[تم حل المشكلة]برجاء مساعده فى تقرير هايجاك

الحالة
مغلق و غير مفتوح للمزيد من الردود.
سيد الصافى

سيد الصافى

زيزوومى مميز
إنضم
10 ديسمبر 2008
المشاركات
699
مستوى التفاعل
14
النقاط
530
الإقامة
الاسكندريه مصر
غير متصل
السلام عليكم برجاء من الاخوه اصحاب الخبره مساعده فى تقرير هايجاك وكمبوفكس اولا تقرير هايجاك لان الجهاز بيهنج ويعمل ريستارت وبه ثقل فى التصفح
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:04 م, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Vortex\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\vortex tools\Classes\Vortex\vista\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\vortex tools\Classes\Vortex\vista\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [vortex_AA0] rundll32 advpack.dll,LaunchINFSectionEx voraddon.inf,vortwek,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
--
End of file - 5259 bytes
 

توقيع : سيد الصافى
ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام


اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
جزاكم الله خيرا اخى ابو ريما وهذا ايضا تقرير كبموفيكس
ComboFix 09-06-17.02 - Vortex 06/18/2009 19:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.255.111 [GMT 3:00]
Running from: c:\documents and settings\Vortex\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-15 08:32 . 2009-06-15 08:32 -------- d--h--w- c:\windows\PIF
2009-06-15 08:17 . 2009-06-18 16:54 -------- d-----w- c:\documents and settings\Vortex\Tracing
2009-06-10 21:19 . 2009-02-15 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-10 21:19 . 2009-02-15 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Runscanner.net
2009-06-05 18:50 . 2009-06-05 18:50 -------- d-----w- c:\documents and settings\Vortex\Application Data\Dexpot
2009-06-03 15:28 . 2009-06-03 15:28 120240 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-03 15:24 . 2009-06-03 20:49 -------- d-----w- c:\program files\Internet Download Manager
2009-06-03 09:19 . 2009-06-03 09:19 2926768 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\idmupdt.exe
2009-06-03 09:18 . 2009-06-03 09:18 -------- d-----w- c:\windows\system32\mekanlar
2009-06-02 09:18 . 2009-06-02 09:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-06-02 09:18 . 2009-06-02 09:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-06-02 09:18 . 2009-06-02 09:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-06-02 09:18 . 2009-06-02 09:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-06-02 09:18 . 2009-06-02 09:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-06-02 09:05 . 2009-06-02 09:05 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-06-02 09:01 . 2009-06-02 09:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-02 09:01 . 2009-06-02 09:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-02 09:00 . 2009-06-18 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-02 09:00 . 2009-06-02 09:00 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-02 08:34 . 2009-06-02 08:39 7033161 ----a-w- c:\documents and settings\Vortex\Application Data\IDM\DwnlData\Vortex\kis2010.0.0.459en_42\kis2010.0.0.459en.exe
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-28 16:40 . 2009-05-28 16:40 30296 ----a-w- c:\documents and settings\Vortex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 16:27 . 2009-02-20 12:30 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-27 21:27 . 2009-06-10 08:30 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 10:48 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-05-27 10:45 . 2009-02-06 11:03 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-27 10:45 . 2009-02-06 10:30 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-27 10:45 . 2009-02-06 10:30 2066176 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-27 10:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-27 10:18 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-26 11:02 . 2009-05-26 11:02 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\WMTools Downloaded Files
2009-05-26 10:11 . 2009-05-26 10:11 -------- d-----w- c:\program files\Ashampoo
2009-05-26 10:07 . 2009-05-26 10:07 -------- d-----w- c:\windows\system32\windows media
2009-05-26 10:06 . 2009-05-26 10:12 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-26 10:06 . 2009-05-26 10:06 -------- d-----w- c:\program files\Windows Media Components
2009-05-25 18:38 . 2009-06-17 17:44 27 ----a-w- c:\windows\popcinfo.dat
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-25 01:41 . 2009-05-25 01:41 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-05-24 12:30 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-23 23:26 . 2009-06-17 07:55 -------- d-----w- c:\documents and settings\Vortex\Application Data\IObit
2009-05-23 12:01 . 2009-05-23 12:01 -------- d-----w- c:\documents and settings\Vortex\Application Data\Quick Search And Replace
2009-05-22 17:53 . 2009-05-22 17:53 4096 ----a-w- c:\windows\d3dx.dat
2009-05-22 12:15 . 2009-05-22 12:15 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Identities
2009-05-21 17:04 . 2009-06-03 16:19 -------- d-----w- C:\My Drivers
2009-05-20 22:09 . 2009-05-20 22:09 -------- d-----w- c:\program files\Common Files\NSV
2009-05-19 23:09 . 2009-05-19 23:12 -------- d-----w- c:\program files\Yahoo!
2009-05-19 23:05 . 2009-06-18 15:51 -------- d-----w- c:\documents and settings\Vortex\Application Data\skypePM
2009-05-19 23:00 . 2009-06-18 16:14 -------- d-----w- c:\documents and settings\Vortex\Application Data\Skype
2009-05-19 23:00 . 2009-05-19 23:00 -------- d-----w- c:\program files\Skype
2009-05-19 23:00 . 2009-05-19 23:00 -------- d-----w- c:\program files\Common Files\Skype
2009-05-19 22:59 . 2009-05-19 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-19 22:13 . 2009-05-19 22:13 -------- d-----w- c:\documents and settings\Vortex\Local Settings\Application Data\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 00:17 . 2009-05-19 19:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\DMCache
2009-06-10 21:21 . 2009-05-19 18:36 -------- d-----w- c:\program files\Teletext
2009-06-10 21:21 . 2009-05-19 18:35 -------- d-----w- c:\program files\LifeView TVR
2009-06-03 15:28 . 2009-05-19 19:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\IDM
2009-06-02 08:57 . 2009-05-19 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-27 21:31 . 2009-05-19 18:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-26 11:06 . 2009-05-19 18:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-26 10:59 . 2009-05-19 18:03 -------- d-----w- c:\program files\Foxit Software
2009-05-21 16:57 . 2009-05-19 18:57 -------- d-----w- c:\documents and settings\Vortex\Application Data\TeraCopy
2009-05-19 23:15 . 2009-05-19 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-19 23:05 . 2009-05-19 23:05 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-19 20:13 . 2009-05-19 20:13 2232 ----a-w- c:\windows\java\Packages\Data\J1ZDB7XZ.DAT
2009-05-19 20:13 . 2009-05-19 20:13 155995 ----a-w- c:\windows\java\Packages\60S7LBHR.ZIP
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\1NVXBXR1.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\QNB9VRNF.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\W1FTJ5F9.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\TN35BJ7T.DAT
2009-05-19 20:13 . 2009-05-19 20:13 2678 ----a-w- c:\windows\java\Packages\Data\QJ3TVD33.DAT
2009-05-19 20:04 . 2009-05-19 20:04 -------- d-----w- c:\documents and settings\Vortex\Application Data\Media Player Classic
2009-05-19 19:55 . 2009-05-19 19:55 -------- d-----w- c:\program files\Marah
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\UltraISO
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vortex Tools
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\vortex tools
2009-05-19 18:25 . 2009-05-19 18:25 -------- d-----w- c:\program files\Windows Live
2009-05-19 18:24 . 2009-05-19 18:27 -------- d-----w- c:\documents and settings\Vortex\Application Data\winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\documents and settings\Default User\Application Data\winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\program files\Winamp
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w- c:\program files\Real Alternative
2009-05-19 18:23 . 2009-05-19 18:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 18:16 . 2009-05-19 18:16 -------- d-----w- c:\program files\microsoft frontpage
2009-05-19 18:15 . 2009-05-19 18:03 -------- d-----w- c:\program files\Windows Sidebar
2009-05-19 18:12 . 2009-05-19 18:12 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-19 18:09 . 2009-05-19 18:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-19 18:06 . 2009-05-19 18:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-19 18:04 . 2009-05-19 18:03 -------- d-----w- c:\program files\TeraCopy
2009-05-19 18:04 . 2009-05-19 18:03 -------- d-----w- c:\program files\ISO Recorder
2009-05-19 18:03 . 2009-05-19 18:03 -------- d-----w- c:\program files\System
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:14 . 2009-02-20 12:30 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2009-02-20 12:30 828928 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2009-02-20 12:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 13:20 . 2009-02-20 12:30 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-20 12:30 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2009-02-20 12:30 578048 894B313C52589628BB996E175B581E3A c:\windows\system32\user32.dll
[-] 2009-02-20 12:30 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\system32\drivers\tcpip.sys
[-] 2009-02-20 12:30 557056 D2B41B86A5F59DE5E636F4954F6EF8F2 c:\windows\system32\winlogon.exe
[-] 2009-02-20 12:30 1589248 CDF7DDCA2A8C0E5E14C26736D6E54E24 c:\windows\explorer.exe
[-] 2009-02-20 12:30 40448 C1D50243355A290CB3AA684FD8B38170 c:\windows\system32\ctfmon.exe
[-] 2009-02-20 12:30 296448 37981A741AD7B04258E87129FFE79AB9 c:\windows\system32\termsrv.dll
[-] 2009-02-20 12:30 1614848 5504EFF23CE88A875C98B4C55487FF1D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-02-20 40448]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\program files\vortex tools\Classes\Vortex\vista\VIPhd\vsdrv.exe" [2006-07-30 121089]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 40448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"vortex_AA0"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [19/05/2009 09:04 م 8576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - VCDROM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = about:blank
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {{CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-18 19:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\lvhidsvc.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-18 19:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 16:59
ComboFix2.txt 2009-06-18 09:30
ComboFix3.txt 2009-06-14 12:15
Pre-Run: 3,120,078,848 bytes free
Post-Run: 3,118,612,480 bytes free
220 --- E O F --- 2009-06-10 08:30
 
توقيع : سيد الصافى
تأييد 0
نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
الاخ العزيز ابو ريما معذره على التاخر لان الشبكه كانت عطلانه واخى الكريم ان مسطب عندددى فيستا 2009 النسخه الحمراء ولكن بعد فتره اجد عند فتح الجهاز شكل x p فهل تبقى النسخه فيستا ام x p وجزاكم الله خيرا
 
توقيع : سيد الصافى
تأييد 0
اخي النسخة اللي عندك وندوز اكسبي معدلة
ومعها اشكال وثيمات الفيستا
ولكنها اكسبي
 
تأييد 0
جزاكم الله خيرا اخى ماكس النسخه مش فيستا الله المستعان على من يقول انها اصليه لك جزيل الشكر
 
توقيع : سيد الصافى
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى