شبااب الـ usb مااقدر اعمل له فورماتـ (مصاب)

  • بادئ الموضوع بادئ الموضوع Bully Hacker
  • تاريخ البدء تاريخ البدء
  • المشاهدات 917
B

Bully Hacker

زيزوومي جديد
إنضم
18 مايو 2009
المشاركات
18
مستوى التفاعل
0
النقاط
0
الإقامة
U.S.A
غير متصل
السلام عليكم ورحمة الله وبركاته

عندي مشكله الـ فلاش ميموري مصاب بفاايروس

لاكن مااقدر احذفه حاولت اعمل format للـ فلاش

i14446_mosh.jpg


i14447_mosh2.jpg


ليتكم تشوفوا لـي حل
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

كيف عرفت ان الفلاش مصاب ؟



اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : AbOdy
تأييد 0
الفلاش ماخذه من صاحبي وهو قال لـي ان جهاازهـ + الفلاش فيهم فاايروس


التقرير :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:07:59 م, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe (User 'Default user')
O4 - .DEFAULT Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe (User 'Default user')
O4 - .DEFAULT Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Default user')
O4 - .DEFAULT Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe (User 'Default user')
O4 - .DEFAULT Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe (User 'Default user')
O4 - Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe
O4 - Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe
O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10340 bytes
 
تأييد 0
طيب يا الغلا

اشبك الفلاش في الجهاز

وطبق التالي

عطل برامج الحماية وشغل الأداة​


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes



اثناء الفحص ممكن يعاد تشغيل الجهاز



وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


وعطني التقرير الي يطلع لك مع تقرير هايجاك جديد
 
توقيع : AbOdy
تأييد 0
تفضل اخـي

تقرير الـ ComboFix


ComboFix 09-05-28.07 - Administrator 05/29/2009 17:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2550.2067 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-29 13:00 . 2009-05-06 08:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3DF2A7B1-2C62-4B27-8FB5-DD2C254F4857}\mpengine.dll
2009-05-28 18:59 . 2009-05-28 19:19 -------- d-----w c:\documents and settings\Administrator\Application Data\Metacafe
2009-05-28 18:57 . 2009-05-29 13:38 -------- d-----w c:\program files\Common Files\Akamai
2009-05-28 18:56 . 2009-05-28 18:56 -------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-05-28 18:56 . 2009-05-28 18:56 -------- d-----w c:\program files\Metacafe
2009-05-28 13:29 . 2009-05-28 13:29 -------- d-----w c:\documents and settings\Administrator\Application Data\Reallusion
2009-05-28 11:54 . 2009-05-28 11:54 -------- d-----w c:\program files\UltraISO
2009-05-28 11:54 . 2009-05-28 11:54 -------- d-----w c:\program files\Common Files\EZB Systems
2009-05-27 20:33 . 2009-05-27 20:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Stardock
2009-05-27 20:26 . 2009-05-28 08:40 -------- d-----w c:\program files\ViStart
2009-05-27 20:24 . 2009-05-27 20:26 -------- d-----w c:\windows\Windows Seven Effects
2009-05-27 13:48 . 2009-05-27 13:48 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-26 23:04 . 2009-05-26 23:04 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-05-26 21:30 . 2009-05-26 21:32 -------- d-----w c:\program files\AutoPlay Menu Builder
2009-05-26 21:26 . 2009-05-26 21:26 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\TechSmith
2009-05-26 21:26 . 2007-08-27 07:53 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-05-26 21:26 . 2009-05-26 21:26 -------- d-----w c:\windows\system32\QuickTime
2009-05-26 21:25 . 2009-05-26 21:25 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-05-26 21:25 . 2009-05-26 21:25 -------- d-----w c:\windows\system32\Flash
2009-05-26 21:25 . 2009-05-26 21:25 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-05-26 21:25 . 2009-05-26 21:25 -------- d-----w c:\program files\TechSmith
2009-05-26 21:16 . 2009-05-26 21:16 75 --sh--r c:\windows\CT5PRET.BIN
2009-05-26 21:15 . 2009-05-26 21:15 -------- d-----w c:\program files\Reallusion
2009-05-26 21:14 . 2009-05-26 21:14 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-26 21:10 . 2007-09-04 16:56 164352 ----a-w c:\windows\system32\unrar.dll
2009-05-26 21:10 . 2008-09-25 08:03 81920 ----a-w c:\windows\system32\dpl100.dll
2009-05-26 21:10 . 2008-09-19 21:57 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-26 21:10 . 2008-01-10 12:16 159839 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-26 21:10 . 2008-01-10 12:15 755027 ----a-w c:\windows\system32\xvidcore.dll
2009-05-26 21:10 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-26 21:10 . 2008-10-28 22:35 684032 ----a-w c:\windows\system32\divx.dll
2009-05-26 21:10 . 2008-11-24 14:32 57344 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-26 21:10 . 2009-05-26 21:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-26 21:04 . 2009-05-26 21:04 -------- d-----w C:\Downloads
2009-05-26 21:03 . 2009-05-26 21:03 696320 ----a-w c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ue205s7j.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-05-26 21:03 . 2009-05-27 12:32 -------- d-----w c:\program files\BitComet
2009-05-26 20:50 . 2009-05-26 20:51 -------- d-----w c:\program files\Multimedia Builder498
2009-05-26 19:39 . 2008-04-13 21:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-26 10:18 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-26 10:18 . 2008-10-16 11:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-25 21:23 . 2009-05-28 21:08 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-25 21:04 . 2009-05-25 21:04 -------- d-----w c:\documents and settings\Administrator\Application Data\BitDefender
2009-05-25 21:03 . 2009-05-25 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-05-25 21:03 . 2009-05-25 21:03 -------- d-----w c:\program files\BitDefender
2009-05-25 21:02 . 2009-05-25 21:04 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-25 18:54 . 2009-05-25 18:54 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-05-25 18:49 . 2009-05-25 18:49 -------- d-----w c:\program files\Common Files\xing shared
2009-05-25 18:48 . 2009-05-25 18:49 -------- d-----w c:\program files\Common Files\Real
2009-05-25 18:48 . 2009-05-25 18:48 -------- d-----w c:\program files\Real
2009-05-25 18:32 . 2009-05-25 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-25 18:17 . 2009-05-25 18:17 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-05-25 18:08 . 2009-05-06 08:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-25 17:53 . 2009-05-28 13:34 -------- d-----w c:\program files\Circl Developement
2009-05-25 17:53 . 2009-05-25 17:53 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-25 17:27 . 2009-05-25 17:27 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-05-25 17:08 . 2009-05-25 17:08 -------- d-----w c:\program files\Windows Defender
2009-05-25 16:42 . 2008-04-14 12:00 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-25 16:41 . 2009-05-25 16:41 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-25 16:40 . 2009-05-27 23:39 -------- d-----w c:\windows\system32\LogFiles
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-25 16:12 . 2009-05-25 16:40 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-05-25 16:11 . 2009-05-25 17:26 -------- d-----w c:\program files\Windows Live
2009-05-25 16:11 . 2009-05-25 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-25 15:58 . 2009-05-25 15:58 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-25 15:50 . 2009-05-25 15:50 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-25 15:48 . 2009-05-25 15:48 -------- d-----w c:\windows\ie8updates
2009-05-25 15:48 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-25 15:47 . 2009-05-25 15:47 -------- dc-h--w c:\windows\ie8
2009-05-25 15:44 . 2009-05-25 15:44 -------- d-----w c:\program files\MSXML 4.0
2009-05-25 14:46 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-25 14:46 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-25 14:46 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-25 14:40 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-25 14:05 . 2009-05-25 14:07 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-05-25 14:05 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-25 13:56 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-25 13:56 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-25 13:51 . 2009-01-07 15:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-25 13:51 . 2009-05-25 15:48 -------- d--h--w c:\windows\$hf_mig$
2009-05-25 13:45 . 2008-10-16 11:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-25 13:41 . 2009-05-25 13:41 -------- d-sh--w c:\documents and settings\Administrator\UserData
2009-05-25 12:40 . 2007-07-11 11:06 42672 ----a-w c:\windows\system32\wbsys.dll
2009-05-25 12:40 . 2009-05-25 12:40 -------- d-----w c:\program files\Stardock
2009-05-25 11:06 . 2009-05-25 11:06 -------- d-----w c:\program files\AskSearch
2009-05-25 11:05 . 2009-05-25 11:05 -------- d-----w c:\program files\uTorrent
2009-05-25 11:05 . 2009-05-28 13:35 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-05-25 10:52 . 2009-05-25 10:52 165296 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-25 10:52 . 2009-05-29 14:20 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-05-25 10:52 . 2009-05-25 13:21 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-25 10:52 . 2009-05-25 17:49 -------- d-----w c:\program files\Internet Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:15 . 2009-05-24 15:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-25 14:03 . 2009-05-24 16:00 34616 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 17:20 . 2009-05-24 17:20 -------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-05-24 16:29 . 2009-05-24 16:29 0 ----a-w c:\windows\nsreg.dat
2009-05-24 16:09 . 2009-05-24 16:06 -------- d-----w c:\program files\Dell
2009-05-24 16:08 . 2009-05-24 16:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-05-24 16:08 . 2009-05-24 16:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Intel
2009-05-24 16:07 . 2009-05-24 16:07 21275 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-05-24 16:07 . 2009-05-24 16:07 -------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-05-24 16:07 . 2009-05-24 16:02 -------- d-----w c:\program files\Intel
2009-05-24 16:05 . 2009-05-24 16:05 -------- d-----w c:\program files\Broadcom
2009-05-24 16:05 . 2009-05-24 16:05 -------- d-----w c:\program files\CONEXANT
2009-05-24 16:02 . 2009-05-24 16:02 -------- d-----w c:\program files\DIFX
2009-05-24 16:00 . 2009-05-24 16:00 -------- d-----w c:\program files\WIDCOMM
2009-05-24 15:56 . 2009-05-24 15:56 -------- d-----w c:\program files\SigmaTel
2009-05-24 15:56 . 2009-05-24 15:53 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-24 15:53 . 2009-05-24 15:53 -------- d-----w c:\program files\Synaptics
2009-05-24 15:38 . 2009-05-24 15:38 -------- d-----w c:\program files\microsoft frontpage
2009-05-24 15:37 . 2009-05-24 15:36 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 15:34 . 2009-05-24 15:34 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 01:34 . 2008-04-14 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-14 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-14 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-14 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-14 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-14 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-14 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-14 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-14 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-14 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 10:38 . 2009-03-03 10:38 128840 ----a-w c:\windows\system32\Metacafe.scr
2009-03-05 15:08 . 2009-05-25 21:07 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-29 2606512]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-08-22 2567992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Aero Shake.lnk - c:\windows\Windows Seven Effects\AeroShake\AeroShake.exe [2009-5-27 206188]
Flip3D.lnk - c:\windows\Windows Seven Effects\WinFlip\WinFlip.exe [2009-5-27 479232]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-3-3 145736]
Vienna Dock.lnk - c:\windows\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe [2009-5-27 586240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-3-3 145736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-05-25 12:43 184320 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Metacafe\\Metacafe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19399:TCP"= 19399:TCP:BitComet 19399 TCP
"19399:UDP"= 19399:UDP:BitComet 19399 UDP
"48885:TCP"= 48885:TCP:BitComet 48885 TCP
"48885:UDP"= 48885:UDP:BitComet 48885 UDP
"1438:TCP"= 1438:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1757:TCP"= 1757:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 03:00 م 14336]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 06:16 م 82696]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 07:19 م 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 م 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 04:52 م 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 07:16 م 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{C1FD51EB-0966-41D7-B3AA-699B592598CD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://starter.metacafe.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ue205s7j.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://google.com.sa
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ue205s7j.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-29 17:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3500.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3500.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-484763869-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,ba,d8,1e,35,aa,4c,85,20,1c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,ba,d8,1e,35,aa,4c,85,20,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\System32\BCMLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-29 17:21
ComboFix-quarantined-files.txt 2009-05-29 14:21

Pre-Run: 26,081,611,776 bytes free
Post-Run: 26,230,636,544 bytes free

287 --- E O F --- 2009-05-29 13:00






تقرير الـ Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:28:12 م, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe (User 'Default user')
O4 - .DEFAULT Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe (User 'Default user')
O4 - .DEFAULT Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Default user')
O4 - .DEFAULT Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe (User 'Default user')
O4 - .DEFAULT Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe (User 'Default user')
O4 - Startup: Aero Shake.lnk = C:\WINDOWS\Windows Seven Effects\AeroShake\AeroShake.exe
O4 - Startup: Flip3D.lnk = C:\WINDOWS\Windows Seven Effects\WinFlip\WinFlip.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Vienna Dock.lnk = C:\WINDOWS\Windows Seven Effects\Windows7 PD\Windows 7 Pie Dock.exe
O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10155 bytes
 
تأييد 0
up
up
up

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
مارديت علي

التقرير الجديد موجود

في الرد الـ5
 
تأييد 0
up
up
up
up
up
بلـيزززز ضروريـ ابغى ردكـم !
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى