مساعده فى تقرير

سيد الصافى

سيد الصافى

زيزوومى مميز
إنضم
10 ديسمبر 2008
المشاركات
699
مستوى التفاعل
14
النقاط
530
الإقامة
الاسكندريه مصر
غير متصل
السلام عليكم برجاء مساعده فى هذا التقرير لان الجهاز بيعمل
ريستارت واحيانا يكون بطيء ولكم الشكر
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:38:31 م, on 11/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vortex\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\vortex tools\Classes\Vortex\vista\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\vortex tools\Classes\Vortex\vista\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
--
End of file - 6194 bytes
 

توقيع : سيد الصافى
ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام


هلا بك

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


وعطني هذا التقرير مع تقرير هايجاك جديد
 
توقيع : AbOdy
تأييد 0
بالنسبة لاعادة تشغيل الجهاز هذا سببه فيروس
قم بالدخول على هذه المواضيع وان شاء الله تستفيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التقرير سليم
 
تأييد 0
التقرير سليم
أنقر للتوسيع...

اخوي ياليت تتأكد من تحليلك للتقرير

التقرير فيه بعض القيم ولازم تنحذف

بس حبيت اول شي يعمل تقرير كبموفكيس
 
توقيع : AbOdy
تأييد 0
AbOdy قال:
اخوي ياليت تتأكد من تحليلك للتقرير

التقرير فيه بعض القيم ولازم تنحذف

بس حبيت اول شي يعمل تقرير كبموفكيس
أنقر للتوسيع...

انت قصدك ان هذه

i16945_1.bmp

i16946_2.bmp

i16947_3.bmp

i16948_4.bmp

كيف
 
تأييد 0
احذف
O4 - HKUS\S-1-5-19\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'NETWORK SERVICE')

Gopher Prefix

HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe
"CoolWebSearch
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
parasite variant"

IE DefaultPrefix hijack
This is always bad.

O4 - HKUS\S-1-5-18\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'Default user')

رد مع اقتباس
 
تأييد 0
جزاكم الله خيرا على التاخير لان الاداه اخذت وقت ولكن معذره لم انتبه لارسل تحليل اداة كيمفوكيس وساضعها الحين ولكم جزيل الشكر
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:19:11 م, on 11/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vortex\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\vortex tools\Classes\Vortex\vista\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\vortex tools\Classes\Vortex\vista\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
--
End of file - 5205 bytes
 
توقيع : سيد الصافى
تأييد 0
هذا هو التقرير الثانى جزاكم الله خيرا
ComboFix 09-06-10.02 - Vortex 06/11/2009 17:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.255.109 [GMT 3:00]
Running from: c:\documents and settings\Vortex\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.
2009-06-10 21:19 . 2009-02-15 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-10 21:19 . 2009-02-15 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Runscanner.net
2009-06-05 18:50 . 2009-06-05 18:50 -------- d-----w- c:\documents and settings\Vortex\Application Data\Dexpot
2009-06-03 15:28 . 2009-06-03 15:28 120240 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-03 15:24 . 2009-06-03 20:49 -------- d-----w- c:\program files\Internet Download Manager
2009-06-03 09:19 . 2009-06-03 09:19 2926768 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\idmupdt.exe
2009-06-03 09:18 . 2009-06-03 09:18 -------- d-----w- c:\windows\system32\mekanlar
2009-06-02 09:18 . 2009-06-02 09:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-06-02 09:18 . 2009-06-02 09:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-06-02 09:18 . 2009-06-02 09:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-06-02 09:18 . 2009-06-02 09:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-06-02 09:18 . 2009-06-02 09:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-06-02 09:05 . 2009-06-02 09:05 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-06-02 09:01 . 2009-06-02 09:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-02 09:01 . 2009-06-02 09:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-02 09:00 . 2009-06-11 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-02 09:00 . 2009-06-02 09:00 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-02 08:34 . 2009-06-02 08:39 7033161 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\DwnlData\Vortex\kis2010.0.0.459en_42\kis2010.0.0.459en.exe
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-28 16:40 . 2009-05-28 16:40 30296 ----a-w- c:\documents and settings\Vortex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 16:27 . 2009-02-20 12:30 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-27 21:27 . 2009-06-10 08:30 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 10:48 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-05-27 10:45 . 2009-02-06 11:03 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-27 10:45 . 2009-02-06 10:30 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-27 10:45 . 2009-02-06 10:30 2066176 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-27 10:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-27 10:18 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-26 11:02 . 2009-05-26 11:02 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\WMTools Downloaded Files
2009-05-26 10:11 . 2009-05-26 10:11 -------- d-----w- c:\program files\Ashampoo
2009-05-26 10:07 . 2009-05-26 10:07 -------- d-----w- c:\windows\system32\windows media
2009-05-26 10:06 . 2009-05-26 10:12 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-26 10:06 . 2009-05-26 10:06 -------- d-----w- c:\program files\Windows Media Components
2009-05-25 18:38 . 2009-06-11 11:09 27 ----a-w- c:\windows\popcinfo.dat
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-25 01:41 . 2009-05-25 01:41 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-05-24 12:30 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-23 23:26 . 2009-05-23 23:26 -------- d-----w- c:\documents and settings\Vortex\Application Data\IObit
2009-05-23 12:01 . 2009-05-23 12:01 -------- d-----w- c:\documents and settings\Vortex\Application Data\Quick Search And Replace
2009-05-22 17:53 . 2009-05-22 17:53 4096 ----a-w- c:\windows\d3dx.dat
2009-05-22 12:15 . 2009-05-22 12:15 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Identities
2009-05-21 17:04 . 2009-06-03 16:19 -------- d-----w- C:\My Drivers
2009-05-20 22:09 . 2009-05-20 22:09 -------- d-----w- c:\program files\Common Files\NSV
2009-05-19 23:09 . 2009-05-19 23:12 -------- d-----w- c:\program files\Yahoo!
2009-05-19 23:05 . 2009-06-11 13:03 -------- d-----w- c:\documents and settings\Vortex\Application Data\skypePM
2009-05-19 23:00 . 2009-06-11 13:22 -------- d-----w- c:\documents and settings\Vortex\Application Data\Skype
2009-05-19 23:00 . 2009-05-19 23:00 -------- d-----w- c:\program files\Skype
2009-05-19 23:00 . 2009-05-19 23:00 -------- d-----w- c:\program files\Common Files\Skype
2009-05-19 22:59 . 2009-05-19 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-19 22:13 . 2009-05-19 22:13 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 13:51 . 2009-05-19 19:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\DMCache
2009-06-10 21:21 . 2009-05-19 18:36 -------- d-----w- c:\program files\Teletext
2009-06-10 21:21 . 2009-05-19 18:35 -------- d-----w- c:\program files\LifeView TVR
2009-06-03 15:28 . 2009-05-19 19:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\IDM
2009-06-02 08:57 . 2009-05-19 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-27 21:31 . 2009-05-19 18:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-26 11:06 . 2009-05-19 18:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-26 10:59 . 2009-05-19 18:03 -------- d-----w- c:\program files\Foxit Software
2009-05-21 16:57 . 2009-05-19 18:57 -------- d-----w- c:\documents and settings\Vortex\Application Data\TeraCopy
2009-05-19 23:15 . 2009-05-19 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-19 23:05 . 2009-05-19 23:05 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-19 20:13 . 2009-05-19 20:13 2232 ----a-w- c:\windows\java\Packages\Data\J1ZDB7XZ.DAT
2009-05-19 20:13 . 2009-05-19 20:13 155995 ----a-w- c:\windows\java\Packages\60S7LBHR.ZIP
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\1NVXBXR1.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\QNB9VRNF.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\W1FTJ5F9.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\TN35BJ7T.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\QJ3TVD33.DAT
2009-05-19 20:04 . 2009-05-19 20:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\Media Player Classic
2009-05-19 19:55 . 2009-05-19 19:55 -------- d-----w- c:\program files\Marah
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\UltraISO
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vortex Tools
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\vortex tools
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\Windows Live
2009-05-19 18:24 . 2009-05-19 18:27 -------- d-----w- c:\documents and settings\Vortex\Application Data\winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\documents and settings\Default User\Application Data\winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\program files\Winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\program files\Real Alternative
2009-05-19 18:23 . 2009-05-19 18:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 18:16 . 2009-05-19 18:16 -------- d-----w- c:\program files\microsoft frontpage
2009-05-19 18:15 . 2009-05-19 18:03 -------- d-----w- c:\program files\Windows Sidebar
2009-05-19 18:12 . 2009-05-19 18:12 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-19 18:09 . 2009-05-19 18:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-19 18:06 . 2009-05-19 18:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-19 18:04 . 2009-05-19 18:03 -------- d-----w- c:\program files\TeraCopy
2009-05-19 18:04 . 2009-05-19 18:03 -------- d-----w- c:\program files\ISO Recorder
2009-05-19 18:03 . 2009-05-19 18:03 -------- d-----w- c:\program files\System
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:14 . 2009-02-20 12:30 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2009-02-20 12:30 828928 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2009-02-20 12:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 13:20 . 2009-02-20 12:30 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-20 12:30 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2009-02-20 12:30 578048 894B313C52589628BB996E175B581E3A c:\windows\system32\user32.dll
[-] 2009-02-20 12:30 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\system32\drivers\tcpip.sys
[-] 2009-02-20 12:30 557056 D2B41B86A5F59DE5E636F4954F6EF8F2 c:\windows\system32\winlogon.exe
[-] 2009-02-20 12:30 1589248 CDF7DDCA2A8C0E5E14C26736D6E54E24 c:\windows\explorer.exe
[-] 2009-02-20 12:30 40448 C1D50243355A290CB3AA684FD8B38170 c:\windows\system32\ctfmon.exe
[-] 2009-02-20 12:30 296448 37981A741AD7B04258E87129FFE79AB9 c:\windows\system32\termsrv.dll
[-] 2009-02-20 12:30 1614848 5504EFF23CE88A875C98B4C55487FF1D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-02-20 40448]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\program files\vortex tools\Classes\Vortex\vista\VIPhd\vsdrv.exe" [2006-07-30 121089]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 40448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"vortex_AA0"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [19/05/2009 09:04 م 8576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
S3 cpuz129;cpuz129; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - VCDROM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = about:blank
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {{CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-11 17:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\TeraCopy\TeraCopyExt.dll
.
Completion time: 2009-06-11 17:59
ComboFix-quarantined-files.txt 2009-06-11 14:59
Pre-Run: 3,965,059,072 bytes free
Post-Run: 3,957,706,752 bytes free
211 --- E O F --- 2009-06-10 08:30
 
توقيع : سيد الصافى
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى