السلام عليكم
أنا شغلت الأداة الأولى وهذا التقرير حقها
ComboFix 08-08-27.01 - Dhawi 2008-08-28 1:07:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.196 [GMT 3:00]
Running from: C:\Documents and Settings\Dhawi\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\olb1iimw.bat
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\e.cmd
D:\olb1iimw.bat
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 23:44 . 2008-08-27 23:44 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-08-26 01:24 . 2008-08-26 01:28 <DIR> d-------- C:\Program Files\Proxifier
2008-08-26 01:24 . 1997-06-06 15:52 11,264 --a------ C:\WINDOWS\system32\SPORDER.DLL
2008-08-24 19:43 . 2008-08-24 19:44 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-08-22 02:14 . 2008-08-22 02:14 <DIR> d-------- C:\Program Files\CCleaner
2008-08-20 20:45 . 2008-08-20 20:46 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\ArtOfPing
2008-08-20 20:34 . 2008-08-20 20:34 <DIR> d-------- C:\TEMP
2008-08-20 20:34 . 2008-08-20 20:34 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\GPass-3
2008-08-20 20:08 . 2008-08-20 20:08 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\GPass
2008-08-20 15:25 . 2008-08-20 15:25 <DIR> d-------- C:\Program Files\4arabnetwork
2008-08-19 21:06 . 2008-08-19 21:06 <DIR> d-------- C:\Program Files\TeamViewer3
2008-08-19 21:06 . 2008-08-19 22:30 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\TeamViewer
2008-08-19 20:48 . 2008-08-19 20:48 <DIR> d-------- C:\Documents and Settings\Dhawi\temp
2008-08-18 23:26 . 2008-08-18 23:30 <DIR> d-------- C:\s2h
2008-08-18 20:59 . 2008-08-24 18:09 <DIR> d-------- C:\Program Files\HTTP-Tunnel
2008-08-15 22:43 . 2008-08-15 22:43 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-06 22:10 . 2008-08-06 22:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-06 05:52 . 2008-08-09 11:46 <DIR> d-------- C:\Program Files\Ares
2008-08-03 19:16 . 2008-08-03 19:16 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-03 19:16 . 2008-08-03 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-03 03:26 . 2008-08-03 03:26 <DIR> d-------- C:\Program Files\Microsoft Firewall Client 2004
2008-07-29 22:07 . 2008-08-27 23:27 <DIR> d-------- C:\Documents and Settings\Dhawi\Tracing
2008-07-29 21:54 . 2008-08-01 04:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 22:13 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\DMCache
2008-08-27 22:10 393,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-27 22:10 2,424 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-27 22:10 16,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-27 22:10 1,931,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-27 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-26 00:59 --------- d-----w C:\Program Files\InterVideo
2008-08-24 16:38 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\uTorrent
2008-08-23 17:58 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-22 23:35 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\IDM
2008-08-20 17:26 --------- d-----w C:\Program Files\uTorrent
2008-08-19 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-12 00:58 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-06 19:10 --------- d-----w C:\Program Files\Common Files\Real
2008-08-05 21:38 37,088 ----a-w C:\Documents and Settings\Dhawi\Application Data\GDIPFONTCACHEV1.DAT
2008-08-03 16:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 09:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Babylon
2008-07-29 18:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 19:09 --------- d-----w C:\Program Files\Windows Live
2008-07-26 19:09 --------- d-----w C:\Program Files\MSN Messenger
2008-07-25 12:56 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-25 12:56 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-25 12:28 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-25 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 13:47 --------- d-----w C:\Program Files\TechSmith
2008-07-23 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-23 13:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 02:26 --------- d--h--w C:\Program Files\Zenographics
2008-07-19 02:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-15 13:25 --------- d-----w C:\Program Files\Babylon
2008-07-14 03:55 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\AdobeUM
2008-07-12 18:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-12 18:58 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-12 13:44 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-11 20:58 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-07-06 22:16 --------- d-----w C:\Program Files\Real
2008-07-06 21:52 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Media Player Classic
2008-07-06 14:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-06 07:33 --------- d-----w C:\Program Files\Symantec
2008-07-06 07:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-06 04:12 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-06 04:12 --------- d-----w C:\Program Files\Toshiba
2008-07-06 04:11 --------- d-----w C:\Program Files\Synaptics
2008-07-06 04:11 --------- d-----w C:\Program Files\Sonic
2008-07-06 04:11 --------- d-----w C:\Program Files\Realtek
2008-07-06 04:10 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-06 04:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-06 04:10 --------- d-----w C:\Program Files\ltmoh
2008-07-06 04:10 --------- d-----w C:\Program Files\Java
2008-07-06 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 04:08 --------- d-----w C:\Program Files\Common Files\Java
2008-07-06 04:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-06 04:08 --------- d-----w C:\Program Files\ATI Technologies
2008-07-06 04:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Windows Desktop Search
2008-07-06 04:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
2008-07-06 04:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-07-06 04:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-07-06 04:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Windows Desktop Search
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\toshiba
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Sonic
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\ATI
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-07-05 20:51 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Protector Suite
2008-07-05 20:49 --------- d-----w C:\Program Files\Protector Suite QL
2008-07-05 20:48 --------- d-----w C:\Program Files\Common Files\Protector Suite QL
2008-07-05 20:47 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-05 20:47 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-05 20:47 --------- d-----w C:\Program Files\Intel
2008-07-05 20:47 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Intel
2008-07-05 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-07-05 20:44 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE A100_04705-AR_PSAA9E-0R101.MRK
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 14:26 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:12 15360]
"CCProxy"="C:\Documents and Settings\Dhawi\Desktop\CCProxy\CCProxy.dat" [2008-02-26 22:53 1159168]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-11 03:15 802816]
"AFProg"="C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-26 05:26 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02 352256]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:31 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 08:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02 761948]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 15:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 15:04 49152]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 14:11 73728]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36 30208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 22:09 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 01:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 16:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 17:26 266240 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 18:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"nwiz"="nwiz.exe" [2006-05-01 15:04 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:12 15360]
C:\Documents and Settings\Dhawi\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Shortcut to installer.lnk - C:\Documents and Settings\Dhawi\Desktop\CCProxy\installer.exe [2008-07-08 09:48:36 20480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 00:19:10 1753088]
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 19:04:10 117568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 15:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\CCProxy\\CCProxy.v6.60\\CCProxy.v6.60\\CCProxy.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Dhawi\\Desktop\\CCProxy\\CCProxy.dat"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]
R2 FwcAgent;Firewall Client Agent;C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 19:04]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 17:33]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-12-16 23:37]
S3 NetHook_ControlCenter;ArtOfPing ControlCenter;C:\Program Files\PingFu Iris\ControlCenter.sys []
S3 NetHook_Interceptor;ArtOfPing TDI Interceptor;C:\Program Files\PingFu Iris\Interceptor.sys []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dhawi\Application Data\Mozilla\Firefox\Profiles\qxiwvc4h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-28 01:13:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2008-08-28 1:15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 22:15:55
Pre-Run: 59,514,114,048 bytes free
Post-Run: 59,490,897,920 bytes free
243
وهذا تقرير أداة هايجاك
=====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:38 AM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\Dhawi\Desktop\CCProxy\CCProxy.dat
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dhawi\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:808
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.kfupm.edu.sa;10.*.*.*;localhost;127.0.0.1;172.16.*.*;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCProxy] C:\Documents and Settings\Dhawi\Desktop\CCProxy\CCProxy.dat
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to installer.lnk = C:\Documents and Settings\Dhawi\Desktop\CCProxy\installer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 9714 bytes
والله يعطيك العافية
