tedatasoft
زيزوومى مميز
- إنضم
- 2 ديسمبر 2008
- المشاركات
- 875
- مستوى التفاعل
- 188
- النقاط
- 550
غير متصل
السلام عليكم
انا نزلت ويندوز جديد وسطبت كاسبر 2009
kis8.0.0.506
المهم مش ظهر في شرييط المهام ومش شغال اساسا
وهذه صورة من شريط المهام
ولما اضغط كليك يمين لم يظهر تنشيط للكاسبر
المشكلة الثانية
ظهرت الملفات المخفية ظهر ليا
حاولت احذفه
ظهرت هذه الرسالة عند الحذف
حاولت ادخل بداخله ظهرت هذه الرسالة
وهذا تقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 04:07:16 م, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\mqsvc.exe
D:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\CF8980.exe
D:\ComboFix\ComboFix-Download.cfexe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winakktf.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winlnxpno.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\mspaint.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
وهذا تقرير ال ComboFix
ComboFix 09-07-02.02 - prof.ahmed4d 07/03/2009 16:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.1015.530 [GMT 7:00]
Running from: h:\برامج رائعة\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1084a7f.msi
c:\windows\Installer\1ad0b0.msi
c:\windows\Installer\45126.msp
c:\windows\Installer\45141.msp
c:\windows\Installer\4514e.msp
c:\windows\Installer\45176.msp
c:\windows\Installer\45183.msp
c:\windows\Installer\45190.msp
c:\windows\Installer\4519d.msp
c:\windows\Installer\451a3.msi
c:\windows\Installer\451ad.msi
c:\windows\Installer\451b7.msi
c:\windows\Installer\451c1.msi
c:\windows\Installer\451cb.msi
c:\windows\Installer\480419.msi
c:\windows\Installer\8829b4.msi
c:\windows\Installer\8829be.msi
c:\windows\Installer\ab80c9.msi
c:\windows\Installer\cd08a.msi
c:\windows\Installer\d2b95d.msi
c:\windows\Installer\d2e359.msi
c:\windows\Installer\d2e363.msi
c:\windows\Installer\d2e36d.msi
c:\windows\Installer\d2e377.msi
c:\windows\Installer\d2e38c.msi
c:\windows\Installer\d2e396.msi
c:\windows\Installer\d2e3a0.msi
c:\windows\Installer\d2e3aa.msi
c:\windows\Installer\d2e3b4.msi
c:\windows\Installer\d2e3bf.msi
c:\windows\Installer\d2e3c9.msi
c:\windows\Installer\d2e3d4.msi
c:\windows\Installer\d2e3de.msi
c:\windows\Installer\d2e3e8.msi
c:\windows\Installer\d2e3f2.msi
c:\windows\Installer\d2e3fc.msi
c:\windows\Installer\d2e40a.msi
d:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 09:22 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\DMCache
2009-07-03 08:54 . 2009-07-03 06:01 82640 ----a-w- d:\documents and settings\prof.ahmed4d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 08:54 . 2009-07-03 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Ahead
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Common Files\Ahead
2009-07-03 08:44 . 2009-07-03 08:44 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Ashampoo
2009-07-03 08:42 . 2009-07-03 08:42 -------- d-----w- d:\program files\Ashampoo
2009-07-03 08:37 . 2009-07-03 06:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-03 08:28 . 2009-07-03 06:18 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\uTorrent
2009-07-03 07:38 . 2009-07-03 07:32 -------- d-----w- d:\program files\Common Files\Adobe
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\program files\Common Files\Adobe Systems Shared
2009-07-03 06:40 . 2009-07-03 06:40 -------- d-----w- d:\program files\Microsoft.NET
2009-07-03 06:24 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\IDM
2009-07-03 06:23 . 2009-07-03 06:23 198064 ----a-w- d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-03 06:23 . 2009-07-03 06:02 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-07-03 06:23 . 2009-07-03 06:02 86048 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-07-03 06:23 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-07-03 06:23 . 2009-07-03 06:23 0 ----a-w- d:\windows\nsreg.dat
2009-07-03 06:22 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\iVocalize Web Conference 4
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\uTorrent
2009-07-03 06:18 . 2009-07-03 06:18 6020 ----a-w- d:\program files\un_Internet Download Manager_16575.txt
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\Internet Download Manager
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\program files\Foxit Software
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Foxit
2009-07-03 06:14 . 2009-07-03 06:14 -------- d-----w- d:\program files\GRETECH
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\LocalService\Application Data\PeerNetworking
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\program files\Yahoo!
2009-07-03 06:08 . 2009-07-03 06:08 -------- d-----w- d:\program files\Google
2009-07-03 06:08 . 2009-07-03 06:08 766 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo_1.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\controlPanelIcon.exe
2009-07-03 06:08 . 2009-07-03 06:08 10134 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\SystemFolder_msiexec.exe
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\FastStone
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\program files\FastStone Capture
2009-07-03 06:03 . 2009-07-03 06:03 96976 ----a-w- d:\windows\system32\drivers\klin.dat
2009-07-03 06:03 . 2009-07-03 06:03 87855 ----a-w- d:\windows\system32\drivers\klick.dat
2009-07-03 06:02 . 2009-07-03 06:02 -------- d-----w- d:\program files\Kaspersky Lab
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Windows Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Circle Develoement
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\MSN Messenger
2009-07-03 05:59 . 2009-07-03 05:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-03 05:56 . 2009-07-03 05:55 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-03 05:56 . 2009-07-03 05:56 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\InstallShield
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Realtek
2009-07-03 05:55 . 2009-07-03 05:55 315392 ----a-w- d:\windows\HideWin.exe
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Common Files\InstallShield
2009-07-03 05:51 . 2009-07-03 05:51 -------- d-----w- d:\program files\Intel
2009-07-03 05:50 . 2009-07-03 05:50 16608 ----a-w- d:\windows\gdrv.sys
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\Windows7
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\RocketDock
2009-07-03 05:32 . 2009-07-03 05:32 -------- d-----w- d:\program files\microsoft frontpage
2009-07-03 05:31 . 2009-07-03 05:31 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 05:28 . 2009-07-03 05:28 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-03 05:27 . 2009-07-03 05:27 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-20 13:44 . 2009-06-20 13:44 3304 ------w- D:\bootsqm.dat
2009-05-21 14:31 . 2009-07-03 06:10 685296 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-09-28 15:00 . 2009-07-03 06:18 439440 ----a-w- d:\program files\un_Internet Download Manager_16575.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-28 194560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2008-04-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\D:^Documents and Settings^prof.ahmed4d^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\prof.ahmed4d\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"= d:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\برامج رائعة\\Microsoft .NET Framework كل الاصدارات من ميروسوفت قابلة للتوزيع\\dotnetfx3setup.exe"=
"d:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"d:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis3a.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"d:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"d:\\ComboFix\\NirCmd.cfexe"=
"d:\\WINDOWS\\system32\\CF13581.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP
eer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 32784]
R3 abp470n5;abp470n5;\??\d:\windows\system32\drivers\hnmmfn.sys --> d:\windows\system32\drivers\hnmmfn.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\documents and settings\prof.ahmed4d\Application Data\Mozilla\Firefox\Profiles\c1ne2ywj.default\
FF - component: d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-03 16:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1108)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1164)
d:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(4016)
d:\windows\system32\msctfime.ime
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\MSVCP60.dll
d:\windows\system32\eappprxy.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\msdtc.exe
d:\windows\system32\inetsrv\inetinfo.exe
d:\windows\system32\tcpsvcs.exe
d:\windows\system32\snmp.exe
d:\windows\system32\mqsvc.exe
d:\windows\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2009-07-03 16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 09:32
Pre-Run: 9,715,535,872 bytes free
Post-Run: 9,680,916,480 bytes free
265
ووهذه روابط للتقريرين
اولا تقرير الهايجاك
ثانيا تقرير ComboFix
منتظر الحل
انا نزلت ويندوز جديد وسطبت كاسبر 2009
kis8.0.0.506
المهم مش ظهر في شرييط المهام ومش شغال اساسا
وهذه صورة من شريط المهام
ولما اضغط كليك يمين لم يظهر تنشيط للكاسبر
المشكلة الثانية
ظهرت الملفات المخفية ظهر ليا
حاولت احذفه
ظهرت هذه الرسالة عند الحذف
حاولت ادخل بداخله ظهرت هذه الرسالة
وهذا تقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 04:07:16 م, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\mqsvc.exe
D:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\CF8980.exe
D:\ComboFix\ComboFix-Download.cfexe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winakktf.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winlnxpno.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\mspaint.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
وهذا تقرير ال ComboFix
ComboFix 09-07-02.02 - prof.ahmed4d 07/03/2009 16:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.1015.530 [GMT 7:00]
Running from: h:\برامج رائعة\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1084a7f.msi
c:\windows\Installer\1ad0b0.msi
c:\windows\Installer\45126.msp
c:\windows\Installer\45141.msp
c:\windows\Installer\4514e.msp
c:\windows\Installer\45176.msp
c:\windows\Installer\45183.msp
c:\windows\Installer\45190.msp
c:\windows\Installer\4519d.msp
c:\windows\Installer\451a3.msi
c:\windows\Installer\451ad.msi
c:\windows\Installer\451b7.msi
c:\windows\Installer\451c1.msi
c:\windows\Installer\451cb.msi
c:\windows\Installer\480419.msi
c:\windows\Installer\8829b4.msi
c:\windows\Installer\8829be.msi
c:\windows\Installer\ab80c9.msi
c:\windows\Installer\cd08a.msi
c:\windows\Installer\d2b95d.msi
c:\windows\Installer\d2e359.msi
c:\windows\Installer\d2e363.msi
c:\windows\Installer\d2e36d.msi
c:\windows\Installer\d2e377.msi
c:\windows\Installer\d2e38c.msi
c:\windows\Installer\d2e396.msi
c:\windows\Installer\d2e3a0.msi
c:\windows\Installer\d2e3aa.msi
c:\windows\Installer\d2e3b4.msi
c:\windows\Installer\d2e3bf.msi
c:\windows\Installer\d2e3c9.msi
c:\windows\Installer\d2e3d4.msi
c:\windows\Installer\d2e3de.msi
c:\windows\Installer\d2e3e8.msi
c:\windows\Installer\d2e3f2.msi
c:\windows\Installer\d2e3fc.msi
c:\windows\Installer\d2e40a.msi
d:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 09:22 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\DMCache
2009-07-03 08:54 . 2009-07-03 06:01 82640 ----a-w- d:\documents and settings\prof.ahmed4d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 08:54 . 2009-07-03 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Ahead
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Common Files\Ahead
2009-07-03 08:44 . 2009-07-03 08:44 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Ashampoo
2009-07-03 08:42 . 2009-07-03 08:42 -------- d-----w- d:\program files\Ashampoo
2009-07-03 08:37 . 2009-07-03 06:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-03 08:28 . 2009-07-03 06:18 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\uTorrent
2009-07-03 07:38 . 2009-07-03 07:32 -------- d-----w- d:\program files\Common Files\Adobe
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\program files\Common Files\Adobe Systems Shared
2009-07-03 06:40 . 2009-07-03 06:40 -------- d-----w- d:\program files\Microsoft.NET
2009-07-03 06:24 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\IDM
2009-07-03 06:23 . 2009-07-03 06:23 198064 ----a-w- d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-03 06:23 . 2009-07-03 06:02 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-07-03 06:23 . 2009-07-03 06:02 86048 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-07-03 06:23 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-07-03 06:23 . 2009-07-03 06:23 0 ----a-w- d:\windows\nsreg.dat
2009-07-03 06:22 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\iVocalize Web Conference 4
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\uTorrent
2009-07-03 06:18 . 2009-07-03 06:18 6020 ----a-w- d:\program files\un_Internet Download Manager_16575.txt
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\Internet Download Manager
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\program files\Foxit Software
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Foxit
2009-07-03 06:14 . 2009-07-03 06:14 -------- d-----w- d:\program files\GRETECH
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\LocalService\Application Data\PeerNetworking
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\program files\Yahoo!
2009-07-03 06:08 . 2009-07-03 06:08 -------- d-----w- d:\program files\Google
2009-07-03 06:08 . 2009-07-03 06:08 766 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo_1.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\controlPanelIcon.exe
2009-07-03 06:08 . 2009-07-03 06:08 10134 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\SystemFolder_msiexec.exe
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\FastStone
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\program files\FastStone Capture
2009-07-03 06:03 . 2009-07-03 06:03 96976 ----a-w- d:\windows\system32\drivers\klin.dat
2009-07-03 06:03 . 2009-07-03 06:03 87855 ----a-w- d:\windows\system32\drivers\klick.dat
2009-07-03 06:02 . 2009-07-03 06:02 -------- d-----w- d:\program files\Kaspersky Lab
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Windows Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Circle Develoement
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\MSN Messenger
2009-07-03 05:59 . 2009-07-03 05:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-03 05:56 . 2009-07-03 05:55 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-03 05:56 . 2009-07-03 05:56 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\InstallShield
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Realtek
2009-07-03 05:55 . 2009-07-03 05:55 315392 ----a-w- d:\windows\HideWin.exe
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Common Files\InstallShield
2009-07-03 05:51 . 2009-07-03 05:51 -------- d-----w- d:\program files\Intel
2009-07-03 05:50 . 2009-07-03 05:50 16608 ----a-w- d:\windows\gdrv.sys
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\Windows7
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\RocketDock
2009-07-03 05:32 . 2009-07-03 05:32 -------- d-----w- d:\program files\microsoft frontpage
2009-07-03 05:31 . 2009-07-03 05:31 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 05:28 . 2009-07-03 05:28 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-03 05:27 . 2009-07-03 05:27 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-20 13:44 . 2009-06-20 13:44 3304 ------w- D:\bootsqm.dat
2009-05-21 14:31 . 2009-07-03 06:10 685296 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-09-28 15:00 . 2009-07-03 06:18 439440 ----a-w- d:\program files\un_Internet Download Manager_16575.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-28 194560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2008-04-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\D:^Documents and Settings^prof.ahmed4d^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\prof.ahmed4d\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"= d:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\برامج رائعة\\Microsoft .NET Framework كل الاصدارات من ميروسوفت قابلة للتوزيع\\dotnetfx3setup.exe"=
"d:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"d:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis3a.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"d:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"d:\\ComboFix\\NirCmd.cfexe"=
"d:\\WINDOWS\\system32\\CF13581.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP
eer Name Resolution Protocol (PNRP)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 32784]
R3 abp470n5;abp470n5;\??\d:\windows\system32\drivers\hnmmfn.sys --> d:\windows\system32\drivers\hnmmfn.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\documents and settings\prof.ahmed4d\Application Data\Mozilla\Firefox\Profiles\c1ne2ywj.default\
FF - component: d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-03 16:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1108)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1164)
d:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(4016)
d:\windows\system32\msctfime.ime
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\MSVCP60.dll
d:\windows\system32\eappprxy.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\msdtc.exe
d:\windows\system32\inetsrv\inetinfo.exe
d:\windows\system32\tcpsvcs.exe
d:\windows\system32\snmp.exe
d:\windows\system32\mqsvc.exe
d:\windows\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2009-07-03 16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 09:32
Pre-Run: 9,715,535,872 bytes free
Post-Run: 9,680,916,480 bytes free
265
ووهذه روابط للتقريرين
اولا تقرير الهايجاك
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
ثانيا تقرير ComboFix
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
منتظر الحل
