مشكلة الموقع الصيني في ايميل الهوتميل

م

محـ المقاطي ـمد

زيزوومي نشيط
إنضم
1 يونيو 2009
المشاركات
125
مستوى التفاعل
1
النقاط
170
الإقامة
فــ قلبها ــي
غير متصل
السلام عليكم ورحمة الله وبركاته
صباح الخير
كيفكم يا اخوان عساكم بخير ؟
عندي مشكلة في الايميل ، وبصراحة مب عارف وش الحل لها
قلبت النت وما حصلت شئ يفيديني الا ان الحكاية موقع صيني ومنتجات تباع من هالموقع
السالفه انه جت لي من زميل لي رساله وفتحت الرساله وصرت من بعد هالشئ اعاني لما اجي اسوي forward يطبع لي هالرساله


فــــضلاً لا حد يضغط عالروابط


Hey ,friend
I find a site to sell electronic products with very good price. Laptop ,iPhone even Motorcycle are very popular .their products are original quality with very low price as wholesale business supplier.They also can do retail business for end user now. maybe it is fit for your business . if you like you can contact them :


ومثل ما قلت لكم مب عارف وش الحكايه ولا شلون احل هالمشكله

واللي قد مرت عليه هالمشكله وحله يا ليت يسعفنا بها

وآآسف عالاطاله والازعاج
 

توقيع : محـ المقاطي ـمد
ترتيب حسب التاريخ ترتيب حسب الأصوات
و عليكم السلام و رحمة الله و بركته ...

حياك الله ...

أعمل التالي ...

حمل هذه الأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها و روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً ... و بشكل صحيح ...

و لصقه في ردك القادم ...
 
توقيع : format
تأييد 0
يعطيك العافيه يا غالي عالاداه

ولي عودة
 
توقيع : محـ المقاطي ـمد
تأييد 0
يعطيك العافيه يا غالي عالاداه

ولي عودة
أنقر للتوسيع...


اوكي انتظر التقرير
 
توقيع : format
تأييد 0
ذا هو التقرير

كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:25 ص, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\MrBoOsH\سطح المكتب\وسائط\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [URL]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235418588000[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E739D63A-101E-4146-A871-951826145542}: NameServer = 84.235.6.55
O23 - Service: "CamelApache" - Unknown owner - C:\camel\apache\bin\httpd.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c9b782b68fd6e2) (gupdate1c9b782b68fd6e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
--
End of file - 6281 bytes
 
توقيع : محـ المقاطي ـمد
تأييد 0
قم بحدف التالي

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
.

 
توقيع : format
تأييد 0
طريقة الحذف للاكس بي



mg%20%283%29.png



mg%20%284%29.png


بعدين استخدم ها الادوات


التحميل من هنا


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,


عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )



000.png



001.png



وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))



002.png


بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة


 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
يعطيك العافيه يا غالي

وتم الحذف بسلام

بس سؤال اسوي اللي في الرد السابق والا اللي سويته كافي ؟؟؟

انتظرك
 
توقيع : محـ المقاطي ـمد
تأييد 0
لا كمل



التحميل من هنا




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




التوافق : ويندوز اكسبي فقط





شرح الاستخدام ,,,,,,




عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )





000.png





001.png





وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))





002.png


بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة




وهات التقرير كومبيفكس وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
بالاضافة لرد الاخ فورمات
ادخل لعناوين البريد المحظورة والموثوق بها من خلال خيارات بريدك
واضف هذا الموقع للعناوين المحظورة وريح راسك
www.wholesaler-electronic.com
 
تأييد 0
سويت الطريقة اللي قلت لي عليها بس للاسف بعد ما يجري التنظيف اول مرره تطلع لي رساله ارسال وعدم ارسال

بمعنى اخر هناك خطا وما ادري وش السبب

وبسوي اللي قلت عليه اخوي dead

بس المشكله يا غاليين انه كل ما اعمل فور ورد لاي رساله تطلع لي هالرساله اللي كتبتها لك في اول رد ^_^

اي صح

ذا التقرير كملت الين الاخير

كود: 
ComboFix 09-05-31.04 - MrBoOsH 06/01/2009  9:32.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.966.1025.18.1015.698 [GMT 3:00]
Running from: c:\documents and settings\MrBoOsH\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 * Created a new restore point[/COLOR]
[COLOR=blue]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.[/COLOR]
[COLOR=blue](((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.[/COLOR]
[COLOR=blue]c:\windows\system32\mdm.exe[/COLOR]
[COLOR=blue].
(((((((((((((((((((((((((   Files Created from 2009-05-01 to 2009-06-01  )))))))))))))))))))))))))))))))
.[/COLOR]
[COLOR=blue]2009-07-12 05:13 . 2009-07-12 05:13 390664 ----a-w- c:\documents and settings\MrBoOsH\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-01 06:24 . 2009-06-01 06:24 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\CyberScrub
2009-06-01 03:43 . 2009-06-01 03:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 03:30 . 2009-06-01 03:30 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 03:30 . 2009-06-01 03:30 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-01 03:27 . 2009-06-01 03:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 03:27 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-01 03:26 . 2009-06-01 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-01 03:26 . 2009-06-01 03:26 -------- d-----w- c:\program files\Lavasoft
2009-05-31 23:48 . 2009-05-31 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-31 23:46 . 2009-05-31 23:46 -------- d-----w- c:\program files\QuickTime
2009-05-31 23:46 . 2009-05-31 23:46 -------- d-----w- c:\program files\Xilisoft
2009-05-31 22:46 . 2009-05-31 22:46 81920 ----a-w- c:\documents and settings\MrBoOsH\Application Data\ezpinst.exe
2009-05-31 22:46 . 2009-05-31 22:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-31 22:46 . 2009-05-31 22:46 47360 ----a-w- c:\documents and settings\MrBoOsH\Application Data\pcouffin.sys
2009-05-31 22:46 . 2009-05-31 22:46 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Vso
2009-05-31 22:46 . 2009-05-31 23:43 -------- d-----w- c:\program files\Video Convert Master
2009-05-29 17:04 . 2009-05-29 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 16:31 . 2009-05-23 16:31 -------- d-----w- c:\program files\Any Audio Converter
2009-05-23 16:26 . 2009-05-23 16:30 -------- d-----w- c:\program files\MP3 Audio Converter
2009-05-22 01:37 . 2009-05-22 01:37 661504 ----a-w- c:\windows\is-03K89.exe
2009-05-22 01:37 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-05-22 01:37 . 2002-01-05 03:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-05-22 01:37 . 2002-01-05 02:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-05-22 01:37 . 2009-05-22 01:37 -------- d-----w- c:\program files\Real_SC
2009-05-22 01:37 . 2009-05-22 01:37 -------- d-----w- c:\windows\system32\RMBin
2009-05-20 19:59 . 2009-05-20 19:59 -------- d-----w- c:\program files\RADIOSYSETM12
2009-05-19 17:02 . 2009-05-19 17:02 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-18 13:22 . 2009-05-18 13:22 -------- d-----w- c:\program files\Common Files\Vbox
2009-05-14 11:30 . 2009-05-14 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-14 07:21 . 2008-04-14 15:59 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-13 14:17 . 2009-05-13 14:20 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-13 14:17 . 2009-05-13 14:20 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-13 14:17 . 2009-05-13 14:20 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-13 13:36 . 2009-05-20 13:55 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-13 13:36 . 2009-05-20 13:55 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-13 13:35 . 2009-06-01 05:22 507936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-13 13:35 . 2009-06-01 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-13 13:35 . 2009-06-01 04:46 3637792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-13 13:35 . 2009-05-13 13:35 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-13 06:33 . 2009-05-13 06:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\URSoft
2009-05-05 12:22 . 2009-05-07 11:12 -------- d-----w- c:\windows\system32\NtmsData[/COLOR]
[COLOR=blue].
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 06:31 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Orbit
2009-06-01 06:28 . 2009-06-01 06:23 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\cleaner
2009-06-01 05:22 . 2009-05-13 13:35 3864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-01 05:21 . 2001-09-19 12:00 68396 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 05:21 . 2001-09-19 12:00 369526 ----a-w- c:\windows\system32\perfh001.dat
2009-06-01 04:46 . 2009-05-13 13:35 30548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 20:03 . 2009-03-10 12:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-29 17:08 . 2009-04-07 13:13 -------- d-----w- c:\program files\Google
2009-05-22 01:20 . 2009-02-26 04:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-18 13:21 . 2009-02-23 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 11:10 . 2009-04-09 20:57 -------- d-----w- c:\program files\MSECache
2009-05-14 08:54 . 2009-02-23 22:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-14 06:57 . 2009-02-23 19:48 82728 ----a-w- c:\documents and settings\MrBoOsH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 14:20 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-13 13:33 . 2009-02-23 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-13 13:26 . 2009-03-12 15:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 06:33 . 2009-02-26 04:00 -------- d-----w- c:\program files\Common Files\Real
2009-05-13 06:33 . 2009-02-26 04:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-13 06:33 . 2009-02-26 03:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-07 12:21 . 2009-03-27 03:58 -------- d-----w- c:\program files\Web Publish
2009-05-07 11:13 . 2009-02-26 04:08 -------- d-----w- c:\program files\FlashGet
2009-05-05 08:25 . 2009-03-27 23:12 -------- d-----w- c:\program files\Orbitdownloader
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-01 19:48 . 2009-04-15 13:05 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-01 01:14 . 2009-03-05 01:19 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-04-30 13:35 . 2009-04-29 23:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-04-29 23:52 . 2009-04-29 23:48 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\GetRightToGo
2009-04-28 12:50 . 2009-03-23 17:16 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-20 10:10 . 2009-04-20 10:10 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Notepad++
2009-04-20 10:10 . 2009-04-20 10:10 -------- d-----w- c:\program files\Notepad++
2009-04-17 00:00 . 2009-04-17 00:00 -------- d-----w- c:\program files\MSXML 4.0
2009-04-16 12:30 . 2009-04-16 12:30 -------- d-----w- c:\program files\CyberEd
2009-04-15 13:05 . 2009-04-15 13:05 -------- d-----w- c:\program files\HP
2009-04-05 17:04 . 2009-04-05 17:04 656 ----a-w- c:\windows\WINDOWS.zip
2009-04-02 22:28 . 2009-04-02 22:28 -------- d-----w- c:\program files\Microsoft.NET
2009-03-12 15:27 . 2009-03-12 15:27 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-03-06 14:20 . 2004-08-03 21:55 283136 ----a-w- c:\windows\system32\pdh.dll
.[/COLOR]
[COLOR=blue](((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4[/COLOR]
[COLOR=blue][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408][/COLOR]
[COLOR=blue][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-13 206088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 518488]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824][/COLOR]
[COLOR=blue][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][/COLOR]
[COLOR=blue]HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll[/COLOR]
[COLOR=blue][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"[/COLOR]
[COLOR=blue][HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Orbit.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup[/COLOR]
[COLOR=blue][HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001[/COLOR]
[COLOR=blue][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001[/COLOR]
[COLOR=blue][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[/COLOR]
[COLOR=blue][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=[/COLOR]
[COLOR=blue]R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 06:31 ص 64160]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 "CamelApache";"CamelApache";"c:\camel\apache\bin\httpd.exe" -k runservice --> c:\camel\apache\bin\httpd.exe [?]
S2 gupdate1c9b782b68fd6e2;Google Update Service (gupdate1c9b782b68fd6e2);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 04:13 م 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 10:06 م 1005904]
.
Contents of the 'Scheduled Tasks' folder[/COLOR]
[COLOR=blue]2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:31][/COLOR]
[COLOR=blue]2009-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 17:04][/COLOR]
[COLOR=blue]2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 13:13][/COLOR]
[COLOR=blue]2009-05-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04][/COLOR]
[COLOR=blue]2009-06-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -[/COLOR]
[COLOR=blue]SafeBoot-procexp90.Sys[/COLOR]

[COLOR=blue].
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: {E739D63A-101E-4146-A871-951826145542} = 84.235.6.55
DPF: Microsoft XML Parser for Java - [/COLOR][URL="file:///C:/WINDOWS/Java/classes/xmldso.cab"][COLOR=blue]file:///C:/WINDOWS/Java/classes/xmldso.cab[/COLOR][/URL]
[COLOR=blue]FF - ProfilePath - c:\documents and settings\MrBoOsH\Application Data\Mozilla\Firefox\Profiles\lfhijrso.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.[/COLOR]
[COLOR=blue]**************************************************************************[/COLOR]
[COLOR=blue]catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [/COLOR][URL="http://www.gmer.net"][COLOR=blue]http://www.gmer.net[/COLOR][/URL]
[COLOR=blue]Rootkit scan 2009-06-01 09:34
Windows 5.1.2600 Service Pack 3 NTFS[/COLOR]
[COLOR=blue]scanning hidden processes ...  [/COLOR]
[COLOR=blue]scanning hidden autostart entries ... [/COLOR]
[COLOR=blue]scanning hidden files ...  [/COLOR]
[COLOR=blue]scan completed successfully
hidden files: 0[/COLOR]
[COLOR=blue]**************************************************************************
.
Completion time: 2009-06-01  9:36
ComboFix-quarantined-files.txt  2009-06-01 06:36[/COLOR]
[COLOR=blue]Pre-Run: 22,015,389,696 bytes free
Post-Run: 22,006,353,920 bytes free[/COLOR]
[COLOR=blue]192 --- E O F --- 2009-05-19 01:12
ويعطيكم العافيه مقدما
 
توقيع : محـ المقاطي ـمد
تأييد 0
ذا تقرير جديد

ComboFix 09-05-31.04 - MrBoOsH 06/01/2009 9:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1015.655 [GMT 3:00]
Running from: c:\documents and settings\MrBoOsH\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-07-12 05:13 . 2009-07-12 05:13 390664 ----a-w- c:\documents and settings\MrBoOsH\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-01 06:24 . 2009-06-01 06:24 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\CyberScrub
2009-06-01 03:43 . 2009-06-01 03:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 03:30 . 2009-06-01 03:30 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 03:30 . 2009-06-01 03:30 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-01 03:27 . 2009-06-01 03:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 03:27 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-01 03:26 . 2009-06-01 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-01 03:26 . 2009-06-01 03:26 -------- d-----w- c:\program files\Lavasoft
2009-05-31 23:48 . 2009-05-31 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-31 23:46 . 2009-05-31 23:46 -------- d-----w- c:\program files\QuickTime
2009-05-31 23:46 . 2009-05-31 23:46 -------- d-----w- c:\program files\Xilisoft
2009-05-31 22:46 . 2009-05-31 22:46 81920 ----a-w- c:\documents and settings\MrBoOsH\Application Data\ezpinst.exe
2009-05-31 22:46 . 2009-05-31 22:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-31 22:46 . 2009-05-31 22:46 47360 ----a-w- c:\documents and settings\MrBoOsH\Application Data\pcouffin.sys
2009-05-31 22:46 . 2009-05-31 22:46 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Vso
2009-05-31 22:46 . 2009-05-31 23:43 -------- d-----w- c:\program files\Video Convert Master
2009-05-29 17:04 . 2009-05-29 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 16:31 . 2009-05-23 16:31 -------- d-----w- c:\program files\Any Audio Converter
2009-05-23 16:26 . 2009-05-23 16:30 -------- d-----w- c:\program files\MP3 Audio Converter
2009-05-22 01:37 . 2009-05-22 01:37 661504 ----a-w- c:\windows\is-03K89.exe
2009-05-22 01:37 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-05-22 01:37 . 2002-01-05 03:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-05-22 01:37 . 2002-01-05 02:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-05-22 01:37 . 2009-05-22 01:37 -------- d-----w- c:\program files\Real_SC
2009-05-22 01:37 . 2009-05-22 01:37 -------- d-----w- c:\windows\system32\RMBin
2009-05-20 19:59 . 2009-05-20 19:59 -------- d-----w- c:\program files\RADIOSYSETM12
2009-05-19 17:02 . 2009-05-19 17:02 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-18 13:22 . 2009-05-18 13:22 -------- d-----w- c:\program files\Common Files\Vbox
2009-05-14 11:30 . 2009-05-14 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-14 07:21 . 2008-04-14 15:59 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-13 14:17 . 2009-05-13 14:20 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-13 14:17 . 2009-05-13 14:20 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-13 14:17 . 2009-05-13 14:20 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-13 13:36 . 2009-05-20 13:55 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-13 13:36 . 2009-05-20 13:55 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-13 13:35 . 2009-06-01 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-13 13:35 . 2009-06-01 06:50 507936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-13 13:35 . 2009-06-01 06:50 3637792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-13 13:35 . 2009-05-13 13:35 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-13 06:33 . 2009-05-13 06:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\URSoft
2009-05-05 12:22 . 2009-05-07 11:12 -------- d-----w- c:\windows\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 06:50 . 2009-05-13 13:35 3864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-01 06:50 . 2009-05-13 13:35 30548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 06:50 . 2009-06-01 06:23 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\cleaner
2009-06-01 06:31 . 2009-03-27 23:12 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Orbit
2009-06-01 05:21 . 2001-09-19 12:00 68396 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 05:21 . 2001-09-19 12:00 369526 ----a-w- c:\windows\system32\perfh001.dat
2009-05-31 20:03 . 2009-03-10 12:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-29 17:08 . 2009-04-07 13:13 -------- d-----w- c:\program files\Google
2009-05-22 01:20 . 2009-02-26 04:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-18 13:21 . 2009-02-23 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 11:10 . 2009-04-09 20:57 -------- d-----w- c:\program files\MSECache
2009-05-14 08:54 . 2009-02-23 22:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-14 06:57 . 2009-02-23 19:48 82728 ----a-w- c:\documents and settings\MrBoOsH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 14:20 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-13 13:33 . 2009-02-23 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-13 13:26 . 2009-03-12 15:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 06:33 . 2009-02-26 04:00 -------- d-----w- c:\program files\Common Files\Real
2009-05-13 06:33 . 2009-02-26 04:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-13 06:33 . 2009-02-26 03:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-07 12:21 . 2009-03-27 03:58 -------- d-----w- c:\program files\Web Publish
2009-05-07 11:13 . 2009-02-26 04:08 -------- d-----w- c:\program files\FlashGet
2009-05-05 08:25 . 2009-03-27 23:12 -------- d-----w- c:\program files\Orbitdownloader
2009-05-01 21:11 . 2009-05-01 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-01 19:48 . 2009-04-15 13:05 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-01 01:14 . 2009-03-05 01:19 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-04-30 13:35 . 2009-04-29 23:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-04-29 23:52 . 2009-04-29 23:48 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\GetRightToGo
2009-04-28 12:50 . 2009-03-23 17:16 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-20 10:10 . 2009-04-20 10:10 -------- d-----w- c:\documents and settings\MrBoOsH\Application Data\Notepad++
2009-04-20 10:10 . 2009-04-20 10:10 -------- d-----w- c:\program files\Notepad++
2009-04-17 00:00 . 2009-04-17 00:00 -------- d-----w- c:\program files\MSXML 4.0
2009-04-16 12:30 . 2009-04-16 12:30 -------- d-----w- c:\program files\CyberEd
2009-04-15 13:05 . 2009-04-15 13:05 -------- d-----w- c:\program files\HP
2009-04-05 17:04 . 2009-04-05 17:04 656 ----a-w- c:\windows\WINDOWS.zip
2009-04-02 22:28 . 2009-04-02 22:28 -------- d-----w- c:\program files\Microsoft.NET
2009-03-12 15:27 . 2009-03-12 15:27 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-03-06 14:20 . 2004-08-03 21:55 283136 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\MrBoOsH\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-13 206088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 518488]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Orbit.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 06:31 ص 64160]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 "CamelApache";"CamelApache";"c:\camel\apache\bin\httpd.exe" -k runservice --> c:\camel\apache\bin\httpd.exe [?]
S2 gupdate1c9b782b68fd6e2;Google Update Service (gupdate1c9b782b68fd6e2);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 04:13 م 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 10:06 م 1005904]
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:31]
2009-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 17:04]
2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 13:13]
2009-05-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: {E739D63A-101E-4146-A871-951826145542} = 84.235.6.55
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\MrBoOsH\Application Data\Mozilla\Firefox\Profiles\lfhijrso.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 09:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2056)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Adobe\Reader 9.0\Reader\viewerps.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-01 9:57
ComboFix-quarantined-files.txt 2009-06-01 06:57
ComboFix2.txt 2009-06-01 06:36
Pre-Run: 22,004,645,888 bytes free
Post-Run: 21,993,254,912 bytes free
196 --- E O F --- 2009-05-19 01:12
 
توقيع : محـ المقاطي ـمد
تأييد 0
الرد اللي قبل ردك اخر عمل سويته

وعاد تشغيل الجهاز عندي ^_^
 
توقيع : محـ المقاطي ـمد
تأييد 0
طيب انا عارف انه عاد التشغيل

أغلق برنامج الحماية


و قم بتعطيل استعادة النظام كما في الشرح


i10673_.gif



حمل الأداة من هنا


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


i12831_1.png

i12833_2.png

i12834_3.png

i12835_4.png

i12836_5.png



ثم ألصقه بردك القادم
 
توقيع : format
تأييد 0
اممممم

المشكله عندي يا غالي بس في الايميل

خصوصاً اذا جيت اعمل فور ورد لاي رساله من رسائل الايميل

عالعموم جار اتباع التعليمات
 
توقيع : محـ المقاطي ـمد
تأييد 0
انت الايميل عندك يجيك بالصيني ولابعت رسايل لشخص ويجي الموقع بالصيني

وعموما رووووح على اول مشاركة وقم بالتعديل وحدف الروابط لانها الضاره​
 
توقيع : format
تأييد 0
ذا التقرير بعد ما عملت اللي قلت لي عليه

Scan
----
Scanned: 348790
Detected: 0
Untreated: 0
Start time: 08/06/1430 09:05:51 م
Duration: 01:24:00
Finish time: 08/06/1430 10:29:51 م

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------
08/06/1430 09:05:58 م Running module: smss.exe\smss.exe ok scanned
08/06/1430 09:05:59 م File: C:\WINDOWS\System32\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 
توقيع : محـ المقاطي ـمد
تأييد 0
تم حل المشكله بحمد الله :)

وذا ان الشركه تضع الرساله كتوقيع لها في الايميل

وتم حذف التوقيع من الايميل وراحت الاشكاليه

آآسف عالازعاج
 
توقيع : محـ المقاطي ـمد
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى