أداة صغيرة لحذف فايروس الماسنجر الذي يقوم بارسال ملف مضغوط ,,

[]|[EnTeR]|[]

مشكوٍرٍ ماقصرٍتّ

 

[boob77]

مشكوٍرٍ ماقصرٍتّ

العفو ’’’
​

 

[B@NDER]

بارك الله فيك أخوي ،،

الله يجزاك كل خير

مشكوور ،،​

 

[MOZY_55]

مشكوووووور ع الاداة
​

 

[boob77]

العفو اخواني بارك الله فيكم

وتسلمون على لطف ردكم ومروركم الغالي

كل الود والتقدير

،،،
،،
،

 

[شـــــوق]

يعطيك الف عافيه اخوووووي..

وهذا التقرير اللي طلع لي لما شغلت
البرنامج

combofix 08-10-19.04 - toshiba 2008-10-22 5:35:42.1 - ntfsx86
microsoft® windows vista™ home basic 6.0.6000.0.1252.1.1033.18.492 [gmt 3:00]
running from: C:\users\toshiba\desktop\combofix.exe
* created a new restore point
.
((((((((((((((((((((((((( files created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-21 23:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\rootour.exe
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\users\all users\kaspersky lab setup files
2008-10-21 08:33 . 2008-10-21 08:33 <dir> d-------- c:\programdata\kaspersky lab setup files
2008-10-15 02:56 . 2008-10-15 02:56 6,230 --a------ c:\windows\system32\tmp.reg
2008-10-14 02:21 . 2008-10-14 02:43 <dir> d-------- c:\????? ?????
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\users\all users\mfcd phone phone.bku8vbe
2008-10-13 09:57 . 2008-10-13 09:57 282,640 --a------ c:\programdata\mfcd phone phone.bku8vbe
2008-10-08 14:44 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\koufyf.exe
2008-10-08 14:42 . 2008-10-08 14:39 229,888 --a------ c:\windows\system32\mife.exe
2008-10-02 05:20 . 2008-10-02 05:20 <dir> d-------- c:\program files\spam live rect
2008-10-02 05:19 . 2008-10-02 05:19 <dir> d-------- c:\program files\circle developement
2008-09-23 02:01 . 2008-07-19 08:09 1,811,656 --a------ c:\windows\system32\wuaueng.dll
2008-09-23 02:01 . 2008-07-19 06:44 1,524,736 --a------ c:\windows\system32\wucltux.dll
2008-09-23 02:01 . 2008-07-19 08:10 53,448 --a------ c:\windows\system32\wuauclt.exe
2008-09-23 02:01 . 2008-07-19 08:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-09-23 02:00 . 2008-07-19 08:09 563,912 --a------ c:\windows\system32\wuapi.dll
2008-09-23 02:00 . 2008-07-18 22:08 163,904 --a------ c:\windows\system32\wuwebv.dll
2008-09-23 02:00 . 2008-07-19 06:44 83,456 --a------ c:\windows\system32\wudriver.dll
2008-09-23 02:00 . 2008-07-19 08:10 36,552 --a------ c:\windows\system32\wups.dll
2008-09-23 02:00 . 2008-07-18 20:44 31,232 --a------ c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:46 --------- d-----w c:\program files\luxor 3
2008-10-21 20:39 --------- d-----w c:\program files\symantec
2008-10-21 05:55 --------- d-----w c:\programdata\symantec
2008-10-21 05:55 --------- d-----w c:\program files\common files\symantec shared
2008-10-18 00:07 --------- d-----w c:\program files\windows mail
2008-10-13 02:56 --------- d-----w c:\users\toshiba\appdata\roaming\crystal player
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\o4patch.exe
2008-10-10 05:58 82,944 ----a-w c:\windows\system32\iedfix.c.exe
2008-10-02 03:49 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\system32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\apppatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\system32\ieunatt.exe
2008-10-02 02:21 --------- d-----w c:\programdata\spam live rect
2008-10-02 02:21 --------- d-----w c:\programdata\pure coal bone thunk
2008-10-02 02:19 --------- d-----w c:\program files\msn messenger
2008-10-02 02:19 --------- d-----w c:\program files\messenger plus! Live
2008-10-01 12:51 87,552 ----a-w c:\windows\system32\vacfix.exe
2008-09-18 04:35 3,505,208 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\system32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\system32\win32k.sys
2008-09-08 20:38 88,576 ----a-w c:\windows\system32\antixpvstfix.exe
2008-08-26 01:12 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-18 09:19 82,432 ----a-w c:\windows\system32\404fix.exe
2008-07-31 03:34 537,600 ----a-w c:\windows\apppatch\aclayers.dll
2008-07-31 03:34 449,536 ----a-w c:\windows\apppatch\acspecfc.dll
2008-07-31 03:34 28,160 ----a-w c:\windows\system32\apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w c:\windows\apppatch\acgenral.dll
2008-07-31 03:34 173,056 ----a-w c:\windows\apppatch\acxtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w c:\windows\system32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w c:\windows\system32\gameuxlegacygdfs.dll
2008-07-30 23:32 2,560 ----a-w c:\windows\apppatch\acres.dll
2008-07-10 20:55 174 --sha-w c:\program files\desktop.ini
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-30 14:51 32,768 --sha-w c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\.ie5\index.dat
2008-05-30 14:51 16,384 --sha-w c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\internet explorer\urlsearchhooks]
"{eee6c35d-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mghelper.dll" [2008-03-27 173368]
[hkey_classes_root\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[hkey_classes_root\typelib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetim_urlsearchhook.toolbarurlsearchhook]
[hkey_local_machine\~\browser helper s\{eee6c35c-6118-11dc-9c72-001320c79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{eee6c35b-6118-11dc-9c72-001320c79847}"= "c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll" [2008-03-27 1164600]
[hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie.3]
[hkey_classes_root\typelib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[hkey_classes_root\sweetie.sweetie]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-10 1232896]
"toscdspd"="c:\program files\toshiba\toscdspd\toscdspd.exe" [2006-11-13 413696]
"swg"="c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe" [2008-06-26 171448]
"wmpnscfg"="c:\program files\windows media player\wmpnscfg.exe" [2006-11-02 201728]
"updatemgr"="c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe" [2006-03-30 313472]
"windowswelcomecenter"="oobefldr.dll" [2006-11-02 c:\windows\system32\oobefldr.dll]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"bone thunk axis copy"="c:\programdata\enc second grid.d9emxg" [x]
"corn blue"="c:\programdata\mfcd phone phone.vkqws8" [x]
"sunjavaupdatesched"="c:\program files\java\jre1.6.0\bin\jusched.exe" [2006-12-15 77824]
"tpwrmain"="c:\program files\toshiba\power saver\tpwrmain.exe" [2006-12-14 411768]
"hson"="c:\program files\toshiba\tbs\hson.exe" [2006-12-07 55416]
"smoothview"="c:\program files\toshiba\smoothview\smoothview.exe" [2006-12-14 493688]
"00tcrdmain"="c:\program files\toshiba\flashcards\tcrdmain.exe" [2006-12-11 530552]
"nvsvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"nvcpldaemon"="c:\windows\system32\nvcpl.dll" [2006-12-07 7766016]
"nvmediacenter"="c:\windows\system32\nvmctray.dll" [2006-12-07 81920]
"syntpenh"="c:\program files\synaptics\syntp\syntpenh.exe" [2006-10-27 815104]
"topi"="c:\program files\toshiba\toshiba online product information\topi.exe" [2006-12-15 577536]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"toshiba registration"="c:\program files\toshiba\registration\toshibaregistration.exe" [2006-12-13 554640]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2007-12-14 185896]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
"rthdvcpl"="rthdvcpl.exe" [2006-11-07 c:\windows\rthdvcpl.exe]
"ndstray.exe"="ndstray.exe" [bu]
[hkey_local_machine\software\microsoft\windows\currentversion\runservices]
"gelubou"="c:\windows\system32\mife.exe" [2008-10-08 229888]
c:\programdata\microsoft\windows\start menu\programs\startup\
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2007-11-16 113664]
adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [2005-09-23 29696]
bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe [2006-11-25 2134016]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\common~1\uleads~1\vio\dvacm.acm
[hkey_local_machine\software\microsoft\security center]
"uacdisablenotify"=dword:00000001
"internetsettingsdisablenotify"=dword:00000001
"autoupdatedisablenotify"=dword:00000001
"antivirusdisablenotify"="0x00000000"
"updatesdisablenotify"="0x00000000"
[hkey_local_machine\software\microsoft\security center\monitoring]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
[hklm\~\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{39665f53-eeb4-4399-96a5-93fa1cef0dbe}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{84670b6f-d52d-4f96-ab20-b6d85804e980}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{1fe2764e-e51b-4ac1-aa05-96fd4d328c2a}"= c:\program files\msn messenger\livecall.exe:windows live messenger 8.1 (phone)
"{a64e0bd5-4b97-4a4a-86d8-9fc90e65775b}"= udp:c:\program files\utorrent\utorrent.exe:µtorrent (tcp-in)
"{cd6da53b-0e6a-4c69-9ac8-fc1e96bd4e5f}"= tcp:c:\program files\utorrent\utorrent.exe:µtorrent (udp-in)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\restrictedservices\static\system]
"dfsr-1"= rport=5722|udp:%systemroot%\system32\svchost.exe|svc=dfsr:allow inbound tcp traffic|
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\program files\\flashfxp\\flashfxp.exe"= c:\program files\flashfxp\flashfxp.exe:*:enabled:flashfxp v3
r1 idsvix86;symantec intrusion prevention driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080407.003\idsvix86.sys [2008-02-13 261680]
r3 fwlnk;fwlnk driver;c:\windows\system32\drivers\fwlnk.sys [2006-11-20 7168]
s2 ivnooalvy1j63e;powerutility tv recording reservation;c:\windows\system32\rootour.exe [2008-10-08 229888]
s2 yuluodpxnnryo;aol connectivity service;c:\windows\system32\koufyf.exe [2008-10-08 229888]
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
localservicenonetwork reg_multi_sz pla dps bfe mpssvc
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\f]
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll copy.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c07e41-67dc-11dd-a20d-00037ae9c267}]
\shell\auto\command - app.exe
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll app.exe
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f359f1d-9b58-11dc-84c9-00037ae9c267}]
\shell\autorun\command - d:\2.cmd
\shell\explore\command - d:\2.cmd
\shell\open\command - d:\2.cmd
*newly created service* - catchme
*newly created service* - procexp90
.
S of the 'scheduled tasks' folder
2008-10-22 c:\windows\tasks\check updates for windows live toolbar.job
- c:\program files\windows live toolbar\msntbup.exe [2007-10-19 11:20]
2008-10-22 c:\windows\tasks\user_feed_synchronization-{7ef5cc87-b7e2-45cf-82eb-c3e2e5868936}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 12:45]
.
- - - - orphans removed - - - -
hkcu-run-msnmsgr - ~c:\program files\msn messenger\msnmsgr.exe
hklm-run-symantec pif alerteng - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe
hklm-run-nopohoo - c:\windows\system32\gekoumou.exe
hklm-runservices-nopohoo - c:\windows\system32\gekoumou.exe

.
------- supplementary scan -------
.
Firefox -: Profile - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\2jerx1gj.default\
firefox -: Prefs.js - search.defaulturl - hxxp://www.google.com/search?lr=&ie=utf-8&oe=utf-8&q=
firefox -: Prefs.js - startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-usfficial
.
.
------- file associations -------
.
Inifile=%systemroot%\system32\notepad.exe %1"
.
**************************************************************************
catchme 0.3.1361 w2k/xp/vista - rootkit/stealth malware detector by gmer,

لو سمحت، تسجيل الدخول أو تسجيل لمشاهدة محتوى الروابط!

rootkit scan 2008-10-22 05:42:11
windows 6.0.6000 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Hkcu\software\microsoft\windows\currentversion\run
toscdspd = c:\program files\toshiba\toscdspd\toscdspd.exe?/i????????/??????f? ?f?x?f???f???
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 5:44:31
combofix-quarantined-files.txt 2008-10-22 02:44:16
pre-run: 45,559,902,208 bytes free
post-run: 45,619,560,448 bytes free
213 --- e o f --- 2008-10-18 00:05:46

 

[عصر الظهور]

الحمد الله​

 

[boob77]

ويعطيك الف عافيه مره ثانيه
اخوي وانا [ اختك موب اخوك ^_^ ]

وهذا تقرير الهايجاك


​

الله يعافيج يا اخت شوووق

انسخي التقرير بدون اقتباس
​

 

[allowz]

جزاك الله خير اللحين احتجت له

 

[احمدالقلعاوي]

مشكور اخوي الغالي جزاك الله كل خير

 

[KoNaMi]

يعطيك الف الف عافيه

كل الود والتقدير
​

 

[boob77]

العفو اخواني بارك الله فيكم

وتسلمون على لطف ردكم ومروركم الغالي

كل الود والتقدير

،،،
،،
،

 

[SALMAN 2]

اداة مهمة جدا بارك الله فيك​

 

[عشعوش]

 

[boob77]

العفو اخواني بارك الله فيكم

 

[شــوق]

الله يجزاك الف خير

 

[alfoud]

وفقك الله

 

[boob77]

الله يجزاك الف خير

وفقك الله

العفو اخواني بارك الله فيكم

 

[كفاح الجريح]

جزاك الله الف خير