]|[EnTeR]|[
زيزوومي جديد
- إنضم
- 7 أكتوبر 2008
- المشاركات
- 32
- مستوى التفاعل
- 0
- النقاط
- 0
غير متصل
قم بمتابعة الفيديو أدناه لمعرفة كيفية تثبيت موقعنا كتطبيق ويب على الشاشة الرئيسية.
ملاحظة: قد لا تكون هذه الميزة متاحة في بعض المتصفحات.
تصميم إيهــاب مصطفى
تصميم إيهــاب مصطفى
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
تصميم Ramy Badraan
مشكوٍرٍ ماقصرٍتّ![]()
combofix 08-10-19.04 - toshiba 2008-10-22 5:35:42.1 - ntfsx86
microsoft® windows vista™ home basic 6.0.6000.0.1252.1.1033.18.492 [gmt 3:00]
running from: C:\users\toshiba\desktop\combofix.exe
* created a new restore point
.
((((((((((((((((((((((((( files created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-21 23:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\rootour.exe
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\users\all users\kaspersky lab setup files
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\programdata\kaspersky lab setup files
2008-10-15 02:56 . 2008-10-15 02:56 6,230 --a------ c:\windows\system32\tmp.reg
2008-10-14 02:21 . 2008-10-14 02:43 <dir> d-------- c:\????? ?????
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\users\all users\mfcd phone phone.bku8vbe
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\programdata\mfcd phone phone.bku8vbe
2008-10-08 14:44 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\koufyf.exe
2008-10-08 14:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\mife.exe
2008-10-02 05:20 . 2008-10-02 05:20 <dir> d-------- c:\program files\spam live rect
2008-10-02 05:19 . 2008-10-02 05:19 <dir> d-------- c:\program files\circle developement
2008-09-23 02:01 . 2008-07-19 08:09 1,811,656 --a------ c:\windows\system32\wuaueng.dll
2008-09-23 02:01 . 2008-07-19 06:44 1,524,736 --a------ c:\windows\system32\wucltux.dll
2008-09-23 02:01 . 2008-07-19 08:10 53,448 --a------ c:\windows\system32\wuauclt.exe
2008-09-23 02:01 . 2008-07-19 08:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-09-23 02:00 . 2008-07-19 08:09 563,912 --a------ c:\windows\system32\wuapi.dll
2008-09-23 02:00 . 2008-07-18 22:08 163,904 --a------ c:\windows\system32\wuwebv.dll
2008-09-23 02:00 . 2008-07-19 06:44 83,456 --a------ c:\windows\system32\wudriver.dll
2008-09-23 02:00 . 2008-07-19 08:10 36,552 --a------ c:\windows\system32\wups.dll
2008-09-23 02:00 . 2008-07-18 20:44 31,232 --a------ c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:46 --------- d-----w c:\program files\luxor 3
2008-10-21 20:39 --------- d-----w c:\program files\symantec
2008-10-21 05:55 --------- d-----w c:\programdata\symantec
2008-10-21 05:55 --------- d-----w c:\program files\common files\symantec shared
2008-10-18 00:07 --------- d-----w c:\program files\windows mail
2008-10-13 02:56 --------- d-----w c:\users\toshiba\appdata\roaming\crystal player
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\o4patch.exe
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\iedfix.c.exe
2008-10-02 03:49 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\system32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\apppatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\system32\ieunatt.exe
2008-10-02 02:21 --------- d-----w c:\programdata\spam live rect
2008-10-02 02:21 --------- d-----w c:\programdata\pure coal bone thunk
2008-10-02 02:19 --------- d-----w c:\program files\msn messenger
2008-10-02 02:19 --------- d-----w c:\program files\messenger plus! Live
2008-10-01 12:51 87,552 ----a-w c:\windows\system32\vacfix.exe
2008-09-18 04:35 3,505,208 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\system32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\system32\win32k.sys
2008-09-08 20:38 88,576 ----a-w c:\windows\system32\antixpvstfix.exe
2008-08-26 01:12 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-18 09:19 82,432 ----a-w c:\windows\system32\404fix.exe
2008-07-31 03:34 537,600 ----a-w c:\windows\apppatch\aclayers.dll
2008-07-31 03:34 449,536 ----a-w c:\windows\apppatch\acspecfc.dll
2008-07-31 03:34 28,160 ----a-w c:\windows\system32\apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w c:\windows\apppatch\acgenral.dll
2008-07-31 03:34 173,056 ----a-w c:\windows\apppatch\acxtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w c:\windows\system32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w c:\windows\system32\gameuxlegacygdfs.dll
2008-07-30 23:32 2,560 ----a-w c:\windows\apppatch\acres.dll
2008-07-10 20:55 174 --sha-w c:\program files\desktop.ini
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-30 14:51 32,768 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\.ie5\index.dat
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\internet explorer\urlsearchhooks]
"{eee6c35d-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mghelper.dll" [2008-03-27 173368]
[hkey_classes_root\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[hkey_classes_root\typelib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook]
[hkey_local_machine\~\browser helper s\{eee6c35c-6118-11dc-9c72-001320c79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie.3]
[hkey_classes_root\typelib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-10 1232896]
"toscdspd"="c:\program files\toshiba\toscdspd\toscdspd.exe" [2006-11-13 413696]
"swg"="c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe" [2008-06-26 171448]
"wmpnscfg"="c:\program files\windows media player\wmpnscfg.exe" [2006-11-02 201728]
"updatemgr"="c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe" [2006-03-30 313472]
"windowswelcomecenter"="oobefldr.dll" [2006-11-02 c:\windows\system32\oobefldr.dll]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"bone thunk axis copy"="c:\programdata\enc second grid.d9emxg" [x]
"corn blue"="c:\programdata\mfcd phone phone.vkqws8" [x]
"sunjavaupdatesched"="c:\program files\java\jre1.6.0\bin\jusched.exe" [2006-12-15 77824]
"tpwrmain"="c:\program files\toshiba\power saver\tpwrmain.exe" [2006-12-14 411768]
"hson"="c:\program files\toshiba\tbs\hson.exe" [2006-12-07 55416]
"smoothview"="c:\program files\toshiba\smoothview\smoothview.exe" [2006-12-14 493688]
"00tcrdmain"="c:\program files\toshiba\flashcards\tcrdmain.exe" [2006-12-11 530552]
"nvsvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"nvcpldaemon"="c:\windows\system32\nvcpl.dll" [2006-12-07 7766016]
"nvmediacenter"="c:\windows\system32\nvmctray.dll" [2006-12-07 81920]
"syntpenh"="c:\program files\synaptics\syntp\syntpenh.exe" [2006-10-27 815104]
"topi"="c:\program files\toshiba\toshiba online product information\topi.exe" [2006-12-15 577536]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"toshiba registration"="c:\program files\toshiba\registration\toshibaregistration.exe" [2006-12-13 554640]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2007-12-14 185896]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
"rthdvcpl"="rthdvcpl.exe" [2006-11-07 c:\windows\rthdvcpl.exe]
"ndstray.exe"="ndstray.exe" [bu]
[hkey_local_machine\software\microsoft\windows\currentversion\runservices]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
c:\programdata\microsoft\windows\start menu\programs\startup\
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2007-11-16 113664]
adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [2005-09-23 29696]
bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe [2006-11-25 2134016]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\common~1\uleads~1\vio\dvacm.acm
[hkey_local_machine\software\microsoft\security center]
"uacdisablenotify"=dword:00000001
"internetsettingsdisablenotify"=dword:00000001
"autoupdatedisablenotify"=dword:00000001
"antivirusdisablenotify"="0x00000000"
"updatesdisablenotify"="0x00000000"
[hkey_local_machine\software\microsoft\security center\monitoring]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
[hklm\~\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{39665f53-eeb4-4399-96a5-93fa1cef0dbe}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{84670b6f-d52d-4f96-ab20-b6d85804e980}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{1fe2764e-e51b-4ac1-aa05-96fd4d328c2a}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{a64e0bd5-4b97-4a4a-86d8-9fc90e65775b}"= udp:c:\program files\utorrent\utorrent.exe:µtorrent (tcp-in)
"{cd6da53b-0e6a-4c69-9ac8-fc1e96bd4e5f}"= tcp:c:\program files\utorrent\utorrent.exe:µtorrent (udp-in)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\restrictedservices\static\system]
"dfsr-1"= rport=5722|udp:%systemroot%\system32\svchost.exe|svc=dfsr:allow inbound tcp traffic|
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
r1 idsvix86;symantec intrusion prevention driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080407.003\idsvix86.sys [2008-02-13 261680]
r3 fwlnk;fwlnk driver;c:\windows\system32\drivers\fwlnk.sys [2006-11-20 7168]
s2 ivnooalvy1j63e;powerutility tv recording reservation;c:\windows\system32\rootour.exe [2008-10-08 229888]
s2 yuluodpxnnryo;aol connectivity service;c:\windows\system32\koufyf.exe [2008-10-08 229888]
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
localservicenonetwork reg_multi_sz pla dps bfe mpssvc
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\f]
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll copy.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c07e41-67dc-11dd-a20d-00037ae9c267}]
\shell\auto\command - app.exe
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll app.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f359f1d-9b58-11dc-84c9-00037ae9c267}]
\shell\autorun\command - d:\2.cmd
\shell\explore\command - d:\2.cmd
\shell\open\command - d:\2.cmd
*newly created service* - catchme
*newly created service* - procexp90
.
S of the 'scheduled tasks' folder
2008-10-22 c:\windows\tasks\check updates for windows live toolbar.job
- c:\program files\windows live toolbar\msntbup.exe [2007-10-19 11:20]
2008-10-22 c:\windows\tasks\user_feed_synchronization-{7ef5cc87-b7e2-45cf-82eb-c3e2e5868936}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 12:45]
.
- - - - orphans removed - - - -
hkcu-run-msnmsgr - ~c:\program files\msn messenger\msnmsgr.exe
hklm-run-symantec pif alerteng - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
hklm-run-nopohoo - c:\windows\system32\gekoumou.exe
hklm-runservices-nopohoo - c:\windows\system32\gekoumou.exe
.
------- supplementary scan -------
.
Firefox -: Profile - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\2jerx1gj.default\
firefox -: Prefs.js - search.defaulturl - hxxp://www.google.com/search?lr=&ie=utf-8&oe=utf-8&q=
firefox -: Prefs.js - startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-usfficial
.
.
------- file associations -------
.
Inifile=%systemroot%\system32\notepad.exe %1"
.
**************************************************************************
catchme 0.3.1361 w2k/xp/vista - rootkit/stealth malware detector by gmer,لو سمحت، تسجيل الدخول أو تسجيل لمشاهدة محتوى الروابط!
rootkit scan 2008-10-22 05:42:11
windows 6.0.6000 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Hkcu\software\microsoft\windows\currentversion\run
toscdspd = c:\program files\toshiba\toscdspd\toscdspd.exe?/i????????/??????f? ?f?x?f???f???
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 5:44:31
combofix-quarantined-files.txt 2008-10-22 02:44:16
pre-run: 45,559,902,208 bytes free
post-run: 45,619,560,448 bytes free
213 --- e o f --- 2008-10-18 00:05:46
ويعطيك الف عافيه مره ثانيه
اخوي وانا [ اختك موب اخوك ^_^ ]
وهذا تقرير الهايجاك
الله يجزاك الف خير
العفو اخواني بارك الله فيكموفقك الله