الحالة
مغلق و غير مفتوح للمزيد من الردود.

tedatasoft

زيزوومى مميز
إنضم
2 ديسمبر 2008
المشاركات
875
مستوى التفاعل
188
النقاط
550
غير متصل
السلام عليكم

انا نزلت ويندوز جديد وسطبت كاسبر 2009

kis8.0.0.506

المهم مش ظهر في شرييط المهام ومش شغال اساسا

وهذه صورة من شريط المهام

abnorkemiathanwya-d87b885502.png


ولما اضغط كليك يمين لم يظهر تنشيط للكاسبر

abnorkemiathanwya-cb14b86c60.png



المشكلة الثانية

ظهرت الملفات المخفية ظهر ليا

abnorkemiathanwya-5ff666ceed.png


حاولت احذفه

ظهرت هذه الرسالة عند الحذف

abnorkemiathanwya-86e670628b.png


حاولت ادخل بداخله ظهرت هذه الرسالة
abnorkemiathanwya-f01c8c10ad.png


وهذا تقرير الهايجاك

Logfile of HijackThis v1.99.1
Scan saved at 04:07:16 م, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\mqsvc.exe
D:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\CF8980.exe
D:\ComboFix\ComboFix-Download.cfexe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winakktf.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\PROF~1.AHM\LOCALS~1\Temp\winlnxpno.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\mspaint.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

وهذا تقرير ال ComboFix

ComboFix 09-07-02.02 - prof.ahmed4d 07/03/2009 16:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.1015.530 [GMT 7:00]
Running from: h:\برامج رائعة\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1084a7f.msi
c:\windows\Installer\1ad0b0.msi
c:\windows\Installer\45126.msp
c:\windows\Installer\45141.msp
c:\windows\Installer\4514e.msp
c:\windows\Installer\45176.msp
c:\windows\Installer\45183.msp
c:\windows\Installer\45190.msp
c:\windows\Installer\4519d.msp
c:\windows\Installer\451a3.msi
c:\windows\Installer\451ad.msi
c:\windows\Installer\451b7.msi
c:\windows\Installer\451c1.msi
c:\windows\Installer\451cb.msi
c:\windows\Installer\480419.msi
c:\windows\Installer\8829b4.msi
c:\windows\Installer\8829be.msi
c:\windows\Installer\ab80c9.msi
c:\windows\Installer\cd08a.msi
c:\windows\Installer\d2b95d.msi
c:\windows\Installer\d2e359.msi
c:\windows\Installer\d2e363.msi
c:\windows\Installer\d2e36d.msi
c:\windows\Installer\d2e377.msi
c:\windows\Installer\d2e38c.msi
c:\windows\Installer\d2e396.msi
c:\windows\Installer\d2e3a0.msi
c:\windows\Installer\d2e3aa.msi
c:\windows\Installer\d2e3b4.msi
c:\windows\Installer\d2e3bf.msi
c:\windows\Installer\d2e3c9.msi
c:\windows\Installer\d2e3d4.msi
c:\windows\Installer\d2e3de.msi
c:\windows\Installer\d2e3e8.msi
c:\windows\Installer\d2e3f2.msi
c:\windows\Installer\d2e3fc.msi
c:\windows\Installer\d2e40a.msi
d:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 09:22 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\DMCache
2009-07-03 08:54 . 2009-07-03 06:01 82640 ----a-w- d:\documents and settings\prof.ahmed4d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 08:54 . 2009-07-03 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Ahead
2009-07-03 08:47 . 2009-07-03 08:47 -------- d-----w- d:\program files\Common Files\Ahead
2009-07-03 08:44 . 2009-07-03 08:44 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Ashampoo
2009-07-03 08:42 . 2009-07-03 08:42 -------- d-----w- d:\program files\Ashampoo
2009-07-03 08:37 . 2009-07-03 06:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-03 08:28 . 2009-07-03 06:18 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\uTorrent
2009-07-03 07:38 . 2009-07-03 07:32 -------- d-----w- d:\program files\Common Files\Adobe
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-03 07:36 . 2009-07-03 07:36 -------- d-----w- d:\program files\Common Files\Adobe Systems Shared
2009-07-03 06:40 . 2009-07-03 06:40 -------- d-----w- d:\program files\Microsoft.NET
2009-07-03 06:24 . 2009-07-03 06:23 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\IDM
2009-07-03 06:23 . 2009-07-03 06:23 198064 ----a-w- d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-03 06:23 . 2009-07-03 06:02 196640 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-07-03 06:23 . 2009-07-03 06:02 86048 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-07-03 06:23 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-07-03 06:23 . 2009-07-03 06:23 0 ----a-w- d:\windows\nsreg.dat
2009-07-03 06:22 . 2009-07-03 06:02 2800 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\iVocalize Web Conference 4
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\uTorrent
2009-07-03 06:18 . 2009-07-03 06:18 6020 ----a-w- d:\program files\un_Internet Download Manager_16575.txt
2009-07-03 06:18 . 2009-07-03 06:18 -------- d-----w- d:\program files\Internet Download Manager
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\program files\Foxit Software
2009-07-03 06:17 . 2009-07-03 06:17 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\Foxit
2009-07-03 06:14 . 2009-07-03 06:14 -------- d-----w- d:\program files\GRETECH
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-03 06:11 . 2009-07-03 06:11 -------- d-----w- d:\documents and settings\LocalService\Application Data\PeerNetworking
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- d:\program files\Yahoo!
2009-07-03 06:08 . 2009-07-03 06:08 -------- d-----w- d:\program files\Google
2009-07-03 06:08 . 2009-07-03 06:08 766 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo_1.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\InstantDemo.exe
2009-07-03 06:08 . 2009-07-03 06:08 16718 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\controlPanelIcon.exe
2009-07-03 06:08 . 2009-07-03 06:08 10134 ----a-r- d:\documents and settings\prof.ahmed4d\Application Data\Microsoft\Installer\{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}\SystemFolder_msiexec.exe
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\FastStone
2009-07-03 06:05 . 2009-07-03 06:05 -------- d-----w- d:\program files\FastStone Capture
2009-07-03 06:03 . 2009-07-03 06:03 96976 ----a-w- d:\windows\system32\drivers\klin.dat
2009-07-03 06:03 . 2009-07-03 06:03 87855 ----a-w- d:\windows\system32\drivers\klick.dat
2009-07-03 06:02 . 2009-07-03 06:02 -------- d-----w- d:\program files\Kaspersky Lab
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Windows Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Circle Develoement
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-03 06:01 . 2009-07-03 06:01 -------- d-----w- d:\program files\MSN Messenger
2009-07-03 05:59 . 2009-07-03 05:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-03 05:56 . 2009-07-03 05:55 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-03 05:56 . 2009-07-03 05:56 -------- d-----w- d:\documents and settings\prof.ahmed4d\Application Data\InstallShield
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Realtek
2009-07-03 05:55 . 2009-07-03 05:55 315392 ----a-w- d:\windows\HideWin.exe
2009-07-03 05:55 . 2009-07-03 05:55 -------- d-----w- d:\program files\Common Files\InstallShield
2009-07-03 05:51 . 2009-07-03 05:51 -------- d-----w- d:\program files\Intel
2009-07-03 05:50 . 2009-07-03 05:50 16608 ----a-w- d:\windows\gdrv.sys
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\Windows7
2009-07-03 05:41 . 2009-07-03 05:41 -------- d-----w- d:\program files\RocketDock
2009-07-03 05:32 . 2009-07-03 05:32 -------- d-----w- d:\program files\microsoft frontpage
2009-07-03 05:31 . 2009-07-03 05:31 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 05:28 . 2009-07-03 05:28 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-07-03 05:27 . 2009-07-03 05:27 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-20 13:44 . 2009-06-20 13:44 3304 ------w- D:\bootsqm.dat
2009-05-21 14:31 . 2009-07-03 06:10 685296 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-09-28 15:00 . 2009-07-03 06:18 439440 ----a-w- d:\program files\un_Internet Download Manager_16575.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-28 194560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2008-04-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\D:^Documents and Settings^prof.ahmed4d^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=d:\documents and settings\prof.ahmed4d\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"= d:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\برامج رائعة\\Microsoft .NET Framework كل الاصدارات من ميروسوفت قابلة للتوزيع\\dotnetfx3setup.exe"=
"d:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"d:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis3a.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"d:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"d:\\ComboFix\\NirCmd.cfexe"=
"d:\\WINDOWS\\system32\\CF13581.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 32784]
R3 abp470n5;abp470n5;\??\d:\windows\system32\drivers\hnmmfn.sys --> d:\windows\system32\drivers\hnmmfn.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\documents and settings\prof.ahmed4d\Application Data\Mozilla\Firefox\Profiles\c1ne2ywj.default\
FF - component: d:\documents and settings\prof.ahmed4d\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-07-03 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1164)
d:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(4016)
d:\windows\system32\msctfime.ime
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\MSVCP60.dll
d:\windows\system32\eappprxy.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\msdtc.exe
d:\windows\system32\inetsrv\inetinfo.exe
d:\windows\system32\tcpsvcs.exe
d:\windows\system32\snmp.exe
d:\windows\system32\mqsvc.exe
d:\windows\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2009-07-03 16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 09:32

Pre-Run: 9,715,535,872 bytes free
Post-Run: 9,680,916,480 bytes free

265

ووهذه روابط للتقريرين

اولا تقرير الهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثانيا تقرير ComboFix

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



منتظر الحل
 

توقيع : tedatasoft
شكرا جزيلا اخوى على تعبك معى

في رعاية الله
 

توقيع : tedatasoft
بالتوفيق حبيب قلبي

:. يغلق للانتهاء .:
 
توقيع : KoNaMi
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى