إنطفاء explorer.exe (اختفى سطح المكتب وشريط إبدأ)

[ashalshaikh]

بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته ..

لما أشغل الكمبيوتر ... يقعد كذا تقريبا 20 ثانية وبعدين يطفي الـ explorer

محاولاتي :ـ
حاولت أشغله من التاسك مانجر .. ولكن لا فائدة ..

قلت يمكن المشكلة برنامج يشتغل مع بدء التشغيل ... عطلت جمع المدخلات ماعدا برامج الحماية ... لا فائدة ...

*********************************************************************************

تقرير هايجاك ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:33, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ashalshaikh\Desktop\exe\أدوات خدمية\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: is-QHFPU - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QHFPU\is-QHFPU.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5735 bytes


=-==============================
وحاليا شغلي كله من التاسك مانجر (إدارة المهام )

********************************************************************************

أرجو مساعدتي ....
=
==========
===================
================================
===============
===========
=

تم الحل المشكلة ...

في كل يوم يزداد إعجابي بالـ combofox
عرفت سبب المشكلة وأوقفته ...

القصة كاااااااااااااااااااملة :ـ
عندما خرجت من عند الجهاز وتركته شغال ... جاء أخوية الصغير وبدأ يلعب .. ومبصوووووووووووووووووووووط .. على الكيبورد ... المهم والله أعلم .. جات رسالة من الآسكويرد أن الـ explorer بعمل شي (أتوقع تغيير في الإعدادات ) ومن لعبه ضغط على حجب . ثم إنتر ...

والبرنامج سوى المطلوب .... حجبه عن العمل ...

المهم .. لما شغلت الكمبوفكس طلبت التحديث حدثتها .. وكملت عملها ... وأعادت تشغيل الجهاز .. بعدها إشتغل الجهاااااااااااااز تماااااااااام .... أنا إنتبهت إن الآسكويرد ماهو جنب الساعة فرحت شغلته ... لما شغلته بدأت المشكلة من جديد ....

+++++++++
ذهبت للوضع الآمن .. وشغلت البرنامج ورحت للقواعد ... وجدت
c:\windows\explorer.exe | حجب

حذفت القاعدة بعدها إشتغل تماااااااااااااااااااااااااااااااااااااااااام ...

جزا الله الأخ بوب 77 كل خير
​

 

[boob77]

قبل تقرير الهاجيك اعمل هالتقرير

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------

 

[ashalshaikh]

التقرير :ـ

ComboFix 08-10-04.07 - Ashalshaikh 10/05/2008 20:21:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.66 [GMT 3:00]
Running from: E:\Desktop\downloaded\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\9.exe
C:\Documents and Settings\Ashalshaikh\Application Data\dach100.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\deposit.dll
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 17:33 507,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-05 17:33 4,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-05 17:33 119,269,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-05 17:33 1,390,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 17:16 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\AvaFind Data
2008-10-05 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-05 15:31 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 13:47 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\aicon
2008-10-05 13:41 --------- d-----w C:\Program Files\AutoIt3
2008-10-05 12:50 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-10-05 12:37 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\IndigoRose
2008-10-05 12:28 --------- d-----w C:\Program Files\AutoPlay Media Studio 7.0
2008-10-05 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\IndigoRose
2008-10-05 10:29 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\DMCache
2008-10-05 09:11 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Downloaded Installations
2008-10-04 18:07 --------- d-----w C:\Documents and Settings\Azzoooz\Application Data\AvaFind Data
2008-10-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-04 08:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 08:05 --------- d-----w C:\Program Files\Bonjour
2008-10-04 07:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-10-03 17:50 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Thinstall
2008-10-03 12:08 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\IDM
2008-10-03 04:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 18:47 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-02 18:19 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-02 18:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-02 06:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-02 00:24 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-02 00:24 --------- d-----w C:\Program Files\Common Files\Real
2008-10-02 00:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-02 00:22 --------- d-----w C:\Program Files\Real
2008-10-02 00:04 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Media Player Classic
2008-10-01 08:10 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Web Page Maker
2008-10-01 06:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-01 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-01 03:54 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-01 03:54 --------- d-----w C:\Program Files\Uniblue
2008-10-01 02:46 --------- d-----w C:\Program Files\CONEXANT
2008-10-01 01:50 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\uniblue
2008-10-01 00:24 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-01 00:05 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-29 06:40 --------- d-----w C:\Program Files\Unlocker
2008-09-29 06:28 --------- d-----w C:\Program Files\VMware
2008-09-29 05:50 --------- d-----w C:\Program Files\CMenu
2008-09-29 04:31 --------- d-----w C:\Program Files\Perfect Uninstaller
2008-09-29 03:42 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\CyberScrub
2008-09-29 03:42 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\cleaner
2008-09-29 00:22 --------- d-----w C:\Program Files\Google
2008-09-28 22:13 --------- d-----w C:\Program Files\AutorunRemover
2008-09-28 21:33 --------- d-----w C:\Program Files\Ringz Studio
2008-09-28 21:32 --------- d-----w C:\Program Files\USB Disk Security
2008-09-28 19:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 04:03 --------- d-----w C:\Program Files\Driver-Soft
2008-09-27 22:10 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\GRETECH
2008-09-27 04:03 --------- d-----w C:\Program Files\ExtraTools
2008-09-27 03:23 --------- d-----w C:\Program Files\Multilizer 6
2008-09-26 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroWorld
2008-09-26 04:42 --------- d-----w C:\Program Files\TechSmith
2008-09-26 04:42 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-09-26 04:04 --------- d-----w C:\Program Files\Universal Extractor
2008-09-25 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-25 18:24 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-09-25 18:23 --------- d-----w C:\Program Files\MSECACHE
2008-09-25 17:57 --------- d-----w C:\Program Files\AnalogX
2008-09-25 04:20 --------- d-----w C:\Program Files\Dachshund Software
2008-09-25 03:13 --------- d-----w C:\Program Files\Alwil Software
2008-09-25 02:33 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Symantec
2008-09-25 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-25 02:11 --------- d-----w C:\Program Files\Symantec
2008-09-25 02:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-25 02:09 --------- d-----w C:\Program Files\Norton Ghost
2008-09-25 02:04 --------- d-----w C:\Program Files\tux3a
2008-09-25 00:48 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-09-25 00:48 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2008-09-25 00:48 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-09-25 00:48 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe
2008-09-24 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-24 23:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-24 23:12 --------- d-----w C:\Documents and Settings\Azzoooz\Application Data\IDM
2008-09-24 23:07 --------- d-----w C:\Program Files\7thLevel
2008-09-24 21:22 --------- d-----w C:\Documents and Settings\Azzoooz\Application Data\DMCache
2008-09-24 03:46 --------- d-----w C:\Program Files\AvaFind
2008-09-24 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-24 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-24 00:16 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\Reallusion
2008-09-24 00:15 --------- d-----w C:\Program Files\Reallusion
2008-09-24 00:15 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-09-23 22:02 --------- d-----w C:\Program Files\SopCast
2008-09-23 16:54 --------- d-----w C:\Documents and Settings\Azzoooz\Application Data\GRETECH
2008-09-23 16:53 --------- d-----w C:\Program Files\Real Alternative
2008-09-23 16:53 --------- d-----w C:\Documents and Settings\Azzoooz\Application Data\Media Player Classic
2008-09-23 16:52 --------- d-----w C:\Program Files\GRETECH
2008-09-23 16:11 846,336 ----a-w C:\WINDOWS\system32\kdfinj.dll
2008-09-23 02:02 7,168 ----a-w C:\WINDOWS\system32\drivers\ute1odq0.sys
2008-09-22 19:50 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-09-22 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\f-secure
2008-09-22 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-09-22 00:09 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-22 00:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-22 00:09 --------- d-----w C:\Documents and Settings\Ashalshaikh\Application Data\TuneUp Software
.

<pre>
----a-w           535,497 2008-05-23 17:55:38  C:\Documents and Settings\Ashalshaikh\Desktop\exe\USB Disk Security\تعريب .exe
</pre>

------- Sigcheck -------

06/26/2008 11:16 PM 674816 0f2f01cdf020832eaf0704a3d1481d11 C:\WINDOWS\system32\user32.dll

06/26/2008 11:17 PM 893952 12e74a87d576c25955df90726fbc8ec8 C:\WINDOWS\system32\wininet.dll

06/25/2008 08:14 AM 361344 8e036eec565910417ea020ce0962aa24 C:\WINDOWS\system32\drivers\tcpip.sys

06/26/2008 11:17 PM 557056 7dd9ce78dd441eea2bbaff6d3eeaad08 C:\WINDOWS\system32\winlogon.exe

04/13/2008 01:01 PM 2227072 f54927b2c174b5e0b1e6f3bee87f4d22 C:\WINDOWS\system32\ntkrnlpa.exe
06/26/2008 11:23 PM 2227072 f54927b2c174b5e0b1e6f3bee87f4d22 C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\ntkrnlpa.exe

04/13/2008 01:57 PM 2350208 46391325b9159057fffafca37a39a669 C:\WINDOWS\system32\ntoskrnl.exe
06/26/2008 11:11 PM 2350208 46391325b9159057fffafca37a39a669 C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\ntoskrnl.exe

06/26/2008 11:07 PM 1377792 bd63be0a3d05056222c86be283256d90 C:\WINDOWS\explorer.exe

06/26/2008 11:07 PM 40448 c1d50243355a290cb3aa684fd8b38170 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [06/26/2008 11:07 PM 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Driver32"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [06/25/2008 08:27 AM 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoClose"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" /minimized
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AutorunRemover.exe"=C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
"Vistadrv"=C:\Program Files\VIPhd\vsdrv.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesdisabled]
"raVe"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [04/15/2008 05:42 AM 5120]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/15/2008 05:42 AM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys [02/15/2000 06:19 AM 168576]
R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [11/20/2003 03:58 AM 18004]
R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 05:13 PM 1553896]
S1 is-QHFPUdrv;is-QHFPUdrv;C:\WINDOWS\system32\drivers\03174469.sys [03/05/2008 11:41 AM 148496]
S2 is-QHFPU;is-QHFPU;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QHFPU\is-QHFPU.exe [ ]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [ ]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Ashalshaikh\Local Settings\TEMP\DrvFltIp [ ]
S3 RkHit;RkHit;C:\WINDOWS\system32\drivers\RKHit.sys [09/16/2008 06:09 PM 30080]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/22/2008 03:09 AM 306432]
S3 ute1odq0;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\ute1odq0.sys [09/23/2008 05:02 AM 7168]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder

2008-10-03 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ashalshaikh\Application Data\Mozilla\Firefox\Profiles\h33rwu8p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.sa
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-05 20:35:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Ashalshaikh\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Ashalshaikh\Local Settings\TEMP\DrvFltIp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 10/05/2008 20:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 17:39:13

Pre-Run: 10,159,251,456 bytes free
Post-Run: 11,755,331,584 bytes free

248



==========================================
ما أدري كإن المشكلة إنحلت ... أبا انتظر شوي .. وأتأكد

 

[ashalshaikh]

ملاحظة ما قدرت ... أعطل الكاسبر .. لأن شريط إبدأ غير موجود .... ولكني عطلت كل مكونات الحماية

 

[ashalshaikh]

تمت حل المشكلة ز.. وإضافة القصة كاملة في الموضوع الأصلي

 

[boob77]

الحمدلله على حل المشكلة

الله يوفقك ويحفظك اخوي ,,