الكاسبر مابيكملش تسطيب وبيفصل ممكن مساعده

احمد عوني

احمد عوني

زيزوومى فعال
إنضم
16 مارس 2008
المشاركات
215
مستوى التفاعل
2
النقاط
280
الإقامة
شلشلمون -الشرقيه- مصر
غير متصل
بسم الله الرحمن الرحيم
السلام عليكم ورحمه الله وبركاته
طبعا من العنوان باين المشكله بتاعتي
انا كل ما نزل البرناج ويتسطب يجي عند ادخال المفاتيح ويختفي ومايرضاش يظهر تاني
اعمل ريستارت وافتح يبدا بالظهور ثم يختفي
المشكله الثانيه انه لما بيتسطب في بعض المرات
لو حصل وكانامفتاح في البلاك ليست باضطر اني اعمل له نسخه تريال 30 يوم
وبعدها يبدا في حذف كل الملفات الي بامتداد exeاو معظمها وخصوصا الالعاب
وحصلت معايا كتير اوي
ممكن حد يدلني علي حل المشكلتين
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
<AVZ_CollectSysInfo>
--------------------
Start time: 4/25/2009 6:44:46 PM
Duration: 00:03:33
Finish time: 4/25/2009 6:48:19 PM

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
4/25/2009 6:44:48 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
4/25/2009 6:44:48 PM System Restore: Disabled
4/25/2009 6:44:51 PM 1.1 Searching for user-mode API hooks
4/25/2009 6:44:51 PM Analysis: kernel32.dll, export table found in section .text
4/25/2009 6:44:51 PM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
4/25/2009 6:44:51 PM Hook kernel32.dll:CreateProcessA (99) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
4/25/2009 6:44:51 PM Hook kernel32.dll:CreateProcessW (103) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC
4/25/2009 6:44:51 PM Hook kernel32.dll:FreeLibrary (241) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB
4/25/2009 6:44:51 PM Hook kernel32.dll:GetModuleFileNameA (372) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0
4/25/2009 6:44:51 PM Hook kernel32.dll:GetModuleFileNameW (373) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648
4/25/2009 6:44:51 PM Hook kernel32.dll:GetProcAddress (408) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryA (578) blocked
4/25/2009 6:44:51 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryExA (579) blocked
4/25/2009 6:44:51 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryExW (580) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryW (581) blocked
4/25/2009 6:44:51 PM IAT modification detected: GetModuleFileNameW - 00D30010<>7C80B3D5
4/25/2009 6:44:51 PM Analysis: ntdll.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: user32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: advapi32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: ws2_32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: wininet.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: rasapi32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: urlmon.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: netapi32.dll, export table found in section .text
4/25/2009 6:44:55 PM 1.2 Searching for kernel-mode API hooks
4/25/2009 6:44:55 PM Driver loaded successfully
4/25/2009 6:44:55 PM SDT found (RVA=082800)
4/25/2009 6:44:55 PM Kernel ntoskrnl.exe found in memory at address 804D7000
4/25/2009 6:44:55 PM SDT = 80559800
4/25/2009 6:44:55 PM KiST = 804E26A8 (284)
4/25/2009 6:44:56 PM Function NtOpenFile (74) intercepted (8056FD13->F819E080), hook C:\WINDOWS\system32\Drivers\kl1.sys
4/25/2009 6:44:56 PM >>> Function restored successfully !
4/25/2009 6:44:56 PM >>> Hook code blocked
4/25/2009 6:45:05 PM Functions checked: 284, intercepted: 1, restored: 1
4/25/2009 6:45:05 PM 1.3 Checking IDT and SYSENTER
4/25/2009 6:45:05 PM Analysis for CPU 1
4/25/2009 6:45:05 PM Checking IDT and SYSENTER - complete
4/25/2009 6:45:09 PM 1.4 Searching for masking processes and drivers
4/25/2009 6:45:09 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
4/25/2009 6:45:09 PM Driver loaded successfully
4/25/2009 6:45:09 PM 1.5 Checking of IRP handlers
4/25/2009 6:45:09 PM Checking - complete
4/25/2009 6:45:54 PM >>> Attention - Task Manager is blocked
4/25/2009 6:45:57 PM >>> Attention: Registry Editor is blocked
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
4/25/2009 6:45:58 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
4/25/2009 6:45:58 PM >> Security: disk drives' autorun is enabled
4/25/2009 6:45:58 PM >> Security: administrative shares (C$, D$ ...) are enabled
4/25/2009 6:45:59 PM >> Security: anonymous user access is enabled
4/25/2009 6:46:00 PM >> Security: sending Remote Assistant queries is enabled
4/25/2009 6:46:03 PM >> Block: Registry Editor
4/25/2009 6:46:03 PM >> Block: Task Manager
4/25/2009 6:46:15 PM >> Service termination timeout is out of admissible values
4/25/2009 6:46:17 PM >> Disable HDD autorun
4/25/2009 6:46:17 PM >> Disable autorun from network drives
4/25/2009 6:46:17 PM >> Disable CD/DVD autorun
4/25/2009 6:46:17 PM >> Disable removable media autorun
4/25/2009 6:46:18 PM >> Windows Update is disabled
4/25/2009 6:46:18 PM System Analysis in progress
4/25/2009 6:48:18 PM System Analysis - complete
4/25/2009 6:48:18 PM Delete file:C:\Documents and Settings\salmaa\Desktop\Kaspersky Lab Tool\is-SC1GR\LOG\avptool_syscheck.htm
4/25/2009 6:48:18 PM Delete file:C:\Documents and Settings\salmaa\Desktop\Kaspersky Lab Tool\is-SC1GR\LOG\avptool_syscheck.xml
4/25/2009 6:48:18 PM Deleting service/driver: ute4njq4
4/25/2009 6:48:18 PM Delete file:C:\WINDOWS\system32\Drivers\ute4njq4.sys
4/25/2009 6:48:19 PM Deleting service/driver: uje4njq4
4/25/2009 6:48:19 PM Script executed without errors
 
تأييد 0
<AVZ_CollectSysInfo>
--------------------
Start time: 4/25/2009 6:44:46 PM
Duration: 00:03:33
Finish time: 4/25/2009 6:48:19 PM

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
4/25/2009 6:44:48 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
4/25/2009 6:44:48 PM System Restore: Disabled
4/25/2009 6:44:51 PM 1.1 Searching for user-mode API hooks
4/25/2009 6:44:51 PM Analysis: kernel32.dll, export table found in section .text
4/25/2009 6:44:51 PM Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
4/25/2009 6:44:51 PM Hook kernel32.dll:CreateProcessA (99) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
4/25/2009 6:44:51 PM Hook kernel32.dll:CreateProcessW (103) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC
4/25/2009 6:44:51 PM Hook kernel32.dll:FreeLibrary (241) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB
4/25/2009 6:44:51 PM Hook kernel32.dll:GetModuleFileNameA (372) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0
4/25/2009 6:44:51 PM Hook kernel32.dll:GetModuleFileNameW (373) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648
4/25/2009 6:44:51 PM Hook kernel32.dll:GetProcAddress (408) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryA (578) blocked
4/25/2009 6:44:51 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryExA (579) blocked
4/25/2009 6:44:51 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryExW (580) blocked
4/25/2009 6:44:51 PM Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C
4/25/2009 6:44:51 PM Hook kernel32.dll:LoadLibraryW (581) blocked
4/25/2009 6:44:51 PM IAT modification detected: GetModuleFileNameW - 00D30010<>7C80B3D5
4/25/2009 6:44:51 PM Analysis: ntdll.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: user32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: advapi32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: ws2_32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: wininet.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: rasapi32.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: urlmon.dll, export table found in section .text
4/25/2009 6:44:52 PM Analysis: netapi32.dll, export table found in section .text
4/25/2009 6:44:55 PM 1.2 Searching for kernel-mode API hooks
4/25/2009 6:44:55 PM Driver loaded successfully
4/25/2009 6:44:55 PM SDT found (RVA=082800)
4/25/2009 6:44:55 PM Kernel ntoskrnl.exe found in memory at address 804D7000
4/25/2009 6:44:55 PM SDT = 80559800
4/25/2009 6:44:55 PM KiST = 804E26A8 (284)
4/25/2009 6:44:56 PM Function NtOpenFile (74) intercepted (8056FD13->F819E080), hook C:\WINDOWS\system32\Drivers\kl1.sys
4/25/2009 6:44:56 PM >>> Function restored successfully !
4/25/2009 6:44:56 PM >>> Hook code blocked
4/25/2009 6:45:05 PM Functions checked: 284, intercepted: 1, restored: 1
4/25/2009 6:45:05 PM 1.3 Checking IDT and SYSENTER
4/25/2009 6:45:05 PM Analysis for CPU 1
4/25/2009 6:45:05 PM Checking IDT and SYSENTER - complete
4/25/2009 6:45:09 PM 1.4 Searching for masking processes and drivers
4/25/2009 6:45:09 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
4/25/2009 6:45:09 PM Driver loaded successfully
4/25/2009 6:45:09 PM 1.5 Checking of IRP handlers
4/25/2009 6:45:09 PM Checking - complete
4/25/2009 6:45:54 PM >>> Attention - Task Manager is blocked
4/25/2009 6:45:57 PM >>> Attention: Registry Editor is blocked
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
4/25/2009 6:45:58 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
4/25/2009 6:45:58 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
4/25/2009 6:45:58 PM >> Security: disk drives' autorun is enabled
4/25/2009 6:45:58 PM >> Security: administrative shares (C$, D$ ...) are enabled
4/25/2009 6:45:59 PM >> Security: anonymous user access is enabled
4/25/2009 6:46:00 PM >> Security: sending Remote Assistant queries is enabled
4/25/2009 6:46:03 PM >> Block: Registry Editor
4/25/2009 6:46:03 PM >> Block: Task Manager
4/25/2009 6:46:15 PM >> Service termination timeout is out of admissible values
4/25/2009 6:46:17 PM >> Disable HDD autorun
4/25/2009 6:46:17 PM >> Disable autorun from network drives
4/25/2009 6:46:17 PM >> Disable CD/DVD autorun
4/25/2009 6:46:17 PM >> Disable removable media autorun
4/25/2009 6:46:18 PM >> Windows Update is disabled
4/25/2009 6:46:18 PM System Analysis in progress
4/25/2009 6:48:18 PM System Analysis - complete
4/25/2009 6:48:18 PM Delete file:C:\Documents and Settings\salmaa\Desktop\Kaspersky Lab Tool\is-SC1GR\LOG\avptool_syscheck.htm
4/25/2009 6:48:18 PM Delete file:C:\Documents and Settings\salmaa\Desktop\Kaspersky Lab Tool\is-SC1GR\LOG\avptool_syscheck.xml
4/25/2009 6:48:18 PM Deleting service/driver: ute4njq4
4/25/2009 6:48:18 PM Delete file:C:\WINDOWS\system32\Drivers\ute4njq4.sys
4/25/2009 6:48:19 PM Deleting service/driver: uje4njq4
4/25/2009 6:48:19 PM Script executed without errors
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى