عادت المشكله مرة تانيه الانترنت بيعلق !!!

  • بادئ الموضوع بادئ الموضوع king_man
  • تاريخ البدء تاريخ البدء
  • المشاهدات 684
K

king_man

زيزوومى متألق
إنضم
30 مايو 2009
المشاركات
323
مستوى التفاعل
2
النقاط
390
غير متصل
اخوانى الكرام السلام عليكم ورحمة الله وبركاتة

انا عندي موصل نت ( وصله dsl )

وانا عندي كل شويه النت يعلق مرة ييجى ومرة يفصل

يعنى انا عملت سكان بالكاسبر مسك 5 فيروسات على السي

قلت الحمد لله ورحت عامل ريستارت

بردة النت راح معلق

عملت اسكان تاني مالقتش فيروسات

بالتحديد هو الوصله اللى معلقه مرة تيجى ومرة تفصل مش المتصفح

وهذا تقرير هايجاك الجديد :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:34 PM, on 6/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
E:\تصور الشاشه\اداة زيزووم.exe
C:\DOCUME~1\Adadu\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E77BB87-4521-4553-8AFC-5B528BE48D56}: NameServer = 163.121.128.134,163.121.128.135
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 5923 bytes

 

توقيع : king_man
ترتيب حسب التاريخ ترتيب حسب الأصوات
قم بحدف التالي

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (file missing)

E:\تصور الشاشه\اداة زيزووم.exe


عطل برامج الحماية لديك

نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
اخى ملت اللى قلت عليه

لكن لسه المشكله قائمة

وهذه صورة للتوضيح اكثر :

i15066_abdo.jpg


انتظر الحل

 
توقيع : king_man
تأييد 0

عطل برامج الحماية لديك

نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
أنقر للتوسيع...


وينه ؟؟؟
 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
تفضل هذا تقرير اداة COMBO FIX :

ComboFix 09-05-31.06 - Adadu 06/02/2009 20:44.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.510.262 [GMT 3:00]
Running from: h:\programs\اداة معالجة اخطاء الويندوز\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-05-31 13:48 . 2009-05-31 13:48 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-31 13:48 . 2009-06-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-31 12:06 . 2009-05-31 12:06 -------- d-----w- c:\program files\Realore
2009-05-31 11:55 . 2009-05-31 11:55 10 ----a-w- c:\windows\popcinfo.dat
2009-05-31 11:45 . 2009-05-31 11:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-05-31 10:59 . 2009-05-31 10:59 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-31 10:31 . 2009-05-31 14:02 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-31 10:21 . 2009-05-31 10:21 -------- d-----w- c:\documents and settings\Adadu\Local Settings\Application Data\IsolatedStorage
2009-05-30 19:01 . 2009-05-30 19:01 -------- d-----w- c:\documents and settings\Adadu\Local Settings\Application Data\Cooliris
2009-05-30 15:23 . 2009-05-30 16:15 -------- d--h--w- c:\windows\$hf_mig$
2009-05-30 12:05 . 2009-05-30 12:05 -------- d-----w- c:\documents and settings\Adadu\Local Settings\Application Data\Yahoo
2009-05-30 12:02 . 2009-05-30 12:02 -------- d-----w- c:\documents and settings\Adadu\Application Data\Yahoo!
2009-05-30 12:01 . 2009-05-30 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-30 12:01 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-30 12:01 . 2009-05-30 12:02 -------- d-----w- c:\program files\Yahoo!
2009-05-30 11:19 . 2009-05-31 14:25 -------- d-----w- c:\windows\Blaiz Enterprises
2009-05-30 10:50 . 2009-05-30 10:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-30 09:14 . 2009-05-30 09:14 -------- d-----w- c:\documents and settings\Adadu\Application Data\Uniblue
2009-05-30 09:14 . 2009-05-25 02:40 2568224 -c----w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-05-30 09:13 . 2009-05-30 19:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-30 08:08 . 2009-05-30 08:10 -------- d-----w- c:\documents and settings\Adadu\Application Data\Media Player Classic
2009-05-30 07:59 . 2004-08-03 23:56 44032 ----a-w- c:\windows\system32\msisip.dll
2009-05-30 07:59 . 2004-08-03 23:56 884736 ----a-w- c:\windows\system32\msimsg.dll
2009-05-30 07:59 . 2004-08-03 23:56 77312 ----a-w- c:\windows\system32\msiexec.exe
2009-05-30 07:59 . 2004-08-03 23:56 331264 ----a-w- c:\windows\system32\msihnd.dll
2009-05-30 07:59 . 2004-08-03 23:56 2804224 ----a-w- c:\windows\system32\msi.dll
2009-05-30 07:53 . 2009-05-30 07:53 -------- d--h--w- C:\Temp
2009-05-30 07:40 . 2009-05-31 13:31 -------- d-----w- c:\program files\Common Files\delet
2009-05-30 06:46 . 2009-05-30 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-29 19:09 . 2009-05-29 19:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 19:08 . 2009-05-29 19:08 152576 ----a-w- c:\documents and settings\Adadu\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-29 18:26 . 2009-05-29 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-29 17:33 . 2001-08-23 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-05-29 17:33 . 2001-08-23 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-05-29 17:33 . 2001-08-23 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-05-29 17:33 . 2001-08-23 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-05-29 17:31 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-05-29 17:25 . 2009-05-29 17:25 116144 ----a-w- c:\documents and settings\Adadu\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-29 17:25 . 2009-06-02 17:47 -------- d-----w- c:\documents and settings\Adadu\Application Data\DMCache
2009-05-29 17:25 . 2009-05-29 18:08 -------- d-----w- c:\documents and settings\Adadu\Application Data\IDM
2009-05-29 17:25 . 2009-05-30 19:18 -------- d-----w- c:\program files\Internet Download Manager
2009-05-29 16:24 . 2001-08-17 09:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2009-05-29 16:22 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-05-29 16:22 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-05-29 16:05 . 2009-05-29 16:05 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 17:01 . 2009-05-31 13:48 982048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-02 17:01 . 2009-05-31 13:48 8752 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-02 17:01 . 2009-05-31 13:48 213024 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-02 17:01 . 2009-05-31 13:48 1808 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-01 20:47 . 2009-05-29 15:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-01 18:45 . 2009-06-01 18:45 -------- d-----w- c:\program files\EuroGrand Casino
2009-06-01 12:43 . 2009-05-30 07:54 -------- d-----w- c:\documents and settings\Adadu\Application Data\cleaner
2009-05-31 17:46 . 2009-05-31 17:46 -------- d-----w- c:\documents and settings\Adadu\Application Data\Styler
2009-05-31 14:27 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-31 14:27 . 2009-05-31 13:49 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-31 14:27 . 2009-05-31 13:49 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-31 14:27 . 2009-05-31 14:27 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-31 14:27 . 2009-05-31 14:27 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-31 14:27 . 2009-05-31 14:27 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-31 13:42 . 2009-05-29 15:08 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 13:39 . 2009-05-29 12:33 -------- d-----w- c:\program files\Java
2009-05-31 13:32 . 2009-05-31 13:32 2473 ----a-w- c:\program files\Common Files\unins000.dat
2009-05-31 13:32 . 2009-05-31 13:32 728858 ----a-w- c:\program files\Common Files\unins000.exe
2009-05-30 07:54 . 2009-05-30 07:54 -------- d-----w- c:\documents and settings\Adadu\Application Data\CyberScrub
2009-05-29 18:29 . 2009-05-29 12:37 34232 ----a-w- c:\documents and settings\Adadu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 16:52 . 2009-05-29 12:30 22780 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-29 15:08 . 2009-05-29 15:08 -------- d-----w- c:\documents and settings\Adadu\Application Data\URSoft
2009-05-29 14:25 . 2009-05-29 14:25 0 ----a-w- c:\windows\nsreg.dat
2009-05-29 13:21 . 2009-05-31 13:13 194880 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2009-05-29 13:20 . 2009-05-29 13:08 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-29 12:35 . 2009-05-29 12:35 -------- d-----w- c:\program files\microsoft frontpage
2009-05-29 12:33 . 2009-05-29 12:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-29 12:33 . 2009-05-29 12:33 -------- d-----w- c:\program files\Common Files\Java
2009-03-08 01:34 . 2004-08-03 23:56 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-03 23:56 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-03 23:56 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 23:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-03 23:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-03 23:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-03 23:56 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-03 23:56 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-03 23:56 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2001-08-23 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2008-03-09 04:25 . 2009-05-31 13:32 236 ---ha-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((( SnapShot_2009-06-01_08.12.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-02 17:27 . 2009-06-02 17:27 16384 c:\windows\temp\Perflib_Perfdata_660.dat
+ 2009-06-02 17:27 . 2009-06-02 17:27 16384 c:\windows\temp\Perflib_Perfdata_2b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-29 2573744]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-29 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-31 206088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autoconv \??\Volume{17eeb80d-4c63-11de-b0a9-806d6172696f} /fs:NTFS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 1:43 PM 22016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;c:\windows\system32\drivers\slnt.sys [5/29/2009 5:24 PM 18004]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\User_Feed_Synchronization-{33212441-214B-42D2-B346-F63E9D525E0D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]

2009-06-02 c:\windows\Tasks\User_Feed_Synchronization-{B3E760B3-2AE1-4767-BC67-3118214D3B7C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: {7E77BB87-4521-4553-8AFC-5B528BE48D56} = 163.121.128.134,163.121.128.135
FF - ProfilePath - c:\documents and settings\Adadu\Application Data\Mozilla\Firefox\Profiles\xf7a0em9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\Adadu\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-02 20:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1004336348-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,4c,32,44,ac,f4,bc,43,a3,99,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,4c,32,44,ac,f4,bc,43,a3,99,2e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2009-06-02 20:49
ComboFix-quarantined-files.txt 2009-06-01 12:38
ComboFix2.txt 2009-06-01 12:38
ComboFix3.txt 2009-05-31 13:28
ComboFix4.txt 2009-05-30 17:40
ComboFix5.txt 2009-06-02 17:43

Pre-Run: 8,569,856,000 bytes free
Post-Run: 8,559,542,272 bytes free

217 --- E O F --- 2009-05-30 07:59
 
توقيع : king_man
تأييد 0
وهذا تقرير هايجاك جديد :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:24 PM, on 6/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\تصور الشاشه\اداة زيزووم.exe
C:\DOCUME~1\Adadu\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E77BB87-4521-4553-8AFC-5B528BE48D56}: NameServer = 163.121.128.134,163.121.128.135
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 5540 bytes

واخى لسه برضة النت بيعلق
 
توقيع : king_man
تأييد 0
توقيع : KoNaMi
تأييد 0
KoNaMi قال:
تفضل هنا يالغلاا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


أنقر للتوسيع...

الحمد لله تم حل المشكله :eek::hh:

وتسلم اخى الكريم كونامي على مساعدتي :q::q:

والف شكر ليك ولاخى فورمات :ok::ok:

جزاكم الله كل خير :king::king:
 
توقيع : king_man
تأييد 0
الحمد لله تم حل المشكله :eek::hh:

وتسلم اخى الكريم كونامي على مساعدتي :q::q:

والف شكر ليك ولاخى فورمات :ok::ok:

جزاكم الله كل خير :king::king:
أنقر للتوسيع...

العفو زورنا دايما:q:
تقبل تحياتي

 
توقيع : format
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى