مشكلة في تثبيت برنامج الكاسبر .. ارجو حلها ..

ا

الامير الاحمر

زيزوومى فعال
إنضم
4 أبريل 2008
المشاركات
218
مستوى التفاعل
0
النقاط
280
غير متصل
السلام عليكم ..
واجهتني اليوم مشكلة في تثبيت برنامج الكاسبر انترنت سكيورتي ..

3d84892536.jpg
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
للاسف طريقة الوضع الامن لا تعمل ................
ما الحل ؟؟؟
تعبتك معي ..
 

تأييد 0
دخلت على الوضع الامن وعملت المطلوب ..
يعني هلأ اجرب اثبت التحديث ؟؟
 
تأييد 0
تأييد 0
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
تفضل اخي ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:59 ?, on 27/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 4082 bytes
 
تأييد 0
يجب عليك حذف الكراك antiwpa.dll اولاا
ولحذفه استخدم احدى هذه الادوات وطبق الشرح من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
الطريقة الموجودة في الموضوع الذي ذكرته استخمتها عندما ثبت الكراك ..
اي طريقة تقصد لحذفه ؟؟
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

بعدها طبق الشرح بالموضوع
 
تأييد 0
هي التقرير المطلوب ..
هلا احمل الكراك واثبتو عن طريق السيف مود ؟


ComboFix 09-04-27.02 - Administrator 04/27/2009 23:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.966.1033.18.446.235 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\antiwpa.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 20:53 . 2009-04-27 20:53 -------- d-----w c:\program files\Trend Micro
2009-04-27 12:46 . 2005-08-24 20:56 74752 ----a-r c:\windows\system32\drivers\Rtnicxp.sys
2009-04-26 20:48 . 2009-04-26 20:48 -------- d-----w c:\program files\Common Files\Scanner
2009-04-26 20:48 . 2009-04-26 20:49 -------- d-----w c:\program files\Yahoo!
2009-04-26 20:18 . 2009-04-26 20:18 -------- d-----w c:\windows\SxsCaPendDel
2009-04-26 20:13 . 2009-04-26 20:13 -------- d-----w c:\program files\MSN Messenger
2009-04-26 18:27 . 2007-11-13 15:57 38 ----a-w c:\windows\system32\zzrun.bat
2009-04-26 16:13 . 2009-04-26 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-25 07:05 . 2009-04-25 07:05 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-24 19:58 . 2009-04-24 19:58 -------- d-----w c:\program files\Common Files\xing shared
2009-04-24 19:57 . 2009-04-24 19:58 -------- d-----w c:\program files\Common Files\Real
2009-04-24 19:24 . 2001-08-23 12:00 46464 ----a-w c:\windows\system32\dllcache\raspptp.sys
2009-04-24 19:24 . 2001-08-23 12:00 46464 ----a-w c:\windows\system32\drivers\raspptp.sys
2009-04-24 19:23 . 2001-08-23 12:00 317952 ------w c:\windows\system32\dllcache\zipfldr.dll
2009-04-24 19:23 . 2001-08-23 12:00 317952 ------w c:\windows\system32\zipfldr.dll
2009-04-24 19:22 . 2001-08-23 12:00 407680 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-24 19:22 . 2001-08-23 12:00 407680 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-04-24 19:21 . 2001-08-23 12:00 68096 ----a-w c:\windows\system32\dllcache\locator.exe
2009-04-24 19:21 . 2001-08-23 12:00 68096 ----a-w c:\windows\system32\locator.exe
2009-04-24 19:15 . 2001-08-23 12:00 674304 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-04-24 19:15 . 2001-08-23 12:00 674304 ----a-w c:\windows\system32\ntdll.dll
2009-04-24 19:04 . 2001-08-23 12:00 218112 ----a-w c:\windows\system32\dllcache\srrstr.dll
2009-04-24 19:04 . 2001-08-23 12:00 218112 ----a-w c:\windows\system32\srrstr.dll
2009-04-24 19:02 . 2001-08-23 12:00 330368 ----a-w c:\windows\system32\dllcache\srv.sys
2009-04-24 19:02 . 2001-08-23 12:00 330368 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-24 19:00 . 2001-08-23 12:00 554496 ------w c:\windows\system32\dllcache\crypt32.dll
2009-04-24 19:00 . 2001-08-23 12:00 554496 ----a-w c:\windows\system32\crypt32.dll
2009-04-24 19:00 . 2001-08-23 12:00 126464 ------w c:\windows\system32\dllcache\shmedia.dll
2009-04-24 19:00 . 2001-08-23 12:00 126464 ------w c:\windows\system32\shmedia.dll
2009-04-24 19:00 . 2009-04-26 19:51 -------- dc-h--w c:\windows\$xpsp1hfm$
2009-04-24 19:00 . 2003-08-02 04:14 25600 ----a-w c:\windows\system32\xpsp1hfm.exe
2009-04-23 22:15 . 2009-04-23 22:15 -------- d-----w c:\program files\Avira
2009-04-23 22:15 . 2009-04-23 22:16 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-23 19:55 . 2009-04-23 19:55 -------- d-----w c:\documents and settings\Administrator\Application Data\AdobeUM
2009-04-23 19:38 . 2009-04-27 12:46 -------- d-----w c:\windows\system32\CatRoot2
2009-04-23 19:00 . 2009-04-26 19:43 -------- d-----w c:\windows\system32\bits
2009-04-23 19:00 . 2008-10-16 11:51 313344 ----a-w c:\windows\system32\winhttp.dll
2009-04-23 19:00 . 2001-08-23 12:00 179200 ----a-w c:\windows\system32\dllcache\qmgr.dll
2009-04-23 19:00 . 2001-08-23 12:00 17408 ----a-w c:\windows\system32\dllcache\qmgrprxy.dll
2009-04-23 19:00 . 2001-08-23 12:00 179200 ----a-w c:\windows\system32\qmgr.dll
2009-04-23 19:00 . 2001-08-23 12:00 17408 ----a-w c:\windows\system32\qmgrprxy.dll
2009-04-23 15:14 . 2009-04-23 15:14 26488 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 20:55 . 2009-04-22 20:55 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-22 20:34 . 2009-04-22 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-22 19:39 . 2009-04-23 21:53 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-04-22 19:39 . 2009-04-27 20:34 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-04-22 19:39 . 2009-04-22 19:39 -------- d-----w c:\program files\Internet Download Manager
2009-04-22 19:35 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-22 19:35 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-22 19:35 . 2009-04-22 19:35 -------- d-s---w c:\documents and settings\Administrator\UserData
2009-04-22 19:33 . 2009-04-26 19:58 -------- d-----w c:\program files\Real
2009-04-22 19:33 . 2009-04-22 19:33 -------- d-s---w c:\windows\system32\Microsoft
2009-04-22 19:33 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-22 19:33 . 2008-10-16 12:13 202776 ----a-w c:\windows\system32\wuweb.dll
2009-04-22 19:33 . 2008-10-16 12:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-22 19:33 . 2008-10-16 12:12 323608 ----a-w c:\windows\system32\wucltui.dll
2009-04-22 19:33 . 2008-10-16 12:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-22 19:28 . 2009-04-22 19:28 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-04-22 19:27 . 2009-04-25 13:00 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-04-22 19:25 . 2009-04-22 19:25 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-22 19:10 . 2009-04-22 19:10 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-22 06:08 . 2009-04-22 06:08 0 ----a-w c:\windows\nsreg.dat
2009-04-22 06:08 . 2009-04-22 06:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-21 19:11 . 2009-04-21 19:11 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-21 18:06 . 2009-04-21 18:06 -------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2009-04-21 18:06 . 2009-04-26 20:43 -------- d-----w c:\documents and settings\Administrator\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 20:49 . 2009-04-20 20:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-24 20:15 . 2009-04-20 20:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 19:57 . 2003-03-18 20:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-24 19:00 . 2009-04-20 20:11 -------- d-----w c:\program files\MSXML 4.0
2009-04-23 19:38 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-22 20:54 . 2009-04-20 20:23 -------- d-----w c:\program files\Common Files\Adobe
2009-04-20 20:06 . 2009-04-20 20:06 -------- d-----w c:\program files\microsoft frontpage
2009-04-20 20:05 . 2009-04-20 20:05 80007 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-20 20:03 . 2009-04-20 20:03 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
[-] 2001-08-23 12:00 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\system32\svchost.exe
[-] 2001-08-23 12:00 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\system32\dllcache\svchost.exe

[-] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
[-] 2001-08-23 12:00 561152 BE57A5C3ABD240514B98F6BCA872FB21 c:\windows\system32\user32.dll
[-] 2001-08-23 12:00 561152 BE57A5C3ABD240514B98F6BCA872FB21 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
[-] 2001-08-23 12:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\system32\ws2_32.dll
[-] 2001-08-23 12:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\system32\dllcache\ws2_32.dll

[-] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
[-] 2001-08-23 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\system32\wininet.dll
[-] 2001-08-23 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
[-] 2001-08-23 12:00 327168 E7774698BB0D14B0710A9A31E209F9B6 c:\windows\system32\dllcache\tcpip.sys
[-] 2001-08-23 12:00 327168 E7774698BB0D14B0710A9A31E209F9B6 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[-] 2001-08-23 12:00 430080 2B0E480E975EE51F2D5CE5F068FED6E2 c:\windows\system32\winlogon.exe
[-] 2001-08-23 12:00 430080 2B0E480E975EE51F2D5CE5F068FED6E2 c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
[-] 2001-08-23 12:00 161536 3EFD4F59BA0A340DE0A3AB984001DBF7 c:\windows\system32\dllcache\ndis.sys
[-] 2001-08-23 12:00 161536 3EFD4F59BA0A340DE0A3AB984001DBF7 c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
[-] 2001-08-23 12:00 1869824 7611E9CEA85B86A94359EB74DD1456EA c:\windows\system32\ntkrnlpa.exe

[-] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
[-] 2001-08-23 12:00 1897984 5E9003146793D4A8D2B46C7414965DAF c:\windows\system32\ntoskrnl.exe

[-] 2001-08-23 12:00 1000960 5A26FC6010886D25B3E412493DD95ED8 c:\windows\explorer.exe
[-] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
[-] 2001-08-23 12:00 1000960 5A26FC6010886D25B3E412493DD95ED8 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
[-] 2001-08-23 12:00 101376 E3DF4A0252D287C44606EE55355E1623 c:\windows\system32\services.exe
[-] 2001-08-23 12:00 101376 E3DF4A0252D287C44606EE55355E1623 c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
[-] 2001-08-23 12:00 11776 8A590EA109B5E0C7629E022F8A6B17C5 c:\windows\system32\lsass.exe
[-] 2001-08-23 12:00 11776 8A590EA109B5E0C7629E022F8A6B17C5 c:\windows\system32\dllcache\lsass.exe

[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
[-] 2001-08-23 12:00 13312 85B1054DB58D13AA42D7DCA778C30F57 c:\windows\system32\ctfmon.exe
[-] 2001-08-23 12:00 13312 85B1054DB58D13AA42D7DCA778C30F57 c:\windows\system32\dllcache\ctfmon.exe

[-] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
[-] 2001-08-23 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\system32\spoolsv.exe
[-] 2001-08-23 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wuauclt.exe
[-] 2008-10-16 12:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[-] 2008-10-16 12:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[-] 2001-08-23 12:00 21504 585398603F570F9705774D65D292E5D1 c:\windows\system32\userinit.exe
[-] 2001-08-23 12:00 21504 585398603F570F9705774D65D292E5D1 c:\windows\system32\dllcache\userinit.exe

[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\termsrv.dll
[-] 2001-08-23 12:00 197632 458635D2E4559526CF9C895340A38702 c:\windows\system32\termsrv.dll
[-] 2001-08-23 12:00 197632 458635D2E4559526CF9C895340A38702 c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kernel32.dll
[-] 2001-08-23 12:00 926720 379B0B31D7F8D2C9F7FF302B454A6C54 c:\windows\system32\kernel32.dll
[-] 2001-08-23 12:00 926720 379B0B31D7F8D2C9F7FF302B454A6C54 c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\powrprof.dll
[-] 2001-08-23 12:00 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\system32\powrprof.dll
[-] 2001-08-23 12:00 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\imm32.dll
[-] 2001-08-23 12:00 96768 E046037FD5BCDF92CE1A122B749B9B09 c:\windows\system32\imm32.dll
[-] 2001-08-23 12:00 96768 E046037FD5BCDF92CE1A122B749B9B09 c:\windows\system32\dllcache\imm32.dll

[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sfcfiles.dll
[-] 2001-08-23 12:00 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\system32\sfcfiles.dll
[-] 2001-08-23 12:00 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2001-08-23 13312]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-23 2745776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-24 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-02-24 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
R3 ATICDSDr;ATICDSDr; [x]
S0 avgntmgr;avgntmgr;c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys [2009-02-13 22360]
S1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2009-02-13 45416]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avgntdd
*Deregistered* - avgntmgr
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Messenger
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - RasAuto
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - uploadmgr
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmdmPmSp
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hizkmqdh.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-27 23:40
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11?#H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"f:\\software\\drivers\\chipset_inf\\sbdrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(696)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-04-27 23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 21:41

Pre-Run: 15,681,810,432 bytes free
Post-Run: 15,720,218,624 bytes free

326 --- E O F --- 2009-04-27 19:40
 
تأييد 0
اي نعم
 
تأييد 0
تم يا طيب ..
وهلأ شو اعمل ؟
 
تأييد 0
ها ايش اخر التطورات ؟؟؟

:d:
 
توقيع : KoNaMi
تأييد 0
اعمل تقرير هايجاك الان
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى