008-07-14 19:26 <REP> d-------- C:\Program Files\Xilisoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 18:20 689,152 -c--a-w C:\WINDOWS\anti.porn.version.9.1.3.29-patch_AT4RE.exe
2008-08-14 02:33 405,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 02:33 34,330,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 02:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DMCache
2008-08-13 21:33 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2008-08-13 17:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-13 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-12 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-12 21:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\cleaner
2008-08-12 20:58 --------- d-----w C:\Program Files\Windows Live
2008-08-12 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-09 19:23 --------- d-----w C:\Program Files\Color7 Video Converter
2008-08-07 14:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-08-01 16:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SolidDocuments
2008-07-25 16:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 16:07 2,560 -c--a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-07-24 09:25 --------- d-----w C:\Program Files\Free FLV Converter
2008-07-24 09:05 --------- d-----w C:\Program Files\CopyKiller
2008-07-24 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 08:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-20 19:22 --------- d-----w C:\Program Files\AVI ReComp
2008-07-18 20:53 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-18 20:50 --------- d-----w C:\Program Files\Teleport Pro
2008-07-18 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-18 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-15 19:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\4shared Uploader
2008-07-11 17:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\UltraGet
2008-07-11 14:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-07-11 12:26 --------- d-----w C:\Program Files\UltraGet Video Downloader
2008-07-11 12:25 --------- d-----w C:\Program Files\Smart Panel
2008-07-09 17:40 --------- d-----w C:\Program Files\IconoMaker
2008-07-05 16:02 --------- d-----w C:\Program Files\XP Codec Pack
2008-07-05 15:25 --------- d-----w C:\Program Files\Aplus Video Converter
2008-07-05 09:41 --------- d-----w C:\Program Files\uTorrent
2008-07-05 09:08 --------- d-----w C:\Program Files\Google
2008-07-05 06:53 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-04 15:26 724,992 -c--a-w C:\WINDOWS\iun6002.exe
2008-07-04 15:26 --------- d-----w C:\Program Files\EO Video
2008-07-04 14:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thinstall
2008-07-04 08:29 --------- d-----w C:\Program Files\Collage Maker
2008-07-04 06:34 --------- d-----w C:\Program Files\Mpgdvd.com
2008-07-03 15:26 --------- d-----w C:\Program Files\Arabic_video
2008-06-27 15:30 --------- d-----w C:\Program Files\Sketch Master
2008-06-20 08:36 --------- d-----w C:\Program Files\ImTOO
2008-06-19 15:29 --------- d-----w C:\Program Files\Easy RealMedia Tools
2008-05-19 19:52 5 ----a-w C:\Program Files\cd_pthth.pth
2008-03-04 16:38 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-11-22 16:33 81,920 -c--a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
2007-11-22 16:33 47,360 -c--a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
2008-01-07 17:53 24,576 -csha-r C:\WINDOWS\EagleC.dll
2005-06-22 05:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
.

------- Sigcheck -------

2004-11-25 23:20 506368 048cb871e6f98e41f072b85c67c30925 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-01 12:19 932864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 19:55 2899968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 10:07 827392]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 09:16 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3acm"= l3codecp.acm
"VIDC.FFDS"= ffdshow.ax
"msacm.l3codec"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"USB GATE"="C:\Program Files\USB GATE\USB GATE.exe" -S
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AVP"="C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\AVPTool kasper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\French\\setup.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Nakido\\nakido.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-07-25 18:07]
R2 Nakido;Nakido;C:\Program Files\Nakido\nakido.exe [2008-08-05 20:36]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-07-16 21:35]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S2 r_server;Service Host Controller;C:\WINDOWS\system\svchost.exe []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-10 13:00]
S4 AVPTool kasper;AVPTool kasper;C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\AVPTool kasper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2008-03-15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\dewo6vpz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:fr

fficial&channel=s&hl=fr&lr=&btnG=Recherche+Google

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-14 04:37:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-14 5:17:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 03:17:02

Pre-Run: 779,743,232 octets libres
Post-Run: 637,759,488 octets libres

269

MAAX · 14 أغسطس 2008

الان اعمل تقرير هايجاك
وكيف الاوضاع عندك ؟

القابض على الجمر · 15 أغسطس 2008

السلام عليكم يا أخي الكريم الأوضاع كالتالي
حلت مشكلة دخول المسنجر و الشكر لله ثم لك أما نافذة ماقبل فتح الفيرفوكس مازالت وهذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:07, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE6073AD-00F2-46D4-B1BE-8960CC354AD2}: NameServer = 208.67.222.222 193.55.10.102
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 5821 bytes

MAAX · 15 أغسطس 2008

احذف هذه القيم

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU

O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

ثم
حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

واعمل تقرير هايجاك جديد

حمدي أبوزيد · 16 أغسطس 2008

طيب بما إني من مستخدمي الفاير فوكس أحب أن أقول : استخدم الفاير فوكس ( الوضع الآمن ) , وسوف تجد هذه الأيقونة في قائمة (ابدأ) وبعدما يفتح معك عادي إن شاء الله .ثم قم بغلقه ثم أعد فتح الفاير فوكس الطريقة العادية وليست الوضع الآمن .

القابض على الجمر · 20 أغسطس 2008

السلام عليكم و بارك الله فيكم هذا هو التقرير

SmitFraudFix v2.338

Rapport fait à 18:31:16,17, 20/08/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F6ECF11-D942-44B5-83A2-C338527CAF46}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F6ECF11-D942-44B5-83A2-C338527CAF46}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9F6ECF11-D942-44B5-83A2-C338527CAF46}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AE6073AD-00F2-46D4-B1BE-8960CC354AD2}: NameServer=208.67.222.222 193.55.10.102

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

مشكة في دخول الفيرفكس

القابض على الجمر

زيزوومى مميز

توقيع : القابض على الجمر

MAAX

عضوشرف

القابض على الجمر

زيزوومى مميز

توقيع : القابض على الجمر

MAAX

عضوشرف

القابض على الجمر

زيزوومى مميز

توقيع : القابض على الجمر

MAAX

عضوشرف

القابض على الجمر

زيزوومى مميز

توقيع : القابض على الجمر

MAAX

عضوشرف

حمدي أبوزيد

زيزوومى مبدع

توقيع : حمدي أبوزيد

القابض على الجمر

زيزوومى مميز

توقيع : القابض على الجمر

NTLite Business 2025.8.10552 X64