السلام عليك أخي العزيز لدي نفس المشكلة وأتمنى أن تساعدني في الحل
علما أن النظام الذي أستخدمه
XP SP3
وقمت باتباع تعليماتك
تقرير
combofix
ComboFix 09-03-04.01 - e.Zein 03/06/2009 12:02:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3327.2761 [GMT 2:00]
Running from: c:\documents and settings\e.Zein\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-06 10:05 4,605,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 10:04 5,288 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-06 10:04 44,396 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 10:04 311,328 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-06 10:04 --------- d-----w c:\program files\microsoft frontpage
2009-03-06 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft.NET
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft Works
2009-03-06 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-06 09:19 --------- d-----w c:\documents and settings\e.Zein\Application Data\My Games
2009-03-06 01:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 01:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 19:01 --------- d-----w c:\program files\PowerCmd
2009-03-05 18:55 --------- d-----w c:\documents and settings\e.Zein\Application Data\Media Player Classic
2009-03-05 18:50 --------- d-----w c:\program files\RegSupreme
2009-03-05 18:49 --------- d-----w c:\program files\MpcStar
2009-03-05 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-05 18:46 --------- d-----w c:\program files\ORITE
2009-03-05 18:46 --------- d-----w c:\program files\Common Files\PCCamera
2009-03-05 18:44 --------- d-----w c:\program files\Winamp
2009-03-05 18:44 --------- d-----w c:\program files\DFX
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 05.Wdf
2009-03-05 18:36 --------- d-----w c:\program files\PCSecurity
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\PC Suite
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Nokia
2009-03-05 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-05 18:35 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-05 18:35 --------- d-----w c:\program files\Nokia
2009-03-05 18:35 --------- d-----w c:\program files\DIFX
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-03-05 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-05 18:33 --------- d-----w c:\program files\Coolpro2
2009-03-05 18:32 --------- d-----w c:\documents and settings\e.Zein\Application Data\Syntrillium
2009-03-05 18:30 --------- d-----w c:\program files\Innovatools
2009-03-05 18:23 --------- d-----w c:\program files\Windows Live
2009-03-05 18:21 --------- d-----w c:\program files\Unlocker
2009-03-05 16:38 --------- d-----w c:\program files\CyberLink
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\Ahead
2009-03-05 16:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Ahead
2009-03-05 16:35 --------- d-----w c:\program files\Nero
2009-03-05 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-05 15:10 --------- d-----w c:\documents and settings\e.Zein\Application Data\COWON
2009-03-05 01:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Talkback
2009-03-05 01:15 --------- d-----w c:\program files\Vtune
2009-03-05 01:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-05 01:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-05 01:05 --------- d-----w c:\program files\Kaspersky Lab
2009-03-05 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-05 01:02 --------- d-----w c:\program files\TGTSoft
2009-03-05 00:58 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-05 00:53 --------- d-----w c:\program files\Rockstar Games
2009-03-05 00:50 --------- d-----w c:\program files\Real
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\xing shared
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\Real
2009-03-05 00:49 --------- d-----w c:\program files\JetAudio
2009-03-05 00:49 --------- d-----w c:\program files\Common Files\COWON
2009-03-05 00:49 --------- d-----w c:\program files\قاموس صخر الجديد
2009-03-05 00:46 --------- d-----w c:\program files\Styler
2009-03-05 00:46 --------- d-----w c:\program files\LClock
2009-03-05 00:34 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-05 00:34 --------- d-----w c:\program files\AutoCAD 2006
2009-03-05 00:33 --------- d-----w c:\program files\AnswerWorks 4.0
2009-03-05 00:31 --------- d-----w c:\documents and settings\e.Zein\Application Data\Autodesk
2009-03-05 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-05 00:30 --------- d-----w c:\program files\Autodesk
2009-03-05 00:25 --------- d-----w c:\program files\CONEXANT
2009-03-05 00:20 --------- d-----w c:\program files\Realtek
2009-03-05 00:20 --------- d-----w c:\documents and settings\e.Zein\Application Data\InstallShield
2009-03-05 00:19 --------- d-----w c:\program files\VIA
2009-03-05 00:12 --------- d-----w c:\program files\Intel
2009-03-05 00:05 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-03-04 21:34 --------- d-----w c:\program files\AGEIA Technologies
2009-03-04 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 21:29 --------- d-----w c:\program files\Microsoft WSE
2009-03-04 21:28 --------- d-----w c:\program files\Reference Assemblies
2009-03-04 21:28 --------- d-----w c:\program files\MSXML 6.0
2009-03-04 21:28 --------- d-----w c:\program files\MSBuild
2009-03-04 21:28 --------- d-----w c:\documents and settings\e.Zein\Application Data\Styler
2009-03-04 21:25 --------- d-----w c:\documents and settings\e.Zein\Application Data\Desktopicon
2009-03-04 21:24 --------- d-----w c:\program files\Sysinternals
2009-03-04 21:24 --------- d-----w c:\program files\Hunt Virus Utilities
2009-03-04 21:24 --------- d-----w c:\program files\Common Files\Stardock
2009-03-04 21:24 --------- d-----w c:\program files\Alky for Applications
2009-03-04 21:15 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 21:15 --------- d-----w c:\program files\Stanimir Stoyanov
2009-03-04 21:15 --------- d-----w c:\program files\Desktop
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
05/18/2008 01:03 PM 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\system32\drivers\tcpip.sys
05/10/2008 02:49 PM 2306560 0f733106a818383806060abc29fe0f3a c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:00 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM 143360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [06/18/2008 02:31 PM 1122816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/21/2008 12:12 PM 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [10/21/2008 12:12 PM 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [08/15/2008 05:13 AM 30003200]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [11/11/2008 07:59 PM 206088]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM 56928]
"SDaemon"="c:\windows\sdaemon.exe" [04/18/2005 11:57 PM 111104]
"SWd"="c:\windows\winwd.exe" [04/18/2005 11:56 PM 26624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 11:38 AM 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/05/2009 02:50 AM 185896]
"nwiz"="nwiz.exe" [10/21/2008 12:12 PM 1630208 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [05/18/2008 01:03 PM 124928 c:\windows\system32\advpack.dll]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 01/30/2006 06:23 PM 1363968 c:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 03/05/2009 02:50 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29:38 م 32784]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys [18/05/2008 01:15:01 م 143360]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.s ys [18/04/2005 11:57:28 م 20352]
R2 winser;winser;c:\windows\system32\winsersec.exe [14/04/2005 12:37:32 ص 53248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06:48 م 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/03/2009 02:19:10 ص 845184]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FE723CEE-4A73-4B02-B4BF-40F52038B9E7} = 213.178.225.25 199.202.55.2
DPF: Microsoft XML Parser for Java -
FF - ProfilePath - c:\documents and settings\e.Zein\Application Data\Mozilla\Firefox\Profiles\y1xii9cm.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-06 12:05:07
Windows 5.1.2600 Service Pack 3, v.5512 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
************************************************** ************************
.
Completion time: 03/06/2009 12:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 10:05:59
Pre-Run: 96,362,295,296 bytes free
Post-Run: 96,388,837,376 bytes free
213
وهذا تقرير HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 12:01:43 م, on 06/03/2009
Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\e.Zein\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE723CEE-4A73-4B02-B4BF-40F52038B9E7}: NameServer = 213.178.225.25 199.202.55.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe
وشكرا ....
علما أن النظام الذي أستخدمه
XP SP3
وقمت باتباع تعليماتك
تقرير
combofix
ComboFix 09-03-04.01 - e.Zein 03/06/2009 12:02:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3327.2761 [GMT 2:00]
Running from: c:\documents and settings\e.Zein\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-06 10:05 4,605,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 10:04 5,288 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-06 10:04 44,396 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 10:04 311,328 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-06 10:04 --------- d-----w c:\program files\microsoft frontpage
2009-03-06 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft.NET
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft Works
2009-03-06 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-06 09:19 --------- d-----w c:\documents and settings\e.Zein\Application Data\My Games
2009-03-06 01:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 01:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 19:01 --------- d-----w c:\program files\PowerCmd
2009-03-05 18:55 --------- d-----w c:\documents and settings\e.Zein\Application Data\Media Player Classic
2009-03-05 18:50 --------- d-----w c:\program files\RegSupreme
2009-03-05 18:49 --------- d-----w c:\program files\MpcStar
2009-03-05 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-05 18:46 --------- d-----w c:\program files\ORITE
2009-03-05 18:46 --------- d-----w c:\program files\Common Files\PCCamera
2009-03-05 18:44 --------- d-----w c:\program files\Winamp
2009-03-05 18:44 --------- d-----w c:\program files\DFX
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 05.Wdf
2009-03-05 18:36 --------- d-----w c:\program files\PCSecurity
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\PC Suite
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Nokia
2009-03-05 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-05 18:35 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-05 18:35 --------- d-----w c:\program files\Nokia
2009-03-05 18:35 --------- d-----w c:\program files\DIFX
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-03-05 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-05 18:33 --------- d-----w c:\program files\Coolpro2
2009-03-05 18:32 --------- d-----w c:\documents and settings\e.Zein\Application Data\Syntrillium
2009-03-05 18:30 --------- d-----w c:\program files\Innovatools
2009-03-05 18:23 --------- d-----w c:\program files\Windows Live
2009-03-05 18:21 --------- d-----w c:\program files\Unlocker
2009-03-05 16:38 --------- d-----w c:\program files\CyberLink
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\Ahead
2009-03-05 16:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Ahead
2009-03-05 16:35 --------- d-----w c:\program files\Nero
2009-03-05 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-05 15:10 --------- d-----w c:\documents and settings\e.Zein\Application Data\COWON
2009-03-05 01:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Talkback
2009-03-05 01:15 --------- d-----w c:\program files\Vtune
2009-03-05 01:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-05 01:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-05 01:05 --------- d-----w c:\program files\Kaspersky Lab
2009-03-05 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-05 01:02 --------- d-----w c:\program files\TGTSoft
2009-03-05 00:58 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-05 00:53 --------- d-----w c:\program files\Rockstar Games
2009-03-05 00:50 --------- d-----w c:\program files\Real
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\xing shared
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\Real
2009-03-05 00:49 --------- d-----w c:\program files\JetAudio
2009-03-05 00:49 --------- d-----w c:\program files\Common Files\COWON
2009-03-05 00:49 --------- d-----w c:\program files\قاموس صخر الجديد
2009-03-05 00:46 --------- d-----w c:\program files\Styler
2009-03-05 00:46 --------- d-----w c:\program files\LClock
2009-03-05 00:34 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-05 00:34 --------- d-----w c:\program files\AutoCAD 2006
2009-03-05 00:33 --------- d-----w c:\program files\AnswerWorks 4.0
2009-03-05 00:31 --------- d-----w c:\documents and settings\e.Zein\Application Data\Autodesk
2009-03-05 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-05 00:30 --------- d-----w c:\program files\Autodesk
2009-03-05 00:25 --------- d-----w c:\program files\CONEXANT
2009-03-05 00:20 --------- d-----w c:\program files\Realtek
2009-03-05 00:20 --------- d-----w c:\documents and settings\e.Zein\Application Data\InstallShield
2009-03-05 00:19 --------- d-----w c:\program files\VIA
2009-03-05 00:12 --------- d-----w c:\program files\Intel
2009-03-05 00:05 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-03-04 21:34 --------- d-----w c:\program files\AGEIA Technologies
2009-03-04 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 21:29 --------- d-----w c:\program files\Microsoft WSE
2009-03-04 21:28 --------- d-----w c:\program files\Reference Assemblies
2009-03-04 21:28 --------- d-----w c:\program files\MSXML 6.0
2009-03-04 21:28 --------- d-----w c:\program files\MSBuild
2009-03-04 21:28 --------- d-----w c:\documents and settings\e.Zein\Application Data\Styler
2009-03-04 21:25 --------- d-----w c:\documents and settings\e.Zein\Application Data\Desktopicon
2009-03-04 21:24 --------- d-----w c:\program files\Sysinternals
2009-03-04 21:24 --------- d-----w c:\program files\Hunt Virus Utilities
2009-03-04 21:24 --------- d-----w c:\program files\Common Files\Stardock
2009-03-04 21:24 --------- d-----w c:\program files\Alky for Applications
2009-03-04 21:15 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 21:15 --------- d-----w c:\program files\Stanimir Stoyanov
2009-03-04 21:15 --------- d-----w c:\program files\Desktop
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
05/18/2008 01:03 PM 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\system32\drivers\tcpip.sys
05/10/2008 02:49 PM 2306560 0f733106a818383806060abc29fe0f3a c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:00 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM 143360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [06/18/2008 02:31 PM 1122816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/21/2008 12:12 PM 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [10/21/2008 12:12 PM 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [08/15/2008 05:13 AM 30003200]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [11/11/2008 07:59 PM 206088]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM 56928]
"SDaemon"="c:\windows\sdaemon.exe" [04/18/2005 11:57 PM 111104]
"SWd"="c:\windows\winwd.exe" [04/18/2005 11:56 PM 26624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 11:38 AM 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/05/2009 02:50 AM 185896]
"nwiz"="nwiz.exe" [10/21/2008 12:12 PM 1630208 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [05/18/2008 01:03 PM 124928 c:\windows\system32\advpack.dll]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 01/30/2006 06:23 PM 1363968 c:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 03/05/2009 02:50 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29:38 م 32784]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys [18/05/2008 01:15:01 م 143360]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.s ys [18/04/2005 11:57:28 م 20352]
R2 winser;winser;c:\windows\system32\winsersec.exe [14/04/2005 12:37:32 ص 53248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06:48 م 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/03/2009 02:19:10 ص 845184]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FE723CEE-4A73-4B02-B4BF-40F52038B9E7} = 213.178.225.25 199.202.55.2
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
FF - ProfilePath - c:\documents and settings\e.Zein\Application Data\Mozilla\Firefox\Profiles\y1xii9cm.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-06 12:05:07
Windows 5.1.2600 Service Pack 3, v.5512 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
************************************************** ************************
.
Completion time: 03/06/2009 12:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 10:05:59
Pre-Run: 96,362,295,296 bytes free
Post-Run: 96,388,837,376 bytes free
213
وهذا تقرير HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 12:01:43 م, on 06/03/2009
Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\e.Zein\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE723CEE-4A73-4B02-B4BF-40F52038B9E7}: NameServer = 213.178.225.25 199.202.55.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe
وشكرا ....
