مشكله في الكاسبر؟؟ ( اول ما يبدأ في Scan مباشره يعمل ريستارت الجهاز)؟؟

love shadow · 9 مايو 2008

السلام عليكم ورحمة الله

مساكم Or صبّحكم الله بالخير << حسب توقيت القارئ :d:

الكاسبر عندي زي الفلّ ... واخر رونقه .... وبصراااحه شي يشرّف << :b: أخلص

:no: والحين

اسوي Scan للجهاز ... ووسط التنظيف .... يسوي ريستارت للجهاز ...:i:

مع العلم ان كل شي فيه تمام ... تحديث ... كراك .... كله اخر حلااااااااوه

k:

:er:

مدري الأقي حل؟؟؟؟

تحياتي
LovE ShAdOw

Juve Guard · 9 مايو 2008

عطني تقرير وانا اخوك سريع زي الحلاوه على قولتك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

love shadow · 9 مايو 2008

:d: هذي اللوزه الأولى

كود:

ComboFix 08-05-08.1 - 1111 05/09/2008 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.552 [GMT 3:00]
Running from: C:\Documents and Settings\1111\سطح المكتب\ComboFix.exe
 * Created a new restore point
[COLOR=red][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\1111\«ل¥ ںéêè¢ \ê¤é§ ¤§ï§\Your Uninstaller! 2006 pro v5.0.0235\Desktop_.ini
C:\f.exe
C:\WINDOWS\aooszh.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\dxtmechk
C:\WINDOWS\futgfh.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\prbhey.exe
C:\WINDOWS\system32\77AC2EF2.DLL
C:\WINDOWS\system32\adyldd.dll
C:\WINDOWS\system32\akcgny.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\avuhxz.dll
C:\WINDOWS\system32\bhctrd.dll
C:\WINDOWS\system32\cdtzyz.dll
C:\WINDOWS\system32\cttsrv.dll
C:\WINDOWS\system32\D3D9_64.DLL
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\dpgcuw.dll
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dwzreq.dll
C:\WINDOWS\system32\edqdrf.dll
C:\WINDOWS\system32\etogvv.dll
C:\WINDOWS\system32\euepqw.dll
C:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\gfvwen.dll
C:\WINDOWS\system32\gkjxdi.dll
C:\WINDOWS\system32\gultxf.dll
C:\WINDOWS\system32\gwgpln.dll
C:\WINDOWS\system32\HBKrnl.dll
C:\WINDOWS\system32\hrthlg.dll
C:\WINDOWS\system32\ieooke.dll
C:\WINDOWS\system32\ierciw.dll
C:\WINDOWS\system32\iluvrp.dll
C:\WINDOWS\system32\iodvcp.dll
C:\WINDOWS\system32\irgdrb.dll
C:\WINDOWS\system32\irzkna.dll
C:\WINDOWS\system32\jeiyqa.dll
C:\WINDOWS\system32\jjakpu.dll
C:\WINDOWS\system32\jmhgzu.dll
C:\WINDOWS\system32\jzycto.dll
C:\WINDOWS\system32\k111146799313.exe
C:\WINDOWS\system32\k111181210115.exe
C:\WINDOWS\system32\k111181210216.exe
C:\WINDOWS\system32\k11144906981.exe
C:\WINDOWS\system32\k111458041417.exe
C:\WINDOWS\system32\k11146636228.exe
C:\WINDOWS\system32\k111466362712.exe
C:\WINDOWS\system32\k111466362813.exe
C:\WINDOWS\system32\k11147489298.exe
C:\WINDOWS\system32\k12071231626.exe
C:\WINDOWS\system32\k12071231669.exe
C:\WINDOWS\system32\k120712316811.exe
C:\WINDOWS\system32\k120712317214.exe
C:\WINDOWS\system32\k120712317315.exe
C:\WINDOWS\system32\k12089245052.exe
C:\WINDOWS\system32\kanokr.dll
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\kwdirj.dll
C:\WINDOWS\system32\kxumcs.dll
C:\WINDOWS\system32\lcvdfq.dll
C:\WINDOWS\system32\libsgq.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\mfchlp32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\NAVMon32.dll
C:\WINDOWS\system32\njriyd.dll
C:\WINDOWS\system32\nnypzl.dll
C:\WINDOWS\system32\npuqsv.dll
C:\WINDOWS\system32\nqtsop.dll
C:\WINDOWS\system32\odutce.dll
C:\WINDOWS\system32\oqvmrb.dll
C:\WINDOWS\system32\phvpwv.dll
C:\WINDOWS\system32\plppns.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\pysmfb.dll
C:\WINDOWS\system32\qcktfq.dll
C:\WINDOWS\system32\qnpbyt.dll
C:\WINDOWS\system32\qppnfcoh.dll
C:\WINDOWS\system32\REGKEY.hiv
C:\WINDOWS\system32\risiqm.dll
C:\WINDOWS\system32\stktjl.dll
C:\WINDOWS\system32\szwrps.dll
C:\WINDOWS\system32\tciocp32.dll
C:\WINDOWS\system32\tituxm.dll
C:\WINDOWS\system32\tpwwml.dll
C:\WINDOWS\system32\uehggv.dll
C:\WINDOWS\system32\ujdrtl.dll
C:\WINDOWS\system32\vavhmg.dll
C:\WINDOWS\system32\WINSvr32.dll
C:\WINDOWS\system32\wlhyfe.dll
C:\WINDOWS\system32\wmbqhe.dll
C:\WINDOWS\system32\wnnhul.dll
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\xlbkse.dll
C:\WINDOWS\system32\yhochp.dll
C:\WINDOWS\system32\yuyagc.dll
C:\WINDOWS\Update.dat
C:\WINDOWS\vlysuw.exe
C:\WINDOWS\xoxhpy.exe
F:\auto.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL

(((((((((((((((((((((((((   Files Created from 2005-04-09 to 2005-05-09  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:59 35,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 13:59 1,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 13:30 --------- d-----w C:\Program Files\Advanced WindowsCare V2 Pro
2008-05-09 13:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-09 12:24 --------- d-----w C:\Program Files\Google
2008-05-09 12:22 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 12:22 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-30 07:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\HP
2008-04-30 05:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 05:14 --------- d-----w C:\Program Files\المكتبة الشاملة
2008-04-02 08:00 21,080 ----a-w C:\WINDOWS\zbotmh.exe
2008-04-02 05:20 21,080 ----a-w C:\WINDOWS\sqgblo.exe
2008-02-24 05:49 --------- d-----w C:\Program Files\مصحف النور
2008-01-24 17:26 104,385 --sh--r C:\awda2.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-27 10:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-21 04:49 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-14 08:07 --------- d-----w C:\Program Files\Common Files\HP
2007-11-14 08:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-14 08:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 06:51 --------- d-----w C:\Program Files\HP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-04 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-06 10:05 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2007-06-28 09:50 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-06-13 13:22 1,030,656 ----a-w C:\WINDOWS\explorer.exe
2007-06-02 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-05-15 12:56 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 12:55 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-05-15 12:55 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-05-15 12:55 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-05-15 12:55 118,576 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-05-06 04:32 --------- d-----w C:\Program Files\Readiris Pro 8
2007-05-06 04:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 13:51 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-04-23 10:32 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-04-04 11:58 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-04-01 08:02 --------- d-----w C:\Program Files\Frinds Soft
2007-04-01 08:02 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-04-01 08:02 --------- d-----w C:\Program Files\Borland
2007-03-20 18:22 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-02-09 11:10 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2006-10-13 10:23 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-08-21 09:14 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 09:37 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-07-13 08:48 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-14 09:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-05 09:47 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-12 10:04 49,664 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys
2006-04-12 10:04 21,568 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
2006-03-17 00:33 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-02-15 00:22 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2005-06-10 04:10 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-05-26 23:22 10,752 ----a-w C:\WINDOWS\hh.exe
2005-05-09 14:01 2,594,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2005-05-09 14:00 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2005-05-09 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-05-09 11:43 --------- d-----w C:\Program Files\Kaspersky Lab
2005-05-09 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2005-05-09 10:49 --------- d-----w C:\Documents and Settings\1111\Application Data\Ahead
2005-05-08 21:43 --------- d-----w C:\Documents and Settings\1111\Application Data\HP
2005-05-08 21:34 --------- d-----w C:\Program Files\Your Uninstaller 2006
2005-04-26 04:11 19,601 ---h--w C:\auto.exe
2005-04-01 05:15 21,080 ----a-w C:\WINDOWS\nznazm.exe
2005-03-25 09:45 --------- d-----w C:\Program Files\Birds
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 02:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 08:55 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 08:51 PM 118784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{006CD4A0-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k111422972419ow.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]
--a------ 12/17/2006 10:38 PM 2553856 C:\Program Files\Advanced WindowsCare V2 Pro\Awc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 02/19/2006 02:41 AM 49152 C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAKTray]
--a------ 08/27/2004 05:07 PM 287232 C:\WINDOWS\MAKTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Set]
--a------ 11/20/2003 11:01 PM 525824 C:\Program Files\Compaq\Set\Set.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 07/30/2003 09:08 AM 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 05/20/2004 07:40 PM 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqnrs08.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
S2 EAB2AE62;EAB2AE62;C:\WINDOWS\system32\90E3B986.EXE [04/26/2005 07:11 AM]
S2 HBKernel;HBKernel Driver;C:\WINDOWS\system32\drivers\HBKernel.sys []
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe []
.
s of the 'Scheduled Tasks' folder
"2008-05-09 13:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-12-01 02:29:47 C:\WINDOWS\Tasks\WebReg 20071201052946.job"
- C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\WebReg\bin\hpqwrg.exe4/TaskName 20071201052946 /N 
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2005-05-09 17:01:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

folder error: C:\DOCUME~1\1111\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/09/2008 17:02:46 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-09 14:02:38
Pre-Run: 141,456,265,216 bytes free
Post-Run: 142,151,749,632 bytes free
316 --- E O F --- 2005-05-09 10:19:37

وهذا hijackthis ( اللوزه الثانيه) :d:

كود:

Logfile of HijackThis v1.99.1
Scan saved at 05:07:36 م, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\1111\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.compaq.com/1Q00CDT/0401/bl7.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://go.compaq.com/1Q00CDT/0401/bl8.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [URL]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/URL]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EAB2AE62 - Unknown owner - C:\WINDOWS\system32\90E3B986.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NBService - Nero AG - c:\program files\nero\nero 7\nero backitup\nbservice.exe
O23 - Service: NMIndexingService - Nero AG - c:\program files\common files\ahead\lib\nmindexingservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

:d: واللوز باااقي

لكن انت آمر بس :b:

Juve Guard · 9 مايو 2008

ياااااااااااااااااوه
يا حبي لقلبك بس
اشوى انك استخدمت اداة كومبو فكس
ولا كان حنا في خبر كان
عندك القيمه هذي احذفها

O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

والله يا جهازك قسم بالله فيه بلاوي :q:
هذي نتيجه الي يستخدم الكاسبر سكي

انصحك تحذف الكاسبر بعد المصيبه الي حصلت لك
وتثبت الأفيرا وتسوي سكان لجهازك
وتعطينا تقرير لجهازك بعد ما ينتهي من الفحص ( هذا اذا كان ودك تركب الأفيرا :d: )

love shadow · 9 مايو 2008

ههههههههههههههاي

هو جهاز اخوي بصرااااحه ... انا توي جااي من السفر ... وكان الجهاز اصلا لا مكرك ولا شي

بعدها ضبطه له وحطيت الكراك وسويت التحديث للكاسبر انترنت سيكيورتي

وجيت اسوي التنظيف للجهاز ....

وشوووفت عينك :no:

: مشكلتي ايماني ضعيف بغير الكاسبر

الافيرا ياخوي مالي خلفيه عنه

لكن قبل لا احمله ؟

هل يحتاج الى متابعة لكراك مثل الكاسبر

وتحديث مستمر ؟

:b: لأن اللي يشتغل عالجهاز توه صغنون

:d: واذا الشروط اللي قلتها موجوده... راح يكون ايماني بالافيرا قوي جدا

طبعا مو في جهاااااازي ... في جهاز اخووووي الصغنن:b:

ومشكور يالغالي

k:

Juve Guard · 9 مايو 2008

اجل من اليوم ورايح خلك كافر في الكاسبر :bleh:
الأفيرا سلمك الله ما مثله في كشف الفيروسات
والموقع الخاص به يعطيك مفتاح لمدة ( 6 شهور )
يعني ما يحتاج لا كراك ولا وجع راس
وله اعدادت حلوه تخليه أول ما يكشف فيروس
يحذفه على طول بنفسه
وهذا هو المبتغى اذا كان الجهاز لواحد صغير لأنه ما يتعرف يتعامل مع برامج كذا
هذا موضوع عن الأفيرا وكيفية طلب المفتاح وتحميله
اذا احتجت شي علمني
وان شاء الله بشرح البرنامج شرح كامل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

love shadow · 9 مايو 2008

Juve Guard قال:
اجل من اليوم ورايح خلك كافر في الكاسبر :bleh:

Juve Guard قال:
الأفيرا سلمك الله ما مثله في كشف الفيروسات
والموقع الخاص به يعطيك مفتاح لمدة ( 6 شهور )
يعني ما يحتاج لا كراك ولا وجع راس
وله اعدادت حلوه تخليه أول ما يكشف فيروس
يحذفه على طول بنفسه
وهذا هو المبتغى اذا كان الجهاز لواحد صغير لأنه ما يتعرف يتعامل مع برامج كذا
هذا موضوع عن الأفيرا وكيفية طلب المفتاح وتحميله
اذا احتجت شي علمني
وان شاء الله بشرح البرنامج شرح كامل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

:d: تسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسلم

:b: عرفته الافيرا اللي تقووول عليه.....

شرحك ماشاء الله وااافي

k:

:d: لكن لحاجة في نفسي ... اتحفظ برأيي في هذا البرناااااااامج

Juve Guard · 9 مايو 2008

love shadow قال:
:d: تسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسسلم

:b: عرفته الافيرا اللي تقووول عليه.....

شرحك ماشاء الله وااافي k:

:d: لكن لحاجة في نفسي ... اتحفظ برأيي في هذا البرناااااااامج

تراي ما ادري وش انت تقول لأني مستعجل شوي :b:
اذا انت تبي تخلي الكاسبر مثل ما كان
لازم تسوي له اعادة تثبيت
فمان الله :king:

FireFox · 9 مايو 2008

مرحباً

قم بعمل اصلاح للكاسبر عن طريق ملف السيتأب

بالتوفيق

love shadow · 9 مايو 2008

للحين نتواصل <<< :er:

هذي التقارير مره ثانيه <<< :d: وياليت يعني حلّ للمشكه.. غير حل اخونا بيّض الله وجهه (( اللي نصح بحذف الكاسبر))

كود:

ComboFix 08-05-08.1 - 1111 05/09/2008 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.552 [GMT 3:00]
Running from: C:\Documents and Settings\1111\سطح المكتب\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\1111\«ل¥ ںéêè¢ \ê¤é§ ¤§ï§\Your Uninstaller! 2006 pro v5.0.0235\Desktop_.ini
C:\f.exe
C:\WINDOWS\aooszh.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\dxtmechk
C:\WINDOWS\futgfh.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\prbhey.exe
C:\WINDOWS\system32\77AC2EF2.DLL
C:\WINDOWS\system32\adyldd.dll
C:\WINDOWS\system32\akcgny.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\avuhxz.dll
C:\WINDOWS\system32\bhctrd.dll
C:\WINDOWS\system32\cdtzyz.dll
C:\WINDOWS\system32\cttsrv.dll
C:\WINDOWS\system32\D3D9_64.DLL
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\dpgcuw.dll
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dwzreq.dll
C:\WINDOWS\system32\edqdrf.dll
C:\WINDOWS\system32\etogvv.dll
C:\WINDOWS\system32\euepqw.dll
C:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\gfvwen.dll
C:\WINDOWS\system32\gkjxdi.dll
C:\WINDOWS\system32\gultxf.dll
C:\WINDOWS\system32\gwgpln.dll
C:\WINDOWS\system32\HBKrnl.dll
C:\WINDOWS\system32\hrthlg.dll
C:\WINDOWS\system32\ieooke.dll
C:\WINDOWS\system32\ierciw.dll
C:\WINDOWS\system32\iluvrp.dll
C:\WINDOWS\system32\iodvcp.dll
C:\WINDOWS\system32\irgdrb.dll
C:\WINDOWS\system32\irzkna.dll
C:\WINDOWS\system32\jeiyqa.dll
C:\WINDOWS\system32\jjakpu.dll
C:\WINDOWS\system32\jmhgzu.dll
C:\WINDOWS\system32\jzycto.dll
C:\WINDOWS\system32\k111146799313.exe
C:\WINDOWS\system32\k111181210115.exe
C:\WINDOWS\system32\k111181210216.exe
C:\WINDOWS\system32\k11144906981.exe
C:\WINDOWS\system32\k111458041417.exe
C:\WINDOWS\system32\k11146636228.exe
C:\WINDOWS\system32\k111466362712.exe
C:\WINDOWS\system32\k111466362813.exe
C:\WINDOWS\system32\k11147489298.exe
C:\WINDOWS\system32\k12071231626.exe
C:\WINDOWS\system32\k12071231669.exe
C:\WINDOWS\system32\k120712316811.exe
C:\WINDOWS\system32\k120712317214.exe
C:\WINDOWS\system32\k120712317315.exe
C:\WINDOWS\system32\k12089245052.exe
C:\WINDOWS\system32\kanokr.dll
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\kwdirj.dll
C:\WINDOWS\system32\kxumcs.dll
C:\WINDOWS\system32\lcvdfq.dll
C:\WINDOWS\system32\libsgq.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\mfchlp32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\NAVMon32.dll
C:\WINDOWS\system32\njriyd.dll
C:\WINDOWS\system32\nnypzl.dll
C:\WINDOWS\system32\npuqsv.dll
C:\WINDOWS\system32\nqtsop.dll
C:\WINDOWS\system32\odutce.dll
C:\WINDOWS\system32\oqvmrb.dll
C:\WINDOWS\system32\phvpwv.dll
C:\WINDOWS\system32\plppns.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\pysmfb.dll
C:\WINDOWS\system32\qcktfq.dll
C:\WINDOWS\system32\qnpbyt.dll
C:\WINDOWS\system32\qppnfcoh.dll
C:\WINDOWS\system32\REGKEY.hiv
C:\WINDOWS\system32\risiqm.dll
C:\WINDOWS\system32\stktjl.dll
C:\WINDOWS\system32\szwrps.dll
C:\WINDOWS\system32\tciocp32.dll
C:\WINDOWS\system32\tituxm.dll
C:\WINDOWS\system32\tpwwml.dll
C:\WINDOWS\system32\uehggv.dll
C:\WINDOWS\system32\ujdrtl.dll
C:\WINDOWS\system32\vavhmg.dll
C:\WINDOWS\system32\WINSvr32.dll
C:\WINDOWS\system32\wlhyfe.dll
C:\WINDOWS\system32\wmbqhe.dll
C:\WINDOWS\system32\wnnhul.dll
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\xlbkse.dll
C:\WINDOWS\system32\yhochp.dll
C:\WINDOWS\system32\yuyagc.dll
C:\WINDOWS\Update.dat
C:\WINDOWS\vlysuw.exe
C:\WINDOWS\xoxhpy.exe
F:\auto.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL

(((((((((((((((((((((((((   Files Created from 2005-04-09 to 2005-05-09  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:59 35,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 13:59 1,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 13:30 --------- d-----w C:\Program Files\Advanced WindowsCare V2 Pro
2008-05-09 13:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-09 12:24 --------- d-----w C:\Program Files\Google
2008-05-09 12:22 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 12:22 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-30 07:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\HP
2008-04-30 05:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 05:14 --------- d-----w C:\Program Files\المكتبة الشاملة
2008-04-02 08:00 21,080 ----a-w C:\WINDOWS\zbotmh.exe
2008-04-02 05:20 21,080 ----a-w C:\WINDOWS\sqgblo.exe
2008-02-24 05:49 --------- d-----w C:\Program Files\مصحف النور
2008-01-24 17:26 104,385 --sh--r C:\awda2.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-27 10:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-21 04:49 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-14 08:07 --------- d-----w C:\Program Files\Common Files\HP
2007-11-14 08:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-14 08:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 06:51 --------- d-----w C:\Program Files\HP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-04 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-06 10:05 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2007-06-28 09:50 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-06-13 13:22 1,030,656 ----a-w C:\WINDOWS\explorer.exe
2007-06-02 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-05-15 12:56 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-05-15 12:55 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-05-15 12:55 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-05-15 12:55 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-05-15 12:55 118,576 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-05-06 04:32 --------- d-----w C:\Program Files\Readiris Pro 8
2007-05-06 04:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 13:51 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-04-23 10:32 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-04-04 11:58 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-04-01 08:02 --------- d-----w C:\Program Files\Frinds Soft
2007-04-01 08:02 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-04-01 08:02 --------- d-----w C:\Program Files\Borland
2007-03-20 18:22 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-02-09 11:10 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2006-10-13 10:23 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-08-21 09:14 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 09:37 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-07-13 08:48 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-14 09:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-05 09:47 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-12 10:04 49,664 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys
2006-04-12 10:04 21,568 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
2006-03-17 00:33 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-02-15 00:22 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2005-06-10 04:10 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-05-26 23:22 10,752 ----a-w C:\WINDOWS\hh.exe
2005-05-09 14:01 2,594,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2005-05-09 14:00 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2005-05-09 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2005-05-09 11:43 --------- d-----w C:\Program Files\Kaspersky Lab
2005-05-09 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2005-05-09 10:49 --------- d-----w C:\Documents and Settings\1111\Application Data\Ahead
2005-05-08 21:43 --------- d-----w C:\Documents and Settings\1111\Application Data\HP
2005-05-08 21:34 --------- d-----w C:\Program Files\Your Uninstaller 2006
2005-04-26 04:11 19,601 ---h--w C:\auto.exe
2005-04-01 05:15 21,080 ----a-w C:\WINDOWS\nznazm.exe
2005-03-25 09:45 --------- d-----w C:\Program Files\Birds
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 02:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 08:55 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 08:51 PM 118784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{006CD4A0-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k111422972419ow.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Pro]
--a------ 12/17/2006 10:38 PM 2553856 C:\Program Files\Advanced WindowsCare V2 Pro\Awc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 02/19/2006 02:41 AM 49152 C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAKTray]
--a------ 08/27/2004 05:07 PM 287232 C:\WINDOWS\MAKTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Set]
--a------ 11/20/2003 11:01 PM 525824 C:\Program Files\Compaq\Set\Set.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 07/30/2003 09:08 AM 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 05/20/2004 07:40 PM 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqnrs08.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
S2 EAB2AE62;EAB2AE62;C:\WINDOWS\system32\90E3B986.EXE [04/26/2005 07:11 AM]
S2 HBKernel;HBKernel Driver;C:\WINDOWS\system32\drivers\HBKernel.sys []
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe []
.
s of the 'Scheduled Tasks' folder
"2008-05-09 13:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-12-01 02:29:47 C:\WINDOWS\Tasks\WebReg 20071201052946.job"
- C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\WebReg\bin\hpqwrg.exe4/TaskName 20071201052946 /N 
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2005-05-09 17:01:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

folder error: C:\DOCUME~1\1111\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\77AC2EF2.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/09/2008 17:02:46 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-09 14:02:38
Pre-Run: 141,456,265,216 bytes free
Post-Run: 142,151,749,632 bytes free
316 --- E O F --- 2005-05-09 10:19:37

وهذا الــhijackthis

:i:

كود:

Logfile of HijackThis v1.99.1
Scan saved at 05:07:36 م, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\1111\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.compaq.com/1Q00CDT/0401/bl7.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://go.compaq.com/1Q00CDT/0401/bl8.asp[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [URL]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/URL]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EAB2AE62 - Unknown owner - C:\WINDOWS\system32\90E3B986.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NBService - Nero AG - c:\program files\nero\nero 7\nero backitup\nbservice.exe
O23 - Service: NMIndexingService - Nero AG - c:\program files\common files\ahead\lib\nmindexingservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

:d: السيف بيد السيااااف ...... وحنا ننتضر منكم التدخل في حل القضيه

Juve Guard · 9 مايو 2008

FireFox قال:
مرحباً

قم بعمل اصلاح للكاسبر عن طريق ملف السيتأب

بالتوفيق

Juve Guard قال:
تراي ما ادري وش انت تقول لأني مستعجل شوي :b:
اذا انت تبي تخلي الكاسبر مثل ما كان
لازم تسوي له اعادة تثبيت
فمان الله :king:

:u:

boob77 · 9 مايو 2008

بعد اذن الاخوان جرب حمل هالاداة واعمل فحص للجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا حبيت افحص جهازك اون لاين

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

مشكله في الكاسبر؟؟ ( اول ما يبدأ في Scan مباشره يعمل ريستارت الجهاز)؟؟

love shadow

زيزوومي نشيط

توقيع : love shadow

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

love shadow

زيزوومي نشيط

توقيع : love shadow

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

love shadow

زيزوومي نشيط

توقيع : love shadow

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

love shadow

زيزوومي نشيط

توقيع : love shadow

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

FireFox

زيزوومى مبدع

توقيع : FireFox

love shadow

زيزوومي نشيط

توقيع : love shadow

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

boob77

زيزوومى فضى

زيزوومي نشيط

توقيع : love shadow

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومي نشيط

توقيع : love shadow

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومي نشيط

توقيع : love shadow

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومي نشيط

توقيع : love shadow

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومى مبدع

توقيع : FireFox

زيزوومي نشيط

توقيع : love shadow

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومى فضى

توقيع : Juve Guard

توقيع : Juve Guard

توقيع : Juve Guard

توقيع : Juve Guard

توقيع : Juve Guard