كاسبر لا يظهر في شريط المهام ومش شغال

[tedatasoft]

السلام عليكم

نزلت كاسبر 2009 وسطبته ولاكن لما اشغله مش بيجى من تحت ومش بيفتح لان الجهاز فيه فيروسات كتير وكمان فايروس الوتورن وفايرسات تانية اسماهها غريبة
وده تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 8:35:06 am, on 1/6/2002
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
D:\windows\system32\smss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\explorer.exe
d:\windows\system32\spoolsv.exe
d:\windows\system32\ssvichosst.exe
d:\program files\analog devices\soundmax\smagent.exe
d:\program files\internet explorer\iexplore.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
h:\org\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
f2 - reg:system.ini: Shell=explorer.exe ssvichosst.exe
o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
o4 - hklm\..\run: [avp] "d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
o4 - hklm\..\run: [msconfig] d:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
o4 - hkcu\..\run: [yahoo messengger] d:\windows\system32\ssvichosst.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'default user')
o7 - hkcu\software\microsoft\windows\currentversion\policies\system, disableregedit=1
o8 - extra context menu item: E&xport to microsoft excel - res://d:\progra~1\micros~1\office11\excel.exe/3000
o9 - extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - d:\program files\kaspersky lab\kaspersky internet security 2009\scieplgn.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - d:\progra~1\micros~1\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: D:\windows\system32\nwprovau.dll
o20 - appinit_dlls: D:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
o23 - service: Soundmax agent service (soundmax agent service (default)) - analog devices, inc. - d:\program files\analog devices\soundmax\smagent.exe
--
end of file - 3408 bytes

 

[البارون]

طيب اخوي استخدم اداة المكافي جهازك مصاب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهات تقرير الفحص بعد ماتخلص

الفايروس هل اسمة sailty​

 

[tedatasoft]

منتظر الحل

 

[tedatasoft]

اخوى الاداة حجمها كبير
ثانيا الكاسبر مش شغال اساسا تحت مش بيفتح بضغط عليه مش ابدا مش بيفتح
منتظر الحل

 

[أعتز بك]

وعليكم السلام

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

وبعدين اعمل الاتي
تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

​

 

[tedatasoft]

ده تقرير البرنامج الاول

combofix 09-04-24.01 - أ- محسن 01/06/2002 9:10.2 - fat32x86
microsoft windows xp professional 5.1.2600.2.1256.20.1033.18.224.82 [gmt 2:00]
running from: H:\org\combofix.exe
warning -this machine does not have the recovery console installed !!
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\windows\system32\wmdrtc32.dl_
d:\windows\system32\wmdrtc32.dll
.
---- previous run -------
.
C:\autorun.inf
c:\xmss.exe
d:\windows\ssvichosst.exe
d:\windows\system32\autorun.ini
d:\windows\system32\msssc.dll
d:\windows\system32\setting.ini
d:\windows\system32\ssvichosst.exe
d:\windows\system32\wmdrtc32.dl_
d:\windows\system32\wmdrtc32.dll
d:\windows\tasks\at1.job
e:\autorun.inf
e:\xmss.exe
f:\autorun.inf
f:\xmss.exe
g:\autorun.inf
g:\xmss.exe
h:\autorun.inf
h:\xmss.exe
.
((((((((((((((((((((((((( files created from 2001-0-13-06 to 2002-1-6 )))))))))))))))))))))))))))))))
.
2008-11-11 18:00 . 2008-11-11 18:00 218376 ----a-w d:\windows\system32\klogon.dll
2008-11-11 17:58 . 2008-11-11 17:58 25601 ----a-w d:\windows\system32\drivers\klopp.dat
2008-07-21 15:34 . 2008-07-21 15:34 121872 ----a-w d:\windows\system32\drivers\kl1.sys
2008-04-30 15:06 . 2008-04-30 15:06 24592 ----a-w d:\windows\system32\drivers\klim5.sys
2008-03-13 16:02 . 2008-03-13 16:02 26640 ----a-w d:\windows\system32\drivers\klfltdev.sys
2008-01-29 15:29 . 2008-01-29 15:29 32784 ----a-w d:\windows\system32\drivers\klbg.sys
2006-11-22 08:20 . 2006-11-22 08:20 2052096 ----a-w d:\windows\system32\msgina.dll
2006-09-09 07:48 . 2006-09-09 07:48 4194304 ----a-w d:\windows\system32\wmploc.dll
2006-09-09 07:32 . 2006-09-09 07:32 1003008 ----a-w d:\windows\system32\wmvdmoe2.dll
2006-09-09 07:32 . 2006-09-09 07:32 895736 ----a-w d:\windows\system32\wmvdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 940544 ----a-w d:\windows\system32\wmspdmoe.dll
2006-09-09 07:32 . 2006-09-09 07:32 413944 ----a-w d:\windows\system32\wmspdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 1119744 ----a-w d:\windows\system32\wmsdmoe2.dll
2006-09-09 07:32 . 2006-09-09 07:32 86016 ----a-w d:\windows\system32\wmpshell.dll
2006-09-09 07:32 . 2006-09-09 07:32 774904 ----a-w d:\windows\system32\wmsdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 20480 ----a-w d:\windows\system32\wmpui.dll
2006-09-09 04:55 . 2006-09-09 04:55 33792 ----a-w d:\windows\system32\wupdmgr.exe
2006-09-09 04:46 . 2006-09-09 04:46 746496 ----a-w d:\windows\system32\zipfldr.dll
2006-09-09 04:46 . 2006-09-09 04:46 4249600 ----a-w d:\windows\system32\xpsp2res.dll
2006-09-09 04:45 . 2006-09-09 04:45 151552 ----a-w d:\windows\system32\wscript.exe
2006-09-09 04:45 . 2006-09-09 04:45 8192 ----a-w d:\windows\system32\wpabaln.exe
2006-09-09 04:44 . 2006-09-09 04:44 690176 ----a-w d:\windows\system32\wiashext.dll
2006-09-09 04:44 . 2006-09-09 04:44 793088 ----a-w d:\windows\system32\wiaacmgr.exe
2006-09-09 04:43 . 2006-09-09 04:43 53248 ----a-w d:\windows\system32\utilman.exe
2006-09-09 04:43 . 2006-09-09 04:43 275456 ----a-w d:\windows\system32\timedate.cpl
2006-09-09 04:43 . 2006-09-09 04:43 31232 ----a-w d:\windows\system32\telephon.cpl
2006-09-09 04:42 . 2006-09-09 04:42 291328 ----a-w d:\windows\system32\syncui.dll
2006-09-09 04:42 . 2006-09-09 04:42 52224 ----a-w d:\windows\system32\syncapp.exe
2006-09-09 04:42 . 2006-09-09 04:42 103424 ----a-w d:\windows\system32\stobject.dll
2006-09-09 04:41 . 2006-09-09 04:41 931840 ----a-w d:\windows\system32\shimgvw.dll
2006-09-09 04:40 . 2006-09-09 04:40 45056 ----a-w d:\windows\system32\rcimlby.exe
2006-09-09 04:40 . 2006-09-09 04:40 167424 ----a-w d:\windows\system32\powercfg.cpl
2006-09-09 04:40 . 2006-09-09 04:40 292864 ----a-w d:\windows\system32\osk.exe
2006-09-09 04:39 . 2006-09-09 04:39 282624 ----a-w d:\windows\system32\nusrmgr.cpl
2006-09-09 04:39 . 2006-09-09 04:39 70656 ----a-w d:\windows\system32\notepad.exe
2006-09-09 04:39 . 2006-09-09 04:39 1928704 ----a-w d:\windows\system32\netshell.dll
2006-09-09 04:39 . 2006-09-09 04:39 57344 ----a-w d:\windows\system32\narrator.exe
2006-09-09 04:38 . 2006-09-09 04:38 83968 ----a-w d:\windows\system32\mydocs.dll
2006-09-09 04:38 . 2006-09-09 04:38 128512 ----a-w d:\windows\system32\msiexec.exe
2006-09-09 04:37 . 2006-09-09 04:37 200192 ----a-w d:\windows\system32\moricons.dll
2006-09-09 04:36 . 2006-09-09 04:36 340992 ----a-w d:\windows\system32\mobsync.exe
2006-09-09 04:36 . 2006-09-09 04:36 848384 ----a-w d:\windows\system32\mmsys.cpl
2006-09-09 04:36 . 2006-09-09 04:36 55296 ----a-w d:\windows\system32\migpwd.exe
2006-09-09 04:36 . 2006-09-09 04:36 256000 ----a-w d:\windows\system32\main.cpl
2006-09-09 04:35 . 2006-09-09 04:35 75776 ----a-w d:\windows\system32\magnify.exe
2006-09-09 04:34 . 2006-09-09 04:34 70144 ----a-w d:\windows\system32\joy.cpl
2006-09-09 04:34 . 2006-09-09 04:34 407552 ----a-w d:\windows\system32\irprops.cpl
2006-09-09 04:33 . 2006-09-09 04:33 131072 ----a-w d:\windows\system32\intl.cpl
2006-09-09 04:33 . 2006-09-09 04:33 905728 ----a-w d:\windows\system32\inetcpl.cpl
2006-09-09 04:32 . 2006-09-09 04:32 237056 ----a-w d:\windows\system32\hdwwiz.cpl
2006-09-09 04:32 . 2006-09-09 04:32 402944 ----a-w d:\windows\system32\fontext.dll
2006-09-09 04:31 . 2006-09-09 04:32 82944 ----a-w d:\windows\system32\dfrgres.dll
2006-09-09 04:31 . 2006-09-09 04:31 139776 ----a-w d:\windows\system32\desk.cpl
2006-09-09 04:31 . 2006-09-09 04:31 391680 ----a-w d:\windows\system32\cmd.exe
2006-09-09 04:30 . 2006-09-09 04:30 92160 ----a-w d:\windows\system32\cabview.dll
2006-09-09 04:30 . 2006-09-09 04:30 35328 ----a-w d:\windows\system32\batmeter.dll
2006-09-09 04:30 . 2006-09-09 04:30 600576 ----a-w d:\windows\system32\appwiz.cpl
2006-09-09 04:30 . 2006-09-09 04:30 100864 ----a-w d:\windows\system32\ahui.exe
2006-09-09 02:04 . 2006-09-09 02:04 2774528 ----a-w d:\windows\system32\winntbbu.dll
2006-09-08 23:24 . 2006-09-08 23:24 218624 ----a-w d:\windows\system32\uxtheme.dll
2006-09-08 23:24 . 2006-09-08 23:24 140288 ----a-w d:\windows\system32\sfc_os.dll
2006-09-08 23:24 . 2006-09-08 23:24 984576 ----a-w d:\windows\system32\syssetup.dll
2006-09-08 22:50 . 2006-09-08 22:50 713216 ----a-w d:\windows\system32\sxs.dll
2006-09-08 22:49 . 2006-09-08 22:49 701440 ----a-w d:\windows\system32\msxml2.dll
2006-09-08 21:01 . 2006-09-08 21:01 2321024 ----a-w d:\windows\system32\ntoskrnl.exe
2006-09-07 23:45 . 2006-09-07 23:45 430080 ----a-w d:\windows\system32\ssstars.scr
2006-09-07 23:45 . 2006-09-07 23:45 258048 ----a-w d:\windows\system32\ssbezier.scr
2006-09-07 23:45 . 2006-09-07 23:45 1634304 ----a-w d:\windows\system32\ss3dfo.scr
2006-09-07 20:53 . 2006-09-07 20:53 701952 ----a-w d:\windows\system32\sysdm.cpl
2006-09-06 20:12 . 2006-09-06 20:12 130560 ----a-w d:\windows\system32\logonui.exe
2006-06-22 23:14 . 2006-06-22 23:14 102912 ----a-w d:\windows\system32\logon.scr
2006-06-22 23:13 . 2006-06-22 23:13 423936 ----a-w d:\windows\system32\ssmyst.scr
2006-05-12 03:03 . 2006-05-12 03:03 6144 ---ha-r d:\windows\system32\kbdpash.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ---ha-r d:\windows\system32\kbdnepr.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ----a-w d:\windows\system32\kbdiultn.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ----a-w d:\windows\system32\kbdbhc.dll
2006-05-09 20:24 . 2006-05-09 20:24 244856 ----a-w d:\windows\system32\tweakui.exe
2006-04-12 01:27 . 2006-09-08 23:02 2198144 ----a-w d:\windows\system32\ntkrnlpa.exe
2006-02-28 05:41 . 2006-09-08 23:02 52736 ----a-w d:\windows\system32\wzcsapi.dll
2006-02-28 05:41 . 2006-09-08 23:02 474624 ----a-w d:\windows\system32\wzcsvc.dll
2006-02-28 01:09 . 2006-09-08 23:02 14592 ----a-w d:\windows\system32\drivers\ndisuio.sys
2005-12-04 13:36 . 2005-12-04 13:36 38400 ----a-w d:\windows\system32\startup.cpl
2005-11-26 00:13 . 2005-11-26 00:13 135168 ----a-w d:\windows\system32\directx.cpl
2005-11-05 01:55 . 2005-11-05 01:55 48768 ----a-w d:\windows\system32\drivers\stream.sys
2005-10-20 02:07 . 2005-10-20 02:07 55296 ----a-w d:\windows\system32\safexp.cpl
2005-10-20 02:07 . 2005-10-20 02:07 345600 ----a-w d:\windows\system32\safexp.exe
2005-10-20 02:07 . 2005-10-20 02:07 22486 ----a-w d:\windows\system32\safexp.cpi
2005-05-10 22:51 . 2005-05-10 22:51 75776 ----a-w d:\windows\system32\telnet.exe
2004-08-27 22:42 . 2006-09-08 23:02 35456 ----a-w d:\windows\system32\drivers\processr.sys
2004-08-03 22:56 . 2006-09-08 23:02 23552 ------w d:\windows\system32\wdmaud.drv
2004-08-03 22:56 . 2004-08-03 22:56 294912 ----a-w d:\windows\system32\msh263.drv
2004-08-03 22:56 . 2004-08-03 22:56 252928 ----a-w d:\windows\regedit.exe
2004-08-03 22:56 . 2006-09-08 23:02 35328 ----a-w d:\windows\system32\pid.dll
2004-08-03 22:56 . 2006-09-08 23:02 17408 ----a-w d:\windows\system32\msyuv.dll
2004-08-03 22:56 . 2006-09-08 23:02 15360 ----a-w d:\windows\system32\pjlmon.dll
2004-08-03 22:56 . 2006-09-08 23:02 52224 ----a-w d:\windows\system32\dmutil.dll
2004-08-03 22:56 . 2006-09-08 23:02 47616 ----a-w d:\windows\system32\iyuv_32.dll
2004-08-03 22:56 . 2006-09-08 23:02 20992 ----a-w d:\windows\system32\hid.dll
2004-08-03 22:56 . 2006-09-08 23:02 47104 ----a-w d:\windows\system32\cnbjmon.dll
2004-08-03 22:07 . 2004-08-03 22:07 1788 ----a-w d:\windows\system32\dcache.bin
2004-08-03 22:02 . 2004-08-03 22:02 329728 ----a-w d:\windows\system32\netsetup.exe
2004-08-03 22:01 . 2004-08-03 22:01 92168 ----a-w d:\windows\system32\rdpdd.dll
2004-08-03 22:01 . 2004-08-03 22:01 12168 ----a-w d:\windows\system32\tsddd.dll
2004-08-03 21:15 . 2004-08-03 21:15 140928 ----a-w d:\windows\system32\drivers\ks.sys
2004-08-03 21:09 . 2006-09-08 23:02 25472 ----a-w d:\windows\system32\drivers\sonydcam.sys
2004-08-03 21:08 . 2006-09-08 23:02 16000 ----a-w d:\windows\system32\drivers\usbintel.sys
2004-08-03 21:08 . 2006-09-08 23:02 30080 ----a-w d:\windows\system32\drivers\modem.sys
2004-08-03 21:07 . 2006-09-08 23:02 15488 ----a-w d:\windows\system32\drivers\mssmbios.sys
2004-08-03 21:07 . 2006-09-08 23:02 63744 ----a-w d:\windows\system32\drivers\mf.sys
2004-08-03 21:03 . 2006-09-08 23:02 12416 ----a-w d:\windows\system32\drivers\tunmp.sys
2004-08-03 20:59 . 2006-09-08 23:02 37376 ----a-w d:\windows\system32\drivers\amdk7.sys
2004-08-03 20:59 . 2006-09-08 23:02 36480 ----a-w d:\windows\system32\drivers\crusoe.sys
2004-08-03 20:59 . 2006-09-08 23:02 42496 ----a-w d:\windows\system32\drivers\p3.sys
2004-08-03 20:59 . 2006-09-08 23:02 36992 ----a-w d:\windows\system32\drivers\amdk6.sys
2004-08-03 20:59 . 2006-09-08 23:02 80128 ----a-w d:\windows\system32\drivers\parport.sys
2004-08-03 20:58 . 2006-09-08 23:02 4352 ----a-w d:\windows\system32\drivers\swenum.sys
2004-08-03 20:58 . 2006-09-08 23:02 23040 ----a-w d:\windows\system32\drivers\mouclass.sys
2004-08-03 20:58 . 2006-09-08 23:02 61824 ----a-w d:\windows\system32\drivers\nic1394.sys
2004-08-03 20:58 . 2006-09-08 23:02 60800 ----a-w d:\windows\system32\drivers\arp1394.sys
2004-08-03 20:15 . 2004-08-03 20:15 64896 ----a-w d:\windows\system32\drivers\serial.sys
2004-08-03 20:15 . 2004-08-03 20:15 574592 ----a-w d:\windows\system32\drivers\ntfs.sys
2004-08-03 20:14 . 2004-08-03 20:14 52736 ----a-w d:\windows\system32\drivers\i8042prt.sys
2004-08-03 20:14 . 2004-08-03 20:14 162816 ----a-w d:\windows\system32\drivers\netbt.sys
2004-08-03 20:14 . 2004-08-03 20:14 91776 ----a-w d:\windows\system32\drivers\ndiswan.sys
2004-08-03 20:14 . 2004-08-03 20:14 74752 ----a-w d:\windows\system32\drivers\ipsec.sys
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-09-09 06:45 . 2002-01-01 04:59 125720 ----a-w d:\windows\system32\wuauclt.exe
2006-09-09 06:44 . 2002-01-01 04:57 122880 ----a-w d:\windows\system32\winmine.exe
2006-09-09 06:44 . 2002-01-01 04:57 72704 ----a-w d:\windows\system32\winchat.exe
2006-09-09 06:42 . 2002-01-01 04:57 542720 ----a-w d:\windows\system32\spider.exe
2006-09-09 06:42 . 2002-01-01 04:57 59904 ----a-w d:\windows\system32\sol.exe
2006-09-09 06:42 . 2002-01-01 04:57 158720 ----a-w d:\windows\system32\sndvol32.exe
2006-09-09 06:41 . 2002-01-01 04:57 134656 ----a-w d:\windows\system32\sndrec32.exe
2006-09-09 06:38 . 2002-01-01 04:56 664064 ----a-w d:\windows\system32\mstsc.exe
2006-09-09 06:38 . 2002-01-01 04:59 331776 ----a-w d:\windows\system32\mstask.dll
2006-09-09 06:38 . 2002-01-01 04:57 390144 ----a-w d:\windows\system32\mspaint.exe
2006-09-09 06:37 . 2002-01-01 04:57 130560 ----a-w d:\windows\system32\mshearts.exe
2006-09-09 06:37 . 2002-01-01 04:59 212992 ----a-w d:\windows\pchealth\helpctr\binaries\msconfig.exe
2006-09-09 06:32 . 2002-01-01 04:57 58368 ----a-w d:\windows\system32\freecell.exe
2006-09-09 06:31 . 2002-01-01 04:57 83456 ----a-w d:\windows\system32\charmap.exe
2006-09-09 06:31 . 2002-01-01 04:57 946448 ----a-w d:\windows\system32\calc.exe
2006-09-09 06:29 . 2002-01-01 04:57 306688 ----a-w d:\windows\system32\accwiz.exe
2006-09-09 04:39 . 2002-01-01 04:48 99328 ----a-w d:\windows\notepad.exe
2006-09-09 00:51 . 2002-01-01 04:56 11776 ----a-w d:\windows\system32\xolehlp.dll
2006-09-09 00:51 . 2006-09-08 22:51 173536 ----a-w d:\windows\system32\wuweb.dll
2006-09-09 00:51 . 2002-01-01 04:59 194328 ----a-w d:\windows\system32\wuaueng1.dll
2006-09-09 00:51 . 2002-01-01 04:59 127256 ----a-w d:\windows\system32\wucltui.dll
2006-09-09 00:51 . 2002-01-01 04:59 41240 ----a-w d:\windows\system32\wups.dll
2006-09-09 00:51 . 2002-01-01 04:59 1343768 ----a-w d:\windows\system32\wuaueng.dll
2006-09-09 00:51 . 2002-01-01 04:59 172312 ----a-w d:\windows\system32\wuauclt1.exe
2006-09-09 00:51 . 2002-01-01 04:59 465176 ----a-w d:\windows\system32\wuapi.dll
2006-09-09 00:51 . 2002-01-01 04:56 295424 ----a-w d:\windows\system32\termsrv.dll
2006-09-09 00:50 . 2002-01-01 04:57 59392 ----a-w d:\windows\system32\stclient.dll
2006-09-09 00:50 . 2002-01-01 04:57 139528 ----a-w d:\windows\system32\drivers\rdpwd.sys
2006-09-09 00:50 . 2002-01-01 04:56 91136 ----a-w d:\windows\system32\mtxoci.dll
2006-09-09 00:49 . 2002-01-01 04:56 956416 ----a-w d:\windows\system32\msdtctm.dll
2006-09-09 00:49 . 2002-01-01 04:56 161280 ----a-w d:\windows\system32\msdtcuiu.dll
2006-09-09 00:49 . 2002-01-01 04:56 426496 ----a-w d:\windows\system32\msdtcprx.dll
2006-09-09 00:48 . 2002-01-01 04:59 679424 ----a-w d:\windows\system32\inetcomm.dll
2006-09-09 00:48 . 2002-01-01 04:57 347136 ----a-w d:\windows\system32\hypertrm.dll
2006-09-09 00:48 . 2002-01-01 04:56 539648 ----a-w d:\windows\system32\comuid.dll
2006-09-09 00:48 . 2002-01-01 04:56 1267712 ----a-w d:\windows\system32\comsvcs.dll
2006-09-09 00:48 . 2002-01-01 04:57 97792 ----a-w d:\windows\system32\comrepl.dll
2006-09-09 00:48 . 2002-01-01 04:56 60416 ----a-w d:\windows\system32\colbact.dll
2006-09-09 00:48 . 2002-01-01 04:56 110080 ----a-w d:\windows\system32\clbcatex.dll
2006-09-09 00:48 . 2002-01-01 04:56 498688 ----a-w d:\windows\system32\clbcatq.dll
2006-09-09 00:48 . 2002-01-01 04:56 625152 ----a-w d:\windows\system32\catsrvut.dll
2006-09-09 00:48 . 2002-01-01 04:56 225792 ----a-w d:\windows\system32\catsrv.dll
2006-09-08 22:51 . 2006-09-08 22:51 65024 ----a-w d:\windows\system32\nwwks.dll
2006-09-08 22:50 . 2006-09-08 22:50 96768 ----a-w d:\windows\system32\srvsvc.dll
2006-09-08 22:49 . 2006-09-08 22:49 621272 ----a-w d:\windows\system32\mswstr10.dll
2006-09-08 22:48 . 2006-09-08 22:48 136320 ----a-w d:\windows\system32\drivers\ipnat.sys
2006-09-08 22:47 . 2006-09-08 22:47 1852928 ----a-w d:\windows\apppatch\acgenral.dll
2006-07-12 14:50 . 2002-01-01 04:51 146048 ----a-w d:\windows\system32\drivers\portcls.sys
2005-05-28 00:14 . 2002-01-01 04:53 142464 ----a-w d:\windows\system32\drivers\aec.sys
2004-08-04 00:01 . 2002-01-01 04:56 87176 ----a-w d:\windows\system32\rdpwsx.dll
2004-08-04 00:01 . 2002-01-01 04:57 21896 ----a-w d:\windows\system32\drivers\tdtcp.sys
2004-08-04 00:01 . 2002-01-01 04:57 12040 ----a-w d:\windows\system32\drivers\tdpipe.sys
2004-08-03 23:03 . 2002-01-01 04:45 1042903 ---ha-r d:\windows\set3.tmp
2004-08-03 23:01 . 2002-01-01 04:56 40840 ----a-w d:\windows\system32\drivers\termdd.sys
2004-08-03 22:58 . 2002-01-01 04:45 13753 ---ha-r d:\windows\set8.tmp
2004-08-03 22:57 . 2002-01-01 04:45 1086058 ---ha-r d:\windows\set4.tmp
2004-08-03 22:56 . 2002-01-01 04:51 74240 ----a-w d:\windows\system32\usbui.dll
2004-08-03 22:56 . 2004-08-03 21:56 29184 ----a-w d:\windows\system32\sdhcinst.dll
2004-08-03 22:56 . 2002-01-01 04:48 74752 ----a-w d:\windows\system32\storprop.dll
2004-08-03 22:56 . 2002-01-01 04:51 86016 ----a-w d:\windows\system32\mdmxsdk.dll
2004-08-03 22:56 . 2002-01-01 04:51 32285 ----a-w d:\windows\system32\hsfcisp2.dll
2004-08-03 22:56 . 2002-01-01 04:51 4096 ----a-w d:\windows\system32\ksuser.dll
2004-08-03 22:56 . 2004-08-03 21:56 30208 ----a-w d:\windows\system32\bthserv.dll
2004-08-03 22:56 . 2004-08-03 21:56 20992 ----a-w d:\windows\system32\bthci.dll
2004-08-03 22:06 . 2002-01-01 04:59 73472 ----a-w d:\windows\system32\drivers\sr.sys
2004-08-03 22:01 . 2002-01-01 04:59 124800 ----a-w d:\windows\system32\drivers\fltmgr.sys
2004-08-03 21:59 . 2002-01-01 04:56 655360 ----a-w d:\windows\system32\mstscax.dll
2004-08-03 21:59 . 2002-01-01 04:56 44544 ----a-w d:\windows\system32\tscupgrd.exe
2004-08-03 21:15 . 2002-01-01 04:53 60800 ----a-w d:\windows\system32\drivers\sysaudio.sys
2004-08-03 21:15 . 2002-01-01 04:53 82944 ----a-w d:\windows\system32\drivers\wdmaud.sys
2004-08-03 21:08 . 2002-01-01 04:52 10624 ----a-w d:\windows\system32\drivers\gameenum.sys
2004-08-03 21:08 . 2002-01-01 04:51 60288 ----a-w d:\windows\system32\drivers\drmk.sys
2004-08-03 21:07 . 2002-01-01 04:53 2944 ----a-w d:\windows\system32\drivers\drmkaud.sys
2004-08-03 21:07 . 2002-01-01 04:53 171776 ----a-w d:\windows\system32\drivers\kmixer.sys
2004-08-03 21:07 . 2002-01-01 04:53 6400 ----a-w d:\windows\system32\drivers\splitter.sys
2004-08-03 21:07 . 2002-01-01 04:51 41088 ----a-w d:\windows\system32\drivers\sisagp.sys
2004-08-03 21:07 . 2002-01-01 04:53 52864 ----a-w d:\windows\system32\drivers\dmusic.sys
2004-08-03 21:01 . 2002-01-01 04:52 25856 ----a-w d:\windows\system32\drivers\usbprint.sys
2004-08-03 21:01 . 2002-01-01 04:56 196864 ----a-w d:\windows\system32\drivers\rdpdr.sys
2004-08-03 20:59 . 2002-01-01 04:52 57472 ----a-w d:\windows\system32\drivers\redbook.sys
2004-08-03 20:58 . 2002-01-01 04:53 4992 ----a-w d:\windows\system32\drivers\mspqm.sys
2004-08-03 20:58 . 2002-01-01 04:53 7552 ----a-w d:\windows\system32\drivers\mskssrv.sys
2004-08-03 20:58 . 2002-01-01 04:53 5376 ----a-w d:\windows\system32\drivers\mspclock.sys
2004-08-03 20:41 . 2002-01-01 04:51 11868 ----a-w d:\windows\system32\drivers\mdmxsdk.sys
2004-08-03 20:41 . 2002-01-01 04:51 1041536 ----a-w d:\windows\system32\drivers\hsfdpsp2.sys
2004-08-03 20:41 . 2002-01-01 04:51 685056 ----a-w d:\windows\system32\drivers\hsfcxts2.sys
2004-08-03 20:41 . 2002-01-01 04:51 220032 ----a-w d:\windows\system32\drivers\hsfbs2s2.sys
2004-08-03 20:31 . 2002-01-01 04:51 32768 ----a-w d:\windows\system32\drivers\sisnic.sys
2004-08-03 20:00 . 2002-01-01 04:48 11264 ----a-w d:\windows\system32\drivers\irenum.sys
2004-07-17 20:55 . 2002-01-01 04:51 129045 ----a-w d:\windows\system32\drivers\cxthsfs2.cty
2004-07-17 08:34 . 2001-08-23 11:00 358976 ----a-w d:\windows\system32\msjetoledb40.dll
2003-01-02 06:09 . 2002-01-01 05:40 1732608 ----a-w d:\windows\system32\sisgl.dll
2002-12-30 10:32 . 2002-01-01 05:40 255616 ----a-w d:\windows\system32\drivers\sisgrp.sys
2002-12-30 10:30 . 2002-01-01 05:40 751872 ----a-w d:\windows\system32\sisgrv.dll
2002-12-12 11:42 . 2002-01-01 05:40 184320 ----a-w d:\windows\system32\setuplib.dll
2002-12-11 05:33 . 2002-01-01 05:40 172032 ----a-w d:\windows\system32\sisinst.dll
2002-12-11 05:33 . 2002-01-01 05:40 221184 ----a-w d:\windows\system32\sisparse.dll
2002-12-11 05:32 . 2002-01-01 05:40 98304 ----a-w d:\windows\system32\sisapcom.dll
2002-12-11 02:12 . 2002-01-01 05:40 6593 ------w d:\windows\system32\instfunc.dll
2002-12-05 14:39 . 2002-01-01 05:39 534976 ----a-w d:\windows\system32\drivers\smwdm.sys
.
------- sigcheck -------
[-] 2006-09-08 23:02 2198144 ba08992ecfb4b23b9204add12ab385ea d:\windows\system32\ntkrnlpa.exe
[-] 2006-09-08 21:01 2321024 ef63859e4fd9cb3ec31a111481f4b1b6 d:\windows\system32\ntoskrnl.exe
[-] 2006-09-08 22:48 1645568 5d049655e4f57bf61ca915ed2705ca0c d:\windows\explorer.exe
[-] 2004-08-03 21:56 44032 f55796912c357128e4da96af79a1d1ca d:\windows\system32\ctfmon.exe
[-] 2006-09-09 06:45 125720 b04b182a92c119511dd3cdbe18602db1 d:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avp"="d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" [2008-11-11 206088]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-03 44032]
[hkey_users\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"="move" [x]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
"nosmhelp"= 1 (0x1)
[hkey_users\.default\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
"nosmhelp"= 1 (0x1)
hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32
"midi2"= syncor11.dll
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
r3 mbamswissarmy;mbamswissarmy;d:\windows\system32\drivers\mbamswissarmy.sys [2008-10-16 38496]
s0 klbg;kaspersky lab boot guard driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
s3 klfltdev;kaspersky lab klfltdev;d:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
s3 klim5;kaspersky anti-virus ndis filter;d:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
s4 ndisfileservices32;ndisfileservices32;d:\windows\system32\drivers\nfmnmn.sys [2002-01-06 5477]
.
- - - - orphans removed - - - -
hku-default-run-yahoo messengger - d:\windows\system32\ssvichosst.exe

.
------- supplementary scan -------
.
Ustart page = about:blank
ie: E&xport to microsoft excel - d:\progra~1\micros~1\office11\excel.exe/3000
.
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2002-01-06 09:16
windows 5.1.2600 service pack 2 fat ntapi
scanning hidden processes ...
Scanning hidden autostart entries ...
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------
- - - - - - - > 'explorer.exe'(2412)
d:\windows\system32\wmdrtc32.dll
d:\windows\system32\msi.dll
d:\windows\system32\setupapi.dll
.
------------------------ other running processes ------------------------
.
D:\program files\analog devices\soundmax\smagent.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
d:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2002-01-06 9:19 - machine was rebooted
combofix-quarantined-files.txt 2002-01-06 07:19
pre-run: 2,623,483,904 bytes free
post-run: 2,576,478,208 bytes free
340

وده تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 9:23:09 am, on 1/6/2002
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
D:\windows\system32\smss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\system32\spoolsv.exe
d:\program files\analog devices\soundmax\smagent.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
d:\program files\internet explorer\iexplore.exe
d:\windows\explorer.exe
d:\windows\system32\notepad.exe
d:\program files\internet explorer\iexplore.exe
h:\org\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,default_search_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,search page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
o4 - hklm\..\run: [avp] "d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'default user')
o8 - extra context menu item: E&xport to microsoft excel - res://d:\progra~1\micros~1\office11\excel.exe/3000
o9 - extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - d:\program files\kaspersky lab\kaspersky internet security 2009\scieplgn.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - d:\progra~1\micros~1\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: D:\windows\system32\nwprovau.dll
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o23 - service: Soundmax agent service (soundmax agent service (default)) - analog devices, inc. - d:\program files\analog devices\soundmax\smagent.exe
--
end of file - 2951 bytes

منتظر الرد

 

[tedatasoft]

ده تقرير البرنامج الاول

combofix 09-04-24.01 - أ- محسن 01/06/2002 9:10.2 - fat32x86
microsoft windows xp professional 5.1.2600.2.1256.20.1033.18.224.82 [gmt 2:00]
running from: H:\org\combofix.exe
warning -this machine does not have the recovery console installed !!
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\windows\system32\wmdrtc32.dl_
d:\windows\system32\wmdrtc32.dll
.
---- previous run -------
.
C:\autorun.inf
c:\xmss.exe
d:\windows\ssvichosst.exe
d:\windows\system32\autorun.ini
d:\windows\system32\msssc.dll
d:\windows\system32\setting.ini
d:\windows\system32\ssvichosst.exe
d:\windows\system32\wmdrtc32.dl_
d:\windows\system32\wmdrtc32.dll
d:\windows\tasks\at1.job
e:\autorun.inf
e:\xmss.exe
f:\autorun.inf
f:\xmss.exe
g:\autorun.inf
g:\xmss.exe
h:\autorun.inf
h:\xmss.exe
.
((((((((((((((((((((((((( files created from 2001-0-13-06 to 2002-1-6 )))))))))))))))))))))))))))))))
.
2008-11-11 18:00 . 2008-11-11 18:00 218376 ----a-w d:\windows\system32\klogon.dll
2008-11-11 17:58 . 2008-11-11 17:58 25601 ----a-w d:\windows\system32\drivers\klopp.dat
2008-07-21 15:34 . 2008-07-21 15:34 121872 ----a-w d:\windows\system32\drivers\kl1.sys
2008-04-30 15:06 . 2008-04-30 15:06 24592 ----a-w d:\windows\system32\drivers\klim5.sys
2008-03-13 16:02 . 2008-03-13 16:02 26640 ----a-w d:\windows\system32\drivers\klfltdev.sys
2008-01-29 15:29 . 2008-01-29 15:29 32784 ----a-w d:\windows\system32\drivers\klbg.sys
2006-11-22 08:20 . 2006-11-22 08:20 2052096 ----a-w d:\windows\system32\msgina.dll
2006-09-09 07:48 . 2006-09-09 07:48 4194304 ----a-w d:\windows\system32\wmploc.dll
2006-09-09 07:32 . 2006-09-09 07:32 1003008 ----a-w d:\windows\system32\wmvdmoe2.dll
2006-09-09 07:32 . 2006-09-09 07:32 895736 ----a-w d:\windows\system32\wmvdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 940544 ----a-w d:\windows\system32\wmspdmoe.dll
2006-09-09 07:32 . 2006-09-09 07:32 413944 ----a-w d:\windows\system32\wmspdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 1119744 ----a-w d:\windows\system32\wmsdmoe2.dll
2006-09-09 07:32 . 2006-09-09 07:32 86016 ----a-w d:\windows\system32\wmpshell.dll
2006-09-09 07:32 . 2006-09-09 07:32 774904 ----a-w d:\windows\system32\wmsdmod.dll
2006-09-09 07:32 . 2006-09-09 07:32 20480 ----a-w d:\windows\system32\wmpui.dll
2006-09-09 04:55 . 2006-09-09 04:55 33792 ----a-w d:\windows\system32\wupdmgr.exe
2006-09-09 04:46 . 2006-09-09 04:46 746496 ----a-w d:\windows\system32\zipfldr.dll
2006-09-09 04:46 . 2006-09-09 04:46 4249600 ----a-w d:\windows\system32\xpsp2res.dll
2006-09-09 04:45 . 2006-09-09 04:45 151552 ----a-w d:\windows\system32\wscript.exe
2006-09-09 04:45 . 2006-09-09 04:45 8192 ----a-w d:\windows\system32\wpabaln.exe
2006-09-09 04:44 . 2006-09-09 04:44 690176 ----a-w d:\windows\system32\wiashext.dll
2006-09-09 04:44 . 2006-09-09 04:44 793088 ----a-w d:\windows\system32\wiaacmgr.exe
2006-09-09 04:43 . 2006-09-09 04:43 53248 ----a-w d:\windows\system32\utilman.exe
2006-09-09 04:43 . 2006-09-09 04:43 275456 ----a-w d:\windows\system32\timedate.cpl
2006-09-09 04:43 . 2006-09-09 04:43 31232 ----a-w d:\windows\system32\telephon.cpl
2006-09-09 04:42 . 2006-09-09 04:42 291328 ----a-w d:\windows\system32\syncui.dll
2006-09-09 04:42 . 2006-09-09 04:42 52224 ----a-w d:\windows\system32\syncapp.exe
2006-09-09 04:42 . 2006-09-09 04:42 103424 ----a-w d:\windows\system32\stobject.dll
2006-09-09 04:41 . 2006-09-09 04:41 931840 ----a-w d:\windows\system32\shimgvw.dll
2006-09-09 04:40 . 2006-09-09 04:40 45056 ----a-w d:\windows\system32\rcimlby.exe
2006-09-09 04:40 . 2006-09-09 04:40 167424 ----a-w d:\windows\system32\powercfg.cpl
2006-09-09 04:40 . 2006-09-09 04:40 292864 ----a-w d:\windows\system32\osk.exe
2006-09-09 04:39 . 2006-09-09 04:39 282624 ----a-w d:\windows\system32\nusrmgr.cpl
2006-09-09 04:39 . 2006-09-09 04:39 70656 ----a-w d:\windows\system32\notepad.exe
2006-09-09 04:39 . 2006-09-09 04:39 1928704 ----a-w d:\windows\system32\netshell.dll
2006-09-09 04:39 . 2006-09-09 04:39 57344 ----a-w d:\windows\system32\narrator.exe
2006-09-09 04:38 . 2006-09-09 04:38 83968 ----a-w d:\windows\system32\mydocs.dll
2006-09-09 04:38 . 2006-09-09 04:38 128512 ----a-w d:\windows\system32\msiexec.exe
2006-09-09 04:37 . 2006-09-09 04:37 200192 ----a-w d:\windows\system32\moricons.dll
2006-09-09 04:36 . 2006-09-09 04:36 340992 ----a-w d:\windows\system32\mobsync.exe
2006-09-09 04:36 . 2006-09-09 04:36 848384 ----a-w d:\windows\system32\mmsys.cpl
2006-09-09 04:36 . 2006-09-09 04:36 55296 ----a-w d:\windows\system32\migpwd.exe
2006-09-09 04:36 . 2006-09-09 04:36 256000 ----a-w d:\windows\system32\main.cpl
2006-09-09 04:35 . 2006-09-09 04:35 75776 ----a-w d:\windows\system32\magnify.exe
2006-09-09 04:34 . 2006-09-09 04:34 70144 ----a-w d:\windows\system32\joy.cpl
2006-09-09 04:34 . 2006-09-09 04:34 407552 ----a-w d:\windows\system32\irprops.cpl
2006-09-09 04:33 . 2006-09-09 04:33 131072 ----a-w d:\windows\system32\intl.cpl
2006-09-09 04:33 . 2006-09-09 04:33 905728 ----a-w d:\windows\system32\inetcpl.cpl
2006-09-09 04:32 . 2006-09-09 04:32 237056 ----a-w d:\windows\system32\hdwwiz.cpl
2006-09-09 04:32 . 2006-09-09 04:32 402944 ----a-w d:\windows\system32\fontext.dll
2006-09-09 04:31 . 2006-09-09 04:32 82944 ----a-w d:\windows\system32\dfrgres.dll
2006-09-09 04:31 . 2006-09-09 04:31 139776 ----a-w d:\windows\system32\desk.cpl
2006-09-09 04:31 . 2006-09-09 04:31 391680 ----a-w d:\windows\system32\cmd.exe
2006-09-09 04:30 . 2006-09-09 04:30 92160 ----a-w d:\windows\system32\cabview.dll
2006-09-09 04:30 . 2006-09-09 04:30 35328 ----a-w d:\windows\system32\batmeter.dll
2006-09-09 04:30 . 2006-09-09 04:30 600576 ----a-w d:\windows\system32\appwiz.cpl
2006-09-09 04:30 . 2006-09-09 04:30 100864 ----a-w d:\windows\system32\ahui.exe
2006-09-09 02:04 . 2006-09-09 02:04 2774528 ----a-w d:\windows\system32\winntbbu.dll
2006-09-08 23:24 . 2006-09-08 23:24 218624 ----a-w d:\windows\system32\uxtheme.dll
2006-09-08 23:24 . 2006-09-08 23:24 140288 ----a-w d:\windows\system32\sfc_os.dll
2006-09-08 23:24 . 2006-09-08 23:24 984576 ----a-w d:\windows\system32\syssetup.dll
2006-09-08 22:50 . 2006-09-08 22:50 713216 ----a-w d:\windows\system32\sxs.dll
2006-09-08 22:49 . 2006-09-08 22:49 701440 ----a-w d:\windows\system32\msxml2.dll
2006-09-08 21:01 . 2006-09-08 21:01 2321024 ----a-w d:\windows\system32\ntoskrnl.exe
2006-09-07 23:45 . 2006-09-07 23:45 430080 ----a-w d:\windows\system32\ssstars.scr
2006-09-07 23:45 . 2006-09-07 23:45 258048 ----a-w d:\windows\system32\ssbezier.scr
2006-09-07 23:45 . 2006-09-07 23:45 1634304 ----a-w d:\windows\system32\ss3dfo.scr
2006-09-07 20:53 . 2006-09-07 20:53 701952 ----a-w d:\windows\system32\sysdm.cpl
2006-09-06 20:12 . 2006-09-06 20:12 130560 ----a-w d:\windows\system32\logonui.exe
2006-06-22 23:14 . 2006-06-22 23:14 102912 ----a-w d:\windows\system32\logon.scr
2006-06-22 23:13 . 2006-06-22 23:13 423936 ----a-w d:\windows\system32\ssmyst.scr
2006-05-12 03:03 . 2006-05-12 03:03 6144 ---ha-r d:\windows\system32\kbdpash.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ---ha-r d:\windows\system32\kbdnepr.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ----a-w d:\windows\system32\kbdiultn.dll
2006-05-12 03:03 . 2006-05-12 03:03 6144 ----a-w d:\windows\system32\kbdbhc.dll
2006-05-09 20:24 . 2006-05-09 20:24 244856 ----a-w d:\windows\system32\tweakui.exe
2006-04-12 01:27 . 2006-09-08 23:02 2198144 ----a-w d:\windows\system32\ntkrnlpa.exe
2006-02-28 05:41 . 2006-09-08 23:02 52736 ----a-w d:\windows\system32\wzcsapi.dll
2006-02-28 05:41 . 2006-09-08 23:02 474624 ----a-w d:\windows\system32\wzcsvc.dll
2006-02-28 01:09 . 2006-09-08 23:02 14592 ----a-w d:\windows\system32\drivers\ndisuio.sys
2005-12-04 13:36 . 2005-12-04 13:36 38400 ----a-w d:\windows\system32\startup.cpl
2005-11-26 00:13 . 2005-11-26 00:13 135168 ----a-w d:\windows\system32\directx.cpl
2005-11-05 01:55 . 2005-11-05 01:55 48768 ----a-w d:\windows\system32\drivers\stream.sys
2005-10-20 02:07 . 2005-10-20 02:07 55296 ----a-w d:\windows\system32\safexp.cpl
2005-10-20 02:07 . 2005-10-20 02:07 345600 ----a-w d:\windows\system32\safexp.exe
2005-10-20 02:07 . 2005-10-20 02:07 22486 ----a-w d:\windows\system32\safexp.cpi
2005-05-10 22:51 . 2005-05-10 22:51 75776 ----a-w d:\windows\system32\telnet.exe
2004-08-27 22:42 . 2006-09-08 23:02 35456 ----a-w d:\windows\system32\drivers\processr.sys
2004-08-03 22:56 . 2006-09-08 23:02 23552 ------w d:\windows\system32\wdmaud.drv
2004-08-03 22:56 . 2004-08-03 22:56 294912 ----a-w d:\windows\system32\msh263.drv
2004-08-03 22:56 . 2004-08-03 22:56 252928 ----a-w d:\windows\regedit.exe
2004-08-03 22:56 . 2006-09-08 23:02 35328 ----a-w d:\windows\system32\pid.dll
2004-08-03 22:56 . 2006-09-08 23:02 17408 ----a-w d:\windows\system32\msyuv.dll
2004-08-03 22:56 . 2006-09-08 23:02 15360 ----a-w d:\windows\system32\pjlmon.dll
2004-08-03 22:56 . 2006-09-08 23:02 52224 ----a-w d:\windows\system32\dmutil.dll
2004-08-03 22:56 . 2006-09-08 23:02 47616 ----a-w d:\windows\system32\iyuv_32.dll
2004-08-03 22:56 . 2006-09-08 23:02 20992 ----a-w d:\windows\system32\hid.dll
2004-08-03 22:56 . 2006-09-08 23:02 47104 ----a-w d:\windows\system32\cnbjmon.dll
2004-08-03 22:07 . 2004-08-03 22:07 1788 ----a-w d:\windows\system32\dcache.bin
2004-08-03 22:02 . 2004-08-03 22:02 329728 ----a-w d:\windows\system32\netsetup.exe
2004-08-03 22:01 . 2004-08-03 22:01 92168 ----a-w d:\windows\system32\rdpdd.dll
2004-08-03 22:01 . 2004-08-03 22:01 12168 ----a-w d:\windows\system32\tsddd.dll
2004-08-03 21:15 . 2004-08-03 21:15 140928 ----a-w d:\windows\system32\drivers\ks.sys
2004-08-03 21:09 . 2006-09-08 23:02 25472 ----a-w d:\windows\system32\drivers\sonydcam.sys
2004-08-03 21:08 . 2006-09-08 23:02 16000 ----a-w d:\windows\system32\drivers\usbintel.sys
2004-08-03 21:08 . 2006-09-08 23:02 30080 ----a-w d:\windows\system32\drivers\modem.sys
2004-08-03 21:07 . 2006-09-08 23:02 15488 ----a-w d:\windows\system32\drivers\mssmbios.sys
2004-08-03 21:07 . 2006-09-08 23:02 63744 ----a-w d:\windows\system32\drivers\mf.sys
2004-08-03 21:03 . 2006-09-08 23:02 12416 ----a-w d:\windows\system32\drivers\tunmp.sys
2004-08-03 20:59 . 2006-09-08 23:02 37376 ----a-w d:\windows\system32\drivers\amdk7.sys
2004-08-03 20:59 . 2006-09-08 23:02 36480 ----a-w d:\windows\system32\drivers\crusoe.sys
2004-08-03 20:59 . 2006-09-08 23:02 42496 ----a-w d:\windows\system32\drivers\p3.sys
2004-08-03 20:59 . 2006-09-08 23:02 36992 ----a-w d:\windows\system32\drivers\amdk6.sys
2004-08-03 20:59 . 2006-09-08 23:02 80128 ----a-w d:\windows\system32\drivers\parport.sys
2004-08-03 20:58 . 2006-09-08 23:02 4352 ----a-w d:\windows\system32\drivers\swenum.sys
2004-08-03 20:58 . 2006-09-08 23:02 23040 ----a-w d:\windows\system32\drivers\mouclass.sys
2004-08-03 20:58 . 2006-09-08 23:02 61824 ----a-w d:\windows\system32\drivers\nic1394.sys
2004-08-03 20:58 . 2006-09-08 23:02 60800 ----a-w d:\windows\system32\drivers\arp1394.sys
2004-08-03 20:15 . 2004-08-03 20:15 64896 ----a-w d:\windows\system32\drivers\serial.sys
2004-08-03 20:15 . 2004-08-03 20:15 574592 ----a-w d:\windows\system32\drivers\ntfs.sys
2004-08-03 20:14 . 2004-08-03 20:14 52736 ----a-w d:\windows\system32\drivers\i8042prt.sys
2004-08-03 20:14 . 2004-08-03 20:14 162816 ----a-w d:\windows\system32\drivers\netbt.sys
2004-08-03 20:14 . 2004-08-03 20:14 91776 ----a-w d:\windows\system32\drivers\ndiswan.sys
2004-08-03 20:14 . 2004-08-03 20:14 74752 ----a-w d:\windows\system32\drivers\ipsec.sys
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-09-09 06:45 . 2002-01-01 04:59 125720 ----a-w d:\windows\system32\wuauclt.exe
2006-09-09 06:44 . 2002-01-01 04:57 122880 ----a-w d:\windows\system32\winmine.exe
2006-09-09 06:44 . 2002-01-01 04:57 72704 ----a-w d:\windows\system32\winchat.exe
2006-09-09 06:42 . 2002-01-01 04:57 542720 ----a-w d:\windows\system32\spider.exe
2006-09-09 06:42 . 2002-01-01 04:57 59904 ----a-w d:\windows\system32\sol.exe
2006-09-09 06:42 . 2002-01-01 04:57 158720 ----a-w d:\windows\system32\sndvol32.exe
2006-09-09 06:41 . 2002-01-01 04:57 134656 ----a-w d:\windows\system32\sndrec32.exe
2006-09-09 06:38 . 2002-01-01 04:56 664064 ----a-w d:\windows\system32\mstsc.exe
2006-09-09 06:38 . 2002-01-01 04:59 331776 ----a-w d:\windows\system32\mstask.dll
2006-09-09 06:38 . 2002-01-01 04:57 390144 ----a-w d:\windows\system32\mspaint.exe
2006-09-09 06:37 . 2002-01-01 04:57 130560 ----a-w d:\windows\system32\mshearts.exe
2006-09-09 06:37 . 2002-01-01 04:59 212992 ----a-w d:\windows\pchealth\helpctr\binaries\msconfig.exe
2006-09-09 06:32 . 2002-01-01 04:57 58368 ----a-w d:\windows\system32\freecell.exe
2006-09-09 06:31 . 2002-01-01 04:57 83456 ----a-w d:\windows\system32\charmap.exe
2006-09-09 06:31 . 2002-01-01 04:57 946448 ----a-w d:\windows\system32\calc.exe
2006-09-09 06:29 . 2002-01-01 04:57 306688 ----a-w d:\windows\system32\accwiz.exe
2006-09-09 04:39 . 2002-01-01 04:48 99328 ----a-w d:\windows\notepad.exe
2006-09-09 00:51 . 2002-01-01 04:56 11776 ----a-w d:\windows\system32\xolehlp.dll
2006-09-09 00:51 . 2006-09-08 22:51 173536 ----a-w d:\windows\system32\wuweb.dll
2006-09-09 00:51 . 2002-01-01 04:59 194328 ----a-w d:\windows\system32\wuaueng1.dll
2006-09-09 00:51 . 2002-01-01 04:59 127256 ----a-w d:\windows\system32\wucltui.dll
2006-09-09 00:51 . 2002-01-01 04:59 41240 ----a-w d:\windows\system32\wups.dll
2006-09-09 00:51 . 2002-01-01 04:59 1343768 ----a-w d:\windows\system32\wuaueng.dll
2006-09-09 00:51 . 2002-01-01 04:59 172312 ----a-w d:\windows\system32\wuauclt1.exe
2006-09-09 00:51 . 2002-01-01 04:59 465176 ----a-w d:\windows\system32\wuapi.dll
2006-09-09 00:51 . 2002-01-01 04:56 295424 ----a-w d:\windows\system32\termsrv.dll
2006-09-09 00:50 . 2002-01-01 04:57 59392 ----a-w d:\windows\system32\stclient.dll
2006-09-09 00:50 . 2002-01-01 04:57 139528 ----a-w d:\windows\system32\drivers\rdpwd.sys
2006-09-09 00:50 . 2002-01-01 04:56 91136 ----a-w d:\windows\system32\mtxoci.dll
2006-09-09 00:49 . 2002-01-01 04:56 956416 ----a-w d:\windows\system32\msdtctm.dll
2006-09-09 00:49 . 2002-01-01 04:56 161280 ----a-w d:\windows\system32\msdtcuiu.dll
2006-09-09 00:49 . 2002-01-01 04:56 426496 ----a-w d:\windows\system32\msdtcprx.dll
2006-09-09 00:48 . 2002-01-01 04:59 679424 ----a-w d:\windows\system32\inetcomm.dll
2006-09-09 00:48 . 2002-01-01 04:57 347136 ----a-w d:\windows\system32\hypertrm.dll
2006-09-09 00:48 . 2002-01-01 04:56 539648 ----a-w d:\windows\system32\comuid.dll
2006-09-09 00:48 . 2002-01-01 04:56 1267712 ----a-w d:\windows\system32\comsvcs.dll
2006-09-09 00:48 . 2002-01-01 04:57 97792 ----a-w d:\windows\system32\comrepl.dll
2006-09-09 00:48 . 2002-01-01 04:56 60416 ----a-w d:\windows\system32\colbact.dll
2006-09-09 00:48 . 2002-01-01 04:56 110080 ----a-w d:\windows\system32\clbcatex.dll
2006-09-09 00:48 . 2002-01-01 04:56 498688 ----a-w d:\windows\system32\clbcatq.dll
2006-09-09 00:48 . 2002-01-01 04:56 625152 ----a-w d:\windows\system32\catsrvut.dll
2006-09-09 00:48 . 2002-01-01 04:56 225792 ----a-w d:\windows\system32\catsrv.dll
2006-09-08 22:51 . 2006-09-08 22:51 65024 ----a-w d:\windows\system32\nwwks.dll
2006-09-08 22:50 . 2006-09-08 22:50 96768 ----a-w d:\windows\system32\srvsvc.dll
2006-09-08 22:49 . 2006-09-08 22:49 621272 ----a-w d:\windows\system32\mswstr10.dll
2006-09-08 22:48 . 2006-09-08 22:48 136320 ----a-w d:\windows\system32\drivers\ipnat.sys
2006-09-08 22:47 . 2006-09-08 22:47 1852928 ----a-w d:\windows\apppatch\acgenral.dll
2006-07-12 14:50 . 2002-01-01 04:51 146048 ----a-w d:\windows\system32\drivers\portcls.sys
2005-05-28 00:14 . 2002-01-01 04:53 142464 ----a-w d:\windows\system32\drivers\aec.sys
2004-08-04 00:01 . 2002-01-01 04:56 87176 ----a-w d:\windows\system32\rdpwsx.dll
2004-08-04 00:01 . 2002-01-01 04:57 21896 ----a-w d:\windows\system32\drivers\tdtcp.sys
2004-08-04 00:01 . 2002-01-01 04:57 12040 ----a-w d:\windows\system32\drivers\tdpipe.sys
2004-08-03 23:03 . 2002-01-01 04:45 1042903 ---ha-r d:\windows\set3.tmp
2004-08-03 23:01 . 2002-01-01 04:56 40840 ----a-w d:\windows\system32\drivers\termdd.sys
2004-08-03 22:58 . 2002-01-01 04:45 13753 ---ha-r d:\windows\set8.tmp
2004-08-03 22:57 . 2002-01-01 04:45 1086058 ---ha-r d:\windows\set4.tmp
2004-08-03 22:56 . 2002-01-01 04:51 74240 ----a-w d:\windows\system32\usbui.dll
2004-08-03 22:56 . 2004-08-03 21:56 29184 ----a-w d:\windows\system32\sdhcinst.dll
2004-08-03 22:56 . 2002-01-01 04:48 74752 ----a-w d:\windows\system32\storprop.dll
2004-08-03 22:56 . 2002-01-01 04:51 86016 ----a-w d:\windows\system32\mdmxsdk.dll
2004-08-03 22:56 . 2002-01-01 04:51 32285 ----a-w d:\windows\system32\hsfcisp2.dll
2004-08-03 22:56 . 2002-01-01 04:51 4096 ----a-w d:\windows\system32\ksuser.dll
2004-08-03 22:56 . 2004-08-03 21:56 30208 ----a-w d:\windows\system32\bthserv.dll
2004-08-03 22:56 . 2004-08-03 21:56 20992 ----a-w d:\windows\system32\bthci.dll
2004-08-03 22:06 . 2002-01-01 04:59 73472 ----a-w d:\windows\system32\drivers\sr.sys
2004-08-03 22:01 . 2002-01-01 04:59 124800 ----a-w d:\windows\system32\drivers\fltmgr.sys
2004-08-03 21:59 . 2002-01-01 04:56 655360 ----a-w d:\windows\system32\mstscax.dll
2004-08-03 21:59 . 2002-01-01 04:56 44544 ----a-w d:\windows\system32\tscupgrd.exe
2004-08-03 21:15 . 2002-01-01 04:53 60800 ----a-w d:\windows\system32\drivers\sysaudio.sys
2004-08-03 21:15 . 2002-01-01 04:53 82944 ----a-w d:\windows\system32\drivers\wdmaud.sys
2004-08-03 21:08 . 2002-01-01 04:52 10624 ----a-w d:\windows\system32\drivers\gameenum.sys
2004-08-03 21:08 . 2002-01-01 04:51 60288 ----a-w d:\windows\system32\drivers\drmk.sys
2004-08-03 21:07 . 2002-01-01 04:53 2944 ----a-w d:\windows\system32\drivers\drmkaud.sys
2004-08-03 21:07 . 2002-01-01 04:53 171776 ----a-w d:\windows\system32\drivers\kmixer.sys
2004-08-03 21:07 . 2002-01-01 04:53 6400 ----a-w d:\windows\system32\drivers\splitter.sys
2004-08-03 21:07 . 2002-01-01 04:51 41088 ----a-w d:\windows\system32\drivers\sisagp.sys
2004-08-03 21:07 . 2002-01-01 04:53 52864 ----a-w d:\windows\system32\drivers\dmusic.sys
2004-08-03 21:01 . 2002-01-01 04:52 25856 ----a-w d:\windows\system32\drivers\usbprint.sys
2004-08-03 21:01 . 2002-01-01 04:56 196864 ----a-w d:\windows\system32\drivers\rdpdr.sys
2004-08-03 20:59 . 2002-01-01 04:52 57472 ----a-w d:\windows\system32\drivers\redbook.sys
2004-08-03 20:58 . 2002-01-01 04:53 4992 ----a-w d:\windows\system32\drivers\mspqm.sys
2004-08-03 20:58 . 2002-01-01 04:53 7552 ----a-w d:\windows\system32\drivers\mskssrv.sys
2004-08-03 20:58 . 2002-01-01 04:53 5376 ----a-w d:\windows\system32\drivers\mspclock.sys
2004-08-03 20:41 . 2002-01-01 04:51 11868 ----a-w d:\windows\system32\drivers\mdmxsdk.sys
2004-08-03 20:41 . 2002-01-01 04:51 1041536 ----a-w d:\windows\system32\drivers\hsfdpsp2.sys
2004-08-03 20:41 . 2002-01-01 04:51 685056 ----a-w d:\windows\system32\drivers\hsfcxts2.sys
2004-08-03 20:41 . 2002-01-01 04:51 220032 ----a-w d:\windows\system32\drivers\hsfbs2s2.sys
2004-08-03 20:31 . 2002-01-01 04:51 32768 ----a-w d:\windows\system32\drivers\sisnic.sys
2004-08-03 20:00 . 2002-01-01 04:48 11264 ----a-w d:\windows\system32\drivers\irenum.sys
2004-07-17 20:55 . 2002-01-01 04:51 129045 ----a-w d:\windows\system32\drivers\cxthsfs2.cty
2004-07-17 08:34 . 2001-08-23 11:00 358976 ----a-w d:\windows\system32\msjetoledb40.dll
2003-01-02 06:09 . 2002-01-01 05:40 1732608 ----a-w d:\windows\system32\sisgl.dll
2002-12-30 10:32 . 2002-01-01 05:40 255616 ----a-w d:\windows\system32\drivers\sisgrp.sys
2002-12-30 10:30 . 2002-01-01 05:40 751872 ----a-w d:\windows\system32\sisgrv.dll
2002-12-12 11:42 . 2002-01-01 05:40 184320 ----a-w d:\windows\system32\setuplib.dll
2002-12-11 05:33 . 2002-01-01 05:40 172032 ----a-w d:\windows\system32\sisinst.dll
2002-12-11 05:33 . 2002-01-01 05:40 221184 ----a-w d:\windows\system32\sisparse.dll
2002-12-11 05:32 . 2002-01-01 05:40 98304 ----a-w d:\windows\system32\sisapcom.dll
2002-12-11 02:12 . 2002-01-01 05:40 6593 ------w d:\windows\system32\instfunc.dll
2002-12-05 14:39 . 2002-01-01 05:39 534976 ----a-w d:\windows\system32\drivers\smwdm.sys
.
------- sigcheck -------
[-] 2006-09-08 23:02 2198144 ba08992ecfb4b23b9204add12ab385ea d:\windows\system32\ntkrnlpa.exe
[-] 2006-09-08 21:01 2321024 ef63859e4fd9cb3ec31a111481f4b1b6 d:\windows\system32\ntoskrnl.exe
[-] 2006-09-08 22:48 1645568 5d049655e4f57bf61ca915ed2705ca0c d:\windows\explorer.exe
[-] 2004-08-03 21:56 44032 f55796912c357128e4da96af79a1d1ca d:\windows\system32\ctfmon.exe
[-] 2006-09-09 06:45 125720 b04b182a92c119511dd3cdbe18602db1 d:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avp"="d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" [2008-11-11 206088]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-03 44032]
[hkey_users\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"="move" [x]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
"nosmhelp"= 1 (0x1)
[hkey_users\.default\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
"nosmhelp"= 1 (0x1)
hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32
"midi2"= syncor11.dll
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
r3 mbamswissarmy;mbamswissarmy;d:\windows\system32\drivers\mbamswissarmy.sys [2008-10-16 38496]
s0 klbg;kaspersky lab boot guard driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
s3 klfltdev;kaspersky lab klfltdev;d:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
s3 klim5;kaspersky anti-virus ndis filter;d:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
s4 ndisfileservices32;ndisfileservices32;d:\windows\system32\drivers\nfmnmn.sys [2002-01-06 5477]
.
- - - - orphans removed - - - -
hku-default-run-yahoo messengger - d:\windows\system32\ssvichosst.exe

.
------- supplementary scan -------
.
Ustart page = about:blank
ie: E&xport to microsoft excel - d:\progra~1\micros~1\office11\excel.exe/3000
.
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2002-01-06 09:16
windows 5.1.2600 service pack 2 fat ntapi
scanning hidden processes ...
Scanning hidden autostart entries ...
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------
- - - - - - - > 'explorer.exe'(2412)
d:\windows\system32\wmdrtc32.dll
d:\windows\system32\msi.dll
d:\windows\system32\setupapi.dll
.
------------------------ other running processes ------------------------
.
D:\program files\analog devices\soundmax\smagent.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
d:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2002-01-06 9:19 - machine was rebooted
combofix-quarantined-files.txt 2002-01-06 07:19
pre-run: 2,623,483,904 bytes free
post-run: 2,576,478,208 bytes free
340

وده تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 9:23:09 am, on 1/6/2002
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
D:\windows\system32\smss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\system32\spoolsv.exe
d:\program files\analog devices\soundmax\smagent.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
d:\program files\internet explorer\iexplore.exe
d:\windows\explorer.exe
d:\windows\system32\notepad.exe
d:\program files\internet explorer\iexplore.exe
h:\org\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,default_search_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,search page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
o4 - hklm\..\run: [avp] "d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'default user')
o8 - extra context menu item: E&xport to microsoft excel - res://d:\progra~1\micros~1\office11\excel.exe/3000
o9 - extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - d:\program files\kaspersky lab\kaspersky internet security 2009\scieplgn.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - d:\progra~1\micros~1\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: D:\windows\system32\nwprovau.dll
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o23 - service: Soundmax agent service (soundmax agent service (default)) - analog devices, inc. - d:\program files\analog devices\soundmax\smagent.exe
--
end of file - 2951 bytes

منتظر الرد

 

[أعتز بك]

قام التقرير الأول بتنظيف بعض القيم

قم بعمل التالي
أقفل جميع برامج الحمايه

حمل الاداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

وبعدها هات تقرير هاي جاك

بالآآنتظآآر​

 

[البارون]

اخوي انا عارف انو الكاسبر متعطل عشان كذا عطيتك الاداة مش انت بتقول فايروسات غير الاوتو رن

على العموم اداة الكمبو فيكس حذفت فايروسين

D:\windows\system32\wmdrtc32.dl_
d:\windows\system32\wmdrtc32.dll


ولسة التقرير فيه مشاكل

عطل استعادة النظام


طيب استخدم هالادة

استخدم هالاداة

حمل اداة دكتور ويب للفحص والتنظيف وهي محدثه بتاريخ اليوم (( الرابط متجدد من الشركة ))

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(( اذا كنت تستخدم كاسبر أعمل له خروج من جوار الساعه أولاً ))

شرح عمل الاداة ::

بعد التحميل نقوم بتشغيلها .. ونعمل كما بالصور ::

ثم

ثم ننتظر قليلاً يتم فحص الذاكرة فقط ..

وبعد الانتهاء نعمل كما بالصوره للفحص الشامل للجهاز

وفي حال العثور على فايروس أثناء الفحص وظهرت هذه الرساله

نعمل الاتي لحذف الاصابه وتنظيفها ::

ثم ننتظر أنتهاء الفحص الشامل (( قد يتأخر الفحص على حسب حجم ملفاتك على الجهاز ))

وعند الانتهاء نعمل الاتي ::

ثم نقوم بحذف الفايروسات المكتشفه ::

(( ثم أعد تشغيل الجهاز ))


وبعدين تقرير جديد لخطوة جديده​

 

[tedatasoft]

يا ريت الرابط المباشر علطول
لانى بيجيبلى
The page cannot be displayed

يا ريت الرابط المباشر علشان اضعه في برنامج التحميل

 

[البارون]

يا ريت الرابط المباشر علطول
لانى بيجيبلى
the page cannot be displayed

يا ريت الرابط المباشر علشان اضعه في برنامج التحميل

انت عاوز تحلمشكلتك ولا لا الادوات تبع الفحص كلها كبيره لازم تحمل وحدة فيهم

 

[tedatasoft]

انت عاوز تحلمشكلتك ولا لا الادوات تبع الفحص كلها كبيره لازم تحمل وحدة فيهم

انا اقصد اداة الكاسبر وليس والاداة الذي وضعتها جارى التحميل

 

[tedatasoft]

بيقولى عاوز ينزل اخر اصدار منها وللاسف تريال
ما الحل

 

[tedatasoft]

منتظر الرد

 

[أعتز بك]

انت أضغط على الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وراح يجيك تحميل

 

[tedatasoft]

The page cannot be displayed

 

[tedatasoft]

منتظر الرد

 

[البارون]

طيب اداة المكافي في الرد الاول تبعي

ولا اداة دكتور ويب وقفل برنامج التحميل او احذفه اذا مسبب لك مشاكل

 

[MAAX]

حمل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[tedatasoft]

طيب اداة المكافي في الرد الاول تبعي

ولا اداة دكتور ويب وقفل برنامج التحميل او احذفه اذا مسبب لك مشاكل

اخى العزيز انا رديت على حضرتك
المكافى الرابيد شير بيقولى الايب
والاداة بيقولى لازم تحديث ونزلتها لاقيتها تريال