مشكلة تعليق الجهاز

[zaz_8000]

ارجوا منكم مساعدتي بقدر الاماكن عندي اكثر من مشكله الولها تعليق الجهاز ثم ثقله ثم احس انه مليان فيروسات

 

[zaz_8000]

انا سويه التقرير من الهاجاك وهذا التقرير الي طلع


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:23 ص, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Dealio\kb126\Dealio Deskbar.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
D:\abdulaziz\wh_38762959.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: QUICKfind BHO ****** - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [gaacc] c:\documents and settings\user\local settings\application data\gaacc.exe gaacc
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Orbit.lnk = C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\IMAGEFORMATS\QJPEG4.DLL
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ******) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9151 bytes

 

[أبو خالد]

قم بحذف القيم التاليه

C:\Program Files\Dealio\kb126\Dealio Deskbar.exe

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll


O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe


O4 - HKCU\..\Run: [gaacc] c:\documents and settings\user\local settings\application data\gaacc.exe gaacc

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll


O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll


O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[زيزوووم]

بالاضافه لكلاام الاحبه ,,

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[zaz_8000]

هذا التقرير اللي طلبته








ComboFix 08-04-13.3 - user 04/14/2008 22:32:31.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.185 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Local Settings\Application Data\gaacc.dat
C:\Documents and Settings\user\Local Settings\Application Data\gaacc_nav.dat
C:\Documents and Settings\user\Local Settings\Application Data\gaacc_navps.dat
C:\Program Files\FunWebProducts
C:\Program Files\mailskinner
C:\Program Files\mailskinner\anim_0.gif
C:\Program Files\mailskinner\anim_help.gif
C:\Program Files\mailskinner\autosmiley.xml
C:\Program Files\mailskinner\OLSkinner.dll
C:\Program Files\mailskinner\uninst.exe
C:\WINDOWS\msskinner
C:\WINDOWS\msskinner\msbackup.dat
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-13 22:56 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-04-13 22:49 --------- d-----w C:\Program Files\BLOX Forever Trial
2008-04-12 18:12 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 18:12 --------- d-----w C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-12 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-11 13:31 --------- d-----w C:\Program Files\Kuma Games
2008-04-01 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-01 11:17 --------- d-----w C:\Program Files\Circle Developement
2008-03-17 05:02 --------- d-----w C:\Program Files\Spyware-Secure
2008-03-16 21:00 384,000 ----a-w C:\WINDOWS\system32\mamlzv.exe
2008-03-15 19:55 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-15 19:55 --------- d-----w C:\Program Files\Othmani Font for Quran 6.0
2008-03-07 05:02 --------- d-----w C:\Program Files\Antadis
2008-02-16 02:17 --------- d-----w C:\Program Files\Webteh
2008-02-16 02:17 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer Pro
2008-02-16 02:17 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer
2008-02-16 01:59 --------- d-----w C:\Program Files\SuperDVD Player 5.0
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\****liconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:55 PM 5674352]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [02/25/2004 11:48 AM 665088]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM 36975]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [04/19/2004 12:44 PM 7916032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/03/2008 09:12 PM 185896]
"au"="C:\Program Files\Dealio\DealioAU.exe" [02/08/2008 01:11 PM 546144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/07/2007 05:35 PM 1294336]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2005-09-02 00:32:17 192512]
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2007\uzqkst.exe [2008-01-18 02:35:33 834048]
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2008-02-22 03:53:19 434176]
Kuma_Tray.lnk - C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe [2007-09-26 16:57:16 33992]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\****l\AutoRun\command - J:\RavMon.exe
\****l\explore\Command - J:\RavMon.exe -e
\****l\open\Command - J:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c16290a-b02e-11dc-aef0-c308871a4d75}]
\****l\AutoRun\command - F:\RavMon.exe
\****l\explore\Command - F:\RavMon.exe -e
\****l\open\Command - F:\RavMon.exe
.
*******s of the 'Scheduled Tasks' folder
"2008-04-14 19:36:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-04-14 22:36:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\DEALIO\KB126\DEALIO DESKBAR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 04/14/2008 22:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 19:37:46
Pre-Run: 31,097,487,360 bytes free
Post-Run: 31,042,895,872 bytes free
.
2008-03-22 00:04:27 --- E O F ---

 

[زيزوووم]

يعطيك العافية ياغالي

لاهنت تقرير كاسبر اون لاين .. وارفق تقريرك بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[abu_youssefabu_youssef is verified member.]

بيض الله وجهك ياغالي:king:
رحم الله والديك واسكنك واياهم وجميع المسلمين فسيح جناته

 

[zaz_8000]

هذا التقرير مرفق حق الكاسبر سكاي وارجو الرد علي في اسرع وقت ممكن

والله يعطيك العافيه يا عسل

واذا فيه اشيائ مفيده لنا علشان الحمايه ننزلها

والله يعطيك العافيه مره اخرى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[zaz_8000]

معليش بس ما اعرف كيف اعطيك التقرير قمت الصقته في الرد


KASPERSKY ONLINE SCANNER REPORT Tuesday, April 15, 2008 7:16:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 705072
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\
C:\
D:\
E:\ Scan StatisticsTotal number of scanned ******s48462Number of viruses found1Number of infected ******s2Number of suspicious ******s0Duration of the scan process00:58:56
Infected ****** NameVirus NameLast ActionC:\WINDOWS\system32\config\system.LOG ****** is locked skipped C:\WINDOWS\system32\config\software.LOG ****** is locked skipped C:\WINDOWS\system32\config\default.LOG ****** is locked skipped C:\WINDOWS\system32\config\SAM.LOG ****** is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG ****** is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt ****** is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt ****** is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt ****** is locked skipped C:\WINDOWS\system32\config\SECURITY ****** is locked skipped C:\WINDOWS\system32\config\SOFTWARE ****** is locked skipped C:\WINDOWS\system32\config\SYSTEM ****** is locked skipped C:\WINDOWS\system32\config\DEFAULT ****** is locked skipped C:\WINDOWS\system32\config\SAM ****** is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx ****** is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat ****** is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx ****** is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\******S.MAP ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\******S.DATA ****** is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR ****** is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log ****** is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb ****** is locked skipped C:\WINDOWS\system32\h323log.txt ****** is locked skipped C:\WINDOWS\Debug\PASSWD.LOG ****** is locked skipped C:\WINDOWS\WindowsUpdate.log ****** is locked skipped C:\WINDOWS\SchedLgU.Txt ****** is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log ****** is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{89A0EECA-0534-4FF7-A81F-A07EE4C97061}.bin ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\000d_Web_Monitoring_eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\000b_File_Monitoring_eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\001e_Updater_eventcritlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\001e_Updater_eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0005_AdBlocker_eventcritlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0005_AdBlocker_eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\001f_Scan_My_Computer_eventlog.rpt ****** is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\001f_Scan_My_Computer_eventcritlog.rpt ****** is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT ****** is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat ****** is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\*******.IE5\index.dat ****** is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat ****** is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ****** is locked skipped C:\Documents and Settings\NetworkService\******s\index.dat ****** is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG ****** is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT ****** is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat ****** is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\*******.IE5\index.dat ****** is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat ****** is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ****** is locked skipped C:\Documents and Settings\LocalService\******s\index.dat ****** is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG ****** is locked skipped C:\Documents and Settings\user\NTUSER.DAT ****** is locked skipped C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat ****** is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\*******.IE5\index.dat ****** is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat ****** is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ****** is locked skipped C:\Documents and Settings\user\My Documents\الملفات المتلقاة\MsnMsgr.txt ****** is locked skipped C:\Documents and Settings\user\My Documents\الملفات المتلقاة\Transport0.log ****** is locked skipped C:\Documents and Settings\user\My Documents\الملفات المتلقاة\lcapi0.log ****** is locked skipped C:\Documents and Settings\user\******s\index.dat ****** is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG ****** is locked skipped C:\Program Files\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt ****** is locked skipped C:\System Volume Information\_restore{3B1203A0-D643-4788-A93F-B5EDC53EF528}\RP169\change.log ****** is locked skipped D:\Ghoomte reh jaoge.zip/Ghoomte reh jaoge.exe Infected: not-virus:BadJoke.Win32.Train skipped D:\Ghoomte reh jaoge.zip ZIP: infected - 1 skipped Scan process completed.

 

[زيزوووم]

بيض الله وجهك ياغالي:king:
رحم الله والديك واسكنك واياهم وجميع المسلمين فسيح جناته

أدعو الله أن يتقبل دعائك ... وأن يجمعنا وإياك ووالدي ووالديك في جنات النعيم ..​

آمــــــــين يارب العالـــمـــين ..​

 

[زيزوووم]

هذا التقرير مرفق حق الكاسبر سكاي وارجو الرد علي في اسرع وقت ممكن

والله يعطيك العافيه يا عسل

واذا فيه اشيائ مفيده لنا علشان الحمايه ننزلها

والله يعطيك العافيه مره اخرى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وش هالعجله وانا اخوك :
تقريرك حوسه دوسه :hh::hh: ما ينفهم منه شئ

لاهنت حمل برنامج الضغط وثبته

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها بالماوس كلك يمين على ملف التقرير واختر ضغط
بعدها ارفعه على موقعنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[zaz_8000]

هذا الرابط يا طويل العمر اي خدمه اخرى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[زيزوووم]

هلااا فيك
..

تقرير الكاسبر فيه ملف يحتوي على فايروس .. ولاهنت احذقه يدوي
D:\Ghoomte reh jaoge.zip

--------------------


ومن التقارير الاولى يوجد عندك برامج دغائية وتجسس

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

<-----------------------------------------------------------​

 

[زيزوووم]

و اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[zaz_8000]

الرابط الي قبل الهاي جاك حق الفحص مو راضي ينزل البرنامج ما ني عارف من ايش واحس الجهاز صار اثقل من اول
الله يعطلك العافيه حاول تساعدني ..؟؟!!

مشكور على خدماتك ومعليش تعبناك معانا

 

[زيزوووم]

الرابط الي قبل الهاي جاك حق الفحص مو راضي ينزل البرنامج ما ني عارف من ايش واحس الجهاز صار اثقل من اول
الله يعطلك العافيه حاول تساعدني ..؟؟!!

مشكور على خدماتك ومعليش تعبناك معانا

تفضل ياغالي ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ولاتنسى التقرير


=============================


وايضا ارفق لاهنت تقرير هايجاك جديد​

 

[zaz_8000]

هذا تقرير البرنامج الي اعطيتيني اياه


SmitFraudFix v2.315
Scan done at 1:55:28.45, Sun 04/20/2008
Run from D:\abdulaziz\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D5C9260-6D74-4A2C-A48D-7951E3CB5510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D5C9260-6D74-4A2C-A48D-7951E3CB5510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8D5C9260-6D74-4A2C-A48D-7951E3CB5510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[zaz_8000]

هذا تقرير الهاجاك

Logfile of HijackThis v1.99.1
Scan saved at 02:24:30 ص, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\explorer.exe
D:\abdulaziz\wh_38762959.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: QUICKfind BHO ****** - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Orbit.lnk = C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\IMAGEFORMATS\QJPEG4.DLL
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ******) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = aramco.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = saramco.net,aramco.com.sa
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.1.59.1,10.1.3.240,10.1.12.240
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

[zaz_8000]

الله يعطيك العافيه ما قصرت حبيبي

هذي التقريرين مرفقه لديك فوق في الردين السابقين

 

[زيزوووم]

يعطيك العافيه

تقاريرك تمام وانا اخوك

والبطئ من برامج الحماية اللي عندك

الكاسبر ما يتوافق مع Spy Sweeper
انصحك بحذفه واستخدم بدلاا منه avg antispyware