- بادئ الموضوع راية الحق
- تاريخ البدء
- 2,089
راية الحق
زيزوومى مميز
غير متصل
واخيرااااااااااااااااااا طلعنا تقرير الكومبو
ComboFix 09-07-14.08 - Majed 07/17/2009 4:00.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.965.1033.18.2046.1037 [GMT 3:00]
Running from: c:\users\Majed\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Majed\AppData\Local\Temp\ppcrlui_3344_2
c:\windows\Installer\WMEncoder.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-16 22:45 . 2009-07-16 22:45 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-16 22:45 . 2009-07-16 22:45 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-07-15 14:22 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 14:22 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 14:22 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 14:22 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-03 11:07 . 2009-07-02 21:39 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-02 22:47 . 2009-07-02 22:49 -------- d-----w- c:\users\Majed\AppData\Local\Microsoft Games
2009-07-02 22:38 . 2009-07-14 19:18 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-02 21:44 . 2009-06-14 13:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-07-02 21:39 . 2009-07-02 21:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 21:39 . 2009-07-02 21:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 21:39 . 2009-07-02 21:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 21:39 . 2009-07-15 13:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-02 21:39 . 2009-07-02 21:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 21:39 . 2009-07-02 21:44 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-02 21:39 . 2009-07-02 21:39 -------- d-----w- c:\programdata\avg8
2009-07-02 21:39 . 2009-07-02 21:39 -------- d-----w- c:\program files\AVG
2009-07-02 20:54 . 2009-07-02 20:54 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-02 20:53 . 2009-07-02 20:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-02 20:53 . 2009-07-02 20:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-25 13:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-25 13:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-06-25 13:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-25 13:25 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-25 13:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-25 13:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-25 13:24 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-25 13:17 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-25 13:17 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-25 13:17 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-25 13:16 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-25 13:16 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-24 21:42 . 2009-07-16 21:55 44544 ----a-w- c:\windows\system32\agremove.exe
2009-06-24 21:13 . 2009-06-24 21:13 -------- d-----w- c:\users\Majed\AppData\Local\Apps
2009-06-24 21:03 . 2009-06-24 21:03 -------- d-----w- c:\users\Majed\AppData\Roaming\PeerNetworking
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\Conduit
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\************
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\users\Majed\AppData\Roaming\4shared Desktop
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\4shared Desktop
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-16 00:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-08 23:35 . 2009-03-13 18:07 -------- d-----w- c:\program files\Cicle Developement
2009-07-08 23:35 . 2009-03-13 18:07 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-06 19:12 . 2009-03-13 18:08 -------- d-----w- c:\programdata\grey hide
2009-07-05 03:37 . 2009-03-13 18:10 -------- d-----w- c:\programdata\Hold Trust Amok Mode
2009-07-02 20:54 . 2009-04-14 18:17 -------- d-----w- c:\program files\Common Files\Real
2009-07-02 20:53 . 2009-04-14 18:17 -------- d-----w- c:\program files\Real
2009-07-02 20:53 . 2008-02-15 14:33 -------- d-----w- c:\program files\Google
2009-07-02 20:04 . 2008-02-15 14:30 -------- d-----w- c:\programdata\McAfee
2009-06-24 20:11 . 2009-04-25 20:10 -------- d-----w- c:\users\Majed\AppData\Roaming\myphotobook
2009-06-15 10:46 . 2009-06-15 10:46 -------- d-----w- c:\programdata\WindowsSearch
2009-06-05 10:53 . 2009-06-05 10:52 -------- d-----w- c:\program files\SweetIM
2009-06-05 10:52 . 2009-06-05 10:52 -------- d-----w- c:\programdata\SweetIM
2009-05-04 18:52 . 2009-05-04 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-14 18:10 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 18:10 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-13 01:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-13 01:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-13 01:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-13 01:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-13 01:16 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-13 01:16 2033152 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-04-22 13:52 2086936 ----a-w- c:\program files\************\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 13:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 11:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\************\tb4sha.dll" [2009-04-22 2086936]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\************\tb4sha.dll" [2009-04-22 2086936]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BashTons"="c:\programdata\part ping ping.ag6j5r" [X]
"Amok Mode Dupe Platform"="c:\programdata\Drive Locks More.aqp3jl" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-07-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Sun****UpdateSched"="c:\program files\****\jre6\bin\jusched.exe" [2009-05-04 148888]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-15 1836544]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe " [2007-05-04 571024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-02 198160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleD esktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8C1697A7-27F0-403E-857C-FED5E215B296}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A510B74D-F5E3-457F-ABD7-FC6C11B55C5B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6E1F59B2-1428-4A25-84B7-FB9FB5FBE23E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/07/2009 12:39 ص 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/07/2009 12:39 ص 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2009 12:39 ص 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2009 12:39 ص 298776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 04:07 م 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 08:03 م 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [15/02/2008 04:27 م 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2medi a.sys [15/01/2008 12:34 م 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 06:13 م 8192]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-*{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} -
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} -
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-17 04:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000AA07B5B6A7B7A096F0 524288 bytes executable
scan completed successfully
hidden files: 1
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-17 4:06
ComboFix-quarantined-files.txt 2009-07-17 01:06
Pre-Run: 88,279,924,736 bytes free
Post-Run: 88,400,199,680 bytes free
225 --- E O F --- 2009-07-16 00:02
ComboFix 09-07-14.08 - Majed 07/17/2009 4:00.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.965.1033.18.2046.1037 [GMT 3:00]
Running from: c:\users\Majed\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Majed\AppData\Local\Temp\ppcrlui_3344_2
c:\windows\Installer\WMEncoder.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-16 22:45 . 2009-07-16 22:45 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-16 22:45 . 2009-07-16 22:45 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-07-15 14:22 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 14:22 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 14:22 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 14:22 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-03 11:07 . 2009-07-02 21:39 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-02 22:47 . 2009-07-02 22:49 -------- d-----w- c:\users\Majed\AppData\Local\Microsoft Games
2009-07-02 22:38 . 2009-07-14 19:18 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-02 21:44 . 2009-06-14 13:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-07-02 21:39 . 2009-07-02 21:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 21:39 . 2009-07-02 21:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 21:39 . 2009-07-02 21:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 21:39 . 2009-07-15 13:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-02 21:39 . 2009-07-02 21:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 21:39 . 2009-07-02 21:44 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-02 21:39 . 2009-07-02 21:39 -------- d-----w- c:\programdata\avg8
2009-07-02 21:39 . 2009-07-02 21:39 -------- d-----w- c:\program files\AVG
2009-07-02 20:54 . 2009-07-02 20:54 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-02 20:53 . 2009-07-02 20:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-02 20:53 . 2009-07-02 20:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-25 13:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-25 13:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-06-25 13:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-25 13:25 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-25 13:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-25 13:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-25 13:24 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-25 13:17 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-25 13:17 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-25 13:17 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-25 13:16 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-25 13:16 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-24 21:42 . 2009-07-16 21:55 44544 ----a-w- c:\windows\system32\agremove.exe
2009-06-24 21:13 . 2009-06-24 21:13 -------- d-----w- c:\users\Majed\AppData\Local\Apps
2009-06-24 21:03 . 2009-06-24 21:03 -------- d-----w- c:\users\Majed\AppData\Roaming\PeerNetworking
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\Conduit
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\************
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\users\Majed\AppData\Roaming\4shared Desktop
2009-06-19 00:10 . 2009-06-19 00:10 -------- d-----w- c:\program files\4shared Desktop
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-16 00:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-08 23:35 . 2009-03-13 18:07 -------- d-----w- c:\program files\Cicle Developement
2009-07-08 23:35 . 2009-03-13 18:07 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-06 19:12 . 2009-03-13 18:08 -------- d-----w- c:\programdata\grey hide
2009-07-05 03:37 . 2009-03-13 18:10 -------- d-----w- c:\programdata\Hold Trust Amok Mode
2009-07-02 20:54 . 2009-04-14 18:17 -------- d-----w- c:\program files\Common Files\Real
2009-07-02 20:53 . 2009-04-14 18:17 -------- d-----w- c:\program files\Real
2009-07-02 20:53 . 2008-02-15 14:33 -------- d-----w- c:\program files\Google
2009-07-02 20:04 . 2008-02-15 14:30 -------- d-----w- c:\programdata\McAfee
2009-06-24 20:11 . 2009-04-25 20:10 -------- d-----w- c:\users\Majed\AppData\Roaming\myphotobook
2009-06-15 10:46 . 2009-06-15 10:46 -------- d-----w- c:\programdata\WindowsSearch
2009-06-05 10:53 . 2009-06-05 10:52 -------- d-----w- c:\program files\SweetIM
2009-06-05 10:52 . 2009-06-05 10:52 -------- d-----w- c:\programdata\SweetIM
2009-05-04 18:52 . 2009-05-04 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-14 18:10 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 18:10 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-13 01:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-13 01:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-13 01:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-13 01:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-13 01:16 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-13 01:16 2033152 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-04-22 13:52 2086936 ----a-w- c:\program files\************\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 13:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 11:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\************\tb4sha.dll" [2009-04-22 2086936]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\************\tb4sha.dll" [2009-04-22 2086936]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BashTons"="c:\programdata\part ping ping.ag6j5r" [X]
"Amok Mode Dupe Platform"="c:\programdata\Drive Locks More.aqp3jl" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-07-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Sun****UpdateSched"="c:\program files\****\jre6\bin\jusched.exe" [2009-05-04 148888]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-15 1836544]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe " [2007-05-04 571024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-02 198160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NDSTray.exe"="NDSTray.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleD esktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8C1697A7-27F0-403E-857C-FED5E215B296}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A510B74D-F5E3-457F-ABD7-FC6C11B55C5B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6E1F59B2-1428-4A25-84B7-FB9FB5FBE23E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/07/2009 12:39 ص 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/07/2009 12:39 ص 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2009 12:39 ص 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2009 12:39 ص 298776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 04:07 م 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 08:03 م 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [15/02/2008 04:27 م 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2medi a.sys [15/01/2008 12:34 م 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 06:13 م 8192]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-*{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-17 04:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000AA07B5B6A7B7A096F0 524288 bytes executable
scan completed successfully
hidden files: 1
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-17 4:06
ComboFix-quarantined-files.txt 2009-07-17 01:06
Pre-Run: 88,279,924,736 bytes free
Post-Run: 88,400,199,680 bytes free
225 --- E O F --- 2009-07-16 00:02
تأييد
0
راية الحق
زيزوومى مميز
غير متصل
وهذا الهايجاك من جديد
Logfile of HijackThis v1.99.1
Scan saved at 04:19:45 ص, on 17/07/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\****\jre6\bin\jusched.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Users\Majed\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: ****(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\****\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Sun****UpdateSched] "C:\Program Files\****\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BashTons] "C:\ProgramData\part ping ping.ag6j5r"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Drive Locks More.aqp3jl"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB2202DC-1142-4E91-831A-80B150CA5062}: NameServer = 10.40.155.34 10.40.155.33
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3. dll C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of HijackThis v1.99.1
Scan saved at 04:19:45 ص, on 17/07/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\****\jre6\bin\jusched.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Users\Majed\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: ****(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\****\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Sun****UpdateSched] "C:\Program Files\****\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BashTons] "C:\ProgramData\part ping ping.ag6j5r"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Drive Locks More.aqp3jl"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB2202DC-1142-4E91-831A-80B150CA5062}: NameServer = 10.40.155.34 10.40.155.33
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3. dll C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
لا زالت هناك مشكلة
هل اشتراك الانترنت عن طريق شركة زين (( لان المودم شكله عامل مشكلة ))
طيب
عمل فحص سريع للـ Bitdefender
هل اشتراك الانترنت عن طريق شركة زين (( لان المودم شكله عامل مشكلة ))
طيب
عمل فحص سريع للـ Bitdefender
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : البارون
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
اختي احذفي هالقيم
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [BashTons] "C:\ProgramData\part ping ping.ag6j5r"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Drive Locks More.aqp3jl"
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
بالاضافة الى حذف جميع التولبيرات من اضافة وازالة البرامج الموجودة في لوحه التحكم
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [BashTons] "C:\ProgramData\part ping ping.ag6j5r"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Drive Locks More.aqp3jl"
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
=================================
طريقة الحذف
=====================================
بالاضافة الى حذف جميع التولبيرات من اضافة وازالة البرامج الموجودة في لوحه التحكم
توقيع : فارس الملاك
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
اختي اتبعي هالمسار وحاولي حذف الملف
c:\windows\TEMP\TMP000000AA07B5B6A7B7A096F0 524288
c:\windows\TEMP\TMP000000AA07B5B6A7B7A096F0 524288
توقيع : فارس الملاك
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
بعد عمل السابق اعملي اعادة تشغيل وتقرير هايجاك جديد
توقيع : فارس الملاك
تأييد
0
السلام عليكم أخي راية الحق ... أعتقد أن المشكلة في الـرجستري (( Registry )) ... حمل برنامج Registry Shower 2009
105K3-3RLBB-ST494-WQWU3-A4099-3JD4M
ولكني للأسف لا أعرف طريقة وضع السيريال ... وأعتقد إن لم تضعه سوف لن يمسح بعض المشاكل ... وقد تكون منها مشكلتك ... وأنصحك أيضاً ببرنامج RegDoctor ... و RegCure ... وأرجو أن تنجح فكرتي ......
والسلام عليكم ورحمة الله وبركاته ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وهذا هو السيريال:105K3-3RLBB-ST494-WQWU3-A4099-3JD4M
ولكني للأسف لا أعرف طريقة وضع السيريال ... وأعتقد إن لم تضعه سوف لن يمسح بعض المشاكل ... وقد تكون منها مشكلتك ... وأنصحك أيضاً ببرنامج RegDoctor ... و RegCure ... وأرجو أن تنجح فكرتي ......
والسلام عليكم ورحمة الله وبركاته ...
توقيع : bully
تأييد
0
راية الحق
زيزوومى مميز
غير متصل
السلام عليكم ورحمة الله وبركاته
جزاكم الله خير كل بإسمه .. أسأل الله العظيم ان يبارك فيكم وينفعكم ويثيبكم خيرا في الدارين
لقيت من اختي مسج تقولي فيه .. انها ماقدرت تحذف شي ..
وصلة الايقو اللي شابكها منها على النت مو راضية تشتغل
وبصعوبة قدرت تسوي ريستارت
تسأل تقول فيه طريقة ثانية احذف فيها هالقيم بدل من أداة الهايجاك ؟
لأن كل ماحاولت تحذف وصلة الواير لس تفصل الاتصال
جزاكم الله خير كل بإسمه .. أسأل الله العظيم ان يبارك فيكم وينفعكم ويثيبكم خيرا في الدارين
لقيت من اختي مسج تقولي فيه .. انها ماقدرت تحذف شي ..
وصلة الايقو اللي شابكها منها على النت مو راضية تشتغل
وبصعوبة قدرت تسوي ريستارت
تسأل تقول فيه طريقة ثانية احذف فيها هالقيم بدل من أداة الهايجاك ؟
لأن كل ماحاولت تحذف وصلة الواير لس تفصل الاتصال
تأييد
0
Corporation
زيزوومى فضى
غير متصل
تتبعي مسار القيم وقومي بـ الحذف .. هذا ان كنتي تعرفي لأمآآكن القيم
يعني مو تجين تحذفين ملف بـ system32
وتصير مشاكل بالجهاز ..
يعني مو تجين تحذفين ملف بـ system32
وتصير مشاكل بالجهاز ..
توقيع : Corporation
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
اختي دخلي على هالصفحة ونزلي اداة المكافي وشغليها
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : فارس الملاك
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
k:k:k:
تحميل برنامج المكافي
فحص جميع ملفات الجهاز عن الفيروسات بجميع أنواعها
وبعدين تحصلين ملف اسمه noor في مجلد السي اضغطيه وارفعيها على اي مركز تحميل وحطي الرابط في الرد القادم
فحص جميع ملفات الجهاز عن الفيروسات بجميع أنواعها
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعدين تحصلين ملف اسمه noor في مجلد السي اضغطيه وارفعيها على اي مركز تحميل وحطي الرابط في الرد القادم
توقيع : البارون
تأييد
0