- بادئ الموضوع بنت نجد
- تاريخ البدء
- 7,390
هذا التقرير ... الله يرزقك من حيث لاتحتسب
ComboFix 09-03-15.01 - WIN XP 03/18/2009 19:04:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1014.737 [GMT 3:00]
Running from: c:\documents and settings\WIN XP\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\WIN XP\Application Data\addons.dat
c:\program files\Bifrost
c:\program files\Bifrost\logg.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 16:09 2,791,456 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-18 16:08 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2009-03-18 16:08 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2009-03-18 16:07 34,376 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-18 15:57 --------- d-----w c:\program files\SweetIM
2009-03-18 15:47 44,544 ----a-w c:\windows\system32\agremove.exe
2009-03-18 15:41 --------- d-----w c:\documents and settings\WIN XP\Application Data\CyberScrub
2009-03-18 15:40 --------- d-----w c:\documents and settings\WIN XP\Application Data\cleaner
2009-03-18 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags
2009-03-18 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\32 Online Open Drive
2009-03-18 11:01 --------- d-----w c:\program files\MSN Messenger
2009-03-17 19:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-14 22:02 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-04 04:55 --------- d-----w c:\program files\BS.Player ControlBar
2009-03-04 04:51 --------- d-----w c:\program files\Webteh
2009-02-18 08:12 --------- d-----w c:\documents and settings\WIN XP\Application Data\Vbuzzer Messenger
2009-02-07 18:31 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 00:06 733,696 ----a-w c:\windows\GPInstall.exe
2009-01-14 16:51 167,936 ----a-w c:\windows\system32\mswsock2.dll
2008-12-26 10:47 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-12-23 11:36 3,036,456 ----a-w c:\windows\system32\BCGCBPRO860u80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 is-41KA4drv;is-41KA4drv;c:\windows\system32\drivers\51293587.sys [2009-03-18 148496]
R1 is-BD0BOdrv;is-BD0BOdrv;c:\windows\system32\drivers\02205139.sys [2009-03-18 16:45:25 148496]
R1 is-RBR38drv;is-RBR38drv;c:\windows\system32\drivers\53726132.sys [2009-03-18 148496]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-07-19 732160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-19 105984]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-19 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2008-07-14 6912]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-07-19 288000]
RUnknown rpcnetp;rpcnetp; [x]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-04 31592]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RPCNETP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b029ec9f-05be-11de-adf6-00158316beb3}]
\Shell\AutoRun\command - F:\WDSetup.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-18 19:09:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\rpcnetp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 03/18/2009 19:12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 16:11:22
Pre-Run: 93,780,951,040 bytes free
Post-Run: 93,714,874,368 bytes free
123
ComboFix 09-03-15.01 - WIN XP 03/18/2009 19:04:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1014.737 [GMT 3:00]
Running from: c:\documents and settings\WIN XP\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\WIN XP\Application Data\addons.dat
c:\program files\Bifrost
c:\program files\Bifrost\logg.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 16:09 2,791,456 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-18 16:08 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2009-03-18 16:08 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2009-03-18 16:07 34,376 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-18 15:57 --------- d-----w c:\program files\SweetIM
2009-03-18 15:47 44,544 ----a-w c:\windows\system32\agremove.exe
2009-03-18 15:41 --------- d-----w c:\documents and settings\WIN XP\Application Data\CyberScrub
2009-03-18 15:40 --------- d-----w c:\documents and settings\WIN XP\Application Data\cleaner
2009-03-18 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags
2009-03-18 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\32 Online Open Drive
2009-03-18 11:01 --------- d-----w c:\program files\MSN Messenger
2009-03-17 19:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-14 22:02 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-04 04:55 --------- d-----w c:\program files\BS.Player ControlBar
2009-03-04 04:51 --------- d-----w c:\program files\Webteh
2009-02-18 08:12 --------- d-----w c:\documents and settings\WIN XP\Application Data\Vbuzzer Messenger
2009-02-07 18:31 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 00:06 733,696 ----a-w c:\windows\GPInstall.exe
2009-01-14 16:51 167,936 ----a-w c:\windows\system32\mswsock2.dll
2008-12-26 10:47 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-12-23 11:36 3,036,456 ----a-w c:\windows\system32\BCGCBPRO860u80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 is-41KA4drv;is-41KA4drv;c:\windows\system32\drivers\51293587.sys [2009-03-18 148496]
R1 is-BD0BOdrv;is-BD0BOdrv;c:\windows\system32\drivers\02205139.sys [2009-03-18 16:45:25 148496]
R1 is-RBR38drv;is-RBR38drv;c:\windows\system32\drivers\53726132.sys [2009-03-18 148496]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-07-19 732160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-19 105984]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-19 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2008-07-14 6912]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-07-19 288000]
RUnknown rpcnetp;rpcnetp; [x]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-04 31592]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RPCNETP
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b029ec9f-05be-11de-adf6-00158316beb3}]
\Shell\AutoRun\command - F:\WDSetup.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-18 19:09:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\rpcnetp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 03/18/2009 19:12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 16:11:22
Pre-Run: 93,780,951,040 bytes free
Post-Run: 93,714,874,368 bytes free
123
توقيع : بنت نجد
تأييد
0
يعني الحين جهازي سليم ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:02, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WIN XP\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
--
End of file - 3063 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:02, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WIN XP\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
--
End of file - 3063 bytes
توقيع : بنت نجد
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:02, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WIN XP\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
--
End of file - 3063 bytes
Scan saved at 19:22:02, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WIN XP\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
--
End of file - 3063 bytes
توقيع : بنت نجد
تأييد
0
JOLT_K!NG
زيزوومى مميز
غير متصل
السلام عليكم
اختي اذا سمحت ممكن الرابط على الخاص لجلب كامل بيانات المخترق وكيفية حذف الباتش سوف اقوم بعملية تحليل الظهار من التقرير انه باتش Bifrost
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اختي اذا سمحت ممكن الرابط على الخاص لجلب كامل بيانات المخترق وكيفية حذف الباتش سوف اقوم بعملية تحليل الظهار من التقرير انه باتش Bifrost
تأييد
0
الحمدلله ... ماصار يطلع من طلع تقرير الكاسببر
الله يوفقك ويوسع زرقك ويرحم والديك ويغفر ذنوبك انت وجميع القائمين على المنتدى ..
الغريب في الامر والمحزن في نفس الوقت ان ذكاء شبابنا يذهب الى امور تافهه لو استخدموه لشي اخر لكان انفع لهم ..
والله هذا المسكين لم يكسب غير الدعوه عليه من كل من قلت له ..
اخي الفاضل اكرر شكري وتقديري لكم
وابغى منك اسم حامي فيروسات ممتاز ..
وعندي سؤال هل يستطيع ان يعود للجهاز .. حتى لو لم اقوم بفتح روابط ...
الله يوفقك ويوسع زرقك ويرحم والديك ويغفر ذنوبك انت وجميع القائمين على المنتدى ..
الغريب في الامر والمحزن في نفس الوقت ان ذكاء شبابنا يذهب الى امور تافهه لو استخدموه لشي اخر لكان انفع لهم ..
والله هذا المسكين لم يكسب غير الدعوه عليه من كل من قلت له ..
اخي الفاضل اكرر شكري وتقديري لكم
وابغى منك اسم حامي فيروسات ممتاز ..
وعندي سؤال هل يستطيع ان يعود للجهاز .. حتى لو لم اقوم بفتح روابط ...
توقيع : بنت نجد
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
الحمدلله رب العالمين
الحمدلله على انتهاء المشكلة
وبأذن الله لن تشوفيه مرة اخرى
وهذا برنامج حماية الكاسبر
الانترنت سيكرتي هو الافضل
حمل الكاسبر من هذا الرابط
المفاتيح
شرح التثبيت بالفيديووو
ثم ثبت ملف الاعدادات التالي للكاسبر
بعد التثبيت وعمل المطلوب
اعملي تحديث وفحص كامل للجهاز
وبالتوفيق يارب :king:
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
المفاتيح
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح التثبيت بالفيديووو
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم ثبت ملف الاعدادات التالي للكاسبر
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التثبيت وعمل المطلوب
اعملي تحديث وفحص كامل للجهاز
وبالتوفيق يارب :king:
توقيع : AbOdy
تأييد
0
- الحالة