تقرير كمبوفيكس

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

الأسير891

زيزوومي جديد
إنضم
29 فبراير 2008
المشاركات
26
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم ورحمة الله وبركاته

ياليت اخوي لوتشوف التقرير لجهاز اخوي هل هو سليم ام لا .. والله يجزاكم الجنة ..

مع العلم انه لم يعد تشغيل الجهاز ؟

ComboFix 08-11-23.02 - winXP 12/12/2008 2:25:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1557 [GMT 3:00]
Running from: c:\documents and settings\winXP\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-11 23:19 9,468 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-11 23:19 614,432 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-11 23:19 34,668 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-11 23:19 3,494,432 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 23:02 --------- d-----w c:\documents and settings\winXP\Application Data\CyberScrub
2008-12-11 23:02 --------- d-----w c:\documents and settings\winXP\Application Data\cleaner
2008-12-11 22:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 22:50 --------- d-----w c:\program files\Your Uninstaller 2008
2008-12-11 22:49 --------- d-----w c:\program files\Microsoft Virtual PC
2008-12-11 22:49 --------- d-----w c:\documents and settings\winXP\Application Data\DMCache
2008-12-11 22:48 --------- d-----w c:\program files\WebcamMax
2008-12-11 22:43 --------- d-----w c:\documents and settings\winXP\Application Data\URSoft
2008-12-11 16:59 --------- d-----w c:\program files\Paltalk Messenger
2008-12-11 16:59 --------- d-----w c:\program files\Call of Duty
2008-12-11 16:40 --------- d-----w c:\documents and settings\winXP\Application Data\uTorrent
2008-12-08 03:43 59,692 ----a-w c:\windows\BricoPackUninst.cmd
2008-12-08 03:43 5,652 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-12-04 00:03 --------- d-----w c:\program files\Windows Live
2008-12-03 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-03 13:52 --------- d-----w c:\documents and settings\winXP\Application Data\Vso
2008-12-03 12:45 --------- d-----w c:\documents and settings\winXP\Application Data\Nokia
2008-12-03 10:55 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-03 10:55 --------- d-----w c:\program files\Common Files\Nokia
2008-12-03 10:52 --------- d-----w c:\program files\Nokia
2008-12-03 10:48 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-12-01 14:07 --------- d-----w c:\program files\saleh.alqhtani
2008-12-01 14:07 --------- d-----w c:\program files\Conduit
2008-11-29 19:39 --------- d-----w c:\documents and settings\winXP\Application Data\Lunascape
2008-11-29 18:36 --------- d-----w c:\program files\Lunascape
2008-11-29 18:32 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-29 18:32 --------- d-----w c:\program files\oovooToolbar
2008-11-27 21:34 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-17 15:39 --------- d-----w c:\documents and settings\winXP\Application Data\PC Suite
2008-11-12 12:11 286,720 ------w c:\windows\Setup1.exe
2008-11-11 14:26 --------- d-----w c:\program files\MSXML 4.0
2008-11-07 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-04 10:33 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 13:07 --------- d-----w c:\program files\uTorrent
2008-11-01 13:04 --------- d-----w c:\program files\Internet Download Manager
2008-11-01 13:04 --------- d-----w c:\documents and settings\winXP\Application Data\IDM
2008-10-31 12:54 --------- d-----w c:\program files\IObit
2008-10-29 21:44 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-29 12:17 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-10-29 05:10 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-29 05:10 --------- d-----w c:\program files\Circle Developement
2008-10-28 18:12 --------- d-----w c:\documents and settings\winXP\Application Data\Paltalk
2008-10-28 15:13 --------- d-----w c:\documents and settings\winXP\Application Data\oovooToolbar
2008-10-28 13:39 --------- d-----w c:\documents and settings\winXP\Application Data\Uniblue
2008-10-28 12:29 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-28 11:32 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-28 11:29 --------- d-----w c:\program files\Kaspersky Lab
2008-10-28 10:35 --------- d-----w c:\program files\MSBuild
2008-10-28 10:30 --------- d-----w c:\program files\Reference Assemblies
2008-10-28 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\channels
2008-10-28 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\10015
2008-10-27 14:02 --------- d-----w c:\program files\ooVoo
2008-10-27 13:30 --------- d-----w c:\documents and settings\winXP\Application Data\ooVoo Details
2008-10-27 10:56 --------- d-----w c:\documents and settings\winXP\Application Data\Media Player Classic
2008-10-27 02:28 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-27 00:13 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-26 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-26 23:36 --------- d-----w c:\program files\MSXML 6.0
2008-10-26 22:23 --------- d-----w c:\program files\RocketDock
2008-10-26 21:57 --------- d-----w c:\program files\Common Files\snp325
2008-10-26 21:57 --------- d-----w c:\documents and settings\winXP\Application Data\InstallShield
2008-10-26 21:36 2,289,664 ----a-w c:\windows\system32\TUKernel.exe
2008-10-26 20:57 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-26 20:56 376,832 ----a-w c:\windows\system32\AegisI5Installer.exe
2008-10-26 20:56 21,361 ----a-w c:\windows\AegisP.sys
2008-10-26 20:37 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-10-26 20:23 --------- d-----w c:\documents and settings\winXP\Application Data\AVGTOOLBAR
2008-10-26 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-26 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-26 20:14 --------- d-----w c:\program files\Alcohol Soft
2008-10-26 20:12 --------- d-----w c:\documents and settings\winXP\Application Data\Webcammax
2008-10-26 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\Webcammax
2008-10-26 20:11 197 --sha-w c:\program files\Common Files\maxtreme.dat
2008-10-26 20:06 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-10-26 20:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-26 20:06 --------- d-----w c:\documents and settings\winXP\Application Data\TuneUp Software
2008-10-26 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-26 20:03 --------- d-----w c:\program files\Zeallsoft
2008-10-26 20:02 --------- d-----w c:\program files\Total Video Converter
2008-10-26 19:59 --------- d-----w c:\program files\Sony
2008-10-26 19:59 --------- d-----w c:\documents and settings\winXP\Application Data\Sony
2008-10-26 19:58 --------- d-----w c:\program files\Sony Setup
2008-10-26 19:58 --------- d-----w c:\program files\Ringz Studio
2008-10-26 19:58 --------- d-----w c:\program files\Common Files\Real
2008-10-26 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-26 19:57 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-26 19:56 --------- d-----w c:\program files\RM to MP3 Converter
2008-10-26 19:52 --------- d-----w c:\program files\VSO
2008-10-26 19:51 --------- d-----w c:\program files\Webteh
2008-10-26 19:45 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-10-26 19:36 --------- d-----w c:\program files\Macromedia
2008-10-26 19:36 --------- d-----w c:\program files\CyberLink
2008-10-26 19:36 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-26 19:35 --------- d-----w c:\program files\GRETECH
2008-10-26 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf41a01c-9b7b-49a7-a24a-1beb863a0f79}"= "c:\program files\saleh.alqhtani\tbsale.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CLASSES_ROOT\clsid\{bf41a01c-9b7b-49a7-a24a-1beb863a0f79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A057A204-BACC-4D26-8087-36EE87E26986}]
07/29/2008 10:56 PM 1987544 --a------ c:\progra~1\OOVOOT~1\OOVOOT~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{bf41a01c-9b7b-49a7-a24a-1beb863a0f79}]
11/23/2008 11:03 PM 1784856 --a------ c:\program files\saleh.alqhtani\tbsale.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [07/29/2008 10:56 PM 1987544]
"{bf41a01c-9b7b-49a7-a24a-1beb863a0f79}"= "c:\program files\saleh.alqhtani\tbsale.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [07/29/2008 10:56 PM 1987544]
"{BF41A01C-9B7B-49A7-A24A-1BEB863A0F79}"= "c:\program files\saleh.alqhtani\tbsale.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{bf41a01c-9b7b-49a7-a24a-1beb863a0f79}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 02:56 AM 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [12/13/2005 05:44 PM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [12/13/2005 05:41 PM 77824]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM 1101824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/04/2008 09:59 PM 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 02:56 AM 15360]

c:\documents and settings\winXP\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^TransBar.lnk]
path=c:\documents and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^UberIcon.lnk]
path=c:\documents and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^Y'z Shadow.lnk]
path=c:\documents and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 12/23/2006 06:05 PM 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 08/03/2006 06:51 PM 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 02/12/2007 02:50 PM 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 10/28/2008 07:08 PM 2606512 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 09/14/2008 11:27 AM 14174000 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 11/26/2006 09:30 PM 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 11/10/2005 01:03 PM 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 03/08/2006 12:48 PM 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/04/2008 09:59 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 02/09/2008 07:58 AM 456024 c:\program files\WebcamMax\wcmmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 08/04/2004 02:56 AM 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 03/24/2006 05:30 PM 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"tsnp325"=c:\windows\tsnp325.exe
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"snp325"=c:\windows\vsnp325.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP المنفذ 37675

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2008-10-27 10253056]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-26 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5be7ca8e-aa7f-11dd-b41d-0016414b9dfa}]
\Shell\AutoRun\command - F:\invwft2h.com
\Shell\explore\Command - F:\invwft2h.com
\Shell\open\Command - F:\invwft2h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73657792-3925-11dc-84fd-0019b96c3846}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73657793-3925-11dc-84fd-0019b96c3846}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a29b55db-b737-11dd-b444-0016414b9dfa}]
\Shell\AutoRun\command - b.exe
\Shell\explore\Command - b.exe
\Shell\open\Command - b.exe

*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-kava - c:\windows\system32\kavo.exe
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
IE: "إضافة إلى حاجب الدعايات" - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-12 02:26:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\Wireless\Bin\SsoGnARA.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\WgaLogon.dll

- - - - - - - > 'lsass.exe'(1264)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Completion time: 12/12/2008 2:27:23
ComboFix-quarantined-files.txt 2008-12-11 23:27:20

Pre-Run: 25,896,996,864 bytes free
Post-Run: 25,883,090,944 bytes free

311 --- E O F --- 2008-12-11 22:25:22




,,,,,

ودمتم بسعادة ..

مع التحية .​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
سم ابشر يالغالي الليله يكون الرد جاهز ان شاء الله

بررب
 
تأييد 0
المعذرة على التأخير اخوي MAAX

وسم هذا الي طلبت ..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:42:51 ص, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Zyzoom_HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: احصائيات حماية حركة مرور الشبكة - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8140 bytes





,,,

مع التحية.​
 
تأييد 0
حدد التالي وقم بحذفه

R3 - URLSearchHook: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O2 - BHO: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll

O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O3 - Toolbar: saleh.alqhtani Toolbar - {bf41a01c-9b7b-49a7-a24a-1beb863a0f79} - C:\Program Files\saleh.alqhtani\tbsale.dll

طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

موفق
 
تأييد 0
maax

الله يعطيك العافية تم حذف ماذكرته .. ولكن لدي استفسار بسيط ماسبب حذف ماذكرت ؟؟

والله يعطيك العافية ..

مع التحية .
 
تأييد 0
مالها اي سبب يذكر
هي توولبارات وننصح بحذفها
اما التقرير سليم بشكل عام

يغلق الموضوع لانتهائه
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى