:: تحليلي اتمنى افادتي ::

الوليد المنصوري · 3 مايو 2008

السلام عليكم

تحليلي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:43 م, on 03/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\wadi.com\My Documents\Downloads\Programs\hijack\Zyzoom_HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Zyzoom_Kaspersky_Internet_Security_7.0.0.125\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209451212875
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O23 - Service: avp - Kaspersky Lab - C:\Zyzoom_Kaspersky_Internet_Security_7.0.0.125\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 6836 bytes

وطلع عندي شيئين

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

هذا وأقدر احذفه لأني عرفت حق وشو

لكن هذا خفت احذفه وابي احد يعلمني حق وشو هذا
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

تحياتي لكم
اخوكم:
الوليد

KENZ · 3 مايو 2008

هذا فايروس اخي الكريم
لحظات اعطيك الحل

KENZ · 3 مايو 2008

( 1 )

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://subs.geekstogo.com/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

===========================

( 2 )

و اعمل تقرير للهايجاك
http://download.hijackthis.eu/hijackthis_199.zip

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

Dr.ZAIN · 3 مايو 2008

سبقني حبيبي KENZ

السموحه يا غالي :b:

الوليد المنصوري · 3 مايو 2008

KENZ قال:
( 1 )

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://subs.geekstogo.com/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ComboFix 08-05-01.3 - wadi.com 05/03/2008 22:27:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.329 [GMT 3:00]
Running from: C:\Documents and Settings\wadi.com\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 19:04 --------- d-----w C:\Documents and Settings\wadi.com\Application Data\Ahead
2008-05-03 18:20 --------- d-----w C:\Documents and Settings\wadi.com\Application Data\DMCache
2008-05-03 18:15 --------- d-----w C:\Documents and Settings\wadi.com\Application Data\IDM
2008-05-03 15:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-03 15:26 172,032 ------w C:\WINDOWS\Setup1.exe
2008-05-03 15:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 14:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-03 14:57 --------- d-----w C:\Program Files\Microsoft Works
2008-05-03 14:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-02 19:16 --------- d-----w C:\Program Files\Rapidshare Unlimited
2008-05-01 20:21 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-01 18:25 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-30 16:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 16:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-30 16:28 --------- d-----w C:\Program Files\Real
2008-04-30 16:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-30 16:28 --------- d-----w C:\Program Files\Common Files\Real
2008-04-29 16:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-29 14:08 --------- d-----w C:\Program Files\DAP
2008-04-29 08:57 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-04-29 08:43 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-29 08:00 --------- d-----w C:\Program Files\HP
2008-04-29 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-29 07:47 --------- d-----w C:\Program Files\WIDCOMM
2008-04-29 07:45 --------- d-----w C:\Program Files\Windows Live
2008-04-29 07:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-29 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 19:07 --------- d-----w C:\Documents and Settings\wadi.com\Application Data\Media Player Classic
2008-04-28 19:06 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-28 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-28 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-28 18:22 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-28 18:20 --------- d-----w C:\Program Files\Nero
2008-04-28 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-28 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:57 --------- d-----w C:\Program Files\Tenda
2008-04-28 17:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 16:59 --------- d-----w C:\Program Files\SigmaTel
2008-04-28 16:55 --------- d-----w C:\Program Files\Intel
2008-04-28 16:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-09 09:25 124,341 --sh--r C:\n1deiect.com
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:00 657,920 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/26/2007 05:34 AM 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/26/2007 05:34 AM 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [02/26/2007 05:33 AM 131072]
"SigmatelSysTrayApp"="sttray.exe" [05/06/2007 12:10 PM 405504 C:\WINDOWS\sttray.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM 1057328]
"AVP"="C:\Zyzoom_Kaspersky_Internet_Security_7.0.0.125\avp.exe" [06/28/2007 12:51 PM 218376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2008 07:28 PM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 11:56 PM 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [04/29/2008 11:50 AM]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [04/29/2008 11:50 AM]
S3 MRVW225;Tenda TWL541U Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys [12/21/2005 12:44 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7149dd2d-16d1-11dd-97f8-001bb9ea8f4a}]
\Shell\AutoRun\command - E:\n1deiect.com
\Shell\explore\Command - E:\n1deiect.com
\Shell\open\Command - E:\n1deiect.com
*Newly Created Service* - CATCHME
*Newly Created Service* - KIHNBVX
*Newly Created Service* - MDM
*Newly Created Service* - OSE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 22:28:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 05/03/2008 22:30:01
ComboFix-quarantined-files.txt 2008-05-03 19:29:56
Pre-Run: 73,253,761,024 bytes free
Post-Run: 74,018,144,256 bytes free
123 --- E O F --- 2008-05-02 16:15:40

هذا تقريري

الوليد المنصوري · 3 مايو 2008

KENZ قال:
( 2 )

و اعمل تقرير للهايجاك

http://download.hijackthis.eu/hijackthis_199.zip

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log 

لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

وهذا التقرير بالهاجيك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 م, on 03/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\wadi.com\My Documents\Downloads\Programs\hijack\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Zyzoom_Kaspersky_Internet_Security_7.0.0.125\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209451212875
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O23 - Service: avp - Kaspersky Lab - C:\Zyzoom_Kaspersky_Internet_Security_7.0.0.125\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 6933 bytes

تحياتي

الوليد المنصوري · 3 مايو 2008

ابي برنامج كاسبر سكاي آخر اصدار

لأني الصراحه ماني مركب برنامج فيروسات كلش

جهازي مافيه اي مضاد فيروسات

تحياتي

الوليد

KENZ · 3 مايو 2008

تقريرك الان نظيف

دي افضل نسخة للكاسبر
http://www.zyzoom.org/vb/t2317.html

والمفاتيح من هنا
http://www.zyzoom.org/vb/t99.html

بالتوفيق عزيزي

الوليد المنصوري · 3 مايو 2008

KENZ قال:
تقريرك الان نظيف

دي افضل نسخة للكاسبر
http://www.zyzoom.org/vb/t2317.html

والمفاتيح من هنا
http://www.zyzoom.org/vb/t99.html

بالتوفيق عزيزي

بارك الله فيك

وجزاك الله خير

جاري التحميل والتجربه

لك تحياتي

اخوك الوليد

KENZ · 4 مايو 2008

الوليد المنصوري قال:
بارك الله فيك

وجزاك الله خير

جاري التحميل والتجربه

لك تحياتي

اخوك الوليد

وفيك بارك الله
بالتوفيق في التجربة

:: تحليلي اتمنى افادتي ::

الوليد المنصوري

زيزوومى فعال

KENZ

Guest

KENZ

Guest

Dr.ZAIN

زيزوومى محترف

توقيع : Dr.ZAIN

الوليد المنصوري

زيزوومى فعال

الوليد المنصوري

زيزوومى فعال

الوليد المنصوري

زيزوومى فعال

KENZ

Guest

الوليد المنصوري

زيزوومى فعال

KENZ

Guest