ماذا حصل في جهازي هذا التقرير

م

ماعليه منهم

زيزوومي نشيط
إنضم
9 نوفمبر 2008
المشاركات
143
مستوى التفاعل
2
النقاط
170
الإقامة
القصيم
الموقع الالكتروني
www.zyzoom.org
غير متصل
السلام عليكم ورحمة الله وبركاته اخواني يسعد لي صباحكم بكل خير
انا بصراحه سويت فحص بالاداه ComboFix
والمشكله اني تخوفت من الي طلع بالتقرير وهذا تقرير يااخواني الزيزومين ابي اعرف
ايش كان يصير بجهازي هل كان مخترق ام مراقب ام ماذايحصل
وماذا تنصحونني اعمل هل اعمل فورمات لعلمكم الجهاز حمايته ايفرا انتي فايرس 8


ComboFix 09-03-18.01 - Administrator 03/20/2009 4:02:44.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.503.191 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\Starware349
c:\documents and settings\Administrator\Application Data\Starware349\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Administrator\Application Data\Starware349\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Configurator\Configurator.xml
c:\documents and settings\Administrator\Application Data\Starware349\Configurator\Configurator.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Games\GamesOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Games\GamesOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Games\images\active\Games0.bmp
c:\documents and settings\Administrator\Application Data\Starware349\Games\images\active\Games0.bmp_new
c:\documents and settings\Administrator\Application Data\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\HoroscopesMarketingSitePager\images\active\HoroscopesMarketingSitePager0.bmp
c:\documents and settings\Administrator\Application Data\Starware349\Layouts\ToolbarLayout.xml
c:\documents and settings\Administrator\Application Data\Starware349\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Manager\ManagerOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Manager\ManagerOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Movies\images\active\Movies0.bmp
c:\documents and settings\Administrator\Application Data\Starware349\Movies\MoviesOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Movies\MoviesOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Reference\ReferenceOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Administrator\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp_new
c:\documents and settings\Administrator\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Toolbar\TBProductsOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware349\Weather\AlertArchive.xml
c:\documents and settings\Administrator\Application Data\Starware349\Weather\WeatherOptions.xml
c:\documents and settings\Administrator\Application Data\Starware349\Weather\WeatherOptions.xml.backup
c:\documents and settings\All Users\Application Data\Starware349
c:\documents and settings\All Users\Application Data\Starware349\buttons\ebaykeyword.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\ebaykeyword.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\ebaysearch.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\ebaysearch.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware349\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware349\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware349\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware349\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware349\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware349\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup
c:\program files\Starware349
c:\program files\Starware349\brand.bmp
c:\program files\Starware349\icons\star_16.ico
c:\program files\Starware349\Starware349Config.xml
c:\program files\Starware349\Starware349Uninstall.exe
c:\windows\IE4 Error Log.txt
c:\windows\sys32.exe
c:\windows\system\13.exe
c:\windows\system32\Ultra.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 02:49 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-10 05:14 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-08 05:40 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-08 05:40 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-08 05:39 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-08 05:39 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-08 04:47 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-09 05:34 82,392 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [11/20/2008 02:45 PM 14202672]
"MYBP"="c:\program files\My-BP\My-BP.exe" [06/05/2006 03:33 PM 1564672]
"Server"="c:\recycler\S-1-5-21-6075211631-5202097239-212369368-3322\hod.exe" [03/13/2009 10:38 PM 262196]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/12/2004 12:40 PM 790528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [06/12/2008 01:28 PM 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/10/2008 01:35 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\x"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:ooVoo UDP المنفذ 37675
"37676:TCP"= 37676:TCP:ooVoo TCP المنفذ 37676
"37676:UDP"= 37676:UDP:ooVoo UDP المنفذ 37676
"37677:UDP"= 37677:UDP:ooVoo UDP المنفذ 37677
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-12-15 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-12-15 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-12-15 41217]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-08 603904]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-07-14 157696]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b742d8-0d48-11dc-8777-00166f442e07}]
\Shell\AutoRun\command - e:\driver\usb\–گپ¼‡‘ٹ•†‘ح€Œژ
\Shell\open\command - e:\driver\usb\–گپ¼‡‘ٹ•†‘ح€Œژ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7394182-cec3-11dd-8cc4-001641076829}]
\Shell\AutoRun\command - e:\driver\usb\–گپ¼‡‘ٹ•†‘ح€Œژ
\Shell\open\command - e:\driver\usb\–گپ¼‡‘ٹ•†‘ح€Œژ
.
*******s of the 'Scheduled Tasks' folder
2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 09:36 PM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKLM-Run-msngr.exe - sys32.exe
Notify-NavLogon - (no file)
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: avsda.dll
TCP: {245CE380-ECC5-4A8B-B74B-6D1C92F12424} = 158.43.240.4,212.127.151.92
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://74.53.137.178/imscp/talkc38.cab
DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - hxxp://69.39.226.228/files/talk08.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://209.11.244.90/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://209.11.242.27/imscp/talks2.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-20 04:06:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-839522115-329068152-2147230659-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dc,1d,a8,e0,fc,1f,93,58,a9,e0,3b,d4,bf,4c,0c,33,ae,e5,73,85,e8,
32,64,8e,27,84,dc,8c,bf,a9,52,ed,a5,de,27,48,ff,88,2e,72,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f88c5689-a250-48b0-ac14-71e6a964467b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000010
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(948)
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\AVGUARD.EXE
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
.
**************************************************************************
.
Completion time: 03/20/2009 4:09:08 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-03-20 01:09:06
Pre-Run: 42,448,551,936 bytes free
Post-Run: 42,432,757,760 bytes free
243 --- E O F --- 2008-06-21 00:22:44
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخوي يعني انت تبغانا نحلل التقارير ؟؟
او عندك مشكلة معينة ؟؟؟
بس لوركبت الاوت بوست اللي بالتوقيع اضمنلك جهازك مايخترق ابدا
 
توقيع : الرجل الحائر
تأييد 0
توقيع : الرجل الحائر
تأييد 0
ايه اخوي ابي احلل التقرير ابي اعرف ايش صار فيه
هل كان جهازي مسيطر عليه بشكل تام يعني ولا كيف
لان الوضع مره يخوف على الكم الهائل الي طلع لي من هالاداه
والشي الثاني الي بقوله لك حبيبي
هل تنصحني اسوي فورمات ولا الاداه قامت بالمطلوب انتظر منك الرد والنصيحه في ماذا اعمل بعد الان ... وبالنسبه اخوي للجدار الناري لو كان انا الي بشتغل عليه اوك بس المشكله
مو جهازي وصاحبه يعني مو فاهم ذاك الفهم بالسوالف ذي بيكون صعب بالنسبه له
شاكر لك اهتمامك في الجدار الناري
بس خوفي ان الي استطاع انه يدخل على الجهاز بهذا الكم الهائل اكيد راح يدخل ثاني
مو صح علي ولا انا غلطان
تحياتي يالغلا
 
تأييد 0
ولايزال الانتظار جاري
ولا اعلم ماذا اعمل هل افرمت ولا انتظر رد الشباب
 
تأييد 0
اصابات تعتبر معدومه الخطوره ,, بعضها تولبارات

حاليا هل تواجه مشاكل في الجهاز ؟؟




اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى