مشكله في الكاسبر؟؟ ( اول ما يبدأ في Scan مباشره يعمل ريستارت الجهاز)؟؟

  • بادئ الموضوع بادئ الموضوع love shadow
  • تاريخ البدء تاريخ البدء
  • المشاهدات 921
L

love shadow

زيزوومي نشيط
إنضم
20 أكتوبر 2007
المشاركات
104
مستوى التفاعل
0
النقاط
120
الإقامة
MaKkaH
غير متصل
السلام عليكم ورحمة الله


مساكم Or صبّحكم الله بالخير << حسب توقيت القارئ :d:



الكاسبر عندي زي الفلّ ... واخر رونقه .... وبصراااحه شي يشرّف << :b: أخلص



:no: والحين

اسوي Scan للجهاز ... ووسط التنظيف .... يسوي ريستارت للجهاز ...:i:


مع العلم ان كل شي فيه تمام ... تحديث ... كراك .... كله اخر حلااااااااوه :ok:



:er:​

مدري الأقي حل؟؟؟؟





تحياتي
LovE ShAdOw
 

توقيع : love shadow
ترتيب حسب التاريخ ترتيب حسب الأصوات
عطني تقرير وانا اخوك سريع زي الحلاوه على قولتك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Juve Guard
تأييد 0
:d: هذي اللوزه الأولى

كود: 
ComboFix 08-05-08.1 - 1111 05/09/2008 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.552 [GMT 3:00]
Running from: C:\Documents and Settings\1111\سطح المكتب\ComboFix.exe
 * Created a new restore point
[COLOR=red][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\1111\«ل¥ ںéêè¢ \ê¤é§ ¤§ï§\Your Uninstaller! 2006 pro v5.0.0235\Desktop_.ini
C:\f.exe
C:\WINDOWS\aooszh.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\dxtmechk
C:\WINDOWS\futgfh.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\prbhey.exe
C:\WINDOWS\system32\77AC2EF2.DLL
C:\WINDOWS\system32\adyldd.dll
C:\WINDOWS\system32\akcgny.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\avuhxz.dll
C:\WINDOWS\system32\bhctrd.dll
C:\WINDOWS\system32\cdtzyz.dll
C:\WINDOWS\system32\cttsrv.dll
C:\WINDOWS\system32\D3D9_64.DLL
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\dpgcuw.dll
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dwzreq.dll
C:\WINDOWS\system32\edqdrf.dll
C:\WINDOWS\system32\etogvv.dll
C:\WINDOWS\system32\euepqw.dll
C:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\gfvwen.dll
C:\WINDOWS\system32\gkjxdi.dll
C:\WINDOWS\system32\gultxf.dll
C:\WINDOWS\system32\gwgpln.dll
C:\WINDOWS\system32\HBKrnl.dll
C:\WINDOWS\system32\hrthlg.dll
C:\WINDOWS\system32\ieooke.dll
C:\WINDOWS\system32\ierciw.dll
C:\WINDOWS\system32\iluvrp.dll
C:\WINDOWS\system32\iodvcp.dll
C:\WINDOWS\system32\irgdrb.dll
C:\WINDOWS\system32\irzkna.dll
C:\WINDOWS\system32\jeiyqa.dll
C:\WINDOWS\system32\jjakpu.dll
C:\WINDOWS\system32\jmhgzu.dll
C:\WINDOWS\system32\jzycto.dll
C:\WINDOWS\system32\k111146799313.exe
C:\WINDOWS\system32\k111181210115.exe
C:\WINDOWS\system32\k111181210216.exe
C:\WINDOWS\system32\k11144906981.exe
C:\WINDOWS\system32\k111458041417.exe
C:\WINDOWS\system32\k11146636228.exe
C:\WINDOWS\system32\k111466362712.exe
C:\WINDOWS\system32\k111466362813.exe
C:\WINDOWS\system32\k11147489298.exe
C:\WINDOWS\system32\k12071231626.exe
C:\WINDOWS\system32\k12071231669.exe
C:\WINDOWS\system32\k120712316811.exe
C:\WINDOWS\system32\k120712317214.exe
C:\WINDOWS\system32\k120712317315.exe
C:\WINDOWS\system32\k12089245052.exe
C:\WINDOWS\system32\kanokr.dll
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\kwdirj.dll
C:\WINDOWS\system32\kxumcs.dll
C:\WINDOWS\system32\lcvdfq.dll
C:\WINDOWS\system32\libsgq.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\mfchlp32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\NAVMon32.dll
C:\WINDOWS\system32\njriyd.dll
C:\WINDOWS\system32\nnypzl.dll
C:\WINDOWS\system32\npuqsv.dll
C:\WINDOWS\system32\nqtsop.dll
C:\WINDOWS\system32\odutce.dll
C:\WINDOWS\system32\oqvmrb.dll
C:\WINDOWS\system32\phvpwv.dll
C:\WINDOWS\system32\plppns.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\pysmfb.dll
C:\WINDOWS\system32\qcktfq.dll
C:\WINDOWS\system32\qnpbyt.dll
C:\WINDOWS\system32\qppnfcoh.dll
C:\WINDOWS\system32\REGKEY.hiv
C:\WINDOWS\system32\risiqm.dll
C:\WINDOWS\system32\stktjl.dll
C:\WINDOWS\system32\szwrps.dll
C:\WINDOWS\system32\tciocp32.dll
C:\WINDOWS\system32\tituxm.dll
C:\WINDOWS\system32\tpwwml.dll
C:\WINDOWS\system32\uehggv.dll
C:\WINDOWS\system32\ujdrtl.dll
C:\WINDOWS\system32\vavhmg.dll
C:\WINDOWS\system32\WINSvr32.dll
C:\WINDOWS\system32\wlhyfe.dll
C:\WINDOWS\system32\wmbqhe.dll
C:\WINDOWS\system32\wnnhul.dll
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\xlbkse.dll
C:\WINDOWS\system32\yhochp.dll
C:\WINDOWS\system32\yuyagc.dll
C:\WINDOWS\Update.dat
C:\WINDOWS\vlysuw.exe
C:\WINDOWS\xoxhpy.exe
F:\auto.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL

(((((((((((((((((((((((((   Files Created from 2005-04-09 to 2005-05-09  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:59 35,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 13:59 1,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 13:30 --------- d-----w C:\Program Files\Advanced WindowsCare V2 Pro
2008-05-09 13:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-09 12:24 --------- d-----w C:\Program Files\Google
2008-05-09 12:22 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 12:22 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-30 07:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\HP
2008-04-30 05:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 05:14 --------- d-----w C:\Program Files\المكتبة الشاملة
2008-04-02 08:00 21,080 ----a-w C:\WINDOWS\zbotmh.exe
2008-04-02 05:20 21,080 ----a-w C:\WINDOWS\sqgblo.exe
2008-02-24 05:49 --------- d-----w C:\Program Files\مصحف النور
2008-01-24 17:26 104,385 --sh--r C:\awda2.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-27 10:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-21 04:49 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-14 08:07 --------- d-----w C:\Program Files\Common Files\HP
2007-11-14 08:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-14 08:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 06:51 --------- d-----w C:\Program Files\HP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-04 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-06 10:05 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2007-06-28 09:50 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-06-13 13:22 1,030,656 ----a-w C:\WINDOWS\explorer.exe
2007-06-02 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-05-15 12:56 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 12:55 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-05-15 12:55 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-05-15 12:55 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-05-15 12:55 118,576 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-05-06 04:32 --------- d-----w C:\Program Files\Readiris Pro 8
2007-05-06 04:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 13:51 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-04-23 10:32 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-04-04 11:58 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-04-01 08:02 --------- d-----w C:\Program Files\Frinds Soft
2007-04-01 08:02 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-04-01 08:02 --------- d-----w C:\Program Files\Borland
2007-03-20 18:22 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-02-09 11:10 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2006-10-13 10:23 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-08-21 09:14 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 09:37 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-07-13 08:48 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-14 09:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-05 09:47 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-12 10:04 49,664 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys
2006-04-12 10:04 21,568 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
2006-03-17 00:33 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-02-15 00:22 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2005-06-10 04:10 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-05-26 23:22 10,752 ----a-w C:\WINDOWS\hh.exe
2005-05-09 14:01 2,594,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2005-05-09 14:00 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2005-05-09 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-05-09 11:43 --------- d-----w C:\Program Files\Kaspersky Lab
2005-05-09 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2005-05-09 10:49 --------- d-----w C:\Documents and Settings\1111\Application Data\Ahead
2005-05-08 21:43 --------- d-----w C:\Documents and Settings\1111\Application Data\HP
2005-05-08 21:34 --------- d-----w C:\Program Files\Your Uninstaller 2006
2005-04-26 04:11 19,601 ---h--w C:\auto.exe
2005-04-01 05:15 21,080 ----a-w C:\WINDOWS\nznazm.exe
2005-03-25 09:45 --------- d-----w C:\Program Files\Birds
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 02:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 08:55 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 08:51 PM 118784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{006CD4A0-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k111422972419ow.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]
--a------ 12/17/2006 10:38 PM 2553856 C:\Program Files\Advanced WindowsCare V2 Pro\Awc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 02/19/2006 02:41 AM 49152 C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAKTray]
--a------ 08/27/2004 05:07 PM 287232 C:\WINDOWS\MAKTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Set]
--a------ 11/20/2003 11:01 PM 525824 C:\Program Files\Compaq\Set\Set.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 07/30/2003 09:08 AM 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 05/20/2004 07:40 PM 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqnrs08.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
S2 EAB2AE62;EAB2AE62;C:\WINDOWS\system32\90E3B986.EXE [04/26/2005 07:11 AM]
S2 HBKernel;HBKernel Driver;C:\WINDOWS\system32\drivers\HBKernel.sys []
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe []
.
s of the 'Scheduled Tasks' folder
"2008-05-09 13:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-12-01 02:29:47 C:\WINDOWS\Tasks\WebReg 20071201052946.job"
- C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\WebReg\bin\hpqwrg.exe4/TaskName 20071201052946 /N 
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2005-05-09 17:01:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

folder error: C:\DOCUME~1\1111\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/09/2008 17:02:46 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-09 14:02:38
Pre-Run: 141,456,265,216 bytes free
Post-Run: 142,151,749,632 bytes free
316 --- E O F --- 2005-05-09 10:19:37




وهذا hijackthis ( اللوزه الثانيه) :d:




كود: 
Logfile of HijackThis v1.99.1
Scan saved at 05:07:36 م, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\1111\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.compaq.com/1Q00CDT/0401/bl7.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://go.compaq.com/1Q00CDT/0401/bl8.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [URL]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/URL]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EAB2AE62 - Unknown owner - C:\WINDOWS\system32\90E3B986.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NBService - Nero AG - c:\program files\nero\nero 7\nero backitup\nbservice.exe
O23 - Service: NMIndexingService - Nero AG - c:\program files\common files\ahead\lib\nmindexingservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe





:d: واللوز باااقي


لكن انت آمر بس :b:​
 
توقيع : love shadow
تأييد 0
ياااااااااااااااااوه
يا حبي لقلبك بس
اشوى انك استخدمت اداة كومبو فكس
ولا كان حنا في خبر كان
عندك القيمه هذي احذفها

O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

والله يا جهازك قسم بالله فيه بلاوي :q:
هذي نتيجه الي يستخدم الكاسبر سكي :wink:
انصحك تحذف الكاسبر بعد المصيبه الي حصلت لك
وتثبت الأفيرا وتسوي سكان لجهازك
وتعطينا تقرير لجهازك بعد ما ينتهي من الفحص ( هذا اذا كان ودك تركب الأفيرا :d: )
 
توقيع : Juve Guard
تأييد 0
ههههههههههههههاي


هو جهاز اخوي بصرااااحه ... انا توي جااي من السفر ... وكان الجهاز اصلا لا مكرك ولا شي

بعدها ضبطه له وحطيت الكراك وسويت التحديث للكاسبر انترنت سيكيورتي

وجيت اسوي التنظيف للجهاز ....


وشوووفت عينك :no:



:p: مشكلتي ايماني ضعيف بغير الكاسبر


الافيرا ياخوي مالي خلفيه عنه

لكن قبل لا احمله ؟

هل يحتاج الى متابعة لكراك مثل الكاسبر

وتحديث مستمر ؟

:b: لأن اللي يشتغل عالجهاز توه صغنون



:d: واذا الشروط اللي قلتها موجوده... راح يكون ايماني بالافيرا قوي جدا

طبعا مو في جهاااااازي ... في جهاز اخووووي الصغنن:b:​




ومشكور يالغالي:ok:​
 
توقيع : love shadow
تأييد 0
اجل من اليوم ورايح خلك كافر في الكاسبر :bleh:
الأفيرا سلمك الله ما مثله في كشف الفيروسات
والموقع الخاص به يعطيك مفتاح لمدة ( 6 شهور )
يعني ما يحتاج لا كراك ولا وجع راس
وله اعدادت حلوه تخليه أول ما يكشف فيروس
يحذفه على طول بنفسه
وهذا هو المبتغى اذا كان الجهاز لواحد صغير لأنه ما يتعرف يتعامل مع برامج كذا
هذا موضوع عن الأفيرا وكيفية طلب المفتاح وتحميله
اذا احتجت شي علمني
وان شاء الله بشرح البرنامج شرح كامل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Juve Guard
تأييد 0
Juve Guard قال:
اجل من اليوم ورايح خلك كافر في الكاسبر :bleh:
أنقر للتوسيع...
Juve Guard قال:
الأفيرا سلمك الله ما مثله في كشف الفيروسات
والموقع الخاص به يعطيك مفتاح لمدة ( 6 شهور )
يعني ما يحتاج لا كراك ولا وجع راس
وله اعدادت حلوه تخليه أول ما يكشف فيروس
يحذفه على طول بنفسه
وهذا هو المبتغى اذا كان الجهاز لواحد صغير لأنه ما يتعرف يتعامل مع برامج كذا
هذا موضوع عن الأفيرا وكيفية طلب المفتاح وتحميله
اذا احتجت شي علمني
وان شاء الله بشرح البرنامج شرح كامل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...






:d: تسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسلم


:b: عرفته الافيرا اللي تقووول عليه.....


شرحك ماشاء الله وااافي :ok:


:d: لكن لحاجة في نفسي ... اتحفظ برأيي في هذا البرناااااااامج
 
توقيع : love shadow
تأييد 0
love shadow قال:
:d: تسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسلم


:b: عرفته الافيرا اللي تقووول عليه.....


شرحك ماشاء الله وااافي :ok:


:d: لكن لحاجة في نفسي ... اتحفظ برأيي في هذا البرناااااااامج
أنقر للتوسيع...
تراي ما ادري وش انت تقول لأني مستعجل شوي :b:
اذا انت تبي تخلي الكاسبر مثل ما كان
لازم تسوي له اعادة تثبيت
فمان الله :king:
 
توقيع : Juve Guard
تأييد 0
مرحباً

قم بعمل اصلاح للكاسبر عن طريق ملف السيتأب

بالتوفيق
 
توقيع : FireFox
تأييد 0
للحين نتواصل <<< :er:


هذي التقارير مره ثانيه <<< :d: وياليت يعني حلّ للمشكه.. غير حل اخونا بيّض الله وجهه (( اللي نصح بحذف الكاسبر))


كود: 
ComboFix 08-05-08.1 - 1111 05/09/2008 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.552 [GMT 3:00]
Running from: C:\Documents and Settings\1111\سطح المكتب\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\1111\«ل¥ ںéêè¢ \ê¤é§ ¤§ï§\Your Uninstaller! 2006 pro v5.0.0235\Desktop_.ini
C:\f.exe
C:\WINDOWS\aooszh.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\dxtmechk
C:\WINDOWS\futgfh.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\prbhey.exe
C:\WINDOWS\system32\77AC2EF2.DLL
C:\WINDOWS\system32\adyldd.dll
C:\WINDOWS\system32\akcgny.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\avuhxz.dll
C:\WINDOWS\system32\bhctrd.dll
C:\WINDOWS\system32\cdtzyz.dll
C:\WINDOWS\system32\cttsrv.dll
C:\WINDOWS\system32\D3D9_64.DLL
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\dpgcuw.dll
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dwzreq.dll
C:\WINDOWS\system32\edqdrf.dll
C:\WINDOWS\system32\etogvv.dll
C:\WINDOWS\system32\euepqw.dll
C:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\gfvwen.dll
C:\WINDOWS\system32\gkjxdi.dll
C:\WINDOWS\system32\gultxf.dll
C:\WINDOWS\system32\gwgpln.dll
C:\WINDOWS\system32\HBKrnl.dll
C:\WINDOWS\system32\hrthlg.dll
C:\WINDOWS\system32\ieooke.dll
C:\WINDOWS\system32\ierciw.dll
C:\WINDOWS\system32\iluvrp.dll
C:\WINDOWS\system32\iodvcp.dll
C:\WINDOWS\system32\irgdrb.dll
C:\WINDOWS\system32\irzkna.dll
C:\WINDOWS\system32\jeiyqa.dll
C:\WINDOWS\system32\jjakpu.dll
C:\WINDOWS\system32\jmhgzu.dll
C:\WINDOWS\system32\jzycto.dll
C:\WINDOWS\system32\k111146799313.exe
C:\WINDOWS\system32\k111181210115.exe
C:\WINDOWS\system32\k111181210216.exe
C:\WINDOWS\system32\k11144906981.exe
C:\WINDOWS\system32\k111458041417.exe
C:\WINDOWS\system32\k11146636228.exe
C:\WINDOWS\system32\k111466362712.exe
C:\WINDOWS\system32\k111466362813.exe
C:\WINDOWS\system32\k11147489298.exe
C:\WINDOWS\system32\k12071231626.exe
C:\WINDOWS\system32\k12071231669.exe
C:\WINDOWS\system32\k120712316811.exe
C:\WINDOWS\system32\k120712317214.exe
C:\WINDOWS\system32\k120712317315.exe
C:\WINDOWS\system32\k12089245052.exe
C:\WINDOWS\system32\kanokr.dll
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\kwdirj.dll
C:\WINDOWS\system32\kxumcs.dll
C:\WINDOWS\system32\lcvdfq.dll
C:\WINDOWS\system32\libsgq.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\mfchlp32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\NAVMon32.dll
C:\WINDOWS\system32\njriyd.dll
C:\WINDOWS\system32\nnypzl.dll
C:\WINDOWS\system32\npuqsv.dll
C:\WINDOWS\system32\nqtsop.dll
C:\WINDOWS\system32\odutce.dll
C:\WINDOWS\system32\oqvmrb.dll
C:\WINDOWS\system32\phvpwv.dll
C:\WINDOWS\system32\plppns.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\pysmfb.dll
C:\WINDOWS\system32\qcktfq.dll
C:\WINDOWS\system32\qnpbyt.dll
C:\WINDOWS\system32\qppnfcoh.dll
C:\WINDOWS\system32\REGKEY.hiv
C:\WINDOWS\system32\risiqm.dll
C:\WINDOWS\system32\stktjl.dll
C:\WINDOWS\system32\szwrps.dll
C:\WINDOWS\system32\tciocp32.dll
C:\WINDOWS\system32\tituxm.dll
C:\WINDOWS\system32\tpwwml.dll
C:\WINDOWS\system32\uehggv.dll
C:\WINDOWS\system32\ujdrtl.dll
C:\WINDOWS\system32\vavhmg.dll
C:\WINDOWS\system32\WINSvr32.dll
C:\WINDOWS\system32\wlhyfe.dll
C:\WINDOWS\system32\wmbqhe.dll
C:\WINDOWS\system32\wnnhul.dll
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\xlbkse.dll
C:\WINDOWS\system32\yhochp.dll
C:\WINDOWS\system32\yuyagc.dll
C:\WINDOWS\Update.dat
C:\WINDOWS\vlysuw.exe
C:\WINDOWS\xoxhpy.exe
F:\auto.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL

(((((((((((((((((((((((((   Files Created from 2005-04-09 to 2005-05-09  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:59 35,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 13:59 1,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 13:30 --------- d-----w C:\Program Files\Advanced WindowsCare V2 Pro
2008-05-09 13:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-09 12:24 --------- d-----w C:\Program Files\Google
2008-05-09 12:22 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 12:22 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-30 07:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\HP
2008-04-30 05:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 05:14 --------- d-----w C:\Program Files\المكتبة الشاملة
2008-04-02 08:00 21,080 ----a-w C:\WINDOWS\zbotmh.exe
2008-04-02 05:20 21,080 ----a-w C:\WINDOWS\sqgblo.exe
2008-02-24 05:49 --------- d-----w C:\Program Files\مصحف النور
2008-01-24 17:26 104,385 --sh--r C:\awda2.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-27 10:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-21 04:49 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-14 08:07 --------- d-----w C:\Program Files\Common Files\HP
2007-11-14 08:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-14 08:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 06:51 --------- d-----w C:\Program Files\HP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-04 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-06 10:05 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2007-06-28 09:50 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-06-13 13:22 1,030,656 ----a-w C:\WINDOWS\explorer.exe
2007-06-02 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-05-15 12:56 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 12:55 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-05-15 12:55 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-05-15 12:55 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-05-15 12:55 118,576 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-05-06 04:32 --------- d-----w C:\Program Files\Readiris Pro 8
2007-05-06 04:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 13:51 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-04-23 10:32 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-04-04 11:58 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-04-01 08:02 --------- d-----w C:\Program Files\Frinds Soft
2007-04-01 08:02 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-04-01 08:02 --------- d-----w C:\Program Files\Borland
2007-03-20 18:22 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-02-09 11:10 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2006-10-13 10:23 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-08-21 09:14 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 09:37 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-07-13 08:48 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-14 09:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-05 09:47 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-12 10:04 49,664 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys
2006-04-12 10:04 21,568 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
2006-03-17 00:33 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-02-15 00:22 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2005-06-10 04:10 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-05-26 23:22 10,752 ----a-w C:\WINDOWS\hh.exe
2005-05-09 14:01 2,594,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2005-05-09 14:00 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2005-05-09 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-05-09 11:43 --------- d-----w C:\Program Files\Kaspersky Lab
2005-05-09 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2005-05-09 10:49 --------- d-----w C:\Documents and Settings\1111\Application Data\Ahead
2005-05-08 21:43 --------- d-----w C:\Documents and Settings\1111\Application Data\HP
2005-05-08 21:34 --------- d-----w C:\Program Files\Your Uninstaller 2006
2005-04-26 04:11 19,601 ---h--w C:\auto.exe
2005-04-01 05:15 21,080 ----a-w C:\WINDOWS\nznazm.exe
2005-03-25 09:45 --------- d-----w C:\Program Files\Birds
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 02:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 08:55 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 08:51 PM 118784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{006CD4A0-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k111422972419ow.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]
--a------ 12/17/2006 10:38 PM 2553856 C:\Program Files\Advanced WindowsCare V2 Pro\Awc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 02/19/2006 02:41 AM 49152 C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAKTray]
--a------ 08/27/2004 05:07 PM 287232 C:\WINDOWS\MAKTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Set]
--a------ 11/20/2003 11:01 PM 525824 C:\Program Files\Compaq\Set\Set.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 07/30/2003 09:08 AM 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 05/20/2004 07:40 PM 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqnrs08.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
S2 EAB2AE62;EAB2AE62;C:\WINDOWS\system32\90E3B986.EXE [04/26/2005 07:11 AM]
S2 HBKernel;HBKernel Driver;C:\WINDOWS\system32\drivers\HBKernel.sys []
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe []
.
s of the 'Scheduled Tasks' folder
"2008-05-09 13:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-12-01 02:29:47 C:\WINDOWS\Tasks\WebReg 20071201052946.job"
- C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\WebReg\bin\hpqwrg.exe4/TaskName 20071201052946 /N 
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2005-05-09 17:01:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

folder error: C:\DOCUME~1\1111\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/09/2008 17:02:46 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-09 14:02:38
Pre-Run: 141,456,265,216 bytes free
Post-Run: 142,151,749,632 bytes free
316 --- E O F --- 2005-05-09 10:19:37



وهذا الــhijackthis :) :i:​


كود: 
Logfile of HijackThis v1.99.1
Scan saved at 05:07:36 م, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\1111\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.compaq.com/1Q00CDT/0401/bl7.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://go.compaq.com/1Q00CDT/0401/bl8.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [URL]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/URL]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EAB2AE62 - Unknown owner - C:\WINDOWS\system32\90E3B986.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NBService - Nero AG - c:\program files\nero\nero 7\nero backitup\nbservice.exe
O23 - Service: NMIndexingService - Nero AG - c:\program files\common files\ahead\lib\nmindexingservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



:d: السيف بيد السيااااف ...... وحنا ننتضر منكم التدخل في حل القضيه
 
توقيع : love shadow
تأييد 0
توقيع : Juve Guard
تأييد 0
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى