فايروس حتي بعد الفورمات

[الشريم81]

السلام عليكم يا أخواني
هذه المشكلة موجودة بجهاز أخي وهو مصاب بفايروس
والكاسبر 7 ابديتيد لم يستطيع ازالته وقام بعمل فورمات للجهاز
ومازالت المشكلة قائمة وهذه صور للفايروس
أرجو من الأخوة الى عندهم قدرة على المساعدة بالرد
وبارك الله فيكم

 

[miss toto]

أخوي أعتقد الفايرس أنزال بس هو هنا يعلمك أنه حذفه.
جرب حمل برنامج الأي في جي و شوف يطلعه لك او لا و جرب فحص جهازك من مواقع الحماية.

- و أنتظر الخبراء يفيدونك أكثر .

 

[الشريم81]

شكرا على الرد أختي ... لكن للأسف الكاسبر ما قدر يشيله
حتي بعد عمل ريستارت للجهاز وايضا حتي بعد الفورمات

 

[LINEZERO]

اخوي الشريم لااهنت اعمل التالي

(1)






عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


--------------------------------------------


( 2 )


واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم



بانتظارك وياريت تعمل الخطوات بالترتيب


​

 

[poga]

تقرير عن جهازي اخو الشريم

ComboFix 08-05-21.3 - fergani 2008-05-23 21:58:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.218.1033.18.1689 [GMT -7:00]
Running from: C:\Documents and Settings\fergani\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-23 21:52 . 2008-05-23 21:52 50 --ahs---- C:\WINDOWS\klif.spi
2008-05-21 22:00 . 2004-08-03 08:18 2,148,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-05-21 22:00 . 2004-08-03 10:05 2,015,232 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-05-21 21:54 . 2008-05-21 21:55 <DIR> d-------- C:\Program Files\JetAudio
2008-05-21 21:54 . 2008-05-21 21:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 21:54 . 2008-05-21 21:54 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 21:54 . 2008-05-21 21:55 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-05-21 21:51 . 2008-05-21 21:54 <DIR> d-------- C:\Program Files\Folder Lock
2008-05-21 21:51 . 2002-12-25 09:44 380,928 --a------ C:\WINDOWS\system32\vaultskn.ocx
2008-05-21 21:51 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-05-21 21:51 . 2007-02-07 19:50 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2008-05-21 21:51 . 2008-05-21 21:51 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-05-21 21:51 . 1999-04-23 22:22 20,992 --a------ C:\WINDOWS\system32\hhopen.ocx
2008-05-21 21:49 . 2008-05-21 21:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-21 21:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-21 21:38 . 2008-05-21 21:38 <DIR> d-------- C:\Program Files\MSBuild
2008-05-21 21:38 . 2008-05-21 21:38 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-21 21:34 . 2008-05-21 21:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-21 21:34 . 2008-05-21 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 21:33 . 2008-05-21 21:33 <DIR> dr-h----- C:\MSOCache
2008-05-21 21:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-21 21:21 . 2008-05-21 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-21 21:15 . 2008-05-21 21:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-21 21:15 . 2008-05-21 21:15 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-21 21:15 . 2008-05-21 21:15 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-21 21:15 . 2006-03-22 21:18 126,976 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-21 21:13 . 2008-05-21 21:13 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-21 21:09 . 2008-05-21 21:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-21 21:09 . 2008-05-21 21:09 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-21 21:09 . 2008-05-21 16:14 <DIR> d-------- C:\Documents and Settings\fergani
2008-05-21 21:02 . 2008-05-21 21:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-21 21:02 . 2008-05-21 21:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-21 21:00 . 2008-05-21 21:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-21 21:00 . 2008-05-21 21:00 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-21 16:16 . 2008-05-21 02:07 13,030 --a------ C:\PDOXUSRS.NET
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\Program Files\Prayer Time
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-05-21 16:14 . 2008-05-21 16:14 <DIR> d-------- C:\Documents and Settings\fergani\WINDOWS
2008-05-21 16:14 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\Media Player Classic
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 16:00 . 2008-05-21 16:00 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-21 16:00 . 2008-05-21 16:00 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\TuneUp Software
2008-05-21 16:00 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-21 15:59 . 2008-05-21 15:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:59 . 2008-05-21 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-21 14:29 . 2008-05-21 14:30 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-21 14:29 . 2006-05-09 20:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-21 14:26 . 2004-08-03 09:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-21 14:22 . 2008-05-21 14:22 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\COWON
2008-05-21 14:20 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Real
2008-05-21 14:20 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-21 14:19 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-21 14:19 . 2008-05-21 14:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-21 14:19 . 2008-05-21 14:19 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-21 14:16 . 2007-10-05 03:17 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 14:15 . 2008-05-21 14:16 <DIR> d-------- C:\Program Files\Java
2008-05-21 14:15 . 2008-05-21 14:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-21 01:34 . 2008-05-21 01:34 <DIR> d-------- C:\Program Files\CyberLink
2008-05-21 01:30 . 2008-05-21 02:05 <DIR> d-------- C:\dvbdream
2008-05-21 01:27 . 2008-05-21 01:27 <DIR> d-------- C:\WINDOWS\KingoOo
2008-05-21 01:27 . 2008-05-21 01:27 <DIR> d-------- C:\Program Files\System
2008-05-21 01:27 . 2004-07-29 12:56 208,896 --a------ C:\WINDOWS\system32\cttune.cpl
2008-05-21 01:27 . 2004-09-30 11:17 122,880 --a------ C:\WINDOWS\system32\directx.cpl
2008-05-21 01:27 . 2002-12-29 01:14 110,592 --a------ C:\WINDOWS\system32\Startup.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 04:59 46,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-24 04:59 2,145,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-21 21:07 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 21:07 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 20:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-21 09:20 7,172 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-21 09:20 38,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 09:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AL Maathen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AL Maathen.lnk
backup=C:\WINDOWS\pss\AL Maathen.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 03:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 09:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-22 21:13 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-22 21:17 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-22 21:17 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 05:05 16239616 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-10-05 03:32 75256 C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-21 14:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 09:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-13 18:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-05-21 23:00:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-23 21:59:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\sccfg.sys 20 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-05-23 22:01:02
ComboFix-quarantined-files.txt 2008-05-24 05:01:00
Pre-Run: 13,406,048,256 bytes free
Post-Run: 13,471,584,256 bytes free
167

 

[poga]

ComboFix 08-05-21.3 - fergani 2008-05-23 23:14:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.218.1033.18.1696 [GMT -7:00]
Running from: C:\Documents and Settings\fergani\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-21 22:00 . 2004-08-03 08:18 2,148,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-05-21 22:00 . 2004-08-03 10:05 2,015,232 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-05-21 21:54 . 2008-05-21 21:55 <DIR> d-------- C:\Program Files\JetAudio
2008-05-21 21:54 . 2008-05-21 21:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 21:54 . 2008-05-21 21:54 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 21:54 . 2008-05-21 21:55 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-05-21 21:51 . 2008-05-21 21:54 <DIR> d-------- C:\Program Files\Folder Lock
2008-05-21 21:51 . 2002-12-25 09:44 380,928 --a------ C:\WINDOWS\system32\vaultskn.ocx
2008-05-21 21:51 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-05-21 21:51 . 2007-02-07 19:50 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2008-05-21 21:51 . 2008-05-21 21:51 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-05-21 21:51 . 1999-04-23 22:22 20,992 --a------ C:\WINDOWS\system32\hhopen.ocx
2008-05-21 21:49 . 2008-05-21 21:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-21 21:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-21 21:38 . 2008-05-21 21:38 <DIR> d-------- C:\Program Files\MSBuild
2008-05-21 21:38 . 2008-05-21 21:38 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-21 21:34 . 2008-05-21 21:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-21 21:34 . 2008-05-21 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 21:33 . 2008-05-21 21:33 <DIR> dr-h----- C:\MSOCache
2008-05-21 21:27 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-21 21:21 . 2008-05-21 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-21 21:15 . 2008-05-21 21:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-21 21:15 . 2008-05-21 21:15 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-21 21:15 . 2008-05-21 21:15 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-21 21:15 . 2006-03-22 21:18 126,976 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-21 21:13 . 2008-05-21 21:13 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-21 21:09 . 2008-05-21 21:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-21 21:09 . 2008-05-21 21:09 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-21 21:09 . 2008-05-23 22:11 <DIR> d-------- C:\Documents and Settings\fergani
2008-05-21 21:02 . 2008-05-21 21:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-21 21:02 . 2008-05-21 21:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-21 21:00 . 2008-05-21 21:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-21 21:00 . 2008-05-21 21:00 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-21 16:16 . 2008-05-21 02:07 13,030 --a------ C:\PDOXUSRS.NET
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\Program Files\Prayer Time
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-05-21 16:14 . 2008-05-21 16:14 <DIR> d-------- C:\Documents and Settings\fergani\WINDOWS
2008-05-21 16:14 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-21 16:06 . 2008-05-21 16:06 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\Media Player Classic
2008-05-21 16:05 . 2008-05-21 16:05 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 16:00 . 2008-05-21 16:00 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-21 16:00 . 2008-05-21 16:00 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\TuneUp Software
2008-05-21 16:00 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-21 15:59 . 2008-05-21 15:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:59 . 2008-05-21 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-21 14:30 . 2008-05-21 14:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-21 14:29 . 2008-05-21 14:30 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-21 14:29 . 2006-05-09 20:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-21 14:26 . 2004-08-03 09:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-21 14:22 . 2008-05-21 14:22 <DIR> d-------- C:\Documents and Settings\fergani\Application Data\COWON
2008-05-21 14:20 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Real
2008-05-21 14:20 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-21 14:19 . 2008-05-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-21 14:19 . 2008-05-21 14:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-21 14:19 . 2008-05-21 14:19 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-21 14:16 . 2007-10-05 03:17 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 14:15 . 2008-05-21 14:16 <DIR> d-------- C:\Program Files\Java
2008-05-21 14:15 . 2008-05-21 14:15 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-21 01:34 . 2008-05-21 01:34 <DIR> d-------- C:\Program Files\CyberLink
2008-05-21 01:30 . 2008-05-21 02:05 <DIR> d-------- C:\dvbdream
2008-05-21 01:27 . 2008-05-21 01:27 <DIR> d-------- C:\WINDOWS\KingoOo
2008-05-21 01:27 . 2008-05-21 01:27 <DIR> d-------- C:\Program Files\System
2008-05-21 01:27 . 2004-07-29 12:56 208,896 --a------ C:\WINDOWS\system32\cttune.cpl
2008-05-21 01:27 . 2004-09-30 11:17 122,880 --a------ C:\WINDOWS\system32\directx.cpl
2008-05-21 01:27 . 2002-12-29 01:14 110,592 --a------ C:\WINDOWS\system32\Startup.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 06:15 48,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-24 06:15 2,173,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-24 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 05:05 7,580 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-24 05:05 39,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-21 21:07 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 21:07 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 20:52 --------- d-----w C:\Program Files\Kaspersky Lab
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_22.00.06.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-24 04:30:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 05:06:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 09:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AL Maathen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AL Maathen.lnk
backup=C:\WINDOWS\pss\AL Maathen.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 03:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 09:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-22 21:13 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-22 21:17 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-22 21:17 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 05:05 16239616 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-10-05 03:32 75256 C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-21 14:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 09:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-13 18:22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
"2008-05-21 23:00:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-23 23:15:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\sccfg.sys 20 bytes
scan completed successfully
hidden files: 1

 

[poga]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:21 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\fergani\Desktop\برنامج HijackThis\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 3445 bytes

 

[poga]

ناسف على التاخير ولكم مني فائق الاحترام والتقدير

 

[قادم]

السلام عليكم يا أخواني
هذه المشكلة موجودة بجهاز أخي وهو مصاب بفايروس
والكاسبر 7 ابديتيد لم يستطيع ازالته وقام بعمل فورمات للجهاز
ومازالت المشكلة قائمة وهذه صور للفايروس
أرجو من الأخوة الى عندهم قدرة على المساعدة بالرد
وبارك الله فيكم

أخوي الشريم81

هذا الملف ليس فايرس بل هو ملف تابع لبرنامج Folder lock


تحياتي

 

[poga]

بارك الله فيك اخي على هذه المعلومه بعد ازالت الفولدر لوك لم تضهر هذه الرساله المزعجه لك مني جزيل الشكر

 

[قادم]

العفو أخي

بخدمتكم إن شاء الله


تحياتي