ياريت تفيدونى عن التقرير ده بالهاى جاك [الأرشيف]

مشاهدة النسخة كاملة : ياريت تفيدونى عن التقرير ده بالهاى جاك

waledakmal

23-10-2009, 13:54

الجهاز ساعات بيغير حاجات لوحده مع انى مظبط النود اخر حاجه وبرنامج سباى وير دكتور بس مش حاسس ان كل قيم الجاز سليمه فلاقيت فى المنتدى البرنامج اللى يبحث عن قيم كل صغيره وكبيره ويرفقها قثلت انتم خير عون لو ولغيرى

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:44 م, on 23/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\waled\Documents\Downloads\Programs\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 91.121.91.61:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 91.121.91.61:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5121 bytes

iVista

23-10-2009, 14:07

القيم الظاره هي
R3 - URLSearchHook: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)

O2 - BHO: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)

O3 - Toolbar: Kaspersky Reg Toolbar - {c4d4770d-abd6-4a82-9e3a-6935c52a77d5} - C:\Program Files\Kaspersky_Reg\tbKasp.dll (file missing)

القيم الغير معروفه

C:\Windows\system32\conhost.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134 (https://www.arabhardware.net/forum/whois.php),163.121.128.135 (https://www.arabhardware.net/forum/whois.php)

O17 - HKLM\System\CS1\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134 (https://www.arabhardware.net/forum/whois.php),163.121.128.135 (https://www.arabhardware.net/forum/whois.php)

O17 - HKLM\System\CS2\Services\Tcpip\..\{0931AA8D-2A18-494C-8DD8-D19E0FB864FB}: NameServer = 163.121.128.134 (https://www.arabhardware.net/forum/whois.php),163.121.128.135 (https://www.arabhardware.net/forum/whois.php)

waledakmal

23-10-2009, 14:10

شكرا لك اخى على ردك السريع والمتوقع من ناحيه المنتدى
اولا انا مش مسطب الكاسبر دى كانت مجرد اداه بجربها لجلب مفاتيح الكاسبر وحذفتها اكيد لسه موجود منها فى الtemp

ثانيا ايه القيم الغير المعروفه ويعنى ايه بليز شرح شويه وجزاك الله خيرا

iVista

23-10-2009, 14:14

القيم المعروفه في الأغلب تكون ضاره إلا ان ضررها غير مؤكد

waledakmal

23-10-2009, 14:18

هتعبك تانى يعنى اعلم صح قدام القيم دى ةاعمل فيكس ولا اسيبهم زى ماهما
انا خلاص شيلت قيم الكاسبر الضاره

iVista

23-10-2009, 14:20

نعم ثم اضغط Fix

waledakmal

23-10-2009, 14:26

تسلم اخوى بس الويندوز شكله هيطير؟

انا بهزر وياك حقيقى متشكر ليك

waledakmal

23-10-2009, 14:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:27:21 م, on 23/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\برامج\انتى فيروس\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 91.121.91.61:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 91.121.91.61:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4201 bytes
كده تمام

iVista

23-10-2009, 14:32

الأن لا توجد قيم ضاره

waledakmal

23-10-2009, 14:43

اولا النت فصل مش بنج لا فصل تصفح بيقولى فيه قيم نقصت فايرفوكس و اكسبلورر بس ولا يهمك يكفيك انك علمتنى ازاى اعرفالمضر من الغير معروف وطريقه حذفهما نسخه اتنين تلاته مش مهم عندى المهم اتعلم وعلى النت هجيبه بالتربلشوت بروبلم

متشكر لاهتمامك

iVista

23-10-2009, 14:53

مع ان لهجتك صعبه بالنسبه لي ولاكن فهمت انه توجد مشكله في الأنترنت الأن هل هذا صحيح ؟

waledakmal

23-10-2009, 15:15

انا من مصر يعنى لهجه سلسه جدا زى كل لغات العرب
النت بيبنج بس التصفح erorr
عملت ترابلشوت النت رجع تانى والتصفح بقى تمام
ثانكس لردك المتبادل والسريع ok