تقرير للجهاز مع بيان المشكلة السابقة

سعودي دووم · 6 يوليو 2008

اسعد الله مساء جميع الزيزومين .......ز

انا عرضت مشكلة من حوالي كم يوم وطلب مني عمل تقرير وهذا التقرير عملته ,,,

رابط الموضوع السابق

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا التقرير اتمنى تشوفون الحل لان البعض قالوا لصاحب المشكلة ان جهازك مخترق وهذا الملف ما تقدر تمسحه لان اللي مخترق جهازك متصل ,,,,,,,,,, اتمنى تفيدوني

ComboFix 08-07-04.1 - LOOO(^_^)OOOL 07/04/2008 22:41:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.504 [GMT 3:00]
Running from: C:\Documents and Settings\الشبكه\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\الشبكه\Application Data\addon.dat
C:\Documents and Settings\الشبكه\Application Data\FunWebProducts
C:\Documents and Settings\الشبكه\Application Data\FunWebProducts\Data\الشبكه\avatar.dat
C:\Documents and Settings\الشبكه\Application Data\FunWebProducts\Data\الشبكه\zbucks.dat
C:\Documents and Settings\الشبكه\Application Data\macromedia\Flash Player\iforex.com
C:\Documents and Settings\الشبكه\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Documents and Settings\الشبكه\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\الشبكه\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Arabic\Application Data\addon.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\005EC5C7.urr
C:\Program Files\FunWebProducts\Shared\003F23B2.dat
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\0004CDCC
C:\Program Files\MyWebSearch\bar\Cache\000EDB0A
C:\Program Files\MyWebSearch\bar\Cache\001559E1.bin
C:\Program Files\MyWebSearch\bar\Cache\00155EF2.bin
C:\Program Files\MyWebSearch\bar\Cache\001562CA.bin
C:\Program Files\MyWebSearch\bar\Cache\001567AC.bin
C:\Program Files\MyWebSearch\bar\Cache\00156BF2.bin
C:\Program Files\MyWebSearch\bar\Cache\00157EEE
C:\Program Files\MyWebSearch\bar\Cache\001FC3E5
C:\Program Files\MyWebSearch\bar\Cache\002CC369
C:\Program Files\MyWebSearch\bar\Cache\002CC9D2.bin
C:\Program Files\MyWebSearch\bar\Cache\002CD357.bin
C:\Program Files\MyWebSearch\bar\Cache\002CDAC9.bin
C:\Program Files\MyWebSearch\bar\Cache\002CE374.bin
C:\Program Files\MyWebSearch\bar\Cache\002CF026.bin
C:\Program Files\MyWebSearch\bar\Cache\002CFA67.bin
C:\Program Files\MyWebSearch\bar\Cache\002D01F9.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 19:46 342,560 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-04 19:46 31,010,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-04 19:45 426,788 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-04 19:45 39,404 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-04 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-04 14:15 --------- d-----w C:\Program Files\Dell
2008-07-04 13:47 --------- d-----w C:\Program Files\ElcomSoft
2008-07-02 02:13 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-01 11:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-01 10:53 --------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2008-07-01 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Blueberry
2008-07-01 10:06 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2008-07-01 10:05 --------- d-----w C:\Program Files\Common Files\Blueberry Software
2008-07-01 10:05 --------- d-----w C:\Program Files\Blueberry Software
2008-07-01 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\{F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
2008-07-01 09:55 --------- d-----w C:\Program Files\ClocX
2008-07-01 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-01 04:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 04:05 --------- d-----w C:\Program Files\inKline Global
2008-07-01 02:28 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-07-01 02:28 --------- d-----w C:\Program Files\Conduit
2008-07-01 01:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-30 22:34 0 ----a-w C:\osy3.sys
2008-06-30 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-06-30 22:12 --------- d-----w C:\Program Files\Common Files\delet
2008-06-29 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-29 15:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-27 23:24 --------- d-----w C:\Program Files\Wireless WEP Key Password Spy
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\vlc
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\TuneUp Software
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\skypePM
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\Skype
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\Search Settings
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\Ldoce
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\CyberLink
2008-06-27 14:57 --------- d-----w C:\Documents and Settings\Arabic\Application Data\Apple Computer
2008-06-26 22:35 --------- d-----w C:\Program Files\Longman
2008-06-26 22:34 --------- d-----w C:\Program Files\Google
2008-06-26 22:32 --------- d-----w C:\Program Files\QuickWiz
2008-06-26 22:31 --------- d-----w C:\Program Files\ACD Systems
2008-06-26 13:46 --------- d-----w C:\Program Files\Sun
2008-06-26 13:44 --------- d-----w C:\Program Files\Java
2008-06-25 23:35 --------- d-----w C:\Program Files\SigmaTel
2008-06-25 23:21 --------- d-----w C:\Program Files\xdaSkinChooserVP
2008-06-25 23:21 --------- d-----w C:\Program Files\VideoLAN
2008-06-25 23:21 --------- d-----w C:\Program Files\TorrentSpeeder
2008-06-25 23:21 --------- d-----w C:\Program Files\SOTI
2008-06-25 23:21 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-06-25 23:21 --------- d-----w C:\Program Files\ooVoo
2008-06-25 23:21 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-06-25 13:40 --------- d-----w C:\Program Files\Hotspot Shield
2008-06-25 09:48 19,900,192 ----a-w C:\AdbeRdr710_en_US.exe
2008-06-24 12:21 --------- d-----w C:\Program Files\Unlocker
2008-06-24 09:43 --------- d-----w C:\Program Files\MagicDisc
2008-06-23 19:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-23 19:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-23 19:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-23 18:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-21 11:38 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-06-21 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-19 13:58 --------- d-----w C:\Program Files\Search Settings
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 21:47 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-08 19:09 --------- d-----w C:\Program Files\styleproccreative
2008-06-08 19:08 --------- d-----w C:\Program Files\MSN Messenger
2008-06-08 19:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-07 18:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-07 18:32 172,032 ------w C:\WINDOWS\Setup1.exe
2008-06-07 14:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-06 20:20 986,114 ----a-w C:\WINDOWS\m1k.exe
2008-06-02 18:19 --------- d-----w C:\Program Files\Adverts
2008-06-01 06:44 --------- d-----w C:\Program Files\Circle Developement
2008-05-31 16:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-31 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 14:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 14:10 --------- d-----w C:\Program Files\BitComet
2008-05-28 14:05 --------- d-----w C:\Program Files\uTorrent
2008-05-28 07:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-28 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-28 03:33 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-27 09:11 96,896 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2008-05-22 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-05-22 11:12 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-05-17 13:46 --------- d-----w C:\Program Files\Easy Video to Audio Converter
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-07 18:18 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 16:44 224 ----a-w C:\Category.dat
2008-05-05 16:44 106 ----a-w C:\SCategory.dat
2008-04-10 13:42 177,664 ----a-w C:\WINDOWS\cbuninstall.exe
2008-03-06 16:35 0 ----a-w C:\Program Files\MultiTransefind.ini
2008-03-02 05:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-08-03 21:56 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
06/24/2008 11:17 PM 1569304 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
06/12/2008 04:57 PM 1111904 --a------ C:\Program Files\Search Settings\kb127\SearchSettings.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [10/25/2006 03:10 AM 4662776]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [03/06/2008 07:14 PM 887040]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 08:18 AM 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 PM 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [06/23/2006 04:48 AM 1384448]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/14/2005 04:44 AM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/14/2005 04:41 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/14/2005 04:45 AM 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/04/2006 05:51 AM 1032192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [12/28/2006 08:50 AM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 07:00 AM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 07:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 07:00 AM 455168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/07/2008 09:17 PM 185896]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [06/12/2008 04:57 PM 991584]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM 282624 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-25 05:28:28 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 09:50 PM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/03/2004 07:24 AM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 10/25/2006 03:10 AM 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP

oVoo TCP المنفذ 443
"443:UDP"= 443:UDP

oVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP

oVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP

oVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP

oVoo UDP المنفذ 37675
"11925:TCP"= 11925:TCP:BitComet 11925 TCP
"11925:UDP"= 11925:UDP:BitComet 11925 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [07/01/2008 01:06 PM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 12:56 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [03/13/2008 05:38 AM]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [07/02/2008 05:13 AM]
S4 mchInjDrv;mchInjDrv;C:\WINDOWS\system32\drivers\mchInjDrv.sys [06/21/2008 02:38 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
"2008-07-04 14:16:34 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-04 16:16:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-04 22:47:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\sccfg.sys 266 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 07/04/2008 22:52:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 19:52:15
Pre-Run: 8,351,375,360 bytes free
Post-Run: 8,531,488,768 bytes free
359 --- E O F --- 2008-07-02 02:52:48

تحياتي للجميع

KinXG BlacK · 6 يوليو 2008

وياليت تقرير بعد بهذا البرنامج

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

تقرير للجهاز مع بيان المشكلة السابقة

سعودي دووم

زيزوومى متألق

KinXG BlacK

زيزوومى متألق

توقيع : KinXG BlacK

حصري (ينتهي الدعم في 13 يناير 2032) Windows 10 IoT Enterprise LTSC 2021 (19044.6276) Aio Multi Update August 2025