- بادئ الموضوع محمد 1993
- تاريخ البدء
- 2,052
Corporation
زيزوومى فضى
غير متصل
وصلتني رسآلة فارفة اخي ,,
أظغطغ التقرير ببرنامج الونرار ,, وأرفعة على اي موقع تريد ,,
وآرسل لي رابط التقرير برسالة خاصة ,,
أظغطغ التقرير ببرنامج الونرار ,, وأرفعة على اي موقع تريد ,,
وآرسل لي رابط التقرير برسالة خاصة ,,
توقيع : Corporation
تأييد
0
زمان الصمت
زيزوومى متألق
- إنضم
- 25 فبراير 2009
- المشاركات
- 474
- مستوى التفاعل
- 1
- النقاط
- 470
غير متصل
بالنسبة لمشكلة فيرجى استخدام الأداة العامة
اذ انه قد تم بحمد الله و فضله بتاريخ 30-03-2009 تحديث الاداة العامة لازاله الفيروسات General Removal ,, لكي تقوم بازالة هذا الفايروس باقل من 10 ثواني , فقد قم بتحميل هذه الاداة و اضغط على الزرين كما في الصورة
وتأكد ان النسخة بتاريخ 30-03-2009 قبل تشغيلها
بالنسبة لتغير الصفحة الرئيسة و ظهور بعض العبارات , فيرجى رفع تقرير hijackthis جديد لاكمال الحل ان شاء الله
اذ انه قد تم بحمد الله و فضله بتاريخ 30-03-2009 تحديث الاداة العامة لازاله الفيروسات General Removal ,, لكي تقوم بازالة هذا الفايروس باقل من 10 ثواني , فقد قم بتحميل هذه الاداة و اضغط على الزرين كما في الصورة
وتأكد ان النسخة بتاريخ 30-03-2009 قبل تشغيلها
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بالنسبة لتغير الصفحة الرئيسة و ظهور بعض العبارات , فيرجى رفع تقرير hijackthis جديد لاكمال الحل ان شاء الله
توقيع : زمان الصمت
تأييد
0
زمان الصمت
زيزوومى متألق
- إنضم
- 25 فبراير 2009
- المشاركات
- 474
- مستوى التفاعل
- 1
- النقاط
- 470
غير متصل
اخي انا اسف الرابط مم لك المشكله انا غلطت سامحني
توقيع : زمان الصمت
تأييد
0
Corporation
زيزوومى فضى
غير متصل
أخي أعد رفع التقرير بملف تكست بدون ظغط على اي موقع ,, وأرسلة لي ,,
توقيع : Corporation
تأييد
0
Corporation
زيزوومى فضى
غير متصل
طيب الصق منه اللي تقدر عليييه مابقى شئ ما قلته لك ,,
حبيبي حاول تلصق اول شئ يعني أول 20 سطر من التقرير ,,
وبعدها هات تقرير هايجاك جديد ,,
حبيبي حاول تلصق اول شئ يعني أول 20 سطر من التقرير ,,
وبعدها هات تقرير هايجاك جديد ,,
توقيع : Corporation
تأييد
0
ComboFix 09-04-04.01 - OMAR ALOTHMAN 04/11/2009 4:13:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1033.18.2044.831 [GMT 3:00]ِ
Running from: c:\users\OMAR ALOTHMAN\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\GLFAFEF.tmp.exe
c:\windows\system32\GLFC0C1.tmp.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 23:50 --------- d-----w c:\program files\Paltalk Messenger
2009-04-10 22:28 --------- d-----w c:\programdata\zyzoom
2009-04-10 11:03 43,319 ----a-w c:\users\All Users\nvModes.dat
2009-04-10 11:03 43,319 ----a-w c:\programdata\nvModes.dat
2009-04-09 21:45 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Paltalk
2009-04-09 21:30 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Thinstall
2009-04-09 19:00 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-09 15:29 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\.gaim
2009-04-09 15:26 --------- d-----w c:\program files\AskBarDis
2009-04-09 15:07 --------- d-----w c:\program files\Prayer
2009-04-07 21:04 --------- d-----w c:\programdata\Office Genuine Advantage
2009-04-06 20:58 --------- d-----w c:\program files\Norton Internet Security
2009-04-06 17:03 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\MessengerLog 360
2009-04-04 17:55 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\SSH
2009-04-04 14:30 --------- d-----w c:\program files\ONSPEED
2009-04-01 18:14 --------- d-----w c:\program files\X-NetStat
2009-04-01 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 15:22 --------- d-----w c:\program files\SSH Communications Security
2009-03-30 21:15 122 ----a-w c:\users\OMAR ALOTHMAN\AppData\Roaming\wklnhst.dat
2009-03-30 21:12 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Template
2009-03-24 20:33 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Recordpad
2009-03-24 20:33 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\programdata\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\program files\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\program files\NCH Software
2009-03-15 00:07 --------- d-----w c:\program files\Windows Mail
2009-03-14 16:17 --------- d-----w c:\program files\JetAudio
2009-03-03 18:23 --------- d-----w c:\program files\Ela-Salaty
2009-03-01 19:14 --------- d-----w c:\program files\Real
2009-03-01 19:14 --------- d-----w c:\program files\Common Files\xing shared
2009-03-01 19:14 --------- d-----w c:\program files\Common Files\Real
2009-03-01 19:13 --------- d-----w c:\program files\Google
2009-03-01 00:11 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 19:55 --------- d-----w c:\program files\Hide-IP-Browser
2009-02-26 20:35 --------- d-----w c:\program files\Digital Sound Recorder
2009-02-26 13:37 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\COWON
2009-02-26 13:24 --------- d-----w c:\program files\Common Files\COWON
2009-02-25 20:25 --------- d-----w c:\program files\HighCriteria
2009-02-25 20:20 --------- d-----w c:\program files\AML Products
2009-02-25 20:04 --------- d-----w c:\program files\Absolute MP3 Splitter
2009-02-25 17:27 --------- d-sh--r c:\programdata\MSNCS
2009-02-25 16:53 --------- d-----w c:\program files\WinPcap
2009-02-25 16:35 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-25 16:35 --------- d-----w c:\program files\Java
2009-02-25 06:01 20,480 ----a-w c:\windows\System32\adsnwm.exe
2009-02-24 14:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-24 12:52 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-24 12:52 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-24 12:52 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-24 12:52 --------- d-----w c:\program files\Symantec
2009-02-24 11:17 --------- d-----w c:\program files\AV Music Morpher Gold
2009-02-24 10:47 --------- d-----w c:\program files\Search Settings
2009-02-24 10:47 --------- d-----w c:\program files\Dealio
2009-02-24 10:44 --------- d-----w c:\program files\AV Vcs 6.0
2009-02-23 19:37 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-02-23 19:25 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-23 14:55 --------- d-----w c:\programdata\CyberLink
2009-02-23 00:28 --------- d-----w c:\programdata\Symantec
2009-02-21 10:35 --------- d-----w c:\program files\MSXML 4.0
2009-02-21 10:10 --------- d-----w c:\programdata\WildTangent
2009-02-21 10:09 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\WildTangent
2009-02-21 09:51 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Symantec
2009-02-21 09:46 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Hewlett-Packard
2009-02-21 09:44 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8360ZKQ_E465478-024_4A_I3603_SQuanta_V02.1B_F.0B_T080902_WV3-1_L409_M2045_J160_7Intel_86FD_92.00_#090221_N10EC8168;14E44315_(FV751EA#ABV)_XMOBILE_CN10_Z_2F.0B.MRK
2009-02-19 08:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 08:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 08:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 08:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 08:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-19 08:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 08:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 08:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 08:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
01/02/2009 11:06 AM 365960 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [01/02/2009 11:06 AM 365960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [01/02/2009 11:06 AM 365960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [01/21/2008 05:23 AM 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [02/27/2008 12:08 AM 2289664]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 10:54 PM 5674352]
"googletalk"="c:\users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/02/2007 12:22 AM 3739648]
"WindowsWelcomeCenter"="oobefldr.dll" [01/21/2008 05:23 AM 2153472 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [05/23/2008 06:29 AM 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [05/23/2008 06:29 AM 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 02:31 PM 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [04/15/2008 09:17 PM 442433]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [04/16/2008 03:54 AM 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [04/24/2008 09:51 AM 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/14/2008 06:45 PM 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [11/02/2007 04:42 AM 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 01:06 PM 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [04/15/2008 11:42 PM 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [05/09/2007 02:24 AM 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [11/20/2007 05:44 PM 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [02/25/2009 07:35 PM 136600]
"au"="c:\program files\Dealio\DealioAU.exe" [05/26/2008 07:50 PM 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [06/12/2008 04:57 PM 991584]
"adsnwm"="c:\windows\system32\adsnwm.exe" [02/25/2009 09:01 AM 20480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/01/2009 10:14 PM 198160]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [03/24/2009 11:33 PM 577540]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [10/19/2007 05:50 AM 344064]
c:\users\OMAR ALOTHMAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5205504]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OneNote Table Of Contents.onetoc2 [2009-03-01 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bilal Prayer.LNK - c:\program files\Prayer\BilalStarter.exe [2009-02-08 61312]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]
ONSPEED.lnk - c:\program files\ONSPEED\onspeedgui.exe [2009-04-04 229376]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 10/17/2008 03:52 PM 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4E6962E-6D84-46AD-B9D8-92702FF0DEBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{4D529AD3-F180-40FF-8525-6A3CD59D1675}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{79C090B1-ADFD-4C5E-A7E1-8D9009862F0B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1ADFDB42-E2DD-4E4A-825A-E6791CEFCA15}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D16AAD42-BE38-49A1-A454-15571B2CB52D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A1D6819D-9596-409F-9ECB-BFDC1265B6F6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090406.002\IDSvix86.sys [2009-04-09 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-09-10 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-19 19456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-07 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-02 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-01-30 34448]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-04-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - OMAR ALOTHMAN.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [02/07/2008 03:05 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-IMDetect MSN Sniffer - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_kw&c=83&bd=Pavilion&pf=cnnb
IE: Compare Prices with &Dealio - c:\users\OMAR ALOTHMAN\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate Selected Word with Bilal - c:\program files\Prayer\IEExt.htm
LSP: c:\progra~1\ONSPEED\sliplsp.dll
FF - ProfilePath - c:\users\OMAR ALOTHMAN\AppData\Roaming\Mozilla\Firefox\Profiles\k5r59ewt.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-11 04:16:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 04/11/2009 4:18:12
ComboFix-quarantined-files.txt 2009-04-11 01:18:09
Pre-Run: 122,604,879,872 bytes free
Post-Run: 122,978,791,424 bytes free
251 --- E O F --- 2009-04-06 21:04:20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1033.18.2044.831 [GMT 3:00]ِ
Running from: c:\users\OMAR ALOTHMAN\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\GLFAFEF.tmp.exe
c:\windows\system32\GLFC0C1.tmp.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 23:50 --------- d-----w c:\program files\Paltalk Messenger
2009-04-10 22:28 --------- d-----w c:\programdata\zyzoom
2009-04-10 11:03 43,319 ----a-w c:\users\All Users\nvModes.dat
2009-04-10 11:03 43,319 ----a-w c:\programdata\nvModes.dat
2009-04-09 21:45 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Paltalk
2009-04-09 21:30 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Thinstall
2009-04-09 19:00 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-09 15:29 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\.gaim
2009-04-09 15:26 --------- d-----w c:\program files\AskBarDis
2009-04-09 15:07 --------- d-----w c:\program files\Prayer
2009-04-07 21:04 --------- d-----w c:\programdata\Office Genuine Advantage
2009-04-06 20:58 --------- d-----w c:\program files\Norton Internet Security
2009-04-06 17:03 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\MessengerLog 360
2009-04-04 17:55 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\SSH
2009-04-04 14:30 --------- d-----w c:\program files\ONSPEED
2009-04-01 18:14 --------- d-----w c:\program files\X-NetStat
2009-04-01 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 15:22 --------- d-----w c:\program files\SSH Communications Security
2009-03-30 21:15 122 ----a-w c:\users\OMAR ALOTHMAN\AppData\Roaming\wklnhst.dat
2009-03-30 21:12 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Template
2009-03-24 20:33 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Recordpad
2009-03-24 20:33 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\programdata\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\program files\NCH Swift Sound
2009-03-24 20:33 --------- d-----w c:\program files\NCH Software
2009-03-15 00:07 --------- d-----w c:\program files\Windows Mail
2009-03-14 16:17 --------- d-----w c:\program files\JetAudio
2009-03-03 18:23 --------- d-----w c:\program files\Ela-Salaty
2009-03-01 19:14 --------- d-----w c:\program files\Real
2009-03-01 19:14 --------- d-----w c:\program files\Common Files\xing shared
2009-03-01 19:14 --------- d-----w c:\program files\Common Files\Real
2009-03-01 19:13 --------- d-----w c:\program files\Google
2009-03-01 00:11 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 19:55 --------- d-----w c:\program files\Hide-IP-Browser
2009-02-26 20:35 --------- d-----w c:\program files\Digital Sound Recorder
2009-02-26 13:37 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\COWON
2009-02-26 13:24 --------- d-----w c:\program files\Common Files\COWON
2009-02-25 20:25 --------- d-----w c:\program files\HighCriteria
2009-02-25 20:20 --------- d-----w c:\program files\AML Products
2009-02-25 20:04 --------- d-----w c:\program files\Absolute MP3 Splitter
2009-02-25 17:27 --------- d-sh--r c:\programdata\MSNCS
2009-02-25 16:53 --------- d-----w c:\program files\WinPcap
2009-02-25 16:35 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-25 16:35 --------- d-----w c:\program files\Java
2009-02-25 06:01 20,480 ----a-w c:\windows\System32\adsnwm.exe
2009-02-24 14:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-24 12:52 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-24 12:52 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-24 12:52 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-24 12:52 --------- d-----w c:\program files\Symantec
2009-02-24 11:17 --------- d-----w c:\program files\AV Music Morpher Gold
2009-02-24 10:47 --------- d-----w c:\program files\Search Settings
2009-02-24 10:47 --------- d-----w c:\program files\Dealio
2009-02-24 10:44 --------- d-----w c:\program files\AV Vcs 6.0
2009-02-23 19:37 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-02-23 19:25 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-23 14:55 --------- d-----w c:\programdata\CyberLink
2009-02-23 00:28 --------- d-----w c:\programdata\Symantec
2009-02-21 10:35 --------- d-----w c:\program files\MSXML 4.0
2009-02-21 10:10 --------- d-----w c:\programdata\WildTangent
2009-02-21 10:09 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\WildTangent
2009-02-21 09:51 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Symantec
2009-02-21 09:46 --------- d-----w c:\users\OMAR ALOTHMAN\AppData\Roaming\Hewlett-Packard
2009-02-21 09:44 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8360ZKQ_E465478-024_4A_I3603_SQuanta_V02.1B_F.0B_T080902_WV3-1_L409_M2045_J160_7Intel_86FD_92.00_#090221_N10EC8168;14E44315_(FV751EA#ABV)_XMOBILE_CN10_Z_2F.0B.MRK
2009-02-19 08:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 08:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 08:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 08:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 08:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-19 08:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 08:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 08:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 08:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
01/02/2009 11:06 AM 365960 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [01/02/2009 11:06 AM 365960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [01/02/2009 11:06 AM 365960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [01/21/2008 05:23 AM 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [02/27/2008 12:08 AM 2289664]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 10:54 PM 5674352]
"googletalk"="c:\users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/02/2007 12:22 AM 3739648]
"WindowsWelcomeCenter"="oobefldr.dll" [01/21/2008 05:23 AM 2153472 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [05/23/2008 06:29 AM 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [05/23/2008 06:29 AM 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 02:31 PM 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [04/15/2008 09:17 PM 442433]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [04/16/2008 03:54 AM 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [04/24/2008 09:51 AM 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/14/2008 06:45 PM 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [11/02/2007 04:42 AM 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 01:06 PM 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [04/15/2008 11:42 PM 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [05/09/2007 02:24 AM 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [11/20/2007 05:44 PM 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [02/25/2009 07:35 PM 136600]
"au"="c:\program files\Dealio\DealioAU.exe" [05/26/2008 07:50 PM 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [06/12/2008 04:57 PM 991584]
"adsnwm"="c:\windows\system32\adsnwm.exe" [02/25/2009 09:01 AM 20480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/01/2009 10:14 PM 198160]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [03/24/2009 11:33 PM 577540]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [10/19/2007 05:50 AM 344064]
c:\users\OMAR ALOTHMAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5205504]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OneNote Table Of Contents.onetoc2 [2009-03-01 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bilal Prayer.LNK - c:\program files\Prayer\BilalStarter.exe [2009-02-08 61312]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]
ONSPEED.lnk - c:\program files\ONSPEED\onspeedgui.exe [2009-04-04 229376]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 10/17/2008 03:52 PM 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4E6962E-6D84-46AD-B9D8-92702FF0DEBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{4D529AD3-F180-40FF-8525-6A3CD59D1675}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{79C090B1-ADFD-4C5E-A7E1-8D9009862F0B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1ADFDB42-E2DD-4E4A-825A-E6791CEFCA15}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D16AAD42-BE38-49A1-A454-15571B2CB52D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A1D6819D-9596-409F-9ECB-BFDC1265B6F6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090406.002\IDSvix86.sys [2009-04-09 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-09-10 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-19 19456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-07 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-02 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-01-30 34448]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-04-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - OMAR ALOTHMAN.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [02/07/2008 03:05 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-IMDetect MSN Sniffer - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_kw&c=83&bd=Pavilion&pf=cnnb
IE: Compare Prices with &Dealio - c:\users\OMAR ALOTHMAN\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate Selected Word with Bilal - c:\program files\Prayer\IEExt.htm
LSP: c:\progra~1\ONSPEED\sliplsp.dll
FF - ProfilePath - c:\users\OMAR ALOTHMAN\AppData\Roaming\Mozilla\Firefox\Profiles\k5r59ewt.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-11 04:16:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 04/11/2009 4:18:12
ComboFix-quarantined-files.txt 2009-04-11 01:18:09
Pre-Run: 122,604,879,872 bytes free
Post-Run: 122,978,791,424 bytes free
251 --- E O F --- 2009-04-06 21:04:20
توقيع : محمد 1993
تأييد
0
هذا هو تقرير الهاي جاك الجديد Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:12 م, on 11/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\ProgramData\MSNCS\data\dpnsvrm.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\ProgramData\MSNCS\data\vssvcm.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Digital Sound Recorder\Digitalsoundrecorder.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Users\OMAR ALOTHMAN\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [adsnwm] C:\Windows\system32\adsnwm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bilal Prayer.LNK = C:\Program Files\Prayer\BilalStarter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\OMAR ALOTHMAN\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate Selected Word with Bilal - C:\Program Files\Prayer\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13123 bytes
Scan saved at 09:56:12 م, on 11/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\ProgramData\MSNCS\data\dpnsvrm.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\ProgramData\MSNCS\data\vssvcm.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Digital Sound Recorder\Digitalsoundrecorder.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Users\OMAR ALOTHMAN\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [adsnwm] C:\Windows\system32\adsnwm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Users\OMAR ALOTHMAN\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bilal Prayer.LNK = C:\Program Files\Prayer\BilalStarter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\OMAR ALOTHMAN\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate Selected Word with Bilal - C:\Program Files\Prayer\IEExt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13123 bytes
توقيع : محمد 1993
تأييد
0
Corporation
زيزوومى فضى
غير متصل
عطل نقطة استعادة النظام حسب الشرح التالي
وأدخل هذه الموضوع ,,
وأختار بعد تحمميل الاداة أمر تنظيف وليس فحص ,,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد
0