أداة صغيرة لحذف فايروس الماسنجر الذي يقوم بارسال ملف مضغوط ,,

[]|[EnTeR]|[]

مشكوٍرٍ ماقصرٍتّ

 

[boob77]

مشكوٍرٍ ماقصرٍتّ

العفو ’’’
​

 

[B@NDER]

بارك الله فيك أخوي ،،

الله يجزاك كل خير

مشكوور ،،​

 

[MOZY_55]

مشكوووووور ع الاداة
​

 

[boob77]

العفو اخواني بارك الله فيكم

وتسلمون على لطف ردكم ومروركم الغالي

كل الود والتقدير

،،،
،،
،

 

[شـــــوق]

يعطيك الف عافيه اخوووووي..

وهذا التقرير اللي طلع لي لما شغلت
البرنامج

combofix 08-10-19.04 - toshiba 2008-10-22 5:35:42.1 - ntfsx86
microsoft® windows vista™ home basic 6.0.6000.0.1252.1.1033.18.492 [gmt 3:00]
running from: C:\users\toshiba\desktop\combofix.exe
* created a new restore point
.
((((((((((((((((((((((((( files created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-21 23:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\rootour.exe
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\users\all users\kaspersky lab setup files
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\programdata\kaspersky lab setup files
2008-10-15 02:56 . 2008-10-15 02:56 6,230 --a------ c:\windows\system32\tmp.reg
2008-10-14 02:21 . 2008-10-14 02:43 <dir> d-------- c:\????? ?????
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\users\all users\mfcd phone phone.bku8vbe
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\programdata\mfcd phone phone.bku8vbe
2008-10-08 14:44 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\koufyf.exe
2008-10-08 14:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\mife.exe
2008-10-02 05:20 . 2008-10-02 05:20 <dir> d-------- c:\program files\spam live rect
2008-10-02 05:19 . 2008-10-02 05:19 <dir> d-------- c:\program files\circle developement
2008-09-23 02:01 . 2008-07-19 08:09 1,811,656 --a------ c:\windows\system32\wuaueng.dll
2008-09-23 02:01 . 2008-07-19 06:44 1,524,736 --a------ c:\windows\system32\wucltux.dll
2008-09-23 02:01 . 2008-07-19 08:10 53,448 --a------ c:\windows\system32\wuauclt.exe
2008-09-23 02:01 . 2008-07-19 08:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-09-23 02:00 . 2008-07-19 08:09 563,912 --a------ c:\windows\system32\wuapi.dll
2008-09-23 02:00 . 2008-07-18 22:08 163,904 --a------ c:\windows\system32\wuwebv.dll
2008-09-23 02:00 . 2008-07-19 06:44 83,456 --a------ c:\windows\system32\wudriver.dll
2008-09-23 02:00 . 2008-07-19 08:10 36,552 --a------ c:\windows\system32\wups.dll
2008-09-23 02:00 . 2008-07-18 20:44 31,232 --a------ c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:46 --------- d-----w c:\program files\luxor 3
2008-10-21 20:39 --------- d-----w c:\program files\symantec
2008-10-21 05:55 --------- d-----w c:\programdata\symantec
2008-10-21 05:55 --------- d-----w c:\program files\common files\symantec shared
2008-10-18 00:07 --------- d-----w c:\program files\windows mail
2008-10-13 02:56 --------- d-----w c:\users\toshiba\appdata\roaming\crystal player
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\o4patch.exe
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\iedfix.c.exe
2008-10-02 03:49 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\system32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\apppatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\system32\ieunatt.exe
2008-10-02 02:21 --------- d-----w c:\programdata\spam live rect
2008-10-02 02:21 --------- d-----w c:\programdata\pure coal bone thunk
2008-10-02 02:19 --------- d-----w c:\program files\msn messenger
2008-10-02 02:19 --------- d-----w c:\program files\messenger plus! Live
2008-10-01 12:51 87,552 ----a-w c:\windows\system32\vacfix.exe
2008-09-18 04:35 3,505,208 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\system32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\system32\win32k.sys
2008-09-08 20:38 88,576 ----a-w c:\windows\system32\antixpvstfix.exe
2008-08-26 01:12 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-18 09:19 82,432 ----a-w c:\windows\system32\404fix.exe
2008-07-31 03:34 537,600 ----a-w c:\windows\apppatch\aclayers.dll
2008-07-31 03:34 449,536 ----a-w c:\windows\apppatch\acspecfc.dll
2008-07-31 03:34 28,160 ----a-w c:\windows\system32\apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w c:\windows\apppatch\acgenral.dll
2008-07-31 03:34 173,056 ----a-w c:\windows\apppatch\acxtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w c:\windows\system32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w c:\windows\system32\gameuxlegacygdfs.dll
2008-07-30 23:32 2,560 ----a-w c:\windows\apppatch\acres.dll
2008-07-10 20:55 174 --sha-w c:\program files\desktop.ini
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-30 14:51 32,768 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\.ie5\index.dat
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\internet explorer\urlsearchhooks]
"{eee6c35d-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mghelper.dll" [2008-03-27 173368]
[hkey_classes_root\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[hkey_classes_root\typelib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook]
[hkey_local_machine\~\browser helper s\{eee6c35c-6118-11dc-9c72-001320c79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie.3]
[hkey_classes_root\typelib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-10 1232896]
"toscdspd"="c:\program files\toshiba\toscdspd\toscdspd.exe" [2006-11-13 413696]
"swg"="c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe" [2008-06-26 171448]
"wmpnscfg"="c:\program files\windows media player\wmpnscfg.exe" [2006-11-02 201728]
"updatemgr"="c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe" [2006-03-30 313472]
"windowswelcomecenter"="oobefldr.dll" [2006-11-02 c:\windows\system32\oobefldr.dll]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"bone thunk axis copy"="c:\programdata\enc second grid.d9emxg" [x]
"corn blue"="c:\programdata\mfcd phone phone.vkqws8" [x]
"sunjavaupdatesched"="c:\program files\java\jre1.6.0\bin\jusched.exe" [2006-12-15 77824]
"tpwrmain"="c:\program files\toshiba\power saver\tpwrmain.exe" [2006-12-14 411768]
"hson"="c:\program files\toshiba\tbs\hson.exe" [2006-12-07 55416]
"smoothview"="c:\program files\toshiba\smoothview\smoothview.exe" [2006-12-14 493688]
"00tcrdmain"="c:\program files\toshiba\flashcards\tcrdmain.exe" [2006-12-11 530552]
"nvsvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"nvcpldaemon"="c:\windows\system32\nvcpl.dll" [2006-12-07 7766016]
"nvmediacenter"="c:\windows\system32\nvmctray.dll" [2006-12-07 81920]
"syntpenh"="c:\program files\synaptics\syntp\syntpenh.exe" [2006-10-27 815104]
"topi"="c:\program files\toshiba\toshiba online product information\topi.exe" [2006-12-15 577536]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"toshiba registration"="c:\program files\toshiba\registration\toshibaregistration.exe" [2006-12-13 554640]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2007-12-14 185896]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
"rthdvcpl"="rthdvcpl.exe" [2006-11-07 c:\windows\rthdvcpl.exe]
"ndstray.exe"="ndstray.exe" [bu]
[hkey_local_machine\software\microsoft\windows\currentversion\runservices]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
c:\programdata\microsoft\windows\start menu\programs\startup\
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2007-11-16 113664]
adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [2005-09-23 29696]
bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe [2006-11-25 2134016]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\common~1\uleads~1\vio\dvacm.acm
[hkey_local_machine\software\microsoft\security center]
"uacdisablenotify"=dword:00000001
"internetsettingsdisablenotify"=dword:00000001
"autoupdatedisablenotify"=dword:00000001
"antivirusdisablenotify"="0x00000000"
"updatesdisablenotify"="0x00000000"
[hkey_local_machine\software\microsoft\security center\monitoring]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
[hklm\~\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{39665f53-eeb4-4399-96a5-93fa1cef0dbe}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{84670b6f-d52d-4f96-ab20-b6d85804e980}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{1fe2764e-e51b-4ac1-aa05-96fd4d328c2a}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{a64e0bd5-4b97-4a4a-86d8-9fc90e65775b}"= udp:c:\program files\utorrent\utorrent.exe:µtorrent (tcp-in)
"{cd6da53b-0e6a-4c69-9ac8-fc1e96bd4e5f}"= tcp:c:\program files\utorrent\utorrent.exe:µtorrent (udp-in)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\restrictedservices\static\system]
"dfsr-1"= rport=5722|udp:%systemroot%\system32\svchost.exe|svc=dfsr:allow inbound tcp traffic|
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
r1 idsvix86;symantec intrusion prevention driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080407.003\idsvix86.sys [2008-02-13 261680]
r3 fwlnk;fwlnk driver;c:\windows\system32\drivers\fwlnk.sys [2006-11-20 7168]
s2 ivnooalvy1j63e;powerutility tv recording reservation;c:\windows\system32\rootour.exe [2008-10-08 229888]
s2 yuluodpxnnryo;aol connectivity service;c:\windows\system32\koufyf.exe [2008-10-08 229888]
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
localservicenonetwork reg_multi_sz pla dps bfe mpssvc
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\f]
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll copy.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c07e41-67dc-11dd-a20d-00037ae9c267}]
\shell\auto\command - app.exe
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll app.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f359f1d-9b58-11dc-84c9-00037ae9c267}]
\shell\autorun\command - d:\2.cmd
\shell\explore\command - d:\2.cmd
\shell\open\command - d:\2.cmd
*newly created service* - catchme
*newly created service* - procexp90
.
S of the 'scheduled tasks' folder
2008-10-22 c:\windows\tasks\check updates for windows live toolbar.job
- c:\program files\windows live toolbar\msntbup.exe [2007-10-19 11:20]
2008-10-22 c:\windows\tasks\user_feed_synchronization-{7ef5cc87-b7e2-45cf-82eb-c3e2e5868936}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 12:45]
.
- - - - orphans removed - - - -
hkcu-run-msnmsgr - ~c:\program files\msn messenger\msnmsgr.exe
hklm-run-symantec pif alerteng - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
hklm-run-nopohoo - c:\windows\system32\gekoumou.exe
hklm-runservices-nopohoo - c:\windows\system32\gekoumou.exe

.
------- supplementary scan -------
.
Firefox -: Profile - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\2jerx1gj.default\
firefox -: Prefs.js - search.defaulturl - hxxp://www.google.com/search?lr=&ie=utf-8&oe=utf-8&q=
firefox -: Prefs.js - startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-usfficial
.
.
------- file associations -------
.
Inifile=%systemroot%\system32\notepad.exe %1"
.
**************************************************************************
catchme 0.3.1361 w2k/xp/vista - rootkit/stealth malware detector by gmer, http://www.gmer.net
rootkit scan 2008-10-22 05:42:11
windows 6.0.6000 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Hkcu\software\microsoft\windows\currentversion\run
toscdspd = c:\program files\toshiba\toscdspd\toscdspd.exe?/i????????/??????f? ?f?x?f???f???
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 5:44:31
combofix-quarantined-files.txt 2008-10-22 02:44:16
pre-run: 45,559,902,208 bytes free
post-run: 45,619,560,448 bytes free
213 --- e o f --- 2008-10-18 00:05:46

 

[شـــــوق]

ويعطيك الف عافيه مره ثانيه
اخوي وانا [ اختك موب اخوك ^_^ ]

وهذا تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 05:51:20, on 10/22/2008
platform: Windows vista (winnt 6.00.1904)
msie: Internet explorer v7.00 (7.00.6000.16757)
boot mode: Normal
running processes:
C:\windows\system32\dwm.exe
c:\windows\system32\taskeng.exe
c:\program files\java\jre1.6.0\bin\jusched.exe
c:\program files\toshiba\power saver\tpwrmain.exe
c:\program files\toshiba\smoothview\smoothview.exe
c:\program files\toshiba\flashcards\tcrdmain.exe
c:\program files\synaptics\syntp\syntpenh.exe
c:\windows\rthdvcpl.exe
c:\program files\toshiba\configfree\ndstray.exe
c:\program files\toshiba\toshiba online product information\topi.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\program files\toshiba\registration\toshibaregistration.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\system32\gekoumou.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files\toshiba\toscdspd\toscdspd.exe
c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe
c:\windows\system32\rundll32.exe
c:\program files\synaptics\syntp\syntoshiba.exe
c:\program files\toshiba\bluetooth toshiba stack\tosa2dp.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbthid.exe
c:\program files\toshiba\configfree\cfswmgr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wuauclt.exe
c:\program files\msn messenger\msnmsgr.exe
c:\program files\msn messenger\msnmsgr.exe
c:\windows\explorer.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
c:\program files\toshiba\bluetooth toshiba stack\tosavrc.exe
c:\program files\toshiba\bluetooth toshiba stack\tosobex.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbtproc.exe
c:\users\toshiba\desktop\hijackthis2.exe
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - urlsearchhook: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
r3 - urlsearchhook: Sweetim toolbarurlsearchhook class - {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mghelper.dll
o1 - hosts: ::1 localhost
o2 - bho: &yahoo! Toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: Adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: ????? ????? ?????? ??? Windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
o2 - bho: Windows live toolbar helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o2 - bho: Flashfxp helper for internet explorer - {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\ieflash.dll
o2 - bho: Sweetie - {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
o3 - toolbar: Windows live toolbar - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o3 - toolbar: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
o3 - toolbar: Sweetim toolbar for internet explorer - {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
o4 - hklm\..\run: [tpwrmain] %programfiles%\toshiba\power saver\tpwrmain.exe
o4 - hklm\..\run: [hson] %programfiles%\toshiba\tbs\hson.exe
o4 - hklm\..\run: [smoothview] %programfiles%\toshiba\smoothview\smoothview.exe
o4 - hklm\..\run: [00tcrdmain] %programfiles%\toshiba\flashcards\tcrdmain.exe
o4 - hklm\..\run: [nvsvc] rundll32.exe c:\windows\system32\nvsvc.dll,nvsvcstart
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm\..\run: [rthdvcpl] rthdvcpl.exe
o4 - hklm\..\run: [ndstray.exe] ndstray.exe
o4 - hklm\..\run: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [toshiba registration] c:\program files\toshiba\registration\toshibaregistration.exe
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [bone thunk axis copy] "c:\programdata\enc second grid.d9emxg"
o4 - hklm\..\run: [corn blue] "c:\programdata\mfcd phone phone.vkqws8"
o4 - hklm\..\run: [gelubou] c:\windows\system32\mife.exe
o4 - hklm\..\runservices: [gelubou] c:\windows\system32\mife.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter
o4 - hkcu\..\run: [toscdspd] c:\program files\toshiba\toscdspd\toscdspd.exe
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [updatemgr] "c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe" acrdb7_0_9 -reboot 1
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - global startup: Adobe gamma loader.lnk = c:\program files\common files\adobe\calibration\adobe gamma loader.exe
o4 - global startup: Adobe reader speed launch.lnk = c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
o4 - global startup: Bluetooth manager.lnk = ?
O8 - extra context menu item: &windows live search - res://c:\program files\windows live toolbar\msntb.dll/search.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
o9 - extra 'tools' menuitem: Sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
o9 - extra button: Ebay - {c08caf1d-c0a3-40d5-9970-06d067eac017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?en (file missing)
o13 - gopher prefix:
O23 - service: Agere modem call progress audio (ageremodemaudio) - agere systems - c:\windows\system32\agrsmsvc.exe
o23 - service: Configfree service (cfsvcs) - toshiba corporation - c:\program files\toshiba\configfree\cfsvcs.exe
o23 - service: Symantec lic netconnect service (cltnetcnservice) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: Google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe
o23 - service: Powerutility tv recording reservation (ivnooalvy1j63e) - unknown owner - c:\windows\system32\rootour.exe
o23 - service: Liveupdate notice service ex (liveupdate notice ex) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: Liveupdate notice service - unknown owner - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe (file missing)
o23 - service: Toshiba optical disc drive service (toddsrv) - toshiba corporation - c:\windows\system32\toddsrv.exe
o23 - service: Toshiba power saver (toscosrv) - toshiba corporation - c:\program files\toshiba\power saver\toscosrv.exe
o23 - service: Toshiba bluetooth service - toshiba corporation - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe
o23 - service: Ulead burning helper (uleadburninghelper) - ulead systems, inc. - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
o23 - service: Aol connectivity service (yuluodpxnnryo) - unknown owner - c:\windows\system32\koufyf.exe
--
end of file - 9696 bytes

 

[عصر الظهور]

الحمد الله​

 

[boob77]

ويعطيك الف عافيه مره ثانيه
اخوي وانا [ اختك موب اخوك ^_^ ]

وهذا تقرير الهايجاك


​

الله يعافيج يا اخت شوووق

انسخي التقرير بدون اقتباس
​

 

[allowz]

جزاك الله خير اللحين احتجت له

 

[احمدالقلعاوي]

مشكور اخوي الغالي جزاك الله كل خير

 

[KoNaMi]

يعطيك الف الف عافيه

كل الود والتقدير
​

 

[boob77]

العفو اخواني بارك الله فيكم

وتسلمون على لطف ردكم ومروركم الغالي

كل الود والتقدير

،،،
،،
،

 

[SALMAN 2]

اداة مهمة جدا بارك الله فيك​

 

[عشعوش]

 

[boob77]

العفو اخواني بارك الله فيكم

 

[شــوق]

الله يجزاك الف خير

 

[alfoud]

وفقك الله

 

[boob77]

الله يجزاك الف خير

وفقك الله

العفو اخواني بارك الله فيكم

 

[كفاح الجريح]

جزاك الله الف خير