• بادئ الموضوع بادئ الموضوع krdasa
  • تاريخ البدء تاريخ البدء
  • المشاهدات 552

krdasa

زيزوومي جديد
إنضم
8 فبراير 2009
المشاركات
75
مستوى التفاعل
6
النقاط
80
الإقامة
يعنى ايه
غير متصل
السلام عليكم ورحمة الله وبركاتة

عندي مشكلة في جهازي بطيئ
ومرفق تقرير من جهازي
ارجو منكم المساعدة

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:17:02 م, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5508)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
G:\dws\vmware-authd.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\dws\vmware-tray.exe
G:\dws\hqtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Tonec Inc\Internet Downlaod Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Tonec Inc\Internet Downlaod Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Tonec Inc\Internet Downlaod Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [vmware-tray] G:\dws\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "G:\dws\hqtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Tonec Inc\Internet Downlaod Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Tonec Inc\Internet Downlaod Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Tonec Inc\Internet Downlaod Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Tonec Inc\Internet Downlaod Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Active Wall (ActiveWall) - Unknown owner - C:\Program Files\AWall\AWall.exe (file missing)
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - G:\dws\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - G:\dws\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7010 bytes

 

توقيع : krdasa
هلا بك



عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
اخى الحبيب اى اداه احملها مفيش اى رابط للتحميل واسف على ازعاجى
 
توقيع : krdasa
توقيع : AbOdy
اخى الحبيب انا عملت كل اللى انتا طلبتو
وده التقرير
ComboFix 09-08-03.03 - Dakster 08/03/2009 23:58.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1534.1054 [GMT 3:00]
Running from: c:\documents and settings\Dakster\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dakster\Application Data\addons.dat
c:\windows\Installer\1303b.msi
c:\windows\Installer\1ca831.msi
c:\windows\system32\Explorer
c:\windows\system32\Explorer\logg.dat
c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 20:24 . 2008-03-20 16:39 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-08-03 14:16 . 2009-08-03 14:16 -------- d-----w- c:\program files\Trend Micro
2009-08-03 00:17 . 2009-08-03 00:17 -------- d-----w- c:\program files\Tonec Inc
2009-08-02 23:57 . 2009-08-02 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-02 23:54 . 2009-08-02 23:54 -------- d-----w- c:\program files\Windows Live
2009-08-02 23:54 . 2009-08-02 23:54 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-02 23:47 . 2009-08-02 23:47 7168 ----a-w- c:\documents and settings\Dakster\Application Data\Thinstall\Internet Download Manager\4000004000002i\IEMonitor.exe
2009-08-02 23:47 . 2009-08-02 23:47 -------- d-----w- c:\documents and settings\Dakster\Application Data\Thinstall
2009-08-02 23:20 . 2009-07-28 08:05 450939 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-08-02 23:20 . 2009-07-22 14:43 127348 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-08-02 23:20 . 2009-07-14 15:08 430452 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-08-02 23:20 . 2009-04-30 12:33 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-08-02 23:20 . 2009-07-28 08:05 1884536 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-08-02 23:20 . 2009-07-28 08:05 352629 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-08-02 23:20 . 2009-07-22 14:43 233846 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-08-02 23:20 . 2009-07-22 14:43 184694 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-08-02 23:20 . 2009-06-17 12:32 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-08-02 23:20 . 2009-05-27 15:10 401783 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-08-02 23:20 . 2008-10-15 08:49 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-08-02 23:20 . 2008-10-15 08:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-08-02 23:12 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-08-02 23:12 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-02 23:12 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-02 23:12 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-08-02 23:12 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-02 23:12 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-02 23:12 . 2009-08-02 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-02 23:12 . 2009-08-02 23:12 -------- d-----w- c:\program files\Avira
2009-08-02 22:50 . 2009-08-02 22:50 198064 ----a-w- c:\documents and settings\Dakster\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-02 22:50 . 2009-08-03 20:54 -------- d-----w- c:\documents and settings\Dakster\Application Data\IDM
2009-08-02 22:49 . 2009-08-02 23:48 -------- d-----w- c:\program files\Internet Download Manager
2009-08-02 22:49 . 2008-09-28 19:00 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
2009-08-02 14:17 . 2009-08-02 14:17 -------- d-s---w- c:\documents and settings\Dakster\UserData
2009-08-02 12:58 . 2009-08-02 12:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-08-02 12:49 . 2009-08-02 12:49 -------- d--h--w- c:\windows\PIF
2009-08-02 12:47 . 2009-08-02 12:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-02 12:47 . 2009-08-02 12:47 -------- d-----w- C:\ProgramData
2009-08-02 12:46 . 2009-08-02 12:46 -------- d-----w- c:\documents and settings\Dakster\Local Settings\Application Data\Downloaded Installations
2009-08-02 12:46 . 2009-08-02 12:46 -------- d-----w- c:\documents and settings\Dakster\Application Data\Leadertech
2009-08-02 12:45 . 2008-03-20 16:39 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-02 12:45 . 2008-03-20 16:39 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-02 02:33 . 2009-08-02 13:11 -------- d-----w- c:\documents and settings\Dakster\Application Data\uTorrent
2009-08-02 02:33 . 2009-08-02 02:33 -------- d-----w- c:\program files\uTorrent
2009-08-02 01:48 . 2009-08-02 01:48 -------- d-----w- c:\documents and settings\Dakster\Local Settings\Application Data\Help
2009-08-02 01:46 . 2009-08-02 01:46 -------- d-----w- c:\windows\system32\NtmsData
2009-08-02 01:43 . 1999-12-17 03:13 49664 ----a-w- c:\windows\unvise32.exe
2009-08-02 00:56 . 2009-08-02 00:56 19200 ----a-w- c:\windows\system32\drivers\capture.sys
2009-08-02 00:56 . 2009-08-02 23:25 -------- d-----w- c:\program files\AWall
2009-08-02 00:25 . 2009-08-02 00:25 -------- d-----w- c:\documents and settings\Dakster\Application Data\ESET
2009-08-02 00:03 . 2009-08-03 00:39 -------- d-----w- c:\documents and settings\Dakster\Contacts
2009-08-01 23:59 . 2009-08-02 23:54 -------- d-----w- c:\program files\MSN Messenger
2009-08-01 23:55 . 2009-08-01 23:55 -------- d-----w- c:\program files\7-Zip
2009-08-01 22:34 . 2009-08-01 22:34 54624 ----a-w- c:\windows\system32\8e369.sys
2009-08-01 22:24 . 2009-08-01 22:24 -------- d-----w- c:\documents and settings\Dakster\Application Data\URSoft
2009-08-01 22:24 . 2009-08-03 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-01 22:24 . 2009-08-03 10:18 -------- d-----w- c:\program files\Your Uninstaller 2008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 20:55 . 2009-08-01 18:58 -------- d-----w- c:\documents and settings\Dakster\Application Data\DMCache
2009-08-03 20:54 . 2009-08-03 20:54 181680 ----a-w- c:\documents and settings\Dakster\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-08-03 20:22 . 2009-08-01 19:07 -------- d-----w- c:\documents and settings\Dakster\Application Data\VMware
2009-08-03 20:22 . 2009-08-01 19:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-03 20:22 . 2009-08-01 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-03 00:59 . 2009-08-03 00:58 -------- d-----w- c:\documents and settings\Dakster\Application Data\Media Player Classic
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-02 23:32 . 2009-08-01 18:23 16608 ----a-w- c:\windows\gdrv.sys
2009-08-02 23:25 . 2009-08-01 18:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 22:49 . 2009-08-02 22:49 6298 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-08-02 12:46 . 2009-08-01 18:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-02 00:25 . 2009-08-01 18:18 12464 ----a-w- c:\documents and settings\Dakster\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-01 21:32 . 2009-08-01 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-01 21:25 . 2009-08-01 21:25 -------- d-----w- c:\program files\microsoft frontpage
2009-08-01 19:37 . 2009-08-01 19:37 0 ----a-w- c:\windows\nsreg.dat
2009-08-01 19:20 . 2009-08-01 19:20 -------- d-----w- c:\program files\GIGABYTE
2009-08-01 19:17 . 2009-08-01 19:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-01 19:00 . 2009-08-01 19:00 -------- d-----w- c:\program files\VMware
2009-08-01 19:00 . 2009-08-01 19:00 -------- d-----w- c:\program files\Common Files\VMware
2009-08-01 18:55 . 2009-08-01 18:55 -------- d-----w- c:\program files\No-IP
2009-08-01 18:31 . 2009-08-01 18:29 -------- d-----w- c:\program files\Realtek
2009-08-01 18:29 . 2009-08-01 18:29 319488 ----a-w- c:\windows\HideWin.exe
2009-08-01 18:29 . 2009-08-01 18:29 -------- d-----w- c:\program files\AMD
2009-08-01 18:29 . 2009-08-01 18:29 -------- d-----w- c:\documents and settings\Dakster\Application Data\InstallShield
2009-08-01 18:29 . 2009-08-01 18:29 -------- d-----w- c:\documents and settings\Dakster\Application Data\ATI
2009-08-01 18:29 . 2009-08-01 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-08-01 18:28 . 2009-08-01 18:28 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-01 18:27 . 2009-08-01 18:24 -------- d-----w- c:\program files\ATI Technologies
2009-08-01 18:24 . 2009-08-01 18:24 -------- d-----w- c:\program files\Browser Configuration Utility
2009-08-01 18:16 . 2009-08-01 18:16 2232 ----a-w- c:\windows\java\Packages\Data\FNJZRNB9.DAT
2009-08-01 18:16 . 2009-08-01 18:16 155995 ----a-w- c:\windows\java\Packages\9NZ33DNF.ZIP
2009-08-01 18:16 . 2009-08-01 18:16 2678 ----a-w- c:\windows\java\Packages\Data\Q5ZPVR57.DAT
2009-08-01 18:16 . 2009-08-01 18:16 2678 ----a-w- c:\windows\java\Packages\Data\WS4QDN5F.DAT
2009-08-01 18:16 . 2009-08-01 18:16 2678 ----a-w- c:\windows\java\Packages\Data\TRV9BLB7.DAT
2009-08-01 18:16 . 2009-08-01 18:16 2678 ----a-w- c:\windows\java\Packages\Data\PB713JR3.DAT
2009-08-01 18:16 . 2009-08-01 18:16 2678 ----a-w- c:\windows\java\Packages\Data\9VXRR9BD.DAT
2009-08-01 18:16 . 2009-08-01 18:16 -------- d-----w- c:\documents and settings\Dakster\Application Data\Yahoo!
2009-08-01 18:16 . 2009-08-01 18:16 -------- d-----w- c:\program files\Yahoo!
2009-08-01 18:16 . 2009-08-01 18:16 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-08-01 18:16 . 2009-08-01 18:16 -------- d-----w- c:\program files\UltraISO
2009-08-01 18:16 . 2009-08-01 18:15 -------- d-----w- c:\program files\Winamp
2009-08-01 18:09 . 2009-08-01 18:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-15 20:41 . 2009-08-01 19:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-03-20 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-07-05 4538368]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-01-23 2745776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"vmware-tray"="g:\dws\vmware-tray.exe" [2007-08-21 72240]
"VMware hqtray"="g:\dws\hqtray.exe" [2007-08-21 55856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-20 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"g:\\fifa\\pes2009\\pes2009.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Bifrost 1.2.1
"8080:TCP"= 8080:TCP:hhhhhh

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [8/3/2009 2:12 AM 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [8/3/2009 2:12 AM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8/3/2009 2:12 AM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/3/2009 2:12 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/3/2009 2:12 AM 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [8/3/2009 2:12 AM 69632]
R3 Capture;Active Capture Driver;c:\windows\system32\drivers\capture.sys [8/2/2009 3:56 AM 19200]
S2 ActiveWall;Active Wall;"c:\program files\AWall\AWall.exe" --> c:\program files\AWall\AWall.exe [?]
S3 8e369;8e369;c:\windows\system32\8e369.sys [8/2/2009 1:34 AM 54624]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.no-ip.com/members/dns/?request=SnB0QFNDXx5TFTAfHiAcUQgeJS14NSxrAW8FBFNGWQgiNzsB
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل الكل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dakster\Application Data\Mozilla\Firefox\Profiles\qanueyxf.default\
FF - component: c:\documents and settings\Dakster\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-04 00:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1428)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-08-03 0:01
ComboFix-quarantined-files.txt 2009-08-03 21:01

Pre-Run: 13,452,218,368 bytes free
Post-Run: 13,778,751,488 bytes free

258

 
توقيع : krdasa
هلا بك

ارفع تقرير هايجاك جديد
 
توقيع : AbOdy
عودة
أعلى