هناك مشكلة تانية فى الجهاز ، ماكنتش واخد بالى ليها
وهى أن الملفات المخفية لا يمكن اظهارها مطلقاً ، جربت شتى الطرق
* انظر تقرير Zyzoom Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:47 PM, on 01-Jul-15
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
A:\Program Files (x86)\Internet Download Manager\IDMan.exe
A:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
A:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
A:\Program Files (x86)\Mobogenie3\MoboGenieHelper.exe
A:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
A:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
A:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
A:\Program Files (x86)\BlueStacks\HD-Agent.exe
A:\Program Files (x86)\WinArchiver\WAHELPER.EXE
A:\Windows\Integrator.exe
H:\New folder (2)\Selfishnet win 7\Selfishnet win 7\SelfishNetv0.2-beta_vista.exe
A:\Program Files (x86)\Mozilla Firefox\firefox.exe
A:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
A:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
A:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_162.exe
A:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_162.exe
A:\Users\le prince 2007\Downloads\Programs\Zyzoom_HijackThis_2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = A:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - A:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - A:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - A:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - A:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - A:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - A:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: QTTabBar AutoLoader - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - A:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - A:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [BCSSync] "A:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BtTray] "A:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [vmware-tray.exe] "A:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "A:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] A:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [WAHELPER.EXE] "A:\Program Files (x86)\WinArchiver\WAHELPER.EXE"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Fles\Ati\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] A:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [IDMan] A:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Rainlendar2] A:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [RoboForm] "A:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] A:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] A:\Users\le prince 2007\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
O4 - HKCU\..\Run: [f.lux] "A:\Users\le prince 2007\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "A:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] A:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] A:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: AntiCrash.lnk = A:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: Customize Menu - file://A:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - A:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - A:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://A:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://A:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://A:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - A:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - A:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - A:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - A:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - A:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: a:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: a:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: a:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: a:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: a:\windows\system32\securenet.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E18B6AA-711A-494E-8C94-F68682162F99}: NameServer = 172.31.250.250,128.107.214.185
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - A:\Windows\SysWOW64\skype4com.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - A:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - A:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - A:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - A:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - A:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - A:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - A:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - A:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - A:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - D:\Program Fles\Ati\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - A:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
O23 - Service: BlueSoleilCS - IVT Corporation - A:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - A:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - A:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - A:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: CS_AutoUpdate - Cucusoft, Inc. - A:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
O23 - Service: CS_BandwidthGuard - Cucusoft, Inc. - A:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
O23 - Service: CS_BandwidthGuard64 - Cucusoft, Inc. - A:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys
O23 - Service: CS_SysMsgProxy - Cucusoft, Inc. - A:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - A:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - A:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: II?E Google Update (gupdate) (gupdate) - Google Inc. - A:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: II?E Google Update (gupdatem) (gupdatem) - Google Inc. - A:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - A:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - A:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - A:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: MobogenieService - Mobogenie.com - A:\Program Files (x86)\Mobogenie3\MobogenieService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - A:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - A:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - A:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - A:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - A:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - A:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - A:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - A:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureSrv - My Privacy Tools, Inc. - A:\Program Files (x86)\Hide My IP 2009\SecureSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - A:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - A:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - A:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - A:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - A:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - A:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - A:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - A:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - A:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - A:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - A:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - A:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - A:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - A:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - A:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - A:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinArchiver Service - Unknown owner - A:\Program Files (x86)\WinArchiver\WAService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - A:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - A:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15844 bytes
