مشكلة فيلروس w32 polip

المارد القسامي · 10 أبريل 2009

سلام عليكم
يا اخوان انا منزل النود على الجهاز وفحصته
وفيه فيروس w32 polip وموجود في كل الجهاز حاولت اطلعه ما عرفت
بدي طريقة سريعة للقضاء عليبه

زمان الصمت · 10 أبريل 2009

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

زمان الصمت · 10 أبريل 2009

شوف الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وانشاء الله تنحل مشكلتك

المارد القسامي · 10 أبريل 2009

شكرا الك جربت الطرق كلها وفرمتت الجهاز البارتشن c" وبعد ذلك عاد كما هو وها هو التقرير ComboFix 09-04-04.01 - Administrator 04/09/2009 16:50:01.1 - FAT32x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.767.606 [GMT 2:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) FW: ESET Personal firewall *enabled* WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\install.exe H:\2fiy.bat H:\rqq2v.bat H:\tyktjfww.exe H:\x.com H:\x0.cmd H:\yg.cmd . ((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-09 14:42 77,824 ----a-w c:\windows\SoundMan.exe 2009-04-09 14:42 77,312 ----a-w c:\windows\system32\msiexec.exe 2009-04-09 14:42 69,120 ----a-w c:\windows\system32\notepad.exe 2009-04-09 14:42 515,072 ----a-w c:\windows\system32\logonui.exe 2009-04-09 14:42 404,992 ----a-w c:\windows\system32\mstsc.exe 2009-04-09 14:42 347,136 ----a-w c:\windows\system32\tourstart.exe 2009-04-09 14:42 342,016 ----a-w c:\windows\system32\mspaint.exe 2009-04-09 14:42 220,672 ----a-w c:\windows\system32\logon.scr 2009-04-09 14:42 182,784 ----a-w c:\windows\system32\accwiz.exe 2009-04-09 14:42 127,488 ----a-w c:\windows\system32\mshearts.exe 2009-04-09 13:01 --------- d-----w c:\program files\Ivacy Monitor 2009-04-09 12:43 --------- d-----w c:\program files\Real 2009-04-09 12:43 --------- d-----w c:\program files\Internet Download Manager 2009-04-09 12:43 --------- d-----w c:\documents and settings\Administrator\Application Data\IDM 2009-04-09 12:43 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache 2009-04-09 12:40 --------- d-----w c:\documents and settings\Administrator\Application Data\ESET 2009-04-09 12:39 --------- d-----w c:\program files\ESET 2009-04-09 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-09 12:35 --------- d-----w c:\program files\MSN Messenger 2009-04-09 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith 2009-04-09 12:34 --------- d-----w c:\program files\TechSmith 2009-04-09 12:33 --------- d-----w c:\program files\USB Disk Security 2009-04-09 12:30 --------- d-----w c:\program files\UseNeXT 2009-04-09 12:30 --------- d-----w c:\program files\ProgDVB 2009-04-09 12:30 --------- d-----w c:\program files\Foxit Software 2009-04-09 12:30 --------- d-----w c:\documents and settings\Administrator\Application Data\UseNeXT 2009-04-09 12:18 --------- d-----w c:\program files\Web Data Extractor 7.1 2009-04-09 12:15 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-09 12:15 --------- d-----w c:\program files\Realtek 2009-04-09 12:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-09 12:15 --------- d-----w c:\program files\Common Files\InstallShield 2009-04-09 12:15 --------- d-----w c:\program files\AGEIA Technologies 2009-04-09 12:07 --------- d-----w c:\program files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/03/2004 10:56 PM 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [04/09/2009 02:37 PM 5674352] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/09/2009 02:43 PM 2606512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [09/17/2008 09:55 AM 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [09/17/2008 09:55 AM 86016] "Rtlupd"="c:\program files\Realtek\InstallShield\Rtlupd.exe" [08/18/2004 03:08 PM 262144] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [04/28/2008 05:00 PM 798720] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM 1443072] "nwiz"="nwiz.exe" [09/17/2008 09:55 AM 1657376 c:\windows\system32\nwiz.exe] "اختصار صفحة خصائص High Definition Audio"="HDAudPropShortcut.exe" [03/17/2004 03:10 PM 61952 c:\windows\system32\Hdaudpropshortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360] c:\documents and settings\All Users\çں‍ê، ں*§ڑ\ںé*©ںê¤\*§ک ںé¢¬نïé\ SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 6395464] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= S2 878BDA;DVB-TV 878 BDA Driver;c:\windows\system32\drivers\878BDA.sys [2008-08-05 86016] S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320] --- Other Services/Drivers In Memory --- *NewlyCreated* - IS-9CRM0DRV . - - - - ORPHANS REMOVED - - - - HKCU-Run-Ivacy Monitor - (no file) . ------- Supplementary Scan ------- . IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qe4h7ekw.default\ FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-09 16:51:06 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 04/09/2009 16:51:48 ComboFix-quarantined-files.txt 2009-04-09 14:51:48 Pre-Run: 25,285,918,720 bytes free Post-Run: 25,363,709,952 bytes free 115

زمان الصمت · 10 أبريل 2009

عدل التقرير ماقدر انسخه افصله عن الكتابه

المارد القسامي · 10 أبريل 2009

PHP:

ComboFix 09-04-04.01 - Administrator 04/09/2009 16:50:01.1 - [color=red][b]FAT32[/b][/color]x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.767.606 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe
H:\2fiy.bat
H:\rqq2v.bat
H:\tyktjfww.exe
H:\x.com
H:\x0.cmd
H:\yg.cmd

.
(((((((((((((((((((((((((   Files Created from 2009-03-09 to 2009-04-09  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 14:42    77,824    ----a-w    c:\windows\SoundMan.exe
2009-04-09 14:42    77,312    ----a-w    c:\windows\system32\msiexec.exe
2009-04-09 14:42    69,120    ----a-w    c:\windows\system32\notepad.exe
2009-04-09 14:42    515,072    ----a-w    c:\windows\system32\logonui.exe
2009-04-09 14:42    404,992    ----a-w    c:\windows\system32\mstsc.exe
2009-04-09 14:42    347,136    ----a-w    c:\windows\system32\tourstart.exe
2009-04-09 14:42    342,016    ----a-w    c:\windows\system32\mspaint.exe
2009-04-09 14:42    220,672    ----a-w    c:\windows\system32\logon.scr
2009-04-09 14:42    182,784    ----a-w    c:\windows\system32\accwiz.exe
2009-04-09 14:42    127,488    ----a-w    c:\windows\system32\mshearts.exe
2009-04-09 13:01    ---------    d-----w    c:\program files\Ivacy Monitor
2009-04-09 12:43    ---------    d-----w    c:\program files\Real
2009-04-09 12:43    ---------    d-----w    c:\program files\Internet Download Manager
2009-04-09 12:43    ---------    d-----w    c:\documents and settings\Administrator\Application Data\IDM
2009-04-09 12:43    ---------    d-----w    c:\documents and settings\Administrator\Application Data\DMCache
2009-04-09 12:40    ---------    d-----w    c:\documents and settings\Administrator\Application Data\ESET
2009-04-09 12:39    ---------    d-----w    c:\program files\ESET
2009-04-09 12:39    ---------    d-----w    c:\documents and settings\All Users\Application Data\ESET
2009-04-09 12:35    ---------    d-----w    c:\program files\MSN Messenger
2009-04-09 12:35    ---------    d-----w    c:\documents and settings\All Users\Application Data\TechSmith
2009-04-09 12:34    ---------    d-----w    c:\program files\TechSmith
2009-04-09 12:33    ---------    d-----w    c:\program files\USB Disk Security
2009-04-09 12:30    ---------    d-----w    c:\program files\UseNeXT
2009-04-09 12:30    ---------    d-----w    c:\program files\ProgDVB
2009-04-09 12:30    ---------    d-----w    c:\program files\Foxit Software
2009-04-09 12:30    ---------    d-----w    c:\documents and settings\Administrator\Application Data\UseNeXT
2009-04-09 12:18    ---------    d-----w    c:\program files\Web Data Extractor 7.1
2009-04-09 12:15    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-04-09 12:15    ---------    d-----w    c:\program files\Realtek
2009-04-09 12:15    ---------    d-----w    c:\program files\Common Files\Wise Installation Wizard
2009-04-09 12:15    ---------    d-----w    c:\program files\Common Files\InstallShield
2009-04-09 12:15    ---------    d-----w    c:\program files\AGEIA Technologies
2009-04-09 12:07    ---------    d-----w    c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/03/2004 10:56 PM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [04/09/2009 02:37 PM 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/09/2009 02:43 PM 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [09/17/2008 09:55 AM 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [09/17/2008 09:55 AM 86016]
"Rtlupd"="c:\program files\Realtek\InstallShield\Rtlupd.exe" [08/18/2004 03:08 PM 262144]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [04/28/2008 05:00 PM 798720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM 1443072]
"nwiz"="nwiz.exe" [09/17/2008 09:55 AM 1657376 c:\windows\system32\nwiz.exe]
"اختصار صفحة خصائص High Definition Audio"="HDAudPropShortcut.exe" [03/17/2004 03:10 PM 61952 c:\windows\system32\Hdaudpropshortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 6395464]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

S2 878BDA;DVB-TV 878 BDA Driver;c:\windows\system32\drivers\878BDA.sys [2008-08-05 86016]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS-9CRM0DRV
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Ivacy Monitor - (no file)


.
------- Supplementary Scan -------
.
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qe4h7ekw.default\
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 16:51:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 04/09/2009 16:51:48
ComboFix-quarantined-files.txt  2009-04-09 14:51:48

Pre-Run: 25,285,918,720 bytes free
Post-Run: 25,363,709,952 bytes free

115

مشكلة فيلروس w32 polip

المارد القسامي

زيزوومي جديد

زمان الصمت

زيزوومى متألق

توقيع : زمان الصمت

زمان الصمت

زيزوومى متألق

توقيع : زمان الصمت

المارد القسامي

زيزوومي جديد

زمان الصمت

زيزوومى متألق

توقيع : زمان الصمت

المارد القسامي

زيزوومي جديد