تقرير بعد الفحص بأداة ComboFix

أ

أ / خالد

زيزوومى متألق
إنضم
26 يونيو 2008
المشاركات
388
مستوى التفاعل
0
النقاط
470
غير متصل
السلام عليكم

هذا التقرير بعد فحص الجهاز بالأداة المذكورة في العنوان

ComboFix 08-08-04.09 - w 08/07/2008 4:15:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1451 [GMT 3:00]
Running from: C:\Documents and Settings\w\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\iforex.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 01:23 782,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-07 01:22 49,683,232 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-07 01:22 24,944 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-08-07 01:22 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-07 01:21 75,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-07 01:21 672,668 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-07 01:21 --------- d-----w C:\Documents and Settings\w\Application Data\Free Download Manager
2008-08-07 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 18:54 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 03:00 --------- d-----w C:\Program Files\Driver Magician
2008-08-06 02:45 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-06 02:41 --------- d-----w C:\Program Files\MSECache
2008-08-03 00:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-01 22:46 664,104 ----a-w C:\WindowsXP-KB952287-x86-ARA.exe
2008-08-01 22:04 --------- d-----w C:\Documents and Settings\w\Application Data\cafe
2008-08-01 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\cafe
2008-07-31 21:45 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-07-31 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 21:45 --------- d-----w C:\Program Files\Realtek
2008-07-31 15:39 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-07-30 13:14 622,882 ----a-w C:\motherboard_bios_ga-965p-dq6_f12.exe
2008-07-28 07:43 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-07-27 21:55 --------- d-----w C:\Program Files\Windows Resource Kits
2008-07-27 08:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-27 05:39 --------- d-----w C:\Program Files\Error Repair Professional
2008-07-24 15:02 4,749,824 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-24 14:11 --------- d-----w C:\Program Files\Intel Corporation
2008-07-24 13:13 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-24 07:35 --------- d-----w C:\Program Files\Marvell
2008-07-23 23:34 --------- d-----w C:\Program Files\GIGABYTE
2008-07-23 23:12 5,882,310 ----a-w C:\motherboard_utility_gbttools_gbt_et5pro.exe
2008-07-23 13:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-22 02:08 --------- d-----w C:\Program Files\Microsoft
2008-07-21 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 21:57 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-16 21:17 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-16 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 10:58 524,288 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-15 10:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-13 00:28 --------- d-----w C:\Program Files\CPUZ 146
2008-07-12 22:46 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-12 22:44 --------- d-----w C:\Program Files\Java
2008-07-11 12:31 --------- d-----w C:\Program Files\cafe
2008-07-11 11:19 --------- d-----w C:\Program Files\Yahoo!
2008-07-11 03:38 --------- d-----w C:\Program Files\GameShadow
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\w\Application Data\Yahoo!
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-09 23:46 --------- d-----w C:\Program Files\Microsoft IPsec Diagnostic Tool
2008-07-09 23:46 --------- d-----w C:\Documents and Settings\w\Application Data\IPSecureLogs
2008-06-23 11:17 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 13:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 13:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 13:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-18 15:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2008-06-14 17:31 271,616 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 17:07 --------- d-----w C:\Documents and Settings\w\Application Data\Software Informer
2008-06-08 17:05 --------- d-----w C:\Program Files\Free Download Manager
2008-06-08 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-27 00:43 22,328 ----a-w C:\Documents and Settings\w\Application Data\PnkBstrK.sys
2007-12-26 19:37 1 ----a-w C:\Documents and Settings\w\SI.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [05/20/2008 05:27 PM 2474031]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/12/2007 01:43 AM 1661304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/27/2007 06:28 PM 49152]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/27/2007 06:30 PM 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 12:01 PM 1037736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/19/2008 05:17 PM 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM 13529088]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/27/2007 06:32 PM 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM 249856]
"EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [07/26/2007 03:05 PM 20480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM 86016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [05/19/2007 10:36 PM 218640]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [07/23/2008 04:51 PM 16804864 C:\WINDOWS\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [06/18/2008 06:01 PM 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [06/19/2008 04:42 PM 2808832 C:\WINDOWS\alcwzrd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [08/24/2007 03:18 AM 437160]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MVJP"= C:\WINDOWS\system32\mjpcodec.dll
"VIDC.IJLV"= ijlvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [04/14/2008 09:30 PM]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [08/07/2008 04:22 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [07/24/2008 02:41 AM]
R3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [08/08/2006 06:25 PM]
S3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [01/21/2008 06:36 PM]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [02/01/2007 11:14 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
*Newly Created Service* - MARKFUN_NT
.
s of the 'Scheduled Tasks' folder
2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [08/29/2007 02:57 PM]
2008-08-07 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [04/22/2005 05:36 PM]
2008-02-03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [01/29/2008 10:13 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\syjrufjz.default\
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-07 04:23:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3333.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3333.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5Pro\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GIGABYTE\ET5Pro\GUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\GIGABYTE\VGA Utility\Utility.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
.
**************************************************************************
.
Completion time: 08/07/2008 4:40:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-07 01:40:19
Pre-Run: 52,176,945,152 bytes free
Post-Run: 52,117,123,072 bytes free
223 --- E O F --- 2008-08-07 00:04:21

مع الشكر
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
تقرير حلو
بس يا ليت ادرجت معه تقرير هايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بانتظاره للتأكد
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
تأييد 0
وسم أخوي وهذا الهيجاك وتقريره ودمــــــــــــت يا الغالي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:12 ص, on 07/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\GIGABYTE\VGA Utility\Utility.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Golden Al-Wafi Translator\Golden Al-Wafi Translator.exe
C:\WINDOWS\speech\vcmd.exe
C:\Documents and Settings\w\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9770 bytes
 
تأييد 0
الله يطول بعمرك
جهازك سليم
100%
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى