مشكلة خطيرة في جهازي ، فايروس fphwhio.exe شيبنيـ*_* .. ! أرجو المساعدة العاجلة .. !

[abed_2009]

بسم الله الرحمن الرحيم
السلام عليكم ورحمة الله تعالى وبركاته

عنوان الموضوع واضح :er: .. !
أعاني من فايروس fphwhio.exe .. !
الذي ضرب جهازي من الفلاش ميموري .. !

أعرف مكان الفايروس ، وحاولت حذفه ، لكن مستحيل لأنه يعمل في أدوات النظام
وعندما أقوم بإنهاء عمله في نظام ، يغلق شاشة (( Windows Task Manger )) ثم يعود ويعمل من جديد .. !

رجاءً لمن يستطيع حل مشكلتي ، مساعدتي لضرورة القصوى .. !
وبارك الله فيكمـ^^ ..

والله ولي توفيق .. ​

 

[MAAX]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[abed_2009]

أولاً ::
شكراً أخي العزيز على الإلتفات والمساعدة .. !

ثانياً ::
عذراً على تأخير ، صادفت مشاكل البارحة .. !

ثالثاً ::

سأطرح التقرير في مشاركة منفصلة حفاظاً على نظامها ..

والله ولي توفيق ..​

 

[abed_2009]

ComboFix 08-08-04.09 - ALRAYAH 2008-08-06 13:07:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.66 [GMT 3:00]
Running from: C:\Documents and Settings\ALRAYAH\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\meex.exe
C:\WINDOWS\system32\sexit.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-06 02:37 . 2008-08-06 02:37 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-08-06 02:37 . 2008-08-06 02:37 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-05 02:45 . 2008-08-05 02:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-05 02:45 . 2008-08-05 02:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-05 02:42 . 2008-08-05 02:42 <DIR> d-------- C:\Documents and Settings\ha_life_2
2008-08-04 19:07 . 2008-08-06 01:02 <DIR> d-------- C:\Documents and Settings\ha_life1
2008-07-30 00:49 . 2008-08-01 16:16 <DIR> d-------- C:\Documents and Settings\Administrator.ACC.000
2008-07-28 00:58 . 2008-07-28 00:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-27 18:00 . 2008-08-06 00:52 238 --a------ C:\WINDOWS\mafosav.INI
2008-07-27 13:06 . 2008-07-27 13:07 <DIR> d-------- C:\camel
2008-07-27 02:50 . 2008-07-27 02:50 222 --a------ C:\WINDOWS\AntiTrial.ini
2008-07-21 12:58 . 2008-07-21 12:59 <DIR> d-------- C:\Program Files\Projekt IGI
2008-07-21 12:10 . 2008-07-21 12:10 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-07-21 12:10 . 2008-07-21 12:10 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-07-21 12:10 . 2008-07-21 12:10 21,869 --a------ C:\WINDOWS\system32\divxg400.htm
2008-07-21 12:00 . 2008-07-21 12:00 <DIR> d-------- C:\Program Files\Webteh
2008-07-19 15:15 . 2008-07-19 15:26 9,492 --a------ C:\config.php
2008-07-13 16:38 . 2008-07-13 19:09 <DIR> d-------- C:\Documents and Settings\Sa7er\Contacts
2008-07-13 00:26 . 2008-07-13 00:28 <DIR> d-------- C:\Program Files\AnMing
2008-07-13 00:26 . 2005-04-15 13:22 303,104 --a------ C:\WINDOWS\system32\qscl.dll
2008-07-13 00:26 . 2007-03-25 20:46 212,992 --a------ C:\WINDOWS\system32\amrdec.dll
2008-07-13 00:26 . 2006-12-21 15:47 81,920 --a------ C:\WINDOWS\system32\qcpsdk.dll
2008-07-11 13:46 . 2008-07-11 13:46 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0012
2008-07-11 13:28 . 2008-07-11 13:28 <DIR> d-------- C:\WINDOWS\USB Game Controller
2008-07-11 13:28 . 2008-07-11 13:28 <DIR> d-------- C:\Program Files\USB Game Controller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 10:13 36,291,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 10:12 1,452,832 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 10:06 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-08-06 10:04 --------- d-----w C:\Documents and Settings\ALRAYAH\Application Data\DMCache
2008-08-06 01:07 497,228 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-06 01:07 144,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-05 23:30 --------- d-----w C:\Program Files\Yahoo!
2008-08-05 23:30 --------- d-----w C:\Program Files\Windows Media Components
2008-08-05 23:30 --------- d-----w C:\Program Files\Windows Live
2008-08-05 23:30 --------- d-----w C:\Program Files\Video Convert Premier
2008-08-05 23:30 --------- d-----w C:\Program Files\Ulead Systems
2008-08-05 23:29 --------- d-----w C:\Program Files\TechSmith
2008-08-05 23:29 --------- d-----w C:\Program Files\SmartSound Software
2008-08-05 23:29 --------- d-----w C:\Program Files\Real
2008-08-05 23:28 --------- d-----w C:\Program Files\QuickTime
2008-08-05 23:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-05 23:27 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-05 23:27 --------- d-----w C:\Program Files\JetAudio
2008-08-05 23:27 --------- d-----w C:\Program Files\Java
2008-08-05 23:27 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-05 23:27 --------- d-----w C:\Program Files\FLVPlayer
2008-08-05 23:27 --------- d-----w C:\Program Files\FlashGet
2008-08-05 23:27 --------- d-----w C:\Program Files\Circle Developement
2008-08-05 23:27 --------- d-----w C:\Program Files\Axis noun
2008-08-01 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-24 12:16 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 12:16 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-14 15:02 --------- d-----w C:\Documents and Settings\ALRAYAH\Application Data\Skype
2008-07-14 14:22 --------- d-----w C:\Documents and Settings\ALRAYAH\Application Data\skypePM
2008-07-11 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 13:27 --------- d-----w C:\Program Files\Babylon
2008-06-29 12:03 --------- d-----w C:\Program Files\Avant Browser
2008-06-25 10:52 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-25 10:52 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-23 23:15 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-20 14:10 --------- d-----w C:\Program Files\Intel
2008-06-20 14:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 13:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-19 15:31 --------- d-----w C:\Program Files\WinPcap
2008-06-19 15:30 --------- d-----w C:\Program Files\netcut
2008-06-18 08:53 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-06-18 08:53 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-06-18 08:53 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-06-18 08:53 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-06-18 08:52 --------- d-----w C:\Program Files\Ozone
2008-06-16 22:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-16 22:57 --------- d-----w C:\Program Files\Skype
2008-06-16 22:57 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-16 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-14 13:42 --------- d-----w C:\Program Files\JLC's Software
2008-06-14 13:42 --------- d-----w C:\Documents and Settings\ALRAYAH\Application Data\JLC's Software
2008-06-11 13:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-11 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-11 11:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 14:45 2,337,792 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-06-09 14:15 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-09 14:15 --------- d-----w C:\Program Files\Common Files\Real
2008-06-09 14:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-09 14:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-07 11:21 --------- d-----w C:\Program Files\LeapFTP
2008-06-04 08:08 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-02 08:07 121,208 ----a-w C:\Documents and Settings\ALRAYAH\Application Data\GDIPFONTCACHEV1.DAT
2008-05-24 13:19 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-12 11:33 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-05-01 13:08 81,920 ----a-w C:\Documents and Settings\ALRAYAH\Application Data\ezpinst.exe
2008-05-01 13:08 47,360 ----a-w C:\Documents and Settings\ALRAYAH\Application Data\pcouffin.sys
.
------- Sigcheck -------
2005-03-02 04:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 12:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 06:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 03:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 12:10 2337792 8354e9f83c4fb28db2dc9ed164d96bf2 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 12:10 2337792 8354e9f83c4fb28db2dc9ed164d96bf2 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 12:10 2337792 8354e9f83c4fb28db2dc9ed164d96bf2 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 12:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\VIPv3\backup\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-06_ 2.45.54.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 10:19 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 17:14 185896]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 10:07 114688]
"pytsmvt"="C:\Program Files\Common Files\Microsoft Shared\nviwish.exe" [2007-10-21 20:41 32093]
"eiqdvoq"="C:\Program Files\Common Files\System\fphwhio.exe" [2007-10-21 20:41 32093]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:56 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A93A4625-6216-499C-B360-BBD0A7C0D479}"= "C:\Program Files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll" [2008-08-06 02:06 240747]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"VisualTooltip"=C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
"Vistadrv"=C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
"eiqdvoq"=C:\Program Files\Common Files\System\fphwhio.exe
"pytsmvt"=C:\Program Files\Common Files\Microsoft Shared\nviwish.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\العاب متنوعة\\FIFA2007\\fifa07.exe"=
"D:\\العاب متنوعة\\cs\\cstrike.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\C??CE ?E???E\\FIFA2007\\fifa07.exe"=
"D:\\C??CE ?E???E\\cs\\cstrike.exe"=
R2 CamelApache;CamelApache;C:\camel\apache\apache.exe [2004-10-28 07:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 CamelMysql;CamelMysql;C:\camel\mysql\bin\mysqld-nt.exe [2006-05-26 04:50]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-04 11:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ac3b03-1914-11dd-a6c4-0002b3b678e8}]
\Shell\Auto\command - E:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df6542a-1a5c-11dd-a6cb-0002b3b678e8}]
\Shell\Auto\command - E:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ee99978-53f4-11dd-8e77-0002b3b678e8}]
\Shell\Auto\command - E:\OSO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df610d13-1832-11dd-a6be-0002b3b678e8}]
\Shell\Auto\command - E:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
2008-08-06 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]
2008-08-06 C:\WINDOWS\Tasks\AC53235391E4A13B.job
- c:\docume~1\alrayah\applic~1\axisno~1\Inter list lite.exe [2008-04-23 19:18]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ALRAYAH\Application Data\Mozilla\Firefox\Profiles\8kq1topi.default\

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-06 13:12:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
Completion time: 2008-08-06 13:20:16
ComboFix-quarantined-files.txt 2008-08-06 10:20:02
ComboFix2.txt 2008-08-05 23:51:53
Pre-Run: 10,553,720,832 bytes free
Post-Run: 10,540,089,344 bytes free
245 --- E O F --- 2008-05-11 12:09:52

 

[MAAX]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[abed_2009]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:11 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\camel\apache\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ALRAYAH\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54843[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=13[/URL]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video  with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ???C??CE ??CI ?????CE C???C?? - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [URL]http://www.srtest.com/srl_bin/sysreqlab3.cab[/URL]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [URL]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/URL]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [URL]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{D974080F-2F13-4B2B-A8FE-F14D7A577A48}: NameServer = 10.0.0.11,10.0.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6964 bytes

 

[MAAX]

اعمل هذا التقرير وحطه بدون كود
حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها بدبل كلك ،، ثواني يظهر المفكرة وفيها تقرير ،، اعمل تحديد الكل وانسخه والصقه بمشاركتك القادمة

ولا هنت عطني مسار الفيروس

 

[abed_2009]

يعطيك العافية أخوي ..
ما قصرت وربي .. !

بحمد الله تخلصت من الفايروس بطريقتي الخاصة ..
وإستعدت كافة الإعدادات التي أزالها الفايروس .. !

شاكراً لك مجهودك الرائع حقيقاً ..
بارك الله فيك ..
وغفر لك لوالديك وللمسلمين جميعاً ..

كل الود ..​

 

[MAAX]

يعطيك العافية أخوي ..

ما قصرت وربي .. !​

بحمد الله تخلصت من الفايروس بطريقتي الخاصة ..
وإستعدت كافة الإعدادات التي أزالها الفايروس .. !​

شاكراً لك مجهودك الرائع حقيقاً ..
بارك الله فيك ..
وغفر لك لوالديك وللمسلمين جميعاً .. ​

كل الود ..​

حياك الله
علمنا كيف تم التخلص منه حتى تتم الفائدة للجميع

موفق

 

[abed_2009]

حياك الله

علمنا كيف تم التخلص منه حتى تتم الفائدة للجميع

موفق

وحياك ..

بالنسبة لطريقة ..
أوك أخي العزيز ..
إذا سمح لي وقتي ، سأعمل شرح صوري لكيفية التعامل مع هذا الفايروس ..

وبارك الله فيك ..​