ياخوان من امس ظهرت لي مشكله عند الدخول الى صفحات الانترنت وكذلك الماسنجر لايفتح ايظا
المشكله هذا نصها بالصفحه اللي افتحها
تقرير الكمبو
ComboFix 08-09-22.06 - USER 11/16/2008 20:12:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.710 [GMT 3:00]
Running from: C:\DOCUME~1\USER\LOCALS~1\Temp\Rar$EX00.484\combofix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 17:12 50,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-11-16 17:12 2,032,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-11-16 16:57 --------- d-----w C:\Program Files\MSN Messenger
2008-11-16 16:49 --------- d-----w C:\Program Files\تنزيل مفاتيح منتجات كاسبرسكاي
2008-11-16 16:09 --------- d-----w C:\Program Files\lg_swupdate
2008-11-16 16:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-16 16:04 --------- d-----w C:\Program Files\Windows Live
2008-11-16 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-16 15:54 606,208 ----a-w C:\WINDOWS\system32\CS.dll
2008-11-16 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-16 15:47 --------- d-----w C:\Documents and Settings\USER\Application Data\Thinstall
2008-11-16 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-16 15:26 8,984 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-11-16 15:26 4,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-11-16 15:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-11-16 15:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-11-16 15:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-11-16 15:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-11-16 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-16 15:01 --------- d-----w C:\Program Files\Marvell
2008-11-16 15:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-11-16 14:59 --------- d-----w C:\Program Files\Real
2008-11-16 14:59 --------- d-----w C:\Program Files\JetAudio
2008-11-16 14:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-11-16 14:59 --------- d-----w C:\Program Files\Common Files\Real
2008-11-16 14:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-11-16 14:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-11-16 14:57 --------- d-----w C:\Program Files\Intel
2008-11-16 14:56 --------- d-----w C:\Program Files\Synaptics
2008-11-16 14:55 294,912 ----a-w C:\WINDOWS\HideWin.exe
2008-11-16 14:55 --------- d-----w C:\Program Files\Realtek
2008-11-16 14:48 --------- d-----w C:\Program Files\Java
2008-11-16 14:47 155,995 ----a-w C:\WINDOWS\java\Packages\EUEVHJV3.ZIP
2008-11-16 14:47 --------- d-----w C:\Program Files\Common Files\Java
2008-11-16 14:43 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-16 14:26 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [06/16/2006 02:38 PM 5324584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM 36975]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 02:31 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 02:27 AM 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2005 11:59 AM 98396]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2005 11:58 AM 667740]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/16/2008 05:58 PM 185896]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\autoupdate.exe" [11/16/2008 06:53 PM 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 09:30 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2005 08:42 AM 14565376 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [08/24/2005 10:24 AM 88203 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
*Newly Created Service* - PROCEXP90
*Newly Created Service* - WLSETUPSVC
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-16 20:12:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/16/2008 20:13:43
ComboFix-quarantined-files.txt 2008-11-16 17:13:38
Pre-Run: 27,866,779,648 bytes free
Post-Run: 27,897,253,888 bytes free
110
...............................هاي جاك.........................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:40 م, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\سطح المكتب\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 4716 bytes
بانتظار الحلول
المشكله هذا نصها بالصفحه اللي افتحها
Access Denied (policy_denied)
Your system policy has denied access to the requested URL.
For assistance, contact your network support team.
طبعا تهورت قصدي تورط وفرمت المودم والجهاز ايظا ولكن انصدمت بعدها بان المشكله لازالت بتقولون كيف اكتب التقرير التالي عند استخدامي برنامج بتاع الحظر اللي اسمه Freegate وعلى شكل حمامه ادخل المنتديات من غير مشاكل وغيرها مافيهYour system policy has denied access to the requested URL.
For assistance, contact your network support team.
تقرير الكمبو
ComboFix 08-09-22.06 - USER 11/16/2008 20:12:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.710 [GMT 3:00]
Running from: C:\DOCUME~1\USER\LOCALS~1\Temp\Rar$EX00.484\combofix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 17:12 50,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-11-16 17:12 2,032,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-11-16 16:57 --------- d-----w C:\Program Files\MSN Messenger
2008-11-16 16:49 --------- d-----w C:\Program Files\تنزيل مفاتيح منتجات كاسبرسكاي
2008-11-16 16:09 --------- d-----w C:\Program Files\lg_swupdate
2008-11-16 16:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-16 16:04 --------- d-----w C:\Program Files\Windows Live
2008-11-16 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-16 15:54 606,208 ----a-w C:\WINDOWS\system32\CS.dll
2008-11-16 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-16 15:47 --------- d-----w C:\Documents and Settings\USER\Application Data\Thinstall
2008-11-16 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-16 15:26 8,984 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-11-16 15:26 4,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-11-16 15:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-11-16 15:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-11-16 15:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-11-16 15:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-11-16 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-16 15:01 --------- d-----w C:\Program Files\Marvell
2008-11-16 15:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-11-16 14:59 --------- d-----w C:\Program Files\Real
2008-11-16 14:59 --------- d-----w C:\Program Files\JetAudio
2008-11-16 14:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-11-16 14:59 --------- d-----w C:\Program Files\Common Files\Real
2008-11-16 14:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-11-16 14:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-11-16 14:57 --------- d-----w C:\Program Files\Intel
2008-11-16 14:56 --------- d-----w C:\Program Files\Synaptics
2008-11-16 14:55 294,912 ----a-w C:\WINDOWS\HideWin.exe
2008-11-16 14:55 --------- d-----w C:\Program Files\Realtek
2008-11-16 14:48 --------- d-----w C:\Program Files\Java
2008-11-16 14:47 155,995 ----a-w C:\WINDOWS\java\Packages\EUEVHJV3.ZIP
2008-11-16 14:47 --------- d-----w C:\Program Files\Common Files\Java
2008-11-16 14:43 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-16 14:26 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [06/16/2006 02:38 PM 5324584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM 36975]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 02:31 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 02:27 AM 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2005 11:59 AM 98396]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2005 11:58 AM 667740]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/16/2008 05:58 PM 185896]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\autoupdate.exe" [11/16/2008 06:53 PM 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 09:30 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2005 08:42 AM 14565376 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [08/24/2005 10:24 AM 88203 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
*Newly Created Service* - PROCEXP90
*Newly Created Service* - WLSETUPSVC
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-16 20:12:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/16/2008 20:13:43
ComboFix-quarantined-files.txt 2008-11-16 17:13:38
Pre-Run: 27,866,779,648 bytes free
Post-Run: 27,897,253,888 bytes free
110
...............................هاي جاك.........................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:40 م, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\سطح المكتب\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 4716 bytes
بانتظار الحلول
