- بادئ الموضوع العليمي
- تاريخ البدء
- 1,964
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
السلام عليكم ورحمة الله وبركاته
عذرا على نقل الموضوع لـ قسمه المناسب
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
عذرا على نقل الموضوع لـ قسمه المناسب
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
حمل أداة الهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
توقيع : Al jNtEeL
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
توقيع : Al jNtEeL
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
برنامج الحماية فيرا
وتفصيل المشكلة بداية التشغيل يعلق الجهاز عند فتح صفحة قوقل وعند فتح المفضله يحصل تعليق لاتفتح او تتأخر بشكل كبير
تحس ان هناك مشكلة وليست طبيعية فأقوم واعيد التشغيل من الزر اليدوي المجاور لزر التشغيل وتنتهي المشكلة
وتفصيل المشكلة بداية التشغيل يعلق الجهاز عند فتح صفحة قوقل وعند فتح المفضله يحصل تعليق لاتفتح او تتأخر بشكل كبير
تحس ان هناك مشكلة وليست طبيعية فأقوم واعيد التشغيل من الزر اليدوي المجاور لزر التشغيل وتنتهي المشكلة
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
والله ممكن ياغالي ,, لأن الأفيرا مايثر على الإتصال لأن ليس به جدارا ناري
ثواني اشرح لك كيف تعطيله :q:
توقيع : Al jNtEeL
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
اخي الكريم
هذا هو التقرير علماً انه لم يعد التشغيل + تم انقطاع النت فعملت لصق للتقرير في الوورد ثم اعدت التشغيل انا واشتغل النت
وهذا هو التقرير الاول :
ComboFix 08-08-30.03 - USER 08/31/2008 21:54:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.677 [GMT 3:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:07 39,493,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-31 18:49 448,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-30 20:28 --------- d-----w C:\Program Files\GVR
2008-08-05 22:43 --------- d-----w C:\Program Files\Avira
2008-08-05 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-05 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 12:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 19:00 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 03:00 PM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2005 08:57 AM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 09:09 PM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/08/2007 07:22 AM 180269]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/25/2005 05:32 AM 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/25/2005 05:29 AM 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/25/2005 05:32 AM 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/08/2007 07:25 AM 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM 262401]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 04:42 PM 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-08 07:08:51 122880]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 17:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 03/31/2005 07:30 PM 1106944 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/22/2005 07:39 PM 167936 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 04/20/2005 07:57 PM 847872 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 04/08/2007 07:25 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16808:TCP"= 16808:TCP
ORT_16808
"48371:TCP"= 48371:TCPORT_48371
"45957:TCP"= 45957:TCPORT_45957
"18207:TCP"= 18207:TCPORT_18207
"40941:TCP"= 40941:TCPORT_40941
"60250:TCP"= 60250:TCPORT_60250
"37910:TCP"= 37910:TCPORT_37910
"49520:TCP"= 49520:TCPORT_49520
"65246:TCP"= 65246:TCPORT_65246
"10559:TCP"= 10559:TCPORT_10559
"31129:TCP"= 31129:TCPORT_31129
"42422:TCP"= 42422:TCPORT_42422
"29094:TCP"= 29094:TCPORT_29094
"25851:TCP"= 25851:TCPORT_25851
"11611:TCP"= 11611:TCPORT_11611
"21325:TCP"= 21325:TCPORT_21325
"46301:TCP"= 46301:TCPORT_46301
"20501:TCP"= 20501:TCPORT_20501
"52516:TCP"= 52516:TCPORT_52516
"11125:TCP"= 11125:TCPORT_11125
"57101:TCP"= 57101:TCPORT_57101
"34219:TCP"= 34219:TCPORT_34219
"63486:TCP"= 63486:TCPORT_63486
"19988:TCP"= 19988:TCPORT_19988
"49601:TCP"= 49601:TCPORT_49601
"41648:TCP"= 41648:TCPORT_41648
"19726:TCP"= 19726:TCPORT_19726
"19320:TCP"= 19320:TCPORT_19320
"17380:TCP"= 17380:TCPORT_17380
"17356:TCP"= 17356:TCPORT_17356
"51031:TCP"= 51031:TCPORT_51031
"20148:TCP"= 20148:TCPORT_20148
"50180:TCP"= 50180:TCPORT_50180
"24555:TCP"= 24555:TCPORT_24555
"35742:TCP"= 35742:TCPORT_35742
"10368:TCP"= 10368:TCPORT_10368
"39254:TCP"= 39254:TCPORT_39254
"37742:TCP"= 37742:TCPORT_37742
"35005:TCP"= 35005:TCPORT_35005
"31286:TCP"= 31286:TCPORT_31286
"31883:TCP"= 31883:TCPORT_31883
"52078:TCP"= 52078:TCPORT_52078
"32582:TCP"= 32582:TCPORT_32582
"29461:TCP"= 29461:TCPORT_29461
"26545:TCP"= 26545:TCPORT_26545
"26438:TCP"= 26438:TCPORT_26438
"26018:TCP"= 26018:TCPORT_26018
"27193:TCP"= 27193:TCPORT_27193
"31819:TCP"= 31819:TCPORT_31819
"31423:TCP"= 31423:TCPORT_31423
"23637:TCP"= 23637:TCPORT_23637
"37587:TCP"= 37587:TCPORT_37587
"38450:TCP"= 38450:TCPORT_38450
"61321:TCP"= 61321:TCPORT_61321
"28880:TCP"= 28880:TCPORT_28880
"15961:TCP"= 15961:TCPORT_15961
"45648:TCP"= 45648:TCPORT_45648
"24461:TCP"= 24461:TCPORT_24461
"22461:TCP"= 22461:TCPORT_22461
"16039:TCP"= 16039:TCPORT_16039
"5293:TCP"= 5293:TCPORT_5293
"16395:TCP"= 16395:TCPORT_16395
"35082:TCP"= 35082:TCPORT_35082
"26504:TCP"= 26504:TCPORT_26504
"57336:TCP"= 57336:TCPORT_57336
"20758:TCP"= 20758:TCPORT_20758
"15461:TCP"= 15461:TCPORT_15461
"42020:TCP"= 42020:TCPORT_42020
"19851:TCP"= 19851:TCPORT_19851
"5653:TCP"= 5653:TCPORT_5653
"10570:TCP"= 10570:TCPORT_10570
"36351:TCP"= 36351:TCPORT_36351
"58645:TCP"= 58645:TCPORT_58645
"51652:TCP"= 51652:TCPORT_51652
"11665:TCP"= 11665:TCPORT_11665
"60742:TCP"= 60742:TCPORT_60742
"31736:TCP"= 31736:TCPORT_31736
"18670:TCP"= 18670:TCPORT_18670
"42657:TCP"= 42657:TCPORT_42657
"37440:TCP"= 37440:TCPORT_37440
"49754:TCP"= 49754:TCPORT_49754
"18945:TCP"= 18945:TCPORT_18945
"36863:TCP"= 36863:TCPORT_36863
"46266:TCP"= 46266:TCPORT_46266
"39460:TCP"= 39460:TCPORT_39460
"54125:TCP"= 54125:TCPORT_54125
"37028:TCP"= 37028:TCPORT_37028
"34383:TCP"= 34383:TCPORT_34383
"40602:TCP"= 40602:TCPORT_40602
"23090:TCP"= 23090:TCPORT_23090
"39606:TCP"= 39606:TCPORT_39606
"11867:TCP"= 11867:TCPORT_11867
"43770:TCP"= 43770:TCPORT_43770
"49043:TCP"= 49043:TCPORT_49043
"20418:TCP"= 20418:TCPORT_20418
"56516:TCP"= 56516:TCPORT_56516
"36508:TCP"= 36508:TCPORT_36508
"65439:TCP"= 65439:TCPORT_65439
"14224:TCP"= 14224:TCPORT_14224
"12615:TCP"= 12615:TCPORT_12615
"30164:TCP"= 30164:TCPORT_30164
"25133:TCP"= 25133:TCPORT_25133
"19289:TCP"= 19289:TCPORT_19289
"9771:TCP"= 9771:TCPORT_9771
"62986:TCP"= 62986:TCPORT_62986
"45954:TCP"= 45954:TCPORT_45954
"26930:TCP"= 26930:TCPORT_26930
"36680:TCP"= 36680:TCPORT_36680
"52820:TCP"= 52820:TCPORT_52820
"19845:TCP"= 19845:TCPORT_19845
"22523:TCP"= 22523:TCPORT_22523
"14601:TCP"= 14601:TCPORT_14601
"38137:TCP"= 38137:TCPORT_38137
"22410:TCP"= 22410:TCPORT_22410
"24781:TCP"= 24781:TCPORT_24781
"22365:TCP"= 22365:TCPORT_22365
"48236:TCP"= 48236:TCPORT_48236
"36567:TCP"= 36567:TCPORT_36567
"47118:TCP"= 47118:TCPORT_47118
"39985:TCP"= 39985:TCPORT_39985
"27336:TCP"= 27336:TCPORT_27336
"28573:TCP"= 28573:TCPORT_28573
"36318:TCP"= 36318:TCPORT_36318
"60208:TCP"= 60208:TCPORT_60208
"9951:TCP"= 9951:TCPORT_9951
"63411:TCP"= 63411:TCPORT_63411
"45191:TCP"= 45191:TCPORT_45191
"23191:TCP"= 23191:TCPORT_23191
"40630:TCP"= 40630:TCPORT_40630
"39664:TCP"= 39664:TCPORT_39664
"23883:TCP"= 23883:TCPORT_23883
"23722:TCP"= 23722:TCPORT_23722
"45856:TCP"= 45856:TCPORT_45856
"48055:TCP"= 48055:TCPORT_48055
"56563:TCP"= 56563:TCPORT_56563
"44825:TCP"= 44825:TCPORT_44825
"49848:TCP"= 49848:TCPORT_49848
"41048:TCP"= 41048:TCPORT_41048
"49445:TCP"= 49445:TCPORT_49445
"51508:TCP"= 51508:TCPORT_51508
"49363:TCP"= 49363:TCPORT_49363
"33555:TCP"= 33555:TCPORT_33555
"33645:TCP"= 33645:TCPORT_33645
"16528:TCP"= 16528:TCPORT_16528
"37351:TCP"= 37351:TCPORT_37351
"36570:TCP"= 36570:TCPORT_36570
"31383:TCP"= 31383:TCPORT_31383
"19816:TCP"= 19816:TCPORT_19816
"52508:TCP"= 52508:TCPORT_52508
"24633:TCP"= 24633:TCPORT_24633
"32970:TCP"= 32970:TCPORT_32970
"34055:TCP"= 34055:TCPORT_34055
"46789:TCP"= 46789:TCPORT_46789
"9212:TCP"= 9212:TCPORT_9212
"48914:TCP"= 48914:TCPORT_48914
"50117:TCP"= 50117:TCPORT_50117
"22039:TCP"= 22039:TCPORT_22039
"26523:TCP"= 26523:TCPORT_26523
"30508:TCP"= 30508:TCPORT_30508
"23117:TCP"= 23117:TCPORT_23117
"33289:TCP"= 33289:TCPORT_33289
"40570:TCP"= 40570:TCPORT_40570
"25633:TCP"= 25633:TCPORT_25633
"38367:TCP"= 38367:TCPORT_38367
"28391:TCP"= 28391:TCPORT_28391
"20836:TCP"= 20836:TCPORT_20836
"24336:TCP"= 24336:TCPORT_24336
"45340:TCP"= 45340:TCPORT_45340
"8911:TCP"= 8911:TCPORT_8911
"59633:TCP"= 59633:TCPORT_59633
"44070:TCP"= 44070:TCPORT_44070
"17426:TCP"= 17426:TCPORT_17426
"52914:TCP"= 52914:TCPORT_52914
"58867:TCP"= 58867:TCPORT_58867
"22613:TCP"= 22613:TCPORT_22613
"26466:TCP"= 26466:TCPORT_26466
"7379:TCP"= 7379:TCPORT_7379
"49148:TCP"= 49148:TCPORT_49148
"18165:TCP"= 18165:TCPORT_18165
"31738:TCP"= 31738:TCPORT_31738
"27973:TCP"= 27973:TCPORT_27973
"37961:TCP"= 37961:TCPORT_37961
"29766:TCP"= 29766:TCPORT_29766
"40961:TCP"= 40961:TCPORT_40961
"33887:TCP"= 33887:TCPORT_33887
"40539:TCP"= 40539:TCPORT_40539
"15825:TCP"= 15825:TCPORT_15825
"41250:TCP"= 41250:TCPORT_41250
"11910:TCP"= 11910:TCPORT_11910
"19156:TCP"= 19156:TCPORT_19156
"29075:TCP"= 29075:TCPORT_29075
"35336:TCP"= 35336:TCPORT_35336
"29726:TCP"= 29726:TCPORT_29726
"13957:TCP"= 13957:TCPORT_13957
"43985:TCP"= 43985:TCPORT_43985
"27278:TCP"= 27278:TCPORT_27278
"49133:TCP"= 49133:TCPORT_49133
"60485:TCP"= 60485:TCPORT_60485
"25871:TCP"= 25871:TCPORT_25871
"44235:TCP"= 44235:TCPORT_44235
"7816:TCP"= 7816:TCPORT_7816
"9595:TCP"= 9595:TCPORT_9595
"30371:TCP"= 30371:TCPORT_30371
"51898:TCP"= 51898:TCPORT_51898
"42101:TCP"= 42101:TCPORT_42101
"57776:TCP"= 57776:TCPORT_57776
"33836:TCP"= 33836:TCPORT_33836
"36836:TCP"= 36836:TCPORT_36836
"32148:TCP"= 32148:TCPORT_32148
"34336:TCP"= 34336:TCPORT_34336
"49871:TCP"= 49871:TCPORT_49871
"59023:TCP"= 59023:TCPORT_59023
"42023:TCP"= 42023:TCPORT_42023
"33145:TCP"= 33145:TCPORT_33145
"61305:TCP"= 61305:TCPORT_61305
"41278:TCP"= 41278:TCPORT_41278
"36594:TCP"= 36594:TCPORT_36594
"8898:TCP"= 8898:TCPORT_8898
"44326:TCP"= 44326:TCPORT_44326
"8238:TCP"= 8238:TCPORT_8238
"12789:TCP"= 12789:TCPORT_12789
"57114:TCP"= 57114:TCPORT_57114
"27896:TCP"= 27896:TCPORT_27896
"32164:TCP"= 32164:TCPORT_32164
"27856:TCP"= 27856:TCPORT_27856
"34075:TCP"= 34075:TCPORT_34075
"22141:TCP"= 22141:TCPORT_22141
"9008:TCP"= 9008:TCPORT_9008
"49723:TCP"= 49723:TCPORT_49723
"16469:TCP"= 16469:TCPORT_16469
"22445:TCP"= 22445:TCPORT_22445
"31971:TCP"= 31971:TCPORT_31971
"14004:TCP"= 14004:TCPORT_14004
"43114:TCP"= 43114:TCPORT_43114
"57266:TCP"= 57266:TCPORT_57266
"54930:TCP"= 54930:TCPORT_54930
"49226:TCP"= 49226:TCPORT_49226
"37141:TCP"= 37141:TCPORT_37141
"34121:TCP"= 34121:TCPORT_34121
"12988:TCP"= 12988:TCPORT_12988
"48476:TCP"= 48476:TCPORT_48476
"16896:TCP"= 16896:TCPORT_16896
"22571:TCP"= 22571:TCPORT_22571
"25043:TCP"= 25043:TCPORT_25043
"63365:TCP"= 63365:TCPORT_63365
"25075:TCP"= 25075:TCPORT_25075
"40242:TCP"= 40242:TCPORT_40242
"24028:TCP"= 24028:TCPORT_24028
"6970:TCP"= 6970:TCPORT_6970
"12676:TCP"= 12676:TCPORT_12676
"31356:TCP"= 31356:TCPORT_31356
"40851:TCP"= 40851:TCPORT_40851
"58172:TCP"= 58172:TCPORT_58172
"37221:TCP"= 37221:TCPORT_37221
"7274:TCP"= 7274:TCPORT_7274
"28236:TCP"= 28236:TCPORT_28236
"15793:TCP"= 15793:TCPORT_15793
"64328:TCP"= 64328:TCPORT_64328
"49060:TCP"= 49060:TCPORT_49060
"19660:TCP"= 19660:TCPORT_19660
"59195:TCP"= 59195:TCPORT_59195
"52461:TCP"= 52461:TCPORT_52461
"52992:TCP"= 52992:TCPORT_52992
"21062:TCP"= 21062:TCPORT_21062
"31047:TCP"= 31047:TCPORT_31047
"42364:TCP"= 42364:TCPORT_42364
"30430:TCP"= 30430:TCPORT_30430
"17340:TCP"= 17340:TCPORT_17340
"55470:TCP"= 55470:TCPORT_55470
"38711:TCP"= 38711:TCPORT_38711
"20653:TCP"= 20653:TCPORT_20653
"36760:TCP"= 36760:TCPORT_36760
"19386:TCP"= 19386:TCPORT_19386
"31231:TCP"= 31231:TCPORT_31231
"25211:TCP"= 25211:TCPORT_25211
"17410:TCP"= 17410:TCPORT_17410
"34804:TCP"= 34804:TCPORT_34804
"48068:TCP"= 48068:TCPORT_48068
"16582:TCP"= 16582:TCPORT_16582
"43513:TCP"= 43513:TCPORT_43513
"33996:TCP"= 33996:TCPORT_33996
"33441:TCP"= 33441:TCPORT_33441
"32606:TCP"= 32606:TCPORT_32606
"55448:TCP"= 55448:TCPORT_55448
"21756:TCP"= 21756:TCPORT_21756
"34690:TCP"= 34690:TCPORT_34690
"49742:TCP"= 49742:TCPORT_49742
"22450:TCP"= 22450:TCPORT_22450
"61348:TCP"= 61348:TCPORT_61348
"54739:TCP"= 54739:TCPORT_54739
"35502:TCP"= 35502:TCPORT_35502
"30957:TCP"= 30957:TCPORT_30957
"37516:TCP"= 37516:TCPORT_37516
"35157:TCP"= 35157:TCPORT_35157
"42711:TCP"= 42711:TCPORT_42711
"44539:TCP"= 44539:TCPORT_44539
"32211:TCP"= 32211:TCPORT_32211
"33523:TCP"= 33523:TCPORT_33523
"54430:TCP"= 54430:TCPORT_54430
"34136:TCP"= 34136:TCPORT_34136
"32541:TCP"= 32541:TCPORT_32541
"60367:TCP"= 60367:TCPORT_60367
"27538:TCP"= 27538:TCPORT_27538
"56127:TCP"= 56127:TCPORT_56127
"64211:TCP"= 64211:TCPORT_64211
"13901:TCP"= 13901:TCPORT_13901
"14055:TCP"= 14055:TCPORT_14055
"53445:TCP"= 53445:TCPORT_53445
"35523:TCP"= 35523:TCPORT_35523
"53985:TCP"= 53985:TCPORT_53985
"57453:TCP"= 57453:TCPORT_57453
"8082:TCP"= 8082:TCPORT_8082
"11137:TCP"= 11137:TCPORT_11137
"57871:TCP"= 57871:TCPORT_57871
"52951:TCP"= 52951:TCPORT_52951
"20009:TCP"= 20009:TCPORT_20009
"14176:TCP"= 14176:TCPORT_14176
"39188:TCP"= 39188:TCPORT_39188
"11410:TCP"= 11410:TCPORT_11410
"40241:TCP"= 40241:TCPORT_40241
"10123:TCP"= 10123:TCPORT_10123
"57016:TCP"= 57016:TCPORT_57016
"60365:TCP"= 60365:TCPORT_60365
"8575:TCP"= 8575:TCPORT_8575
"9000:TCP"= 9000:TCPORT_9000
"6770:TCP"= 6770:TCPORT_6770
"58086:TCP"= 58086:TCPORT_58086
"8448:TCP"= 8448:TCPORT_8448
"31091:TCP"= 31091:TCPORT_31091
"11184:TCP"= 11184:TCPORT_11184
"27101:TCP"= 27101:TCPORT_27101
"49203:TCP"= 49203:TCPORT_49203
"40153:TCP"= 40153:TCPORT_40153
"43110:TCP"= 43110:TCPORT_43110
"51539:TCP"= 51539:TCPORT_51539
"40846:TCP"= 40846:TCPORT_40846
"27508:TCP"= 27508:TCPORT_27508
"61892:TCP"= 61892:TCPORT_61892
"36133:TCP"= 36133:TCPORT_36133
"35023:TCP"= 35023:TCPORT_35023
"32794:TCP"= 32794:TCPORT_32794
"51383:TCP"= 51383:TCPORT_51383
"45539:TCP"= 45539:TCPORT_45539
"24735:TCP"= 24735:TCPORT_24735
"6348:TCP"= 6348:TCPORT_6348
"15226:TCP"= 15226:TCPORT_15226
"41217:TCP"= 41217:TCPORT_41217
"64630:TCP"= 64630:TCPORT_64630
"42180:TCP"= 42180:TCPORT_42180
"37431:TCP"= 37431:TCPORT_37431
"43016:TCP"= 43016:TCPORT_43016
"33938:TCP"= 33938:TCPORT_33938
"12738:TCP"= 12738:TCPORT_12738
"39285:TCP"= 39285:TCPORT_39285
"58133:TCP"= 58133:TCPORT_58133
"12826:TCP"= 12826:TCPORT_12826
"37551:TCP"= 37551:TCPORT_37551
"44836:TCP"= 44836:TCPORT_44836
"22231:TCP"= 22231:TCPORT_22231
"10235:TCP"= 10235:TCPORT_10235
"42029:TCP"= 42029:TCPORT_42029
"53148:TCP"= 53148:TCPORT_53148
"50738:TCP"= 50738:TCPORT_50738
"41226:TCP"= 41226:TCPORT_41226
"38539:TCP"= 38539:TCPORT_38539
"40336:TCP"= 40336:TCPORT_40336
"11696:TCP"= 11696:TCPORT_11696
"20795:TCP"= 20795:TCPORT_20795
"50825:TCP"= 50825:TCPORT_50825
"7520:TCP"= 7520:TCPORT_7520
"36101:TCP"= 36101:TCPORT_36101
"48066:TCP"= 48066:TCPORT_48066
"62117:TCP"= 62117:TCPORT_62117
"38445:TCP"= 38445:TCPORT_38445
"63164:TCP"= 63164:TCPORT_63164
"19488:TCP"= 19488:TCPORT_19488
"65253:TCP"= 65253:TCPORT_65253
"53528:TCP"= 53528:TCPORT_53528
"14668:TCP"= 14668:TCPORT_14668
"61691:TCP"= 61691:TCPORT_61691
"6946:TCP"= 6946:TCPORT_6946
"41703:TCP"= 41703:TCPORT_41703
"16082:TCP"= 16082:TCPORT_16082
"6649:TCP"= 6649:TCPORT_6649
"55058:TCP"= 55058:TCPORT_55058
"45695:TCP"= 45695:TCPORT_45695
"63778:TCP"= 63778:TCPORT_63778
"64180:TCP"= 64180:TCPORT_64180
"9184:TCP"= 9184:TCPORT_9184
"61083:TCP"= 61083:TCPORT_61083
"10254:TCP"= 10254:TCPORT_10254
"60075:TCP"= 60075:TCPORT_60075
"52898:TCP"= 52898:TCPORT_52898
"46168:TCP"= 46168:TCPORT_46168
"6914:TCP"= 6914:TCPORT_6914
"6226:TCP"= 6226:TCPORT_6226
"30101:TCP"= 30101:TCPORT_30101
"21883:TCP"= 21883:TCPORT_21883
"36590:TCP"= 36590:TCPORT_36590
"24730:TCP"= 24730:TCPORT_24730
"47277:TCP"= 47277:TCPORT_47277
"13836:TCP"= 13836:TCPORT_13836
"8492:TCP"= 8492:TCPORT_8492
"5770:TCP"= 5770:TCPORT_5770
"44873:TCP"= 44873:TCPORT_44873
"47742:TCP"= 47742:TCPORT_47742
"34360:TCP"= 34360:TCPORT_34360
"59051:TCP"= 59051:TCPORT_59051
"38074:TCP"= 38074:TCPORT_38074
"12772:TCP"= 12772:TCPORT_12772
"55618:TCP"= 55618:TCPORT_55618
"14503:TCP"= 14503:TCPORT_14503
"51363:TCP"= 51363:TCPORT_51363
"31700:TCP"= 31700:TCPORT_31700
"53926:TCP"= 53926:TCPORT_53926
"65465:TCP"= 65465:TCPORT_65465
"12807:TCP"= 12807:TCPORT_12807
"27919:TCP"= 27919:TCPORT_27919
"35445:TCP"= 35445:TCPORT_35445
"30681:TCP"= 30681:TCPORT_30681
"52723:TCP"= 52723:TCPORT_52723
"27656:TCP"= 27656:TCPORT_27656
"59558:TCP"= 59558:TCPORT_59558
"43683:TCP"= 43683:TCPORT_43683
"11963:TCP"= 11963:TCPORT_11963
"23375:TCP"= 23375:TCPORT_23375
"27784:TCP"= 27784:TCPORT_27784
"45075:TCP"= 45075:TCPORT_45075
"16086:TCP"= 16086:TCPORT_16086
"47821:TCP"= 47821:TCPORT_47821
"30848:TCP"= 30848:TCPORT_30848
"39776:TCP"= 39776:TCPORT_39776
"61121:TCP"= 61121:TCPORT_61121
"35598:TCP"= 35598:TCPORT_35598
"59552:TCP"= 59552:TCPORT_59552
"42348:TCP"= 42348:TCPORT_42348
"32156:TCP"= 32156:TCPORT_32156
"22367:TCP"= 22367:TCPORT_22367
"15665:TCP"= 15665:TCPORT_15665
"14641:TCP"= 14641:TCPORT_14641
"37707:TCP"= 37707:TCPORT_37707
"36206:TCP"= 36206:TCPORT_36206
"8051:TCP"= 8051:TCPORT_8051
"8074:TCP"= 8074:TCPORT_8074
"13413:TCP"= 13413:TCPORT_13413
"43621:TCP"= 43621:TCPORT_43621
"53493:TCP"= 53493:TCPORT_53493
"36020:TCP"= 36020:TCPORT_36020
"63543:TCP"= 63543:TCPORT_63543
"59110:TCP"= 59110:TCPORT_59110
"5523:TCP"= 5523:TCPORT_5523
"52578:TCP"= 52578:TCPORT_52578
"16028:TCP"= 16028:TCPORT_16028
"37489:TCP"= 37489:TCPORT_37489
"54098:TCP"= 54098:TCPORT_54098
"34808:TCP"= 34808:TCPORT_34808
"17844:TCP"= 17844:TCPORT_17844
"51258:TCP"= 51258:TCPORT_51258
"14707:TCP"= 14707:TCPORT_14707
"63613:TCP"= 63613:TCPORT_63613
"41325:TCP"= 41325:TCPORT_41325
"13504:TCP"= 13504:TCPORT_13504
"58176:TCP"= 58176:TCPORT_58176
"56871:TCP"= 56871:TCPORT_56871
"19368:TCP"= 19368:TCPORT_19368
"8435:TCP"= 8435:TCPORT_8435
"62703:TCP"= 62703:TCPORT_62703
"19994:TCP"= 19994:TCPORT_19994
"30648:TCP"= 30648:TCPORT_30648
"50364:TCP"= 50364:TCPORT_50364
"51869:TCP"= 51869:TCPORT_51869
"38722:TCP"= 38722:TCPORT_38722
"42575:TCP"= 42575:TCPORT_42575
"59305:TCP"= 59305:TCPORT_59305
"56551:TCP"= 56551:TCPORT_56551
"19613:TCP"= 19613:TCPORT_19613
"36574:TCP"= 36574:TCPORT_36574
"47699:TCP"= 47699:TCPORT_47699
"35579:TCP"= 35579:TCPORT_35579
"62485:TCP"= 62485:TCPORT_62485
"54326:TCP"= 54326:TCPORT_54326
"36106:TCP"= 36106:TCPORT_36106
"57027:TCP"= 57027:TCPORT_57027
"49860:TCP"= 49860:TCPORT_49860
"49516:TCP"= 49516:TCPORT_49516
"49169:TCP"= 49169:TCPORT_49169
"51726:TCP"= 51726:TCPORT_51726
"48293:TCP"= 48293:TCPORT_48293
"26086:TCP"= 26086:TCPORT_26086
"27492:TCP"= 27492:TCPORT_27492
"15852:TCP"= 15852:TCPORT_15852
"38346:TCP"= 38346:TCPORT_38346
"45027:TCP"= 45027:TCPORT_45027
"52211:TCP"= 52211:TCPORT_52211
"20730:TCP"= 20730:TCPORT_20730
"42685:TCP"= 42685:TCPORT_42685
"8242:TCP"= 8242:TCPORT_8242
"35443:TCP"= 35443:TCPORT_35443
"61230:TCP"= 61230:TCPORT_61230
"55621:TCP"= 55621:TCPORT_55621
"16161:TCP"= 16161:TCPORT_16161
"17640:TCP"= 17640:TCPORT_17640
"53617:TCP"= 53617:TCPORT_53617
"43445:TCP"= 43445:TCPORT_43445
"60298:TCP"= 60298:TCPORT_60298
"39078:TCP"= 39078:TCPORT_39078
"59178:TCP"= 59178:TCPORT_59178
"60855:TCP"= 60855:TCPORT_60855
"17910:TCP"= 17910:TCPORT_17910
"22093:TCP"= 22093:TCPORT_22093
"54836:TCP"= 54836:TCPORT_54836
"9348:TCP"= 9348:TCPORT_9348
"38449:TCP"= 38449:TCPORT_38449
"58081:TCP"= 58081:TCPORT_58081
"63332:TCP"= 63332:TCPORT_63332
"9716:TCP"= 9716:TCPORT_9716
"28176:TCP"= 28176:TCPORT_28176
"54422:TCP"= 54422:TCPORT_54422
"11992:TCP"= 11992:TCPORT_11992
"46793:TCP"= 46793:TCPORT_46793
"15043:TCP"= 15043:TCPORT_15043
"23348:TCP"= 23348:TCPORT_23348
"58590:TCP"= 58590:TCPORT_58590
"12867:TCP"= 12867:TCPORT_12867
"62036:TCP"= 62036:TCPORT_62036
"48410:TCP"= 48410:TCPORT_48410
"22832:TCP"= 22832:TCPORT_22832
"29702:TCP"= 29702:TCPORT_29702
"6392:TCP"= 6392:TCPORT_6392
"51558:TCP"= 51558:TCPORT_51558
"59366:TCP"= 59366:TCPORT_59366
"32055:TCP"= 32055:TCPORT_32055
"7579:TCP"= 7579:TCPORT_7579
"23743:TCP"= 23743:TCPORT_23743
"25497:TCP"= 25497:TCPORT_25497
"54113:TCP"= 54113:TCPORT_54113
"64783:TCP"= 64783:TCPORT_64783
"63860:TCP"= 63860:TCPORT_63860
"47798:TCP"= 47798:TCPORT_47798
"48527:TCP"= 48527:TCPORT_48527
"53277:TCP"= 53277:TCPORT_53277
"27836:TCP"= 27836:TCPORT_27836
"47590:TCP"= 47590:TCPORT_47590
"53685:TCP"= 53685:TCPORT_53685
"15238:TCP"= 15238:TCPORT_15238
"27991:TCP"= 27991:TCPORT_27991
"40231:TCP"= 40231:TCPORT_40231
"18930:TCP"= 18930:TCPORT_18930
"56965:TCP"= 56965:TCPORT_56965
"59988:TCP"= 59988:TCPORT_59988
"15016:TCP"= 15016:TCPORT_15016
"22344:TCP"= 22344:TCPORT_22344
"30573:TCP"= 30573:TCPORT_30573
"60118:TCP"= 60118:TCPORT_60118
"19238:TCP"= 19238:TCPORT_19238
"56931:TCP"= 56931:TCPORT_56931
"55458:TCP"= 55458:TCPORT_55458
"52371:TCP"= 52371:TCPORT_52371
"7570:TCP"= 7570:TCPORT_7570
"26390:TCP"= 26390:TCPORT_26390
"18435:TCP"= 18435:TCPORT_18435
"65402:TCP"= 65402:TCPORT_65402
"59220:TCP"= 59220:TCPORT_59220
"32034:TCP"= 32034:TCPORT_32034
"12951:TCP"= 12951:TCPORT_12951
"41287:TCP"= 41287:TCPORT_41287
"59532:TCP"= 59532:TCPORT_59532
"64258:TCP"= 64258:TCPORT_64258
"56485:TCP"= 56485:TCPORT_56485
"15816:TCP"= 15816:TCPORT_15816
"26226:TCP"= 26226:TCPORT_26226
"59106:TCP"= 59106:TCPORT_59106
"46433:TCP"= 46433:TCPORT_46433
"37430:TCP"= 37430:TCPORT_37430
"39555:TCP"= 39555:TCPORT_39555
"31855:TCP"= 31855:TCPORT_31855
"32825:TCP"= 32825:TCPORT_32825
"54277:TCP"= 54277:TCPORT_54277
"55316:TCP"= 55316:TCPORT_55316
"35590:TCP"= 35590:TCPORT_35590
"32136:TCP"= 32136:TCPORT_32136
"60683:TCP"= 60683:TCPORT_60683
"10961:TCP"= 10961:TCPORT_10961
"46777:TCP"= 46777:TCPORT_46777
"23648:TCP"= 23648:TCPORT_23648
"18270:TCP"= 18270:TCPORT_18270
"54465:TCP"= 54465:TCPORT_54465
"11586:TCP"= 11586:TCPORT_11586
"14445:TCP"= 14445:TCPORT_14445
"27031:TCP"= 27031:TCPORT_27031
"59570:TCP"= 59570:TCPORT_59570
"56922:TCP"= 56922:TCPORT_56922
"26898:TCP"= 26898:TCPORT_26898
"16055:TCP"= 16055:TCPORT_16055
"56125:TCP"= 56125:TCPORT_56125
"14867:TCP"= 14867:TCPORT_14867
"23488:TCP"= 23488:TCPORT_23488
"56215:TCP"= 56215:TCPORT_56215
"45430:TCP"= 45430:TCPORT_45430
"53023:TCP"= 53023:TCPORT_53023
"32285:TCP"= 32285:TCPORT_32285
"8695:TCP"= 8695:TCPORT_8695
"63465:TCP"= 63465:TCPORT_63465
"35043:TCP"= 35043:TCPORT_35043
"46746:TCP"= 46746:TCPORT_46746
"42117:TCP"= 42117:TCPORT_42117
"58121:TCP"= 58121:TCPORT_58121
"51513:TCP"= 51513:TCPORT_51513
"54868:TCP"= 54868:TCPORT_54868
"29143:TCP"= 29143:TCPORT_29143
"9426:TCP"= 9426:TCPORT_9426
"56751:TCP"= 56751:TCPORT_56751
"41293:TCP"= 41293:TCPORT_41293
"10305:TCP"= 10305:TCPORT_10305
"17047:TCP"= 17047:TCPORT_17047
"45855:TCP"= 45855:TCPORT_45855
"44754:TCP"= 44754:TCPORT_44754
"33133:TCP"= 33133:TCPORT_33133
"49402:TCP"= 49402:TCPORT_49402
"50407:TCP"= 50407:TCPORT_50407
"55340:TCP"= 55340:TCPORT_55340
"46490:TCP"= 46490:TCPORT_46490
"34965:TCP"= 34965:TCPORT_34965
"64235:TCP"= 64235:TCPORT_64235
"17289:TCP"= 17289:TCPORT_17289
"21727:TCP"= 21727:TCPORT_21727
"44750:TCP"= 44750:TCPORT_44750
"59136:TCP"= 59136:TCPORT_59136
"56298:TCP"= 56298:TCPORT_56298
"61543:TCP"= 61543:TCPORT_61543
"10918:TCP"= 10918:TCPORT_10918
"52965:TCP"= 52965:TCPORT_52965
"44807:TCP"= 44807:TCPORT_44807
"45992:TCP"= 45992:TCPORT_45992
"58660:TCP"= 58660:TCPORT_58660
"57311:TCP"= 57311:TCPORT_57311
"27680:TCP"= 27680:TCPORT_27680
"62285:TCP"= 62285:TCPORT_62285
"6766:TCP"= 6766:TCPORT_6766
"31465:TCP"= 31465:TCPORT_31465
"51145:TCP"= 51145:TCPORT_51145
"54418:TCP"= 54418:TCPORT_54418
"28308:TCP"= 28308:TCPORT_28308
"59793:TCP"= 59793:TCPORT_59793
"31673:TCP"= 31673:TCPORT_31673
"51965:TCP"= 51965:TCPORT_51965
"59574:TCP"= 59574:TCPORT_59574
"61243:TCP"= 61243:TCPORT_61243
"17023:TCP"= 17023:TCPORT_17023
"22938:TCP"= 22938:TCPORT_22938
"62022:TCP"= 62022:TCPORT_62022
"56277:TCP"= 56277:TCPORT_56277
"47027:TCP"= 47027:TCPORT_47027
"11723:TCP"= 11723:TCPORT_11723
"26871:TCP"= 26871:TCPORT_26871
"6448:TCP"= 6448:TCPORT_6448
"8028:TCP"= 8028:TCPORT_8028
"45808:TCP"= 45808:TCPORT_45808
"60965:TCP"= 60965:TCPORT_60965
"18336:TCP"= 18336:TCPORT_18336
"32398:TCP"= 32398:TCPORT_32398
"41168:TCP"= 41168:TCPORT_41168
"49961:TCP"= 49961:TCPORT_49961
"47949:TCP"= 47949:TCPORT_47949
"37418:TCP"= 37418:TCPORT_37418
"30391:TCP"= 30391:TCPORT_30391
"49508:TCP"= 49508:TCPORT_49508
"25229:TCP"= 25229:TCPORT_25229
"43301:TCP"= 43301:TCPORT_43301
"52164:TCP"= 52164:TCPORT_52164
"48168:TCP"= 48168:TCPORT_48168
"24618:TCP"= 24618:TCPORT_24618
"62707:TCP"= 62707:TCPORT_62707
"56148:TCP"= 56148:TCPORT_56148
"24518:TCP"= 24518:TCPORT_24518
"31633:TCP"= 31633:TCPORT_31633
"7633:TCP"= 7633:TCPORT_7633
"25402:TCP"= 25402:TCPORT_25402
"60626:TCP"= 60626:TCPORT_60626
"17961:TCP"= 17961:TCPORT_17961
"41606:TCP"= 41606:TCPORT_41606
"55648:TCP"= 55648:TCPORT_55648
"22195:TCP"= 22195:TCPORT_22195
"42450:TCP"= 42450:TCPORT_42450
"53110:TCP"= 53110:TCPORT_53110
"45536:TCP"= 45536:TCPORT_45536
"24868:TCP"= 24868:TCPORT_24868
"18170:TCP"= 18170:TCPORT_18170
"62622:TCP"= 62622:TCPORT_62622
"61996:TCP"= 61996:TCPORT_61996
"36716:TCP"= 36716:TCPORT_36716
"24086:TCP"= 24086:TCPORT_24086
"20731:TCP"= 20731:TCPORT_20731
"6851:TCP"= 6851:TCPORT_6851
"38580:TCP"= 38580:TCPORT_38580
"7290:TCP"= 7290:TCPORT_7290
"63726:TCP"= 63726:TCPORT_63726
"17976:TCP"= 17976:TCPORT_17976
"26746:TCP"= 26746:TCPORT_26746
"30138:TCP"= 30138:TCPORT_30138
"58027:TCP"= 58027:TCPORT_58027
"24830:TCP"= 24830:TCPORT_24830
"16638:TCP"= 16638:TCPORT_16638
"52011:TCP"= 52011:TCPORT_52011
"34070:TCP"= 34070:TCPORT_34070
"54641:TCP"= 54641:TCPORT_54641
"44789:TCP"= 44789:TCPORT_44789
"37629:TCP"= 37629:TCPORT_37629
"9559:TCP"= 9559:TCPORT_9559
"19295:TCP"= 19295:TCPORT_19295
"6976:TCP"= 6976:TCPORT_6976
"48320:TCP"= 48320:TCPORT_48320
"55871:TCP"= 55871:TCPORT_55871
"54408:TCP"= 54408:TCPORT_54408
"9077:TCP"= 9077:TCPORT_9077
"41016:TCP"= 41016:TCPORT_41016
"58480:TCP"= 58480:TCPORT_58480
"45943:TCP"= 45943:TCPORT_45943
"61840:TCP"= 61840:TCPORT_61840
"19309:TCP"= 19309:TCPORT_19309
"23786:TCP"= 23786:TCPORT_23786
"53559:TCP"= 53559:TCPORT_53559
"48855:TCP"= 48855:TCPORT_48855
"44681:TCP"= 44681:TCPORT_44681
"14762:TCP"= 14762:TCPORT_14762
"35789:TCP"= 35789:TCPORT_35789
"57465:TCP"= 57465:TCPORT_57465
"38523:TCP"= 38523:TCPORT_38523
"64770:TCP"= 64770:TCPORT_64770
"33355:TCP"= 33355:TCPORT_33355
"37354:TCP"= 37354:TCPORT_37354
"33313:TCP"= 33313:TCPORT_33313
"33302:TCP"= 33302:TCPORT_33302
"51903:TCP"= 51903:TCPORT_51903
"36090:TCP"= 36090:TCPORT_36090
"28480:TCP"= 28480:TCPORT_28480
"30988:TCP"= 30988:TCPORT_30988
"49895:TCP"= 49895:TCPORT_49895
"41876:TCP"= 41876:TCPORT_41876
"23613:TCP"= 23613:TCPORT_23613
"10062:TCP"= 10062:TCPORT_10062
"45251:TCP"= 45251:TCPORT_45251
"25536:TCP"= 25536:TCPORT_25536
"38172:TCP"= 38172:TCPORT_38172
"11631:TCP"= 11631:TCPORT_11631
"33488:TCP"= 33488:TCPORT_33488
"61320:TCP"= 61320:TCPORT_61320
"9391:TCP"= 9391:TCPORT_9391
"13876:TCP"= 13876:TCPORT_13876
"23836:TCP"= 23836:TCPORT_23836
"46031:TCP"= 46031:TCPORT_46031
"25012:TCP"= 25012:TCPORT_25012
"15070:TCP"= 15070:TCPORT_15070
"45883:TCP"= 45883:TCPORT_45883
"25555:TCP"= 25555:TCPORT_25555
"38195:TCP"= 38195:TCPORT_38195
"12297:TCP"= 12297:TCPORT_12297
"16835:TCP"= 16835:TCPORT_16835
"12238:TCP"= 12238:TCPORT_12238
"42086:TCP"= 42086:TCPORT_42086
"15463:TCP"= 15463:TCPORT_15463
"64047:TCP"= 64047:TCPORT_64047
"13110:TCP"= 13110:TCPORT_13110
"55461:TCP"= 55461:TCPORT_55461
"19797:TCP"= 19797:TCPORT_19797
"22898:TCP"= 22898:TCPORT_22898
"13341:TCP"= 13341:TCPORT_13341
"53742:TCP"= 53742:TCPORT_53742
"44941:TCP"= 44941:TCPORT_44941
"50293:TCP"= 50293:TCPORT_50293
"30919:TCP"= 30919:TCPORT_30919
"23898:TCP"= 23898:TCPORT_23898
"15851:TCP"= 15851:TCPORT_15851
"34719:TCP"= 34719:TCPORT_34719
"27527:TCP"= 27527:TCPORT_27527
"40367:TCP"= 40367:TCPORT_40367
"45405:TCP"= 45405:TCPORT_45405
R1 is-2I7NCdrv;is-2I7NCdrv;C:\WINDOWS\system32\drivers\42439833.sys [03/05/2008 11:41 AM]
R1 is-EB04Jdrv;is-EB04Jdrv;C:\WINDOWS\system32\drivers\73343304.sys [03/05/2008 11:41 AM]
R1 is-JCU2Pdrv;is-JCU2Pdrv;C:\WINDOWS\system32\drivers\48575709.sys [03/05/2008 11:41 AM]
R1 is-QK3HRdrv;is-QK3HRdrv;C:\WINDOWS\system32\drivers\64272159.sys [03/05/2008 11:41 AM]
R1 is-S1C19drv;is-S1C19drv;C:\WINDOWS\system32\drivers\70629233.sys [03/05/2008 11:41 AM]
S1 is-PKNCHdrv;is-PKNCHdrv;C:\WINDOWS\system32\drivers\96556684.sys [03/05/2008 11:41 AM]
S1 is-RAQ3Cdrv;is-RAQ3Cdrv;C:\WINDOWS\system32\drivers\69159150.sys [03/05/2008 11:41 AM]
S1 is-RI49Qdrv;is-RI49Qdrv;C:\WINDOWS\system32\drivers\91856624.sys [03/05/2008 11:41 AM]
S1 is-S876Ddrv;is-S876Ddrv;C:\WINDOWS\system32\drivers\06976345.sys [03/05/2008 11:41 AM]
S2 is-EB04J;is-EB04J;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe []
S2 is-JCU2P;is-JCU2P;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe []
S2 is-PKNCH;is-PKNCH;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe []
S2 is-QK3HR;is-QK3HR;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe []
S2 is-RAQ3C;is-RAQ3C;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe []
S2 is-RI49Q;is-RI49Q;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe []
S2 is-S1C19;is-S1C19;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe []
S2 is-S876D;is-S876D;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ماركت بروف - C:\MarketProf\MarketProf.exe
HKLM-Run-USB GATE - C:\Program Files\USB GATE\USB GATE.exe
HKLM-Run-is-PKNCH - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe
HKLM-Run-is-QK3HR - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe
HKLM-Run-is-RAQ3C - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe
HKLM-Run-is-S876D - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe
HKLM-Run-is-RI49Q - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe
HKLM-Run-is-S1C19 - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe
HKLM-Run-is-EB04J - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe
HKLM-Run-is-JCU2P - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-31 22:07:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/31/2008 22:08:55
ComboFix-quarantined-files.txt 2008-08-31 19:08:44
Pre-Run: 31,704,068,096 bytes free
Post-Run: 34,287,112,192 bytes free
924 --- E O F --- 2008-08-29 11:24:21
هذا هو التقرير علماً انه لم يعد التشغيل + تم انقطاع النت فعملت لصق للتقرير في الوورد ثم اعدت التشغيل انا واشتغل النت
وهذا هو التقرير الاول :
ComboFix 08-08-30.03 - USER 08/31/2008 21:54:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.677 [GMT 3:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:07 39,493,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-31 18:49 448,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-30 20:28 --------- d-----w C:\Program Files\GVR
2008-08-05 22:43 --------- d-----w C:\Program Files\Avira
2008-08-05 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-05 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 12:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 19:00 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 03:00 PM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2005 08:57 AM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 09:09 PM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/08/2007 07:22 AM 180269]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/25/2005 05:32 AM 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/25/2005 05:29 AM 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/25/2005 05:32 AM 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/08/2007 07:25 AM 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM 262401]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 04:42 PM 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-08 07:08:51 122880]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 17:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 03/31/2005 07:30 PM 1106944 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/22/2005 07:39 PM 167936 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 04/20/2005 07:57 PM 847872 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 04/08/2007 07:25 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16808:TCP"= 16808:TCP
ORT_16808"48371:TCP"= 48371:TCP
ORT_48371"45957:TCP"= 45957:TCP
ORT_45957"18207:TCP"= 18207:TCP
ORT_18207"40941:TCP"= 40941:TCP
ORT_40941"60250:TCP"= 60250:TCP
ORT_60250"37910:TCP"= 37910:TCP
ORT_37910"49520:TCP"= 49520:TCP
ORT_49520"65246:TCP"= 65246:TCP
ORT_65246"10559:TCP"= 10559:TCP
ORT_10559"31129:TCP"= 31129:TCP
ORT_31129"42422:TCP"= 42422:TCP
ORT_42422"29094:TCP"= 29094:TCP
ORT_29094"25851:TCP"= 25851:TCP
ORT_25851"11611:TCP"= 11611:TCP
ORT_11611"21325:TCP"= 21325:TCP
ORT_21325"46301:TCP"= 46301:TCP
ORT_46301"20501:TCP"= 20501:TCP
ORT_20501"52516:TCP"= 52516:TCP
ORT_52516"11125:TCP"= 11125:TCP
ORT_11125"57101:TCP"= 57101:TCP
ORT_57101"34219:TCP"= 34219:TCP
ORT_34219"63486:TCP"= 63486:TCP
ORT_63486"19988:TCP"= 19988:TCP
ORT_19988"49601:TCP"= 49601:TCP
ORT_49601"41648:TCP"= 41648:TCP
ORT_41648"19726:TCP"= 19726:TCP
ORT_19726"19320:TCP"= 19320:TCP
ORT_19320"17380:TCP"= 17380:TCP
ORT_17380"17356:TCP"= 17356:TCP
ORT_17356"51031:TCP"= 51031:TCP
ORT_51031"20148:TCP"= 20148:TCP
ORT_20148"50180:TCP"= 50180:TCP
ORT_50180"24555:TCP"= 24555:TCP
ORT_24555"35742:TCP"= 35742:TCP
ORT_35742"10368:TCP"= 10368:TCP
ORT_10368"39254:TCP"= 39254:TCP
ORT_39254"37742:TCP"= 37742:TCP
ORT_37742"35005:TCP"= 35005:TCP
ORT_35005"31286:TCP"= 31286:TCP
ORT_31286"31883:TCP"= 31883:TCP
ORT_31883"52078:TCP"= 52078:TCP
ORT_52078"32582:TCP"= 32582:TCP
ORT_32582"29461:TCP"= 29461:TCP
ORT_29461"26545:TCP"= 26545:TCP
ORT_26545"26438:TCP"= 26438:TCP
ORT_26438"26018:TCP"= 26018:TCP
ORT_26018"27193:TCP"= 27193:TCP
ORT_27193"31819:TCP"= 31819:TCP
ORT_31819"31423:TCP"= 31423:TCP
ORT_31423"23637:TCP"= 23637:TCP
ORT_23637"37587:TCP"= 37587:TCP
ORT_37587"38450:TCP"= 38450:TCP
ORT_38450"61321:TCP"= 61321:TCP
ORT_61321"28880:TCP"= 28880:TCP
ORT_28880"15961:TCP"= 15961:TCP
ORT_15961"45648:TCP"= 45648:TCP
ORT_45648"24461:TCP"= 24461:TCP
ORT_24461"22461:TCP"= 22461:TCP
ORT_22461"16039:TCP"= 16039:TCP
ORT_16039"5293:TCP"= 5293:TCP
ORT_5293"16395:TCP"= 16395:TCP
ORT_16395"35082:TCP"= 35082:TCP
ORT_35082"26504:TCP"= 26504:TCP
ORT_26504"57336:TCP"= 57336:TCP
ORT_57336"20758:TCP"= 20758:TCP
ORT_20758"15461:TCP"= 15461:TCP
ORT_15461"42020:TCP"= 42020:TCP
ORT_42020"19851:TCP"= 19851:TCP
ORT_19851"5653:TCP"= 5653:TCP
ORT_5653"10570:TCP"= 10570:TCP
ORT_10570"36351:TCP"= 36351:TCP
ORT_36351"58645:TCP"= 58645:TCP
ORT_58645"51652:TCP"= 51652:TCP
ORT_51652"11665:TCP"= 11665:TCP
ORT_11665"60742:TCP"= 60742:TCP
ORT_60742"31736:TCP"= 31736:TCP
ORT_31736"18670:TCP"= 18670:TCP
ORT_18670"42657:TCP"= 42657:TCP
ORT_42657"37440:TCP"= 37440:TCP
ORT_37440"49754:TCP"= 49754:TCP
ORT_49754"18945:TCP"= 18945:TCP
ORT_18945"36863:TCP"= 36863:TCP
ORT_36863"46266:TCP"= 46266:TCP
ORT_46266"39460:TCP"= 39460:TCP
ORT_39460"54125:TCP"= 54125:TCP
ORT_54125"37028:TCP"= 37028:TCP
ORT_37028"34383:TCP"= 34383:TCP
ORT_34383"40602:TCP"= 40602:TCP
ORT_40602"23090:TCP"= 23090:TCP
ORT_23090"39606:TCP"= 39606:TCP
ORT_39606"11867:TCP"= 11867:TCP
ORT_11867"43770:TCP"= 43770:TCP
ORT_43770"49043:TCP"= 49043:TCP
ORT_49043"20418:TCP"= 20418:TCP
ORT_20418"56516:TCP"= 56516:TCP
ORT_56516"36508:TCP"= 36508:TCP
ORT_36508"65439:TCP"= 65439:TCP
ORT_65439"14224:TCP"= 14224:TCP
ORT_14224"12615:TCP"= 12615:TCP
ORT_12615"30164:TCP"= 30164:TCP
ORT_30164"25133:TCP"= 25133:TCP
ORT_25133"19289:TCP"= 19289:TCP
ORT_19289"9771:TCP"= 9771:TCP
ORT_9771"62986:TCP"= 62986:TCP
ORT_62986"45954:TCP"= 45954:TCP
ORT_45954"26930:TCP"= 26930:TCP
ORT_26930"36680:TCP"= 36680:TCP
ORT_36680"52820:TCP"= 52820:TCP
ORT_52820"19845:TCP"= 19845:TCP
ORT_19845"22523:TCP"= 22523:TCP
ORT_22523"14601:TCP"= 14601:TCP
ORT_14601"38137:TCP"= 38137:TCP
ORT_38137"22410:TCP"= 22410:TCP
ORT_22410"24781:TCP"= 24781:TCP
ORT_24781"22365:TCP"= 22365:TCP
ORT_22365"48236:TCP"= 48236:TCP
ORT_48236"36567:TCP"= 36567:TCP
ORT_36567"47118:TCP"= 47118:TCP
ORT_47118"39985:TCP"= 39985:TCP
ORT_39985"27336:TCP"= 27336:TCP
ORT_27336"28573:TCP"= 28573:TCP
ORT_28573"36318:TCP"= 36318:TCP
ORT_36318"60208:TCP"= 60208:TCP
ORT_60208"9951:TCP"= 9951:TCP
ORT_9951"63411:TCP"= 63411:TCP
ORT_63411"45191:TCP"= 45191:TCP
ORT_45191"23191:TCP"= 23191:TCP
ORT_23191"40630:TCP"= 40630:TCP
ORT_40630"39664:TCP"= 39664:TCP
ORT_39664"23883:TCP"= 23883:TCP
ORT_23883"23722:TCP"= 23722:TCP
ORT_23722"45856:TCP"= 45856:TCP
ORT_45856"48055:TCP"= 48055:TCP
ORT_48055"56563:TCP"= 56563:TCP
ORT_56563"44825:TCP"= 44825:TCP
ORT_44825"49848:TCP"= 49848:TCP
ORT_49848"41048:TCP"= 41048:TCP
ORT_41048"49445:TCP"= 49445:TCP
ORT_49445"51508:TCP"= 51508:TCP
ORT_51508"49363:TCP"= 49363:TCP
ORT_49363"33555:TCP"= 33555:TCP
ORT_33555"33645:TCP"= 33645:TCP
ORT_33645"16528:TCP"= 16528:TCP
ORT_16528"37351:TCP"= 37351:TCP
ORT_37351"36570:TCP"= 36570:TCP
ORT_36570"31383:TCP"= 31383:TCP
ORT_31383"19816:TCP"= 19816:TCP
ORT_19816"52508:TCP"= 52508:TCP
ORT_52508"24633:TCP"= 24633:TCP
ORT_24633"32970:TCP"= 32970:TCP
ORT_32970"34055:TCP"= 34055:TCP
ORT_34055"46789:TCP"= 46789:TCP
ORT_46789"9212:TCP"= 9212:TCP
ORT_9212"48914:TCP"= 48914:TCP
ORT_48914"50117:TCP"= 50117:TCP
ORT_50117"22039:TCP"= 22039:TCP
ORT_22039"26523:TCP"= 26523:TCP
ORT_26523"30508:TCP"= 30508:TCP
ORT_30508"23117:TCP"= 23117:TCP
ORT_23117"33289:TCP"= 33289:TCP
ORT_33289"40570:TCP"= 40570:TCP
ORT_40570"25633:TCP"= 25633:TCP
ORT_25633"38367:TCP"= 38367:TCP
ORT_38367"28391:TCP"= 28391:TCP
ORT_28391"20836:TCP"= 20836:TCP
ORT_20836"24336:TCP"= 24336:TCP
ORT_24336"45340:TCP"= 45340:TCP
ORT_45340"8911:TCP"= 8911:TCP
ORT_8911"59633:TCP"= 59633:TCP
ORT_59633"44070:TCP"= 44070:TCP
ORT_44070"17426:TCP"= 17426:TCP
ORT_17426"52914:TCP"= 52914:TCP
ORT_52914"58867:TCP"= 58867:TCP
ORT_58867"22613:TCP"= 22613:TCP
ORT_22613"26466:TCP"= 26466:TCP
ORT_26466"7379:TCP"= 7379:TCP
ORT_7379"49148:TCP"= 49148:TCP
ORT_49148"18165:TCP"= 18165:TCP
ORT_18165"31738:TCP"= 31738:TCP
ORT_31738"27973:TCP"= 27973:TCP
ORT_27973"37961:TCP"= 37961:TCP
ORT_37961"29766:TCP"= 29766:TCP
ORT_29766"40961:TCP"= 40961:TCP
ORT_40961"33887:TCP"= 33887:TCP
ORT_33887"40539:TCP"= 40539:TCP
ORT_40539"15825:TCP"= 15825:TCP
ORT_15825"41250:TCP"= 41250:TCP
ORT_41250"11910:TCP"= 11910:TCP
ORT_11910"19156:TCP"= 19156:TCP
ORT_19156"29075:TCP"= 29075:TCP
ORT_29075"35336:TCP"= 35336:TCP
ORT_35336"29726:TCP"= 29726:TCP
ORT_29726"13957:TCP"= 13957:TCP
ORT_13957"43985:TCP"= 43985:TCP
ORT_43985"27278:TCP"= 27278:TCP
ORT_27278"49133:TCP"= 49133:TCP
ORT_49133"60485:TCP"= 60485:TCP
ORT_60485"25871:TCP"= 25871:TCP
ORT_25871"44235:TCP"= 44235:TCP
ORT_44235"7816:TCP"= 7816:TCP
ORT_7816"9595:TCP"= 9595:TCP
ORT_9595"30371:TCP"= 30371:TCP
ORT_30371"51898:TCP"= 51898:TCP
ORT_51898"42101:TCP"= 42101:TCP
ORT_42101"57776:TCP"= 57776:TCP
ORT_57776"33836:TCP"= 33836:TCP
ORT_33836"36836:TCP"= 36836:TCP
ORT_36836"32148:TCP"= 32148:TCP
ORT_32148"34336:TCP"= 34336:TCP
ORT_34336"49871:TCP"= 49871:TCP
ORT_49871"59023:TCP"= 59023:TCP
ORT_59023"42023:TCP"= 42023:TCP
ORT_42023"33145:TCP"= 33145:TCP
ORT_33145"61305:TCP"= 61305:TCP
ORT_61305"41278:TCP"= 41278:TCP
ORT_41278"36594:TCP"= 36594:TCP
ORT_36594"8898:TCP"= 8898:TCP
ORT_8898"44326:TCP"= 44326:TCP
ORT_44326"8238:TCP"= 8238:TCP
ORT_8238"12789:TCP"= 12789:TCP
ORT_12789"57114:TCP"= 57114:TCP
ORT_57114"27896:TCP"= 27896:TCP
ORT_27896"32164:TCP"= 32164:TCP
ORT_32164"27856:TCP"= 27856:TCP
ORT_27856"34075:TCP"= 34075:TCP
ORT_34075"22141:TCP"= 22141:TCP
ORT_22141"9008:TCP"= 9008:TCP
ORT_9008"49723:TCP"= 49723:TCP
ORT_49723"16469:TCP"= 16469:TCP
ORT_16469"22445:TCP"= 22445:TCP
ORT_22445"31971:TCP"= 31971:TCP
ORT_31971"14004:TCP"= 14004:TCP
ORT_14004"43114:TCP"= 43114:TCP
ORT_43114"57266:TCP"= 57266:TCP
ORT_57266"54930:TCP"= 54930:TCP
ORT_54930"49226:TCP"= 49226:TCP
ORT_49226"37141:TCP"= 37141:TCP
ORT_37141"34121:TCP"= 34121:TCP
ORT_34121"12988:TCP"= 12988:TCP
ORT_12988"48476:TCP"= 48476:TCP
ORT_48476"16896:TCP"= 16896:TCP
ORT_16896"22571:TCP"= 22571:TCP
ORT_22571"25043:TCP"= 25043:TCP
ORT_25043"63365:TCP"= 63365:TCP
ORT_63365"25075:TCP"= 25075:TCP
ORT_25075"40242:TCP"= 40242:TCP
ORT_40242"24028:TCP"= 24028:TCP
ORT_24028"6970:TCP"= 6970:TCP
ORT_6970"12676:TCP"= 12676:TCP
ORT_12676"31356:TCP"= 31356:TCP
ORT_31356"40851:TCP"= 40851:TCP
ORT_40851"58172:TCP"= 58172:TCP
ORT_58172"37221:TCP"= 37221:TCP
ORT_37221"7274:TCP"= 7274:TCP
ORT_7274"28236:TCP"= 28236:TCP
ORT_28236"15793:TCP"= 15793:TCP
ORT_15793"64328:TCP"= 64328:TCP
ORT_64328"49060:TCP"= 49060:TCP
ORT_49060"19660:TCP"= 19660:TCP
ORT_19660"59195:TCP"= 59195:TCP
ORT_59195"52461:TCP"= 52461:TCP
ORT_52461"52992:TCP"= 52992:TCP
ORT_52992"21062:TCP"= 21062:TCP
ORT_21062"31047:TCP"= 31047:TCP
ORT_31047"42364:TCP"= 42364:TCP
ORT_42364"30430:TCP"= 30430:TCP
ORT_30430"17340:TCP"= 17340:TCP
ORT_17340"55470:TCP"= 55470:TCP
ORT_55470"38711:TCP"= 38711:TCP
ORT_38711"20653:TCP"= 20653:TCP
ORT_20653"36760:TCP"= 36760:TCP
ORT_36760"19386:TCP"= 19386:TCP
ORT_19386"31231:TCP"= 31231:TCP
ORT_31231"25211:TCP"= 25211:TCP
ORT_25211"17410:TCP"= 17410:TCP
ORT_17410"34804:TCP"= 34804:TCP
ORT_34804"48068:TCP"= 48068:TCP
ORT_48068"16582:TCP"= 16582:TCP
ORT_16582"43513:TCP"= 43513:TCP
ORT_43513"33996:TCP"= 33996:TCP
ORT_33996"33441:TCP"= 33441:TCP
ORT_33441"32606:TCP"= 32606:TCP
ORT_32606"55448:TCP"= 55448:TCP
ORT_55448"21756:TCP"= 21756:TCP
ORT_21756"34690:TCP"= 34690:TCP
ORT_34690"49742:TCP"= 49742:TCP
ORT_49742"22450:TCP"= 22450:TCP
ORT_22450"61348:TCP"= 61348:TCP
ORT_61348"54739:TCP"= 54739:TCP
ORT_54739"35502:TCP"= 35502:TCP
ORT_35502"30957:TCP"= 30957:TCP
ORT_30957"37516:TCP"= 37516:TCP
ORT_37516"35157:TCP"= 35157:TCP
ORT_35157"42711:TCP"= 42711:TCP
ORT_42711"44539:TCP"= 44539:TCP
ORT_44539"32211:TCP"= 32211:TCP
ORT_32211"33523:TCP"= 33523:TCP
ORT_33523"54430:TCP"= 54430:TCP
ORT_54430"34136:TCP"= 34136:TCP
ORT_34136"32541:TCP"= 32541:TCP
ORT_32541"60367:TCP"= 60367:TCP
ORT_60367"27538:TCP"= 27538:TCP
ORT_27538"56127:TCP"= 56127:TCP
ORT_56127"64211:TCP"= 64211:TCP
ORT_64211"13901:TCP"= 13901:TCP
ORT_13901"14055:TCP"= 14055:TCP
ORT_14055"53445:TCP"= 53445:TCP
ORT_53445"35523:TCP"= 35523:TCP
ORT_35523"53985:TCP"= 53985:TCP
ORT_53985"57453:TCP"= 57453:TCP
ORT_57453"8082:TCP"= 8082:TCP
ORT_8082"11137:TCP"= 11137:TCP
ORT_11137"57871:TCP"= 57871:TCP
ORT_57871"52951:TCP"= 52951:TCP
ORT_52951"20009:TCP"= 20009:TCP
ORT_20009"14176:TCP"= 14176:TCP
ORT_14176"39188:TCP"= 39188:TCP
ORT_39188"11410:TCP"= 11410:TCP
ORT_11410"40241:TCP"= 40241:TCP
ORT_40241"10123:TCP"= 10123:TCP
ORT_10123"57016:TCP"= 57016:TCP
ORT_57016"60365:TCP"= 60365:TCP
ORT_60365"8575:TCP"= 8575:TCP
ORT_8575"9000:TCP"= 9000:TCP
ORT_9000"6770:TCP"= 6770:TCP
ORT_6770"58086:TCP"= 58086:TCP
ORT_58086"8448:TCP"= 8448:TCP
ORT_8448"31091:TCP"= 31091:TCP
ORT_31091"11184:TCP"= 11184:TCP
ORT_11184"27101:TCP"= 27101:TCP
ORT_27101"49203:TCP"= 49203:TCP
ORT_49203"40153:TCP"= 40153:TCP
ORT_40153"43110:TCP"= 43110:TCP
ORT_43110"51539:TCP"= 51539:TCP
ORT_51539"40846:TCP"= 40846:TCP
ORT_40846"27508:TCP"= 27508:TCP
ORT_27508"61892:TCP"= 61892:TCP
ORT_61892"36133:TCP"= 36133:TCP
ORT_36133"35023:TCP"= 35023:TCP
ORT_35023"32794:TCP"= 32794:TCP
ORT_32794"51383:TCP"= 51383:TCP
ORT_51383"45539:TCP"= 45539:TCP
ORT_45539"24735:TCP"= 24735:TCP
ORT_24735"6348:TCP"= 6348:TCP
ORT_6348"15226:TCP"= 15226:TCP
ORT_15226"41217:TCP"= 41217:TCP
ORT_41217"64630:TCP"= 64630:TCP
ORT_64630"42180:TCP"= 42180:TCP
ORT_42180"37431:TCP"= 37431:TCP
ORT_37431"43016:TCP"= 43016:TCP
ORT_43016"33938:TCP"= 33938:TCP
ORT_33938"12738:TCP"= 12738:TCP
ORT_12738"39285:TCP"= 39285:TCP
ORT_39285"58133:TCP"= 58133:TCP
ORT_58133"12826:TCP"= 12826:TCP
ORT_12826"37551:TCP"= 37551:TCP
ORT_37551"44836:TCP"= 44836:TCP
ORT_44836"22231:TCP"= 22231:TCP
ORT_22231"10235:TCP"= 10235:TCP
ORT_10235"42029:TCP"= 42029:TCP
ORT_42029"53148:TCP"= 53148:TCP
ORT_53148"50738:TCP"= 50738:TCP
ORT_50738"41226:TCP"= 41226:TCP
ORT_41226"38539:TCP"= 38539:TCP
ORT_38539"40336:TCP"= 40336:TCP
ORT_40336"11696:TCP"= 11696:TCP
ORT_11696"20795:TCP"= 20795:TCP
ORT_20795"50825:TCP"= 50825:TCP
ORT_50825"7520:TCP"= 7520:TCP
ORT_7520"36101:TCP"= 36101:TCP
ORT_36101"48066:TCP"= 48066:TCP
ORT_48066"62117:TCP"= 62117:TCP
ORT_62117"38445:TCP"= 38445:TCP
ORT_38445"63164:TCP"= 63164:TCP
ORT_63164"19488:TCP"= 19488:TCP
ORT_19488"65253:TCP"= 65253:TCP
ORT_65253"53528:TCP"= 53528:TCP
ORT_53528"14668:TCP"= 14668:TCP
ORT_14668"61691:TCP"= 61691:TCP
ORT_61691"6946:TCP"= 6946:TCP
ORT_6946"41703:TCP"= 41703:TCP
ORT_41703"16082:TCP"= 16082:TCP
ORT_16082"6649:TCP"= 6649:TCP
ORT_6649"55058:TCP"= 55058:TCP
ORT_55058"45695:TCP"= 45695:TCP
ORT_45695"63778:TCP"= 63778:TCP
ORT_63778"64180:TCP"= 64180:TCP
ORT_64180"9184:TCP"= 9184:TCP
ORT_9184"61083:TCP"= 61083:TCP
ORT_61083"10254:TCP"= 10254:TCP
ORT_10254"60075:TCP"= 60075:TCP
ORT_60075"52898:TCP"= 52898:TCP
ORT_52898"46168:TCP"= 46168:TCP
ORT_46168"6914:TCP"= 6914:TCP
ORT_6914"6226:TCP"= 6226:TCP
ORT_6226"30101:TCP"= 30101:TCP
ORT_30101"21883:TCP"= 21883:TCP
ORT_21883"36590:TCP"= 36590:TCP
ORT_36590"24730:TCP"= 24730:TCP
ORT_24730"47277:TCP"= 47277:TCP
ORT_47277"13836:TCP"= 13836:TCP
ORT_13836"8492:TCP"= 8492:TCP
ORT_8492"5770:TCP"= 5770:TCP
ORT_5770"44873:TCP"= 44873:TCP
ORT_44873"47742:TCP"= 47742:TCP
ORT_47742"34360:TCP"= 34360:TCP
ORT_34360"59051:TCP"= 59051:TCP
ORT_59051"38074:TCP"= 38074:TCP
ORT_38074"12772:TCP"= 12772:TCP
ORT_12772"55618:TCP"= 55618:TCP
ORT_55618"14503:TCP"= 14503:TCP
ORT_14503"51363:TCP"= 51363:TCP
ORT_51363"31700:TCP"= 31700:TCP
ORT_31700"53926:TCP"= 53926:TCP
ORT_53926"65465:TCP"= 65465:TCP
ORT_65465"12807:TCP"= 12807:TCP
ORT_12807"27919:TCP"= 27919:TCP
ORT_27919"35445:TCP"= 35445:TCP
ORT_35445"30681:TCP"= 30681:TCP
ORT_30681"52723:TCP"= 52723:TCP
ORT_52723"27656:TCP"= 27656:TCP
ORT_27656"59558:TCP"= 59558:TCP
ORT_59558"43683:TCP"= 43683:TCP
ORT_43683"11963:TCP"= 11963:TCP
ORT_11963"23375:TCP"= 23375:TCP
ORT_23375"27784:TCP"= 27784:TCP
ORT_27784"45075:TCP"= 45075:TCP
ORT_45075"16086:TCP"= 16086:TCP
ORT_16086"47821:TCP"= 47821:TCP
ORT_47821"30848:TCP"= 30848:TCP
ORT_30848"39776:TCP"= 39776:TCP
ORT_39776"61121:TCP"= 61121:TCP
ORT_61121"35598:TCP"= 35598:TCP
ORT_35598"59552:TCP"= 59552:TCP
ORT_59552"42348:TCP"= 42348:TCP
ORT_42348"32156:TCP"= 32156:TCP
ORT_32156"22367:TCP"= 22367:TCP
ORT_22367"15665:TCP"= 15665:TCP
ORT_15665"14641:TCP"= 14641:TCP
ORT_14641"37707:TCP"= 37707:TCP
ORT_37707"36206:TCP"= 36206:TCP
ORT_36206"8051:TCP"= 8051:TCP
ORT_8051"8074:TCP"= 8074:TCP
ORT_8074"13413:TCP"= 13413:TCP
ORT_13413"43621:TCP"= 43621:TCP
ORT_43621"53493:TCP"= 53493:TCP
ORT_53493"36020:TCP"= 36020:TCP
ORT_36020"63543:TCP"= 63543:TCP
ORT_63543"59110:TCP"= 59110:TCP
ORT_59110"5523:TCP"= 5523:TCP
ORT_5523"52578:TCP"= 52578:TCP
ORT_52578"16028:TCP"= 16028:TCP
ORT_16028"37489:TCP"= 37489:TCP
ORT_37489"54098:TCP"= 54098:TCP
ORT_54098"34808:TCP"= 34808:TCP
ORT_34808"17844:TCP"= 17844:TCP
ORT_17844"51258:TCP"= 51258:TCP
ORT_51258"14707:TCP"= 14707:TCP
ORT_14707"63613:TCP"= 63613:TCP
ORT_63613"41325:TCP"= 41325:TCP
ORT_41325"13504:TCP"= 13504:TCP
ORT_13504"58176:TCP"= 58176:TCP
ORT_58176"56871:TCP"= 56871:TCP
ORT_56871"19368:TCP"= 19368:TCP
ORT_19368"8435:TCP"= 8435:TCP
ORT_8435"62703:TCP"= 62703:TCP
ORT_62703"19994:TCP"= 19994:TCP
ORT_19994"30648:TCP"= 30648:TCP
ORT_30648"50364:TCP"= 50364:TCP
ORT_50364"51869:TCP"= 51869:TCP
ORT_51869"38722:TCP"= 38722:TCP
ORT_38722"42575:TCP"= 42575:TCP
ORT_42575"59305:TCP"= 59305:TCP
ORT_59305"56551:TCP"= 56551:TCP
ORT_56551"19613:TCP"= 19613:TCP
ORT_19613"36574:TCP"= 36574:TCP
ORT_36574"47699:TCP"= 47699:TCP
ORT_47699"35579:TCP"= 35579:TCP
ORT_35579"62485:TCP"= 62485:TCP
ORT_62485"54326:TCP"= 54326:TCP
ORT_54326"36106:TCP"= 36106:TCP
ORT_36106"57027:TCP"= 57027:TCP
ORT_57027"49860:TCP"= 49860:TCP
ORT_49860"49516:TCP"= 49516:TCP
ORT_49516"49169:TCP"= 49169:TCP
ORT_49169"51726:TCP"= 51726:TCP
ORT_51726"48293:TCP"= 48293:TCP
ORT_48293"26086:TCP"= 26086:TCP
ORT_26086"27492:TCP"= 27492:TCP
ORT_27492"15852:TCP"= 15852:TCP
ORT_15852"38346:TCP"= 38346:TCP
ORT_38346"45027:TCP"= 45027:TCP
ORT_45027"52211:TCP"= 52211:TCP
ORT_52211"20730:TCP"= 20730:TCP
ORT_20730"42685:TCP"= 42685:TCP
ORT_42685"8242:TCP"= 8242:TCP
ORT_8242"35443:TCP"= 35443:TCP
ORT_35443"61230:TCP"= 61230:TCP
ORT_61230"55621:TCP"= 55621:TCP
ORT_55621"16161:TCP"= 16161:TCP
ORT_16161"17640:TCP"= 17640:TCP
ORT_17640"53617:TCP"= 53617:TCP
ORT_53617"43445:TCP"= 43445:TCP
ORT_43445"60298:TCP"= 60298:TCP
ORT_60298"39078:TCP"= 39078:TCP
ORT_39078"59178:TCP"= 59178:TCP
ORT_59178"60855:TCP"= 60855:TCP
ORT_60855"17910:TCP"= 17910:TCP
ORT_17910"22093:TCP"= 22093:TCP
ORT_22093"54836:TCP"= 54836:TCP
ORT_54836"9348:TCP"= 9348:TCP
ORT_9348"38449:TCP"= 38449:TCP
ORT_38449"58081:TCP"= 58081:TCP
ORT_58081"63332:TCP"= 63332:TCP
ORT_63332"9716:TCP"= 9716:TCP
ORT_9716"28176:TCP"= 28176:TCP
ORT_28176"54422:TCP"= 54422:TCP
ORT_54422"11992:TCP"= 11992:TCP
ORT_11992"46793:TCP"= 46793:TCP
ORT_46793"15043:TCP"= 15043:TCP
ORT_15043"23348:TCP"= 23348:TCP
ORT_23348"58590:TCP"= 58590:TCP
ORT_58590"12867:TCP"= 12867:TCP
ORT_12867"62036:TCP"= 62036:TCP
ORT_62036"48410:TCP"= 48410:TCP
ORT_48410"22832:TCP"= 22832:TCP
ORT_22832"29702:TCP"= 29702:TCP
ORT_29702"6392:TCP"= 6392:TCP
ORT_6392"51558:TCP"= 51558:TCP
ORT_51558"59366:TCP"= 59366:TCP
ORT_59366"32055:TCP"= 32055:TCP
ORT_32055"7579:TCP"= 7579:TCP
ORT_7579"23743:TCP"= 23743:TCP
ORT_23743"25497:TCP"= 25497:TCP
ORT_25497"54113:TCP"= 54113:TCP
ORT_54113"64783:TCP"= 64783:TCP
ORT_64783"63860:TCP"= 63860:TCP
ORT_63860"47798:TCP"= 47798:TCP
ORT_47798"48527:TCP"= 48527:TCP
ORT_48527"53277:TCP"= 53277:TCP
ORT_53277"27836:TCP"= 27836:TCP
ORT_27836"47590:TCP"= 47590:TCP
ORT_47590"53685:TCP"= 53685:TCP
ORT_53685"15238:TCP"= 15238:TCP
ORT_15238"27991:TCP"= 27991:TCP
ORT_27991"40231:TCP"= 40231:TCP
ORT_40231"18930:TCP"= 18930:TCP
ORT_18930"56965:TCP"= 56965:TCP
ORT_56965"59988:TCP"= 59988:TCP
ORT_59988"15016:TCP"= 15016:TCP
ORT_15016"22344:TCP"= 22344:TCP
ORT_22344"30573:TCP"= 30573:TCP
ORT_30573"60118:TCP"= 60118:TCP
ORT_60118"19238:TCP"= 19238:TCP
ORT_19238"56931:TCP"= 56931:TCP
ORT_56931"55458:TCP"= 55458:TCP
ORT_55458"52371:TCP"= 52371:TCP
ORT_52371"7570:TCP"= 7570:TCP
ORT_7570"26390:TCP"= 26390:TCP
ORT_26390"18435:TCP"= 18435:TCP
ORT_18435"65402:TCP"= 65402:TCP
ORT_65402"59220:TCP"= 59220:TCP
ORT_59220"32034:TCP"= 32034:TCP
ORT_32034"12951:TCP"= 12951:TCP
ORT_12951"41287:TCP"= 41287:TCP
ORT_41287"59532:TCP"= 59532:TCP
ORT_59532"64258:TCP"= 64258:TCP
ORT_64258"56485:TCP"= 56485:TCP
ORT_56485"15816:TCP"= 15816:TCP
ORT_15816"26226:TCP"= 26226:TCP
ORT_26226"59106:TCP"= 59106:TCP
ORT_59106"46433:TCP"= 46433:TCP
ORT_46433"37430:TCP"= 37430:TCP
ORT_37430"39555:TCP"= 39555:TCP
ORT_39555"31855:TCP"= 31855:TCP
ORT_31855"32825:TCP"= 32825:TCP
ORT_32825"54277:TCP"= 54277:TCP
ORT_54277"55316:TCP"= 55316:TCP
ORT_55316"35590:TCP"= 35590:TCP
ORT_35590"32136:TCP"= 32136:TCP
ORT_32136"60683:TCP"= 60683:TCP
ORT_60683"10961:TCP"= 10961:TCP
ORT_10961"46777:TCP"= 46777:TCP
ORT_46777"23648:TCP"= 23648:TCP
ORT_23648"18270:TCP"= 18270:TCP
ORT_18270"54465:TCP"= 54465:TCP
ORT_54465"11586:TCP"= 11586:TCP
ORT_11586"14445:TCP"= 14445:TCP
ORT_14445"27031:TCP"= 27031:TCP
ORT_27031"59570:TCP"= 59570:TCP
ORT_59570"56922:TCP"= 56922:TCP
ORT_56922"26898:TCP"= 26898:TCP
ORT_26898"16055:TCP"= 16055:TCP
ORT_16055"56125:TCP"= 56125:TCP
ORT_56125"14867:TCP"= 14867:TCP
ORT_14867"23488:TCP"= 23488:TCP
ORT_23488"56215:TCP"= 56215:TCP
ORT_56215"45430:TCP"= 45430:TCP
ORT_45430"53023:TCP"= 53023:TCP
ORT_53023"32285:TCP"= 32285:TCP
ORT_32285"8695:TCP"= 8695:TCP
ORT_8695"63465:TCP"= 63465:TCP
ORT_63465"35043:TCP"= 35043:TCP
ORT_35043"46746:TCP"= 46746:TCP
ORT_46746"42117:TCP"= 42117:TCP
ORT_42117"58121:TCP"= 58121:TCP
ORT_58121"51513:TCP"= 51513:TCP
ORT_51513"54868:TCP"= 54868:TCP
ORT_54868"29143:TCP"= 29143:TCP
ORT_29143"9426:TCP"= 9426:TCP
ORT_9426"56751:TCP"= 56751:TCP
ORT_56751"41293:TCP"= 41293:TCP
ORT_41293"10305:TCP"= 10305:TCP
ORT_10305"17047:TCP"= 17047:TCP
ORT_17047"45855:TCP"= 45855:TCP
ORT_45855"44754:TCP"= 44754:TCP
ORT_44754"33133:TCP"= 33133:TCP
ORT_33133"49402:TCP"= 49402:TCP
ORT_49402"50407:TCP"= 50407:TCP
ORT_50407"55340:TCP"= 55340:TCP
ORT_55340"46490:TCP"= 46490:TCP
ORT_46490"34965:TCP"= 34965:TCP
ORT_34965"64235:TCP"= 64235:TCP
ORT_64235"17289:TCP"= 17289:TCP
ORT_17289"21727:TCP"= 21727:TCP
ORT_21727"44750:TCP"= 44750:TCP
ORT_44750"59136:TCP"= 59136:TCP
ORT_59136"56298:TCP"= 56298:TCP
ORT_56298"61543:TCP"= 61543:TCP
ORT_61543"10918:TCP"= 10918:TCP
ORT_10918"52965:TCP"= 52965:TCP
ORT_52965"44807:TCP"= 44807:TCP
ORT_44807"45992:TCP"= 45992:TCP
ORT_45992"58660:TCP"= 58660:TCP
ORT_58660"57311:TCP"= 57311:TCP
ORT_57311"27680:TCP"= 27680:TCP
ORT_27680"62285:TCP"= 62285:TCP
ORT_62285"6766:TCP"= 6766:TCP
ORT_6766"31465:TCP"= 31465:TCP
ORT_31465"51145:TCP"= 51145:TCP
ORT_51145"54418:TCP"= 54418:TCP
ORT_54418"28308:TCP"= 28308:TCP
ORT_28308"59793:TCP"= 59793:TCP
ORT_59793"31673:TCP"= 31673:TCP
ORT_31673"51965:TCP"= 51965:TCP
ORT_51965"59574:TCP"= 59574:TCP
ORT_59574"61243:TCP"= 61243:TCP
ORT_61243"17023:TCP"= 17023:TCP
ORT_17023"22938:TCP"= 22938:TCP
ORT_22938"62022:TCP"= 62022:TCP
ORT_62022"56277:TCP"= 56277:TCP
ORT_56277"47027:TCP"= 47027:TCP
ORT_47027"11723:TCP"= 11723:TCP
ORT_11723"26871:TCP"= 26871:TCP
ORT_26871"6448:TCP"= 6448:TCP
ORT_6448"8028:TCP"= 8028:TCP
ORT_8028"45808:TCP"= 45808:TCP
ORT_45808"60965:TCP"= 60965:TCP
ORT_60965"18336:TCP"= 18336:TCP
ORT_18336"32398:TCP"= 32398:TCP
ORT_32398"41168:TCP"= 41168:TCP
ORT_41168"49961:TCP"= 49961:TCP
ORT_49961"47949:TCP"= 47949:TCP
ORT_47949"37418:TCP"= 37418:TCP
ORT_37418"30391:TCP"= 30391:TCP
ORT_30391"49508:TCP"= 49508:TCP
ORT_49508"25229:TCP"= 25229:TCP
ORT_25229"43301:TCP"= 43301:TCP
ORT_43301"52164:TCP"= 52164:TCP
ORT_52164"48168:TCP"= 48168:TCP
ORT_48168"24618:TCP"= 24618:TCP
ORT_24618"62707:TCP"= 62707:TCP
ORT_62707"56148:TCP"= 56148:TCP
ORT_56148"24518:TCP"= 24518:TCP
ORT_24518"31633:TCP"= 31633:TCP
ORT_31633"7633:TCP"= 7633:TCP
ORT_7633"25402:TCP"= 25402:TCP
ORT_25402"60626:TCP"= 60626:TCP
ORT_60626"17961:TCP"= 17961:TCP
ORT_17961"41606:TCP"= 41606:TCP
ORT_41606"55648:TCP"= 55648:TCP
ORT_55648"22195:TCP"= 22195:TCP
ORT_22195"42450:TCP"= 42450:TCP
ORT_42450"53110:TCP"= 53110:TCP
ORT_53110"45536:TCP"= 45536:TCP
ORT_45536"24868:TCP"= 24868:TCP
ORT_24868"18170:TCP"= 18170:TCP
ORT_18170"62622:TCP"= 62622:TCP
ORT_62622"61996:TCP"= 61996:TCP
ORT_61996"36716:TCP"= 36716:TCP
ORT_36716"24086:TCP"= 24086:TCP
ORT_24086"20731:TCP"= 20731:TCP
ORT_20731"6851:TCP"= 6851:TCP
ORT_6851"38580:TCP"= 38580:TCP
ORT_38580"7290:TCP"= 7290:TCP
ORT_7290"63726:TCP"= 63726:TCP
ORT_63726"17976:TCP"= 17976:TCP
ORT_17976"26746:TCP"= 26746:TCP
ORT_26746"30138:TCP"= 30138:TCP
ORT_30138"58027:TCP"= 58027:TCP
ORT_58027"24830:TCP"= 24830:TCP
ORT_24830"16638:TCP"= 16638:TCP
ORT_16638"52011:TCP"= 52011:TCP
ORT_52011"34070:TCP"= 34070:TCP
ORT_34070"54641:TCP"= 54641:TCP
ORT_54641"44789:TCP"= 44789:TCP
ORT_44789"37629:TCP"= 37629:TCP
ORT_37629"9559:TCP"= 9559:TCP
ORT_9559"19295:TCP"= 19295:TCP
ORT_19295"6976:TCP"= 6976:TCP
ORT_6976"48320:TCP"= 48320:TCP
ORT_48320"55871:TCP"= 55871:TCP
ORT_55871"54408:TCP"= 54408:TCP
ORT_54408"9077:TCP"= 9077:TCP
ORT_9077"41016:TCP"= 41016:TCP
ORT_41016"58480:TCP"= 58480:TCP
ORT_58480"45943:TCP"= 45943:TCP
ORT_45943"61840:TCP"= 61840:TCP
ORT_61840"19309:TCP"= 19309:TCP
ORT_19309"23786:TCP"= 23786:TCP
ORT_23786"53559:TCP"= 53559:TCP
ORT_53559"48855:TCP"= 48855:TCP
ORT_48855"44681:TCP"= 44681:TCP
ORT_44681"14762:TCP"= 14762:TCP
ORT_14762"35789:TCP"= 35789:TCP
ORT_35789"57465:TCP"= 57465:TCP
ORT_57465"38523:TCP"= 38523:TCP
ORT_38523"64770:TCP"= 64770:TCP
ORT_64770"33355:TCP"= 33355:TCP
ORT_33355"37354:TCP"= 37354:TCP
ORT_37354"33313:TCP"= 33313:TCP
ORT_33313"33302:TCP"= 33302:TCP
ORT_33302"51903:TCP"= 51903:TCP
ORT_51903"36090:TCP"= 36090:TCP
ORT_36090"28480:TCP"= 28480:TCP
ORT_28480"30988:TCP"= 30988:TCP
ORT_30988"49895:TCP"= 49895:TCP
ORT_49895"41876:TCP"= 41876:TCP
ORT_41876"23613:TCP"= 23613:TCP
ORT_23613"10062:TCP"= 10062:TCP
ORT_10062"45251:TCP"= 45251:TCP
ORT_45251"25536:TCP"= 25536:TCP
ORT_25536"38172:TCP"= 38172:TCP
ORT_38172"11631:TCP"= 11631:TCP
ORT_11631"33488:TCP"= 33488:TCP
ORT_33488"61320:TCP"= 61320:TCP
ORT_61320"9391:TCP"= 9391:TCP
ORT_9391"13876:TCP"= 13876:TCP
ORT_13876"23836:TCP"= 23836:TCP
ORT_23836"46031:TCP"= 46031:TCP
ORT_46031"25012:TCP"= 25012:TCP
ORT_25012"15070:TCP"= 15070:TCP
ORT_15070"45883:TCP"= 45883:TCP
ORT_45883"25555:TCP"= 25555:TCP
ORT_25555"38195:TCP"= 38195:TCP
ORT_38195"12297:TCP"= 12297:TCP
ORT_12297"16835:TCP"= 16835:TCP
ORT_16835"12238:TCP"= 12238:TCP
ORT_12238"42086:TCP"= 42086:TCP
ORT_42086"15463:TCP"= 15463:TCP
ORT_15463"64047:TCP"= 64047:TCP
ORT_64047"13110:TCP"= 13110:TCP
ORT_13110"55461:TCP"= 55461:TCP
ORT_55461"19797:TCP"= 19797:TCP
ORT_19797"22898:TCP"= 22898:TCP
ORT_22898"13341:TCP"= 13341:TCP
ORT_13341"53742:TCP"= 53742:TCP
ORT_53742"44941:TCP"= 44941:TCP
ORT_44941"50293:TCP"= 50293:TCP
ORT_50293"30919:TCP"= 30919:TCP
ORT_30919"23898:TCP"= 23898:TCP
ORT_23898"15851:TCP"= 15851:TCP
ORT_15851"34719:TCP"= 34719:TCP
ORT_34719"27527:TCP"= 27527:TCP
ORT_27527"40367:TCP"= 40367:TCP
ORT_40367"45405:TCP"= 45405:TCP
ORT_45405R1 is-2I7NCdrv;is-2I7NCdrv;C:\WINDOWS\system32\drivers\42439833.sys [03/05/2008 11:41 AM]
R1 is-EB04Jdrv;is-EB04Jdrv;C:\WINDOWS\system32\drivers\73343304.sys [03/05/2008 11:41 AM]
R1 is-JCU2Pdrv;is-JCU2Pdrv;C:\WINDOWS\system32\drivers\48575709.sys [03/05/2008 11:41 AM]
R1 is-QK3HRdrv;is-QK3HRdrv;C:\WINDOWS\system32\drivers\64272159.sys [03/05/2008 11:41 AM]
R1 is-S1C19drv;is-S1C19drv;C:\WINDOWS\system32\drivers\70629233.sys [03/05/2008 11:41 AM]
S1 is-PKNCHdrv;is-PKNCHdrv;C:\WINDOWS\system32\drivers\96556684.sys [03/05/2008 11:41 AM]
S1 is-RAQ3Cdrv;is-RAQ3Cdrv;C:\WINDOWS\system32\drivers\69159150.sys [03/05/2008 11:41 AM]
S1 is-RI49Qdrv;is-RI49Qdrv;C:\WINDOWS\system32\drivers\91856624.sys [03/05/2008 11:41 AM]
S1 is-S876Ddrv;is-S876Ddrv;C:\WINDOWS\system32\drivers\06976345.sys [03/05/2008 11:41 AM]
S2 is-EB04J;is-EB04J;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe []
S2 is-JCU2P;is-JCU2P;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe []
S2 is-PKNCH;is-PKNCH;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe []
S2 is-QK3HR;is-QK3HR;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe []
S2 is-RAQ3C;is-RAQ3C;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe []
S2 is-RI49Q;is-RI49Q;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe []
S2 is-S1C19;is-S1C19;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe []
S2 is-S876D;is-S876D;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ماركت بروف - C:\MarketProf\MarketProf.exe
HKLM-Run-USB GATE - C:\Program Files\USB GATE\USB GATE.exe
HKLM-Run-is-PKNCH - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe
HKLM-Run-is-QK3HR - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe
HKLM-Run-is-RAQ3C - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe
HKLM-Run-is-S876D - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe
HKLM-Run-is-RI49Q - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe
HKLM-Run-is-S1C19 - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe
HKLM-Run-is-EB04J - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe
HKLM-Run-is-JCU2P - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-31 22:07:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/31/2008 22:08:55
ComboFix-quarantined-files.txt 2008-08-31 19:08:44
Pre-Run: 31,704,068,096 bytes free
Post-Run: 34,287,112,192 bytes free
924 --- E O F --- 2008-08-29 11:24:21
تأييد
0
وهذا هو التقرير الثاني :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:02 م, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\USER\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-EB04J - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe (file missing)
O23 - Service: is-JCU2P - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe (file missing)
O23 - Service: is-PKNCH - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe (file missing)
O23 - Service: is-QK3HR - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe (file missing)
O23 - Service: is-RAQ3C - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe (file missing)
O23 - Service: is-RI49Q - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe (file missing)
O23 - Service: is-S1C19 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe (file missing)
O23 - Service: is-S876D - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6613 bytes
والشهر عليك مبارك وكل عام وانت بخير ، (فصل وحنا بنلبس) إن شاء الله
وهناك سؤال الاداتين التي حملتها هل احذفها ام لم ينتهي العمل بها
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:02 م, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\USER\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-EB04J - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe (file missing)
O23 - Service: is-JCU2P - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe (file missing)
O23 - Service: is-PKNCH - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe (file missing)
O23 - Service: is-QK3HR - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe (file missing)
O23 - Service: is-RAQ3C - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe (file missing)
O23 - Service: is-RI49Q - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe (file missing)
O23 - Service: is-S1C19 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe (file missing)
O23 - Service: is-S876D - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6613 bytes
والشهر عليك مبارك وكل عام وانت بخير ، (فصل وحنا بنلبس) إن شاء الله
وهناك سؤال الاداتين التي حملتها هل احذفها ام لم ينتهي العمل بها
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
حدد التالي واحذفه ::
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم هات تقرير هايجاك جديد لاهنت
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
طريقة الحذف
ستظهر لك هذا النافذه : اضغط Yes
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم هات تقرير هايجاك جديد لاهنت
توقيع : Al jNtEeL
تأييد
0
يبدو ان مشكلة Q انحلت ولكن خلفية سطح المكتب تغيرت صارت سادة والساعة خربت والاداة الاخيرة عندما تبدا في العمل تختفى الاختصارت التي على المكتب ( حبيت اقولك ماذا حصل ) وهذا هو التقرير وبارك الله فيك :
SmitFraudFix v2.343
Scan done at 23:58:28.84, Sun 08/31/2008
Run from C:\Documents and Settings\USER\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
DNS Server Search Order: 10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.343
Scan done at 23:58:28.84, Sun 08/31/2008
Run from C:\Documents and Settings\USER\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
DNS Server Search Order: 10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{601FF982-BF77-4DA5-971E-6359D676BD2B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
تأييد
0
وهذا تقرير هايجاك جديد :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:23, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\USER\Desktop\HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-EB04J - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe (file missing)
O23 - Service: is-JCU2P - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe (file missing)
O23 - Service: is-PKNCH - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe (file missing)
O23 - Service: is-QK3HR - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe (file missing)
O23 - Service: is-RAQ3C - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe (file missing)
O23 - Service: is-RI49Q - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe (file missing)
O23 - Service: is-S1C19 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe (file missing)
O23 - Service: is-S876D - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6382 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:23, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\USER\Desktop\HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-EB04J - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-EB04J\is-EB04J.exe (file missing)
O23 - Service: is-JCU2P - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-JCU2P\is-JCU2P.exe (file missing)
O23 - Service: is-PKNCH - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-PKNCH\is-PKNCH.exe (file missing)
O23 - Service: is-QK3HR - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QK3HR\is-QK3HR.exe (file missing)
O23 - Service: is-RAQ3C - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RAQ3C\is-RAQ3C.exe (file missing)
O23 - Service: is-RI49Q - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RI49Q\is-RI49Q.exe (file missing)
O23 - Service: is-S1C19 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S1C19\is-S1C19.exe (file missing)
O23 - Service: is-S876D - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-S876D\is-S876D.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6382 bytes
تأييد
0
اخي الكريم
اذا تم الانتهاء من الفحص والتنظيف جزاك الله خيراً
اريد ان اعرف هل احذف الادوات التي حملتها ام اجعلها لدي ولماذا ؟
وجعل الله هذا العمل وجميع الاعمال الخيره في هذا المنتدى المبارك في ميزان حسناتكم يوم ظل الا ظله
سبحانه وتعالى .
اخوك العليمي مرة:cr:
اذا تم الانتهاء من الفحص والتنظيف جزاك الله خيراً
اريد ان اعرف هل احذف الادوات التي حملتها ام اجعلها لدي ولماذا ؟
وجعل الله هذا العمل وجميع الاعمال الخيره في هذا المنتدى المبارك في ميزان حسناتكم يوم ظل الا ظله
سبحانه وتعالى .
اخوك العليمي مرة:cr:
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
بقي التالي احذفه فورا :
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ثم احذف كل الأدوات الي تبي تحذفها ,,,
واخبارك المشكله معاك ؟؟
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ثم احذف كل الأدوات الي تبي تحذفها ,,,
واخبارك المشكله معاك ؟؟
توقيع : Al jNtEeL
تأييد
0