أمينة مختار |
28-03-2009 13:12 |
حاسوبي بطيئ والنظام يعلق مرة اخرى (مشكلة trojan DNS Changer)
السلام عليكم ورحمة الله
اخوتي ..اظنني سأملأ قسم مشاكل الكمبيوتر بمشاكلي :icon_cry: :icon_cry:
كمبيوتري صار ثقيلا ..
و عندي مجموعة من الاسئلة اتمنى ان اجد ردا عليها:
1- هل يوجد عدد محدد من نوافذ التصفح ان تخطيناه يعلق النظام؟؟
لاني احيانا افتح 3 نوافذ فقط يتوقف الفايرفوكس و لا يستجيب و يعلق النظام
و احيانا يغلق الفايرفوكس تماما..و يعطيني رسالة اقفال بسبب خطا..و يطلب مني ان اردت ارسال التقرير...
2-كان هذا يحدث غالبا متزامنا مع تحديث مكافح الفيروس.... أو صباحا عند اول تشغيل
لكن الان اصبح الكمبيوتر ابطء من سلحفاة...جعلني اكره مجرد التفكير في تشغيله
3- استعملت اداة combofix وطلبت مني الغاء تشغيل مكافح الفيروس فهل هذا امر عادي؟؟؟
قد فعلت ذلك و تركت الاداة تعمل على الوضع الامن بالتأديك.... و لم تطلب اعادة تشغيل الكمبيوتر ....فاعدت التشغيل على الوضع العادي
ووجدت الكمبيوتر على حاله....اظنه احب كونه سلحفاة....:sm105:
فاعدت تشغيل الـ combofix مرى اخرى ... وهاهو تقريرها
كود:
ComboFix 09-03-23.01 - Amina 2009-03-28 13:27:47.2 - NTFSx86 MINIMAL
Microsoft Windows XP Edition familiale 5.1.2600.3.1256.213.1036.18.511.397 [GMT 1:00]
Running from: c:\documents and settings\Amina\Mes documents\Downloads\Programs\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-27 22:21 . 2009-03-27 22:22 <REP> d-------- c:\program files\SweetIM
2009-03-27 22:21 . 2009-03-27 22:22 <REP> d-------- c:\documents and settings\All Users\Application Data\SweetIM
2009-03-27 13:14 . 2009-03-27 13:14 <REP> d-------- c:\windows\system32\fr
2009-03-27 13:14 . 2009-03-27 13:14 <REP> d-------- c:\windows\system32\bits
2009-03-27 13:14 . 2009-03-27 13:14 <REP> d-------- c:\windows\l2schemas
2009-03-27 13:11 . 2009-03-27 13:15 <REP> d-------- c:\windows\ServicePackFiles
2009-03-27 13:03 . 2009-03-27 13:03 <REP> d-------- c:\windows\EHome
2009-03-26 15:26 . 2009-03-26 15:26 <REP> d-------- c:\program files\TechSmith
2009-03-26 15:26 . 2009-03-26 15:26 <REP> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2009-03-26 15:24 . 2009-03-26 15:24 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-24 22:43 . 2009-03-24 22:43 <REP> d-------- c:\program files\FastStone Image Viewer
2009-03-24 22:43 . 2009-03-24 22:43 <REP> d-------- c:\documents and settings\Amina\Application Data\FastStone
2009-03-24 09:41 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-03-23 21:55 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-23 21:55 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-23 21:55 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-23 10:46 . 2009-03-23 10:46 <REP> d-------- c:\program files\Common~1
2009-03-23 10:46 . 2009-03-23 10:55 <REP> d-------- c:\program files\عون الرحمن في حفظ القرآن
2009-03-23 10:46 . 2009-03-23 10:45 286,720 --a------ c:\windows\iun506.exe
2009-03-17 21:42 . 2009-03-27 21:51 <REP> d-------- c:\documents and settings\Amina\Application Data\Skype
2009-03-17 21:41 . 2009-03-17 21:41 <REP> dr------- c:\program files\Skype
2009-03-17 21:41 . 2009-03-17 21:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-17 12:10 . 2009-03-27 13:14 <REP> d-------- c:\windows\system32\fr-fr
2009-03-17 12:10 . 2008-12-20 23:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-17 12:10 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-17 12:10 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-17 12:10 . 2008-12-20 23:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-17 12:10 . 2008-12-20 23:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-17 12:10 . 2008-12-20 23:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-17 12:10 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-17 12:10 . 2008-12-20 23:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-17 12:10 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-16 19:22 . 2009-03-16 19:22 <REP> d-------- c:\program files\مشغل الفلاش العربي
2009-03-15 09:59 . 2009-03-15 09:59 <REP> d-------- c:\program files\MSXML 4.0
2009-03-15 09:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-15 09:23 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-15 09:19 . 2008-06-14 18:33 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-03-15 09:19 . 2008-06-14 18:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-15 09:12 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-15 09:10 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-15 09:09 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-15 09:03 . 2009-03-18 20:10 <REP> d--h----- c:\windows\$hf_mig$
2009-03-15 09:03 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-15 09:03 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-15 09:03 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-15 09:03 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-14 11:21 . 2009-03-14 11:21 <REP> d-------- c:\documents and settings\Amina\Application Data\Yahoo!
2009-03-14 11:19 . 2009-03-14 11:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-14 10:10 . 2009-03-14 10:10 <REP> d--hs---- c:\documents and settings\Amina\UserData
2009-03-13 22:18 . 2009-03-28 13:05 <REP> d-------- c:\documents and settings\Amina\Tracing
2009-03-13 16:11 . 2009-03-13 16:11 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-13 16:11 . 2009-03-13 16:11 <REP> d-------- c:\program files\Windows Live
2009-03-13 16:11 . 2009-03-13 16:11 <REP> d-------- c:\program files\Microsoft
2009-03-13 10:49 . 2009-03-13 10:49 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-13 10:04 . 2009-03-13 10:04 <REP> d-------- c:\program files\Avira
2009-03-13 10:04 . 2009-03-13 10:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-12 19:43 . 2008-06-07 20:46 798,720 --a------ c:\program files\USBGuard.exe
2009-03-12 19:41 . 2009-03-26 21:52 <REP> d-------- c:\program files\USB Disk Security
2009-03-12 19:20 . 2009-03-26 16:04 69 --a------ c:\windows\NeroDigital.ini
2009-03-12 19:01 . 2009-03-12 19:01 <REP> d-------- c:\windows\LingvoSoft Dictionary 2006
2009-03-12 19:01 . 2009-03-12 19:01 <REP> d-------- c:\windows\Dictionary FR AR
2009-03-12 19:01 . 2009-03-12 19:01 <REP> d-------- c:\program files\LingvoSoft Dictionary 2006
2009-03-12 19:01 . 2009-03-12 19:01 <REP> d-------- c:\documents and settings\Amina\Application Data\Nero
2009-03-12 19:01 . <REP> c:\program files\Dictionary 2007
2009-03-12 18:59 . 2009-03-12 19:00 <REP> d-------- c:\program files\CommentCaMarche
2009-03-12 18:56 . 2009-03-12 18:56 <REP> d-------- c:\program files\Nero
2009-03-12 18:56 . 2009-03-12 18:59 <REP> d-------- c:\program files\Fichiers communs\Nero
2009-03-12 18:56 . 2009-03-12 18:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-12 18:45 . 2009-03-12 18:45 <REP> d-------- c:\program files\Minefield
2009-03-12 18:45 . 2009-03-12 18:45 0 --a------ c:\windows\nsreg.dat
2009-03-12 18:44 . 2009-03-12 18:44 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-12 18:44 . 2009-03-12 18:44 <REP> d-------- c:\documents and settings\Administrateur
2009-03-12 18:43 . 2009-03-12 18:43 <REP> d-------- c:\windows\Foxit Reader
2009-03-12 18:43 . 2009-03-12 18:43 <REP> d-------- c:\program files\Foxit Reader
2009-03-12 18:40 . 2009-03-12 18:40 <REP> d-------- c:\windows\system32\LogFiles
2009-03-12 18:40 . 2009-03-12 18:40 <REP> d-------- c:\windows\system32\drivers\umdf
2009-03-12 18:40 . 2007-08-10 08:18 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-12 18:38 . 2009-03-12 18:39 <REP> d-------- c:\program files\The KMPlayer
2009-03-12 18:36 . 2009-03-12 18:36 <REP> d-------- c:\program files\MSECache
2009-03-12 18:35 . 2009-03-26 21:53 <REP> d-------- c:\program files\Yahoo!
2009-03-12 18:35 . 2009-03-12 18:35 <REP> d-------- c:\program files\CCleaner
2009-03-12 18:18 . 2009-03-21 10:11 <REP> d-------- c:\program files\Internet Download Manager
2009-03-12 18:18 . 2009-03-13 09:11 <REP> d-------- c:\documents and settings\Amina\Application Data\IDM
2009-03-12 18:18 . 2009-03-28 12:44 <REP> d-------- c:\documents and settings\Amina\Application Data\DMCache
2009-03-12 17:48 . 2009-03-12 17:48 <REP> d-------- c:\program files\Microsoft.NET
2009-03-12 17:48 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-03-12 17:48 . 2009-03-12 17:48 385 --a------ c:\windows\ODBC.INI
2009-03-12 17:47 . 2009-03-12 17:48 <REP> d-------- c:\windows\SHELLNEW
2009-03-12 17:44 . 2009-03-12 17:44 <REP> dr-h----- C:\MSOCache
2009-03-12 17:38 . 2003-03-04 11:56 145,408 -ra------ c:\windows\system32\drivers\e100b325.sys
2009-03-12 17:38 . 2003-03-04 11:56 145,408 --a--c--- c:\windows\system32\dllcache\e100b325.sys
2009-03-12 17:38 . 2003-03-03 15:26 118,784 -ra------ c:\windows\system32\Prounstl.exe
2009-03-12 17:38 . 2002-12-29 04:00 24,064 -ra------ c:\windows\system32\IntelNic.dll
2009-03-12 17:38 . 2003-02-03 05:26 12,288 -ra------ c:\windows\system32\e100bmsg.dll
2009-03-12 17:38 . 2002-06-27 05:53 5,110 -ra------ c:\windows\system32\e100b325.din
2009-03-12 17:35 . 2009-03-12 17:35 16 --a------ c:\windows\wininit.ini
2009-03-12 17:34 . 2009-03-12 17:34 <REP> d-------- c:\documents and settings\Amina\WINDOWS
2009-03-12 17:34 . 2002-12-06 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-12 17:34 . 2002-10-02 04:40 32,384 --a------ c:\windows\system32\drivers\viaagp1.sys
2009-03-12 17:29 . 2009-03-12 17:29 <REP> d-------- c:\windows\PCTEL
2009-03-12 17:25 . 2009-03-12 17:30 <REP> d-------- c:\windows\nview
2009-03-12 17:25 . 2005-09-20 02:35 176,128 --a------ c:\windows\system32\nvudisp.exe
2009-03-12 17:25 . 2009-03-28 12:44 29,204 --a------ c:\windows\system32\nvapps.xml
2009-03-12 17:25 . 2005-09-20 02:34 14,757 --a------ c:\windows\system32\nvdisp.nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 18:52 --------- d-----w c:\program files\ Dictionary 2007
2009-03-12 18:04 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-12 17:36 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-11 15:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 15:18 --------- d-----w c:\program files\Analog Devices
2009-03-11 15:03 --------- d-----w c:\program files\microsoft frontpage
2009-03-11 15:01 --------- d-----w c:\program files\Services en ligne
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"msnmsgr"="~c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-20 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-20 86016]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-03-05 111928]
"nwiz"="nwiz.exe" [2005-09-20 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81ea587-0f27-11de-bda5-001111015941}]
\sHeLl\AuToplay\CoMmAnD - J:\npxfth.exe
\sHeLl\AutoRun\command - J:\npxfth.exe
\sHeLl\exploRE\commAnd - J:\npxfth.exe
\sHeLl\oPen\CommAnd - J:\npxfth.exe
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Amina\Application Data\Mozilla\Firefox\Profiles\xv5qj901.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Amina\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 13:29:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07eb61ff-dc99-433d-b403-bae6667c546f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:00000011
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):38,98,f9,48,7e,f5,87,28,79,e7,2e,78,cd,37,90,84,45,a9,29,19,63,
a6,76,89,6b,c8,79,5b,f8,e9,a6,73,30,60,7c,8e,03,da,0b,e6,00,00,00,00,00,00,\
.
Completion time: 2009-03-28 13:31:22
ComboFix-quarantined-files.txt 2009-03-28 12:31:04
ComboFix2.txt 2009-03-28 11:42:54
Pre-Run: 12****423****680****000 octets libres
Post-Run: 12,413,931,520 octets libres
222 --- E O F --- 2009-03-27 12:20:32
فما معنى ذلك الكلام؟؟؟ لم افهم منه الا بعض المصطلحات
وهل كمبيوتري به مشكل؟؟؟ فحتى الان مازال ثقيلا....
اعانكم الله علي اخوتي.... و جزاكم عني كل خير
|