-
تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع مشاري1
- تاريخ البدء
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصلو عليكم السلام و رحمة الله و بركته ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ... توقيع : MMA_LORD_735
تأييد 0ابشر عيني تفضل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:52:45 ص, on 19/06/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Toshiba\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Super Screen Capture] C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Eq 16] "C:\ProgramData\Camp Readme Readme.xjm99"
O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\THE KIND 01.uljm2g"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\adialhk.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11154 bytesتأييد 0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصلبدال الغالي *_*
اعمل التالي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
وارفع تقرير جديدتوقيع : AbOdy
تأييد 0ComboFix 09-06-18.02 - Toshiba 06/19/2009 4:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.966.1025.18.2939.2024 [GMT 3:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
AV: STC Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: STC Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: STC Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4015055615-4228311801-2113635088-500
c:\$recycle.bin\S-1-5-21-4015055615-4228311801-2113635088-500\desktop.ini
c:\users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 01:08 . 2009-06-19 01:08 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2009-06-18 22:22 . 2009-06-18 22:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-18 22:09 . 2008-06-12 10:09 33088 ----a-w- c:\users\Toshiba\AppData\Roaming\Macromedia\Flash Player\يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
2009-06-18 17:13 . 2009-06-18 17:14 -------- d-----w- c:\windows\Album
2009-06-15 15:08 . 2009-06-15 15:56 -------- d-----w- c:\program files\WinPcap
2009-06-15 15:07 . 2009-06-16 11:20 -------- d-----w- c:\program files\WMR11
2009-06-15 12:10 . 2009-06-16 11:14 -------- d-----w- c:\program files\Mask Surf Lite
2009-06-15 09:24 . 2009-06-16 11:19 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Tor
2009-06-15 08:14 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-15 08:14 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-15 08:13 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-15 08:13 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-15 08:13 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-15 08:13 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-15 08:13 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-15 08:06 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-15 08:06 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-15 08:06 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-15 08:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-15 08:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-14 15:36 . 2009-06-15 09:24 78462 ----a-w- c:\windows\system32\perfc001.dat
2009-06-14 15:36 . 2009-06-15 09:24 439048 ----a-w- c:\windows\system32\perfh001.dat
2009-06-14 15:36 . 2009-06-14 15:34 41018 ----a-w- c:\windows\system32\perfd001.dat
2009-06-14 15:36 . 2009-06-14 15:34 285290 ----a-w- c:\windows\system32\perfi001.dat
2009-06-14 14:16 . 2009-06-14 15:43 -------- d-----w- C:\MUITools
2009-06-13 11:10 . 2009-06-13 11:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-13 11:10 . 2009-06-13 11:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-13 11:10 . 2009-06-19 00:52 466976 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-13 11:10 . 2009-06-18 21:24 3480096 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-13 11:10 . 2009-06-13 11:10 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-12 22:21 . 2009-06-18 21:24 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-12 22:18 . 2009-06-13 10:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-11 23:20 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 23:20 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 23:20 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\Common Files\Adobe(26)
2009-06-11 18:50 . 2009-06-11 18:50 304160 ----a-w- C:\PA207.DAT
2009-06-11 10:00 . 2009-06-11 10:01 -------- d-----w- c:\program files\RealArcade
2009-06-09 22:32 . 2009-06-09 22:32 854139 ----a-w- c:\users\Toshiba\AppData\Roaming\Hide IP NG\hideipng-update.exe
2009-06-05 14:12 . 2009-06-11 23:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Hide IP NG
2009-06-05 14:07 . 2009-06-05 14:08 -------- d-----w- C:\Artera_Setup
2009-06-03 05:15 . 2009-06-03 05:45 -------- d-----r- c:\programdata\SCPP
2009-06-02 23:34 . 2009-06-02 23:34 680 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat
2009-06-02 23:07 . 2009-06-02 23:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\URSoft
2009-06-02 23:07 . 2009-06-02 23:27 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 21:57 . 2009-06-01 05:48 -------- d-----w- c:\program files\Spyware Doctor
2009-05-28 22:05 . 2009-05-28 22:06 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Camfrog
2009-05-27 20:48 . 2009-06-18 22:24 -------- d-----w- c:\users\Toshiba\AppData\Local\Adobe
2009-05-25 02:17 . 2009-06-13 10:56 -------- d-----w- c:\program files\Paltalk Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:08 . 2009-05-12 14:41 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache
2009-06-19 00:52 . 2009-06-13 11:10 2676 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-19 00:37 . 2009-05-12 22:12 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Skype
2009-06-18 22:38 . 2009-05-12 22:12 -------- d-----w- c:\users\Toshiba\AppData\Roaming\skypePM
2009-06-18 21:24 . 2009-06-13 11:10 28268 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-18 19:57 . 2009-05-17 23:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-18 17:13 . 2009-05-18 01:54 -------- d-----w- c:\program files\KYE
2009-06-18 17:13 . 2008-09-08 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 15:34 . 2009-05-12 14:56 41018 ----a-w- c:\windows\inf\PERFLIB\0401\perfd.dat
2009-06-14 15:34 . 2009-05-12 14:56 41018 ----a-w- c:\windows\inf\PERFLIB\0401\perfc.dat
2009-06-14 15:34 . 2009-05-12 14:56 285290 ----a-w- c:\windows\inf\PERFLIB\0401\perfi.dat
2009-06-14 15:34 . 2009-05-12 14:56 285290 ----a-w- c:\windows\inf\PERFLIB\0401\perfh.dat
2009-06-13 11:56 . 2009-05-12 14:46 -------- d-----w- c:\programdata\user obj each
2009-06-13 11:19 . 2009-05-12 14:47 -------- d-----w- c:\programdata\Second Atom Okay Proxy
2009-06-13 11:00 . 2008-09-08 18:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-13 10:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-13 08:03 . 2008-09-08 18:45 -------- d-----w- c:\programdata\Symantec
2009-06-13 02:10 . 2009-05-12 17:28 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Paltalk
2009-06-11 23:00 . 2009-05-12 17:31 -------- d-----w- c:\program files\ManyCam 2.4
2009-06-11 23:00 . 2009-05-18 01:57 -------- d-----w- c:\program files\Common Files\PAC207
2009-06-02 02:26 . 2009-05-12 14:41 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM
2009-05-27 16:53 . 2009-05-27 16:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-05-19 18:04 . 2009-05-12 14:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-18 21:13 . 2009-05-18 21:13 -------- d-----w- c:\programdata\WindowsSearch
2009-05-17 23:30 . 2009-05-17 23:30 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Media Player Classic
2009-05-13 00:21 . 2008-09-08 17:38 -------- d-----w- c:\program files\Toshiba
2009-05-13 00:12 . 2009-05-13 00:11 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2009-05-13 00:11 . 2008-09-08 18:12 -------- d-----w- c:\programdata\Toshiba
2009-05-13 00:04 . 2009-05-13 00:03 -------- d-----w- c:\program files\Jumpstart
2009-05-13 00:03 . 2009-05-13 00:01 -------- d-----w- c:\programdata\Atheros
2009-05-13 00:02 . 2009-05-13 00:01 -------- d-----w- c:\program files\Atheros
2009-05-13 00:01 . 2009-05-13 00:01 -------- d-----w- c:\program files\Cisco
2009-05-13 00:00 . 2009-05-13 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-05-13 00:00 . 2009-05-13 00:00 -------- d-----w- c:\program files\Synaptics
2009-05-12 23:57 . 2008-09-08 18:05 -------- d-----w- c:\program files\Intel
2009-05-12 23:56 . 2009-05-12 23:56 -------- d-----w- c:\program files\ltmoh
2009-05-12 23:53 . 2009-05-12 23:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-12 23:53 . 2009-05-12 23:53 315392 ----a-w- c:\windows\HideWin.exe
2009-05-12 23:53 . 2008-09-08 18:07 -------- d-----w- c:\program files\Realtek
2009-05-12 23:47 . 2009-05-12 23:47 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2009-05-12 22:12 . 2009-05-12 22:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-12 22:11 . 2009-05-12 22:11 -------- d-----w- c:\program files\Skype
2009-05-12 22:11 . 2009-05-12 22:11 -------- d-----w- c:\programdata\Skype
2009-05-12 22:11 . 2009-05-12 22:11 -------- d-----w- c:\program files\Common Files\Skype
2009-05-12 20:26 . 2009-05-12 14:46 -------- d-----w- c:\program files\Windows Live
2009-05-12 20:25 . 2009-05-12 20:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-12 20:24 . 2009-05-12 20:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-12 20:22 . 2009-05-12 20:22 -------- d-----w- c:\program files\Microsoft
2009-05-12 20:22 . 2009-05-12 20:22 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-12 20:01 . 2009-05-12 20:01 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-12 17:32 . 2009-05-12 17:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\ManyCam
2009-05-12 17:27 . 2009-05-12 17:27 -------- d-----w- c:\program files\USB Disk Security
2009-05-12 16:49 . 2009-05-12 16:49 -------- d-----w- c:\programdata\Messenger Plus!
2009-05-12 16:49 . 2009-05-12 14:31 127656 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-12 16:47 . 2008-09-08 18:29 -------- d-----w- c:\program files\Google
2009-05-12 16:30 . 2009-05-12 16:30 -------- d-----w- c:\program files\Microsoft.NET
2009-05-12 16:25 . 2009-05-12 23:42 -------- d-----w- c:\programdata\Microsoft Help
2009-05-12 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-12 14:56 . 2009-05-12 14:56 -------- d-----w- c:\program files\Windows Journal
2009-05-12 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-12 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-12 14:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-12 14:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-12 14:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-12 14:51 . 2009-05-12 14:51 2232 ----a-w- c:\windows\Java\Packages\Data\JTBZTF35.DAT
2009-05-12 14:51 . 2009-05-12 14:51 155995 ----a-w- c:\windows\Java\Packages\3TJLRTB1.ZIP
2009-05-12 14:51 . 2009-05-12 14:51 2678 ----a-w- c:\windows\Java\Packages\Data\IQUEVXJ1.DAT
2009-05-12 14:51 . 2009-05-12 14:51 2678 ----a-w- c:\windows\Java\Packages\Data\R35FXNN9.DAT
2009-05-12 14:51 . 2009-05-12 14:51 2678 ----a-w- c:\windows\Java\Packages\Data\4RHBP3HR.DAT
2009-05-12 14:51 . 2009-05-12 14:51 2678 ----a-w- c:\windows\Java\Packages\Data\137B5RDB.DAT
2009-05-12 14:51 . 2009-05-12 14:51 2678 ----a-w- c:\windows\Java\Packages\Data\KKG1VT35.DAT
2009-05-12 14:48 . 2009-05-12 14:48 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-12 14:48 . 2009-05-12 14:47 -------- d-----w- c:\program files\Common Files\Real
2009-05-12 14:47 . 2009-05-12 14:47 -------- d-----w- c:\program files\Real
2009-05-12 14:43 . 2009-05-12 14:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-12 14:42 . 2009-05-12 14:40 -------- d-----w- c:\program files\Internet Download Manager
2009-05-12 14:41 . 2009-05-12 14:41 181680 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-12 14:34 . 2009-05-12 14:34 -------- d-----w- c:\users\Toshiba\AppData\Roaming\WinBatch
2009-05-12 14:32 . 2009-05-12 14:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Symantec
2009-05-12 14:31 . 2009-05-12 14:31 15 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-05-12 14:31 . 2009-05-12 14:31 5 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-05-08 06:15 . 2009-05-08 06:15 76384 ----a-w- c:\programdata\Kaspersky Lab Setup Files\STC Kaspersky Internet Security 2009\Arabic\setup.exe
2009-05-08 06:02 . 2009-05-08 06:02 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-08 06:02 . 2009-05-08 06:02 26789 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-04-24 16:05 . 2009-06-13 12:17 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-13 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-13 12:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-26 05:00 . 2009-03-26 05:00 64000 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eq 16"="c:\programdata\Camp Readme Readme.xjm99" [X]
"Okay Proxy Ooze Each"="c:\programdata\THE KIND 01.uljm2g" [X]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-12 2745776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 185872]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AVP"="c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe" [2009-05-08 208616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\STCKAS~1\mzvkbd.dll c:\progra~1\KASPER~1\STCKAS~1\mzvkbd3.dll c:\progra~1\KASPER~1\STCKAS~1\adialhk.dll c:\progra~1\KASPER~1\STCKAS~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{164BFCA1-9D7C-4E03-9C26-9892510781A7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CF58767C-DCB6-4ADE-ACC8-7A7888B147CE}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe
altalkScene
"UDP Query User{61B5839A-95EA-4B7A-952F-2E466BDA2617}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exealtalkScene
"{E5EB50F0-FDFE-4D35-91B5-6EFE1F9E3286}"= UDP:c:\program files\Mask Surf Pro\masksurf.exe:Mask Surf Pro
"{F7DB0BCF-A563-4B99-8095-8EC8A374C3D8}"= TCP:c:\program files\Mask Surf Pro\masksurf.exe:Mask Surf Pro
"{B94768E0-4419-49A7-8086-9EA85225D461}"= UDP:c:\program files\Mask Surf Pro\Tor\tor.exe:Tor
"{2E4978D9-202E-41E6-9F02-CFA2B1C35FB0}"= TCP:c:\program files\Mask Surf Pro\Tor\tor.exe:Tor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/08 06:29 م 32784]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [13/05/09 03:04 ص 20384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/08 06:28 م 20496]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17/04/08 10:19 ص 40960]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [08/09/08 09:16 م 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [04/12/07 03:03 ص 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [08/09/08 09:12 م 7168]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/08 07:02 م 26640]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\System32\drivers\ManyCam.sys [14/01/08 01:06 م 21632]
R3 PAC207;e-Messenger 112;c:\windows\System32\drivers\PFC027.SYS [18/05/09 04:57 ص 616064]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/07 07:34 م 15872]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [13/05/09 03:03 ص 954368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25/01/07 08:31 م 42000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-Super Screen Capture - c:\program files\Zeallsoft\Super Screen Capture\SSCapture.exe
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.grnaas.com/a/
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://98.126.24.186:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.238.30/saudi1999/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-19 04:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????I5??????h?????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-19 4:10
ComboFix-quarantined-files.txt 2009-06-19 01:10
Pre-Run: 72,652,849,152 bytes free
Post-Run: 73,108,594,688 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
282 --- E O F --- 2009-06-19 00:45تأييد 0MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصلالله يعطيك العافية ...
و بدال الغالي :bleh: ...
هات تقرير هايجك جديد ...
توقيع : MMA_LORD_735
تأييد 0MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصلأول مشارك لي طال عمرك ...توقيع : MMA_LORD_735
تأييد 0MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصلتوقيع : MMA_LORD_735
تأييد 0Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:45:18 ص, on 19/06/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Toshiba\Documents\Downloads\Programs\HiJackThis_2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Eq 16] "C:\ProgramData\Camp Readme Readme.xjm99"
O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\THE KIND 01.uljm2g"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\STCKAS~1\adialhk.dll C:\PROGRA~1\KASPER~1\STCKAS~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9741 bytesتأييد 0MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصللا حولا ولا قوة ألا بالله لعلي العظيم ...
والله هذا قلت أحترام ...
أنت أقل شي أبعث لي رسالة ذكرني بلموضوع ...
في 20 موضوع و 20 عضو في اليوم أيش أذكر لأذكر انا ؟
أعمل التالي ...
حدد هذه القيم ...
و سوي لها أصلاح ...
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKCU\..\Run: [Eq 16] "C:\ProgramData\Camp Readme Readme.xjm99"
O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\THE KIND 01.uljm2g"
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
طريقة الأصلاح ...
استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
و بعدين ريستارد للجهاز و هات تقرير جديد ...
و أهم شي تزيد أدبك في الحديث !! ...
التعديل الأخير بواسطة المشرف:توقيع : MMA_LORD_735
تأييد 0فارس الملاك
زيزوومى محترف
غير متصلالرجاء انتقاء جمل اخلاقية
وخاصتا عندما تخاطب احد اعضاء فريق العمل
توقيع : فارس الملاك
تأييد 0
