ali_sagban2006
زيزوومي جديد
- إنضم
- 5 أبريل 2008
- المشاركات
- 9
- مستوى التفاعل
- 0
- النقاط
- 0
غير متصل
السلام عليكم
ممكن احد ايكلي شنو المشاكل الي عندي بالحاسبة حسب التقرير
الف شكر مقدماً
ممكن احد ايكلي شنو المشاكل الي عندي بالحاسبة حسب التقرير
PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:44 ص, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\برامجي\ali sagban 2008.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ae/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3752 bytes
PHP:
ComboFix 08-11-10.01 - علي الخزعلي 11/11/2008 10:47:18.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.92 [GMT 3:00]
Running from: c:\documents and settings\علي الخزعلي\Desktop\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 11:28 --------- d-----w c:\program files\Sham Future
2008-11-03 10:25 8,352,434 ------w C:\Persi0.sys
2008-11-03 10:25 --------- d-----w c:\program files\Faronics
2008-11-03 09:57 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 09:54 --------- d-----w c:\program files\VCD Cutter V4.04
2008-11-03 09:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 09:50 --------- d-----w c:\program files\C-Media 3D Audio
2008-11-03 09:48 --------- d-----w c:\documents and settings\علي الخزعلي\Application Data\Media Player Classic
2008-11-03 09:46 --------- d-----w c:\program files\HFXP
2008-11-03 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-03 09:44 --------- d-----w c:\program files\Acoustica Shared Effects
2008-11-03 09:44 --------- d-----w c:\program files\Acoustica Mixcraft
2008-11-03 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-03 09:43 --------- d-----w c:\program files\Yahoo!
2008-11-03 09:43 --------- d-----w c:\program files\CCleaner
2008-11-03 09:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-03 09:41 --------- d-----w c:\program files\Internet Download Manager
2008-11-03 09:41 --------- d-----w c:\documents and settings\علي الخزعلي\Application Data\IDM
2008-11-03 09:41 --------- d-----w c:\documents and settings\علي الخزعلي\Application Data\DMCache
2008-11-03 09:40 --------- d-----w c:\program files\iColorFolder
2008-11-03 09:40 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-03 09:20 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@Tue 11-11-2008_10.43.22.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 19:17:26 40,128 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-11 07:45:02 40,128 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-09 19:17:26 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 07:45:02 311,740 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [05/23/2004 12:00 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/11/2007 03:15 AM 802816]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [08/30/2007 05:43 PM 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [11/12/2007 06:51 AM 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [11/12/2007 06:51 AM 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [05/23/2004 12:00 PM 110592 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [11/12/2007 06:51 AM 1626112 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [05/23/2004 12:00 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
11/20/2005 02:21 PM 49152 c:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [11/20/2005 02:16 PM 134016]
R1 HFSYS;HFSYS;c:\windows\system32\drivers\HFSYS.SYS [10/27/2002 03:09 PM 19732]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ae/
O8 -: IDM بواسطة FLV تحميل محتوى فيديو - c:\program files\Internet Download Manager\IEGetVL.htm
O8 -: IDM تحميل بواسطة - c:\program files\Internet Download Manager\IEExt.htm
O8 -: IDM تحميل جميع الروابط بواسطة - c:\program files\Internet Download Manager\IEGetAll.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 10:48:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\LogonDll.dll
.
Completion time: 11/11/2008 10:48:53
ComboFix-quarantined-files.txt 2008-11-11 07:48:50
ComboFix2.txt 2008-11-11 07:43:42
Pre-Run: 12,967,985,152 bytes free
Post-Run: 12,959,645,696 bytes free
100الف شكر مقدماً
