ارجو من الاخوة الكرام مساعدتي جهازي صار جدا بطي يوجد تقرير

  • بادئ الموضوع بادئ الموضوع adam22
  • تاريخ البدء تاريخ البدء
  • المشاهدات 826
A

adam22

زيزوومي جديد
إنضم
12 أبريل 2008
المشاركات
16
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم اخوتي الكرام

جهازي صارلة اسبوعين ذابحني مرررررررررررره بطيء رغم اني شاريه بس من 3 شهور هو توشيبا ستلايت وكان شغال زي الفل شلت منه الميكافي ونصبت الكاسبر لانه فترة التجربه انتهت واحس بعدها صار دمه جدا ثقيل مثلي او اكثر شوي

هذا تقرير عسى يفيد في معرفة حالة المريض ولكم جززززززززززززززيل الشكر مسبقا
ogfile of HijackThis v1.99.1
Scan saved at 11:28:45 a.m., on 30/04/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\adam22\AppData\Local\Temp\Rar$EX02.653\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 

توقيع : adam22
ترتيب حسب التاريخ ترتيب حسب الأصوات
احذف القيم هذي

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)


mg%20%283%29.png


mg%20%284%29.png


ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




التوافق : ويندوز اكسبيفقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )


000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


002.png


 
التعديل الأخير بواسطة المشرف:
توقيع : فديتني
تأييد 0
اعمل الاتي

عطل جميع برامج الحمايه ,,

نزل هذه الاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

 
توقيع : KoNaMi
تأييد 0
فديتني قال:
ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




التوافق : ويندوز اكسبيفقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )


000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


002.png


أنقر للتوسيع...


هذة الاداة متوافقه مع اكس بي فقط الله يصلحك
 
توقيع : KoNaMi
تأييد 0
شكرا جزيلا اخي على تجاوبك السريع

سويت اللي قلت عليه وحذفت القيمة المصابة وبالنسبة للاداة ترى استخدم ويندوز فيزتا مو اكسب بي اذا فيه حل اخر ياريت تدلني عليه ولك كل الاجر والثواب باذن ربي
 
توقيع : adam22
تأييد 0
طبق مشاركتي الي فوق ^_^
 
توقيع : KoNaMi
تأييد 0
توقيع : فديتني
تأييد 0
شكرا جزيلا اخي

بس كيف اطبق والاداة بس تنفع للاكس بي وانا معي فيستا يعني فيه اداه ثانية او حل غير للفيستا؟

تحياتي
 
توقيع : adam22
تأييد 0
يالغلا طبق ها المشاركه

اعمل الاتي

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
أنقر للتوسيع...
 
توقيع : KoNaMi
تأييد 0
شكرا جزيلا اخوي والله احس اني غلبتك معي بس الرابط اللاداة ما رضى يفتح معي اذا ممكن رابط اخر وجزيت خيرا يارب
 
توقيع : adam22
تأييد 0
نزلت الاداة اخوي وسويت اللي قلت عليه وهذا التقرير اللي طلعته الاداة

ComboFix 09-04-28.02 - adam22 01/05/2009 2:54.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.64.1033.18.3061.1839 [GMT 12:00]
Running from: c:\downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-29 10:51 . 2009-04-29 10:51 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-29 10:26 . 2009-04-29 10:26 -------- d-----w c:\users\adam22\AppData\Local\Mozilla
2009-04-20 14:16 . 2009-04-20 14:38 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-20 14:16 . 2009-04-20 14:38 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-20 14:14 . 2009-04-20 14:14 -------- d-----w c:\program files\Kaspersky Lab
2009-04-20 14:14 . 2009-04-30 02:25 -------- d-----w c:\programdata\Kaspersky Lab
2009-04-20 14:14 . 2009-04-30 02:25 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-04-20 14:14 . 2009-04-29 23:57 426016 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 14:07 . 2009-04-20 14:07 -------- d-----w c:\program files\Kaspersky Internet Security 2009
2009-04-19 02:03 . 2009-04-19 02:03 -------- d-----w c:\users\adam22\AppData\Local\Nero
2009-04-19 02:03 . 2009-04-19 02:16 -------- d-----w c:\users\adam22\AppData\Roaming\Nero
2009-04-19 01:13 . 2009-04-19 01:39 -------- d-----w c:\program files\Nero
2009-04-19 01:13 . 2009-04-19 01:29 -------- d-----w c:\programdata\Nero
2009-04-19 01:13 . 2009-04-19 01:29 -------- d-----w c:\users\All Users\Nero
2009-04-19 01:13 . 2009-04-19 01:59 -------- d-----w c:\program files\Common Files\Nero
2009-04-18 14:39 . 2009-04-18 14:40 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-18 14:00 . 2009-04-18 14:00 -------- d-----w c:\program files\Streambox
2009-04-18 14:00 . 1997-12-16 14:33 304128 ----a-w c:\windows\IsUninst.exe
2009-04-15 00:40 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-14 11:04 . 2009-04-14 11:04 -------- d-----w c:\programdata\TVU Networks
2009-04-14 11:04 . 2009-04-14 11:04 -------- d-----w c:\users\All Users\TVU Networks
2009-04-01 14:01 . 2009-04-01 14:01 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-01 12:07 . 2009-04-13 13:01 -------- d-----w c:\programdata\Messenger Plus!
2009-04-01 12:07 . 2009-04-13 13:01 -------- d-----w c:\users\All Users\Messenger Plus!
2009-04-01 12:05 . 2009-04-03 13:37 -------- d-----w c:\program files\Circle Develoement
2009-04-01 12:05 . 2009-04-01 12:05 -------- d-----w c:\program files\Messenger Plus! Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 02:58 . 2009-03-17 02:06 3046432 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 23:57 . 2009-04-20 14:14 3584 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-29 23:57 . 2009-03-17 02:06 26948 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 10:27 . 2009-03-13 04:57 -------- d-----w c:\program files\RelevantKnowledge
2009-04-20 14:38 . 2008-01-29 05:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-20 14:15 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-20 14:15 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-20 14:15 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-15 05:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 11:04 . 2009-03-12 11:20 -------- d-----w c:\program files\TVUPlayer
2009-04-14 11:04 . 2009-03-10 06:48 680 ----a-w c:\users\adam22\AppData\Local\d3d9caps.dat
2009-04-01 11:57 . 2009-03-12 21:02 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-31 21:20 . 2009-03-07 01:47 112800 ----a-w c:\users\adam22\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-31 14:02 . 2009-03-31 14:02 -------- d-----w c:\program files\Microsoft Works
2009-03-31 14:02 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-31 14:00 . 2009-03-31 14:00 -------- d-----w c:\program files\Microsoft.NET
2009-03-31 13:58 . 2009-03-31 13:58 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-31 13:15 . 2009-03-31 13:15 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-31 13:15 . 2009-03-31 13:14 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-31 13:12 . 2009-03-31 13:12 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-31 12:55 . 2009-03-31 12:49 -------- d-----w c:\program files\PowerISO
2009-03-29 04:08 . 2009-03-25 11:54 -------- d-----w c:\program files\Babylon
2009-03-29 03:42 . 2009-03-29 03:42 -------- d-----w c:\program files\SlySoft
2009-03-26 11:16 . 2008-03-03 15:06 -------- d-----w c:\program files\Java
2009-03-25 12:48 . 2009-03-25 12:14 -------- d-----w c:\program files\Oxford
2009-03-25 12:34 . 2009-03-25 12:33 -------- d-----w c:\program files\QuickTime
2009-03-25 12:16 . 2009-03-25 12:16 -------- d-----w c:\program files\TEXTware
2009-03-25 12:16 . 2008-03-03 15:59 -------- d-----w c:\program files\IDM
2009-03-25 12:16 . 2008-03-03 15:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 20:54 . 2009-03-21 20:54 -------- d-----w c:\program files\Toshiba TEMPRO
2009-03-21 20:53 . 2009-03-21 20:53 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 12:17 . 2009-03-20 12:18 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-20 12:06 . 2009-03-20 12:06 2232 ----a-w c:\windows\Java\Packages\Data\17LRPNPV.DAT
2009-03-20 12:06 . 2009-03-20 12:06 155995 ----a-w c:\windows\Java\Packages\K3FBDJR7.ZIP
2009-03-20 12:06 . 2009-03-20 12:06 2678 ----a-w c:\windows\Java\Packages\Data\BFHJ53JB.DAT
2009-03-20 12:06 . 2009-03-20 12:06 2678 ----a-w c:\windows\Java\Packages\Data\OKEB3131.DAT
2009-03-20 12:06 . 2009-03-20 12:06 2678 ----a-w c:\windows\Java\Packages\Data\QPJNPF7F.DAT
2009-03-20 12:06 . 2009-03-20 12:06 2678 ----a-w c:\windows\Java\Packages\Data\PRRZLVL3.DAT
2009-03-20 12:06 . 2009-03-20 12:06 2678 ----a-w c:\windows\Java\Packages\Data\0YY1JVDZ.DAT
2009-03-17 03:38 . 2009-04-15 00:40 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 00:40 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 00:40 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-14 00:02 . 2008-03-03 16:01 -------- d-----w c:\program files\Common Files\Adobe
2009-03-13 05:57 . 2009-03-13 05:16 -------- d-----w c:\program files\The KMPlayer
2009-03-13 05:09 . 2009-03-13 05:09 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-03-13 05:04 . 2009-03-13 05:04 -------- d-----w c:\program files\Common Files\xing shared
2009-03-13 05:04 . 2009-03-06 13:39 -------- d-----w c:\program files\Common Files\Real
2009-03-13 04:51 . 2009-03-13 04:51 -------- d-----w c:\program files\GustoSoft
2009-03-12 21:02 . 2009-03-12 21:02 -------- d-----w c:\program files\Microsoft
2009-03-12 21:02 . 2009-03-09 10:54 -------- d-----w c:\program files\Windows Live
2009-03-12 10:58 . 2009-03-12 10:57 -------- d-----w c:\program files\uusee
2009-03-12 08:48 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-03-11 21:48 . 2008-03-03 15:56 -------- d-----w c:\program files\Google
2009-03-09 10:52 . 2009-03-09 10:52 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-08 23:27 . 2009-03-08 23:27 -------- d-----w c:\program files\Adobe(0)
2009-03-07 13:30 . 2009-03-07 13:30 -------- d-----w c:\program files\SopCast
2009-03-07 08:00 . 2009-03-07 08:00 -------- d-----w c:\program files\IDA
2009-03-07 07:59 . 2009-03-07 07:59 -------- d-----w c:\program files\iTunes
2009-03-07 07:59 . 2009-03-07 07:59 -------- d-----w c:\program files\iPod
2009-03-07 07:59 . 2009-03-07 07:57 -------- d-----w c:\program files\Common Files\Apple
2009-03-07 07:59 . 2009-03-07 07:59 -------- d-----w c:\program files\Bonjour
2009-03-07 07:58 . 2009-03-07 07:58 -------- d-----w c:\program files\Apple Software Update
2009-03-07 07:52 . 2009-03-07 07:51 -------- d-----w c:\program files\DivX
2009-03-07 07:51 . 2009-03-07 07:51 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-06 22:18 . 2009-03-06 22:18 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-03-06 21:32 . 2009-03-06 21:32 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 18:40 . 2009-03-06 18:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-03-06 18:40 . 2009-03-06 18:40 -------- d-----w c:\program files\Synaptics
2009-03-06 18:39 . 2008-03-03 15:25 -------- d-----w c:\program files\Toshiba
2009-03-06 18:37 . 2009-03-06 18:37 0 --sha-r c:\windows\system32\drivers\TOSHIBA_Satellite U400_06591-AR_PSU40E-02000.MRK
2009-03-06 18:34 . 2008-03-03 15:49 -------- d-----w c:\program files\Common Files\Toshiba Shared
2009-03-06 18:34 . 2009-03-06 18:34 -------- d-----w c:\program files\Camera Assistant Software for Toshiba
2009-03-06 13:39 . 2009-03-06 13:39 -------- d-----w c:\program files\Real
2009-03-06 13:39 . 2009-03-06 13:39 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-06 13:39 . 2009-03-06 13:39 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-03 04:46 . 2009-04-15 00:40 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 00:40 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 01:00 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 00:40 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 00:40 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 00:40 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 01:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 00:40 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 00:40 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 00:40 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 00:40 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 00:40 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 01:00 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-15 00:40 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 00:40 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 23:33 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.59.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-04-30 00:41 54728 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-30 00:42 81000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-06 18:43 . 2009-04-29 10:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 18:43 . 2009-04-30 14:46 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-06 18:43 . 2009-04-29 10:58 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 18:43 . 2009-04-30 14:46 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 18:43 . 2009-04-29 10:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 18:43 . 2009-04-30 14:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-07 01:48 . 2009-04-30 00:42 9932 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-826169497-3969478296-2407425727-1000_UserData.bin
+ 2009-04-30 00:39 . 2009-04-30 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-29 10:57 . 2009-04-29 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-30 00:39 . 2009-04-30 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-29 10:57 . 2009-04-29 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-07 01:46 . 2009-04-30 11:47 327578 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-04-29 23:09 605072 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 10:46 605072 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 10:46 110354 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-29 23:09 110354 c:\windows\System32\perfc009.dat
+ 2009-03-07 01:52 . 2009-04-29 23:56 2776696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-03-07 01:52 . 2009-04-29 10:56 2776696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-13 198160]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-11-06 103824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-20 206088]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~2\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~2\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~2\KASPER~1\adialhk.dll c:\progra~1\KASPER~2\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2546996-DA93-441E-97BD-0064C7F6857C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{22CD2954-4CEF-49D5-A2BA-CA7D4488F617}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C3EAB50A-E440-4E5F-BF14-0BB86917909D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{03409833-ADB3-452B-891F-29A11ADB5896}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2499E8F5-2F97-4DFB-AF00-091F57E98883}"= UDP:c:\windows\Temp\~os6EBA.tmp\ossproxy.exe:ossproxy.exe
"{99ADDBF4-2B80-460C-8B81-D21FB63B4D5B}"= UDP:c:\windows\Temp\~osA095.tmp\ossproxy.exe:ossproxy.exe
"{E6770018-B5D8-42EA-B9C6-1D6E1A006576}"= UDP:c:\windows\Temp\~os85C.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B0B0E2D3-52C1-489B-B99C-5F5D51147789}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{195E84D0-0F4E-4A72-B427-A96B6800FA15}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{FEA5E276-18F9-4E80-A1B8-342D19A30DEC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9DDC2EC-6D14-417B-82F8-4D0AE234D948}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{70836CAA-FB59-4FBF-928D-7A3B76DBBEFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F5A09A70-4E64-4A1F-B263-A1B2CEE5E503}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A1136960-04D6-4CEA-A8AF-6E391B0FC9D5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{94BA5576-582C-4E55-9FD3-BC5484F680AF}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A731645C-602D-4B70-938D-E63FC34F919B}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUSEE
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-20 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-11-06 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\users\adam22\AppData\Roaming\Mozilla\Firefox\Profiles\jvosvs90.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\RelevantKnowledge\components\rlxg.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-01 02:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-826169497-3969478296-2407425727-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E5D55CF0-DD5F-6BF1-F327-B96FB8814F42}*]
"facllpjbbgeh"=hex:66,61,65,6e,6d,66,6e,6c,6d,65,6c,6e,00,ff
[HKEY_USERS\S-1-5-21-826169497-3969478296-2407425727-1000\Software\SecuROM\License information*]
"datasecu"=hex:6e,ce,ec,8b,18,52,8b,14,11,8d,63,02,00,8b,47,aa,5d,38,11,4b,f1,
f6,61,89,55,86,8b,53,e5,f4,eb,70,97,41,4b,ac,e9,e5,ff,56,fa,b7,02,94,aa,a5,\
"rkeysecu"=hex:4f,b8,5f,38,ef,f0,ab,b5,9d,c2,e7,26,0e,59,a3,b6
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-30 2:58
ComboFix-quarantined-files.txt 2009-04-30 14:58
ComboFix2.txt 2009-04-30 02:18
ComboFix3.txt 2009-04-29 11:02
Pre-Run: 104,098,549,760 bytes free
Post-Run: 104,073,396,224 bytes free
307 --- E O F --- 2009-04-28 23:59
 
توقيع : adam22
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى