مشاكل مع تقرير

[ميو ميو]

السلام عليكم عندي كمبيوتر قديم بش شغال لكن فيه مشاكل كل ما فرمتناه لازم يستوي تنشيط يبي ويظهر الكي نوت اكتفتارفقت الصور الي تظهر لي احس كمبيوتري فيه شي صوره تنشيط الكي الي يظهر لي صوب الساعهانا حاولت اسوي تنشيط للوندز يظهر لي مشكله عندي بالكاسبر rsikهذا البرنامجج مرفق بالصوره احسه هكر winlogo

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقريرLogfile of HijackThis v1.99.1Scan saved at 05:23:57 م, on 07/09/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Atievxx.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wpabaln.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.204\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exeO4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

 

[Juve GuardJuve Guard is verified member.]

التقرير غلط اخوي
شغل البرنامج
Do a system scan and save a log file

يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط

 

[ميو ميو]

ComboFix 08-09-05.03 - Owner 09/07/2008 17:42:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1256.1.1025.18.144 [GMT 4:00]
Running from: C:\Documents and Settings\Owner\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 13:47 725,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-07 13:47 48,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-07 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-07 13:11 9,932 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-07 13:11 5,204 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 21:14 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-09-06 21:13 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-06 21:13 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-06 21:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-06 21:10 --------- d-----w C:\Program Files\Common Files\Real
2008-09-06 21:09 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-06 21:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-06 21:09 --------- d-----w C:\Program Files\Real
2008-09-06 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-06 20:40 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-06 20:27 --------- d-----w C:\Program Files\Windows Live
2008-09-06 20:27 --------- d-----w C:\Program Files\MSN Messenger
2008-09-06 20:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-06 19:51 515,584 ------w C:\WINDOWS\system32\winlogon.exe
2008-09-06 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-06 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 18:51 --------- d-----w C:\Program Files\D-Link
2008-09-06 18:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-06 18:51 --------- d-----w C:\Program Files\ANI
2008-09-06 18:40 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 18:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 18:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 18:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 18:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 18:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 18:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 18:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 18:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.
------- Sigcheck -------
09/06/2008 11:51 PM 515584 8b95dc290e1d8f8dff875575c02a3c55 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [04/15/2003 11:00 PM 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [06/16/2006 10:24 AM 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [06/01/2006 04:59 PM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/07/2008 01:09 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [04/15/2003 11:00 PM 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\System32\DRIVERS\A3AB.sys [05/11/2006 01:11 PM 472096]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [12/13/2007 01:28 PM 24592]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ae/
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-07 17:47:47
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/07/2008 17:49:23
ComboFix-quarantined-files.txt 2008-09-07 13:49:18
Pre-Run: 34,088,787,968 bytes free
Post-Run: 34,169,032,704 bytes free
92


هذا تقرير باداه ComboFix








والان هذا باداه الهايجك

Logfile of HijackThis v1.99.1
Scan saved at 05:51:18 م, on 07/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

 

[ميو ميو]

ويوم فرمته كنت حاطه اليوز ميمو يظهر لي يوز غير اسمهowner
وويوم شغلت الاداه الوقت طلع لي انجليزي وبعد ماخلصت طلع عربي
وكل ما اريد نشط الوندز يطلع يتعارض مع ملف risk ---> هذا winlogo
ويظهر لي مفتاح التنشيط قريب من الساعه مالحل

 

[ميو ميو]

هل فيه شي كمبيوتري؟

 

[ميو ميو]

Diagnostic Report (1.7.0012.0):
-----------------------------------------
WGA Data-->
Validation Status: Not Activated
Detailed Status: N/A
Windows Product Key: *****-*****-2CXKV-GMP22-HF2BQ
Windows Product Key Hash: 25dG7mX6zCS/Ri0MYOSCvb3ct0w=
Windows Product ID: 55370-OEM-2111907-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
ID: {672C359A-C909-46A1-A522-8DE7D3343492}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic:
Resolution Status: N/A
Notifications Data-->
Cached Result: N/A
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3178-80070002
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:
File Scan Data-->
File Mismatch: c:\windows\system32\winlogon.exe
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{672C359A-C909-46A1-A522-8DE7D3343492}</UGUID><Version>1.7.0012.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><PKey>*****-*****-*****-*****-HF2BQ</PKey><PID>55370-OEM-2111907-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-1957994488-507921405-854245398</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Latitude C610 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20020213******.******+***</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>DFF23B07018400CE</HWID><UserLCID>3801</UserLCID><SystemLCID>0401</SystemLCID><TimeZone>التوقيت العربي الرسمي(GMT+04:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>