تم حل المشكلة مشكلة بفيروس ctfmon .exe وفيروس ctv

الحالة
مغلق و غير مفتوح للمزيد من الردود.
M

mostafa_basha

زيزوومي جديد
إنضم
5 أغسطس 2008
المشاركات
42
مستوى التفاعل
1
النقاط
40
الإقامة
egypt
غير متصل
لدى مشكلة تؤرقنى و هى نوعين من الفيروس احدهما ctfmon .exe وهو يختلف عن ctfmon.exe وهو بنفس الملف system32 حاولت ازالتة بشتى الطرق لم استطع ايضا هناك فيروس يخمل اسم ctv وهو يتكاثر بشدة فى ملف ال temp حاولت اذالتة لكافة الطرق ولكنة يعود مرة اخرى و من اعراضة عدم حفظ ملفات الكوكيز نهائيا فارجو الحل

هنا التقارير لم استطع رفعها على الملف المذكور فهى هنا على رابيدشير

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

ترتيب حسب التاريخ ترتيب حسب الأصوات

3.gif

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

الصق تقرير الهايجاك في مشاركتك القادمة وليس بشكل مرفوع


 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:57 م, on 30/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\mostafa\LOCALS~1\Temp\ctv15294.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 4159 bytes
 
تأييد 0
طبق التالي بالترتيب
اولا
3.gif

عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

 ثانيا
3.gif

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
تقرير كومبو فيكس
ComboFix 09-10-28.08 - mostafa 10/31/2009 0:06.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.256.92 [GMT 2:00]
Running from: c:\documents and settings\mostafa\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\gendel32.exe
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-30 21:29 . 2009-10-30 21:29 -------- d-----w- c:\program files\Trend Micro
2009-10-30 21:10 . 2009-10-30 21:10 -------- d-----w- c:\documents and settings\mostafa\Application Data\QuickScan
2009-10-30 21:04 . 2009-10-30 21:04 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Runscanner.net
2009-10-30 19:40 . 2009-10-30 19:59 0 ----a-w- C:\osy3.sys
2009-10-30 17:53 . 2009-10-30 17:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 17:53 . 2009-10-30 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 17:11 . 2009-10-30 17:11 -------- d-----w- C:\FOUND.003
2009-10-30 16:00 . 2009-10-30 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-30 16:00 . 2009-10-30 16:00 -------- d-----w- c:\program files\XoftSpySE6
2009-10-30 15:27 . 2009-10-30 15:27 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Threat Expert
2009-10-30 15:23 . 2009-10-30 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 14:28 . 2009-10-30 14:29 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Ashampoo
2009-10-30 12:59 . 2009-10-30 12:59 -------- d-----w- C:\FOUND.002
2009-10-30 12:15 . 2009-10-30 12:15 -------- d-----w- c:\program files\Beirut Script v3
2009-10-30 11:05 . 2009-10-30 11:05 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 10:45 . 2009-10-30 10:45 -------- d-----w- c:\windows\system32\LogFiles
2009-10-30 09:51 . 2009-10-30 09:51 -------- d-----w- C:\zyz_cleaner
2009-10-30 07:05 . 2009-10-30 07:05 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Identities
2009-10-30 05:18 . 2009-10-30 05:18 -------- d-----w- C:\FOUND.001
2009-10-30 00:25 . 2009-10-30 00:25 63 ----a-w- c:\windows\AlfaStart.CMD
2009-10-30 00:25 . 2009-10-30 00:25 -------- d-----w- c:\program files\Alfa Autorun Killer 2
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\documents and settings\mostafa\Application Data\Malwarebytes
2009-10-29 23:42 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 23:42 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 17:10 . 2009-10-28 17:10 -------- d-----w- c:\documents and settings\mostafa\Application Data\Thinstall
2009-10-28 15:00 . 2009-10-28 15:00 -------- d-----w- C:\FOUND.000
2009-10-28 03:13 . 2009-10-28 19:52 882 ----a-w- c:\windows\system32\wininit.dll
2009-10-26 14:31 . 2009-10-26 14:31 -------- d-----w- C:\EmEdit
2009-10-24 14:49 . 2009-10-24 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1004
2009-10-24 08:34 . 2009-10-24 08:34 -------- d-----w- c:\program files\Duplicate File Remover
2009-10-24 02:40 . 2007-06-28 16:04 188416 ----a-w- C:\GLFEB.tmp.dll
2009-10-23 23:03 . 2009-10-23 23:03 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Downloaded Installations
2009-10-23 19:52 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-10-23 19:52 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-10-23 19:52 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-10-23 19:52 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-10-23 19:52 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-10-23 19:52 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-10-23 19:52 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-10-23 19:52 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-10-23 19:52 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-10-23 19:51 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-10-23 19:51 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-10-23 19:51 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-23 19:51 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-23 19:48 . 2009-10-23 19:48 -------- d-----w- c:\program files\Mercury Pocket Cam II
2009-10-23 19:48 . 2002-09-18 07:52 45056 ----a-r- c:\windows\system32\mr310exv.dll
2009-10-23 19:48 . 2002-09-18 07:52 36864 ----a-r- c:\windows\system32\mr310exd.dll
2009-10-23 19:48 . 2002-08-21 16:38 61440 ----a-r- c:\windows\system32\mr310ifv.dll
2009-10-23 19:48 . 2002-08-14 14:13 135168 ----a-r- c:\windows\system32\mr310ipv.dll
2009-10-23 19:48 . 2001-12-20 16:20 205824 ----a-r- c:\windows\system32\Vic32.dll
2009-10-23 19:48 . 2001-05-29 22:00 352256 ----a-r- c:\windows\system32\ijl15.dll
2009-10-23 19:48 . 2009-10-23 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 19:48 . 2002-11-27 06:18 116126 ----a-w- c:\windows\system32\drivers\MR97310v.sys
2009-10-23 19:48 . 2009-10-23 19:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-23 15:24 . 2009-10-23 15:24 -------- d--h--w- c:\windows\PIF
2009-10-23 08:26 . 2009-10-23 08:26 -------- d-----w- C:\Let1000
2009-10-23 01:58 . 2009-10-23 01:58 -------- d-----w- C:\Temp
2009-10-23 01:58 . 2009-10-23 01:58 -------- d-----w- c:\documents and settings\mostafa\Application Data\Syntrillium
2009-10-23 01:58 . 2001-10-19 12:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-10-23 01:58 . 2001-10-19 12:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2009-10-23 01:58 . 2001-10-19 12:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2009-10-23 01:58 . 2001-10-19 12:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2009-10-23 01:56 . 2009-10-23 01:56 -------- d-----w- c:\program files\coolpro2
2009-10-22 14:08 . 2009-10-29 16:04 1524 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-21 23:37 . 2009-10-21 23:38 1636 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 12:32 . 2005-07-24 21:26 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\WinPcap
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\netcut
2009-10-18 23:35 . 2009-10-18 23:35 -------- d-----w- c:\documents and settings\mostafa\Application Data\Yahoo!
2009-10-18 16:29 . 2009-10-18 16:29 -------- d-----w- c:\documents and settings\mostafa\Application Data\Media Player Classic
2009-10-18 14:47 . 2009-10-18 14:47 -------- d-s---w- c:\documents and settings\mostafa\UserData
2009-10-18 14:30 . 2009-10-18 14:30 -------- d-----w- c:\documents and settings\mostafa\Contacts
2009-10-18 14:30 . 2009-10-18 14:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
2009-10-18 14:30 . 2009-10-18 14:30 -------- d-----w- c:\program files\WinSysClean 2008 Trial
2009-10-18 14:27 . 2009-10-18 14:27 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Mozilla
2009-10-18 14:15 . 2009-10-18 14:15 -------- d-----w- c:\documents and settings\mostafa\Application Data\IDM
2009-10-18 14:15 . 2009-10-18 14:15 -------- d-----w- c:\documents and settings\mostafa\Application Data\DMCache
2009-10-18 14:14 . 2009-10-18 14:14 -------- d-----w- c:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 15:38 . 2004-08-03 20:56 30208 ----a-w- c:\windows\system32\ctfmon.exe
2009-10-21 12:39 . 2009-10-18 13:45 31624 ----a-w- c:\documents and settings\mostafa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 21:50 . 2009-10-18 13:46 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 13:59 . 2009-10-18 13:59 -------- d-----w- c:\program files\MSN Messenger
2009-10-18 13:59 . 2009-10-18 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-18 13:58 . 2009-10-18 13:57 -------- d-----w- c:\program files\Yahoo!
2009-10-18 13:52 . 2009-10-18 13:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-18 13:51 . 2009-10-18 13:51 -------- d-----w- c:\program files\Winamp
2009-10-18 13:46 . 2009-10-18 13:46 -------- d-----w- c:\program files\Avira
2009-10-18 13:46 . 2009-10-18 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-18 13:31 . 2009-10-18 13:31 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 13:24 . 2009-10-18 13:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-09 10:43 . 2009-10-15 06:09 210352 ----a-w- c:\windows\system32\idmmbc.dll
.
------- Sigcheck -------
[-] 2009-10-29 15:38 . 5120FC8A90127C08974B32006394E545 . 30208 . . [------] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-29 30208]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/10/2009 03:46 م 108289]
R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [18/10/2009 03:13 م 3072]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [18/10/2009 03:13 م 72832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/10/2009 01:42 ص 19160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/10/2009 01:42 ص 269648]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\drivers\MR97310v.sys [23/10/2009 09:48 م 116126]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 11:10 م 32512]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
FF - ProfilePath - c:\documents and settings\mostafa\Application Data\Mozilla\Firefox\Profiles\lkyi9x30.default\
FF - component: c:\documents and settings\mostafa\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
AddRemove-HijackThis - c:\documents and settings\mostafa\Desktop\HijackThis.exe
AddRemove-mIRC - c:\program files\Beirut Script v3\mirc.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-10-31 00:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-30 0:20
ComboFix-quarantined-files.txt 2009-10-30 22:20
Pre-Run: 4,575,469,568 bytes free
Post-Run: 4,583,174,144 bytes free
- - End Of File - - A2F2FAEC1C92DF5FF91228607C24E404
 
تأييد 0
تقرير الهايجاك بعد الكومبو فيكس
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:13 ص, on 31/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 3772 bytes
 
تأييد 0
تم حذف الفايروسين والحمد لله عندك شي آخر اخوي

 
توقيع : السّاجد لله
تأييد 0
اخى هشام اشكرك اختفى فيروس ctfmon .exe ولكن عاد فيروس ctv مرة اخرى للاسف الشديج بعد ان اختفى
 
تأييد 0
هل لابد ان اقوم بتشغيل اداة كومبوفكس مرة اخرى؟
 
تأييد 0
عطل استعادة النظام حسب الشرح التالي

i7549_1.png


i7550_2.png


i7551_3.png



ثم ارفع تقرير هايجاك جديد

 
توقيع : السّاجد لله
تأييد 0
اخى عطلتها وهذا هو التقرير الان
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:35 ص, on 31/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\mostafa\LOCALS~1\Temp\ctv22025.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\mostafa\LOCALS~1\Temp\ctv22986.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 3914 bytes
 
تأييد 0
حمل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

واعمل كما بالصوره

i45671_cfscript.gif


انتظر قليلا ثم ضع التقرير الجديد هنا
 
تأييد 0
تم وهذا هو التقرير الجديد
 
تأييد 0
ComboFix 09-10-30.01 - mostafa 10/31/2009 2:29.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.256.94 [GMT 2:00]
Running from: c:\documents and settings\mostafa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mostafa\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\mostafa\Local Settings\Temp\ctv22025.exe"
"c:\documents and settings\mostafa\Local Settings\Temp\ctv22986.exe"
"C:\GLFEB.tmp.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\mostafa\Local Settings\Temp\ctv22025.exe
c:\documents and settings\mostafa\Local Settings\Temp\ctv22986.exe
C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\found.000\FILE0007.CHK
c:\found.000\FILE0008.CHK
C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\found.001\FILE0002.CHK
C:\FOUND.002
c:\found.002\FILE0000.CHK
c:\found.002\FILE0001.CHK
c:\found.002\FILE0002.CHK
c:\found.002\FILE0003.CHK
c:\found.002\FILE0004.CHK
c:\found.002\FILE0005.CHK
c:\found.002\FILE0006.CHK
c:\found.002\FILE0007.CHK
c:\found.002\FILE0008.CHK
c:\found.002\FILE0009.CHK
c:\found.002\FILE0010.CHK
c:\found.002\FILE0011.CHK
c:\found.002\FILE0012.CHK
c:\found.002\FILE0013.CHK
c:\found.002\FILE0014.CHK
c:\found.002\FILE0015.CHK
c:\found.002\FILE0016.CHK
c:\found.002\FILE0017.CHK
c:\found.002\FILE0018.CHK
c:\found.002\FILE0019.CHK
c:\found.002\FILE0020.CHK
c:\found.002\FILE0021.CHK
c:\found.002\FILE0022.CHK
c:\found.002\FILE0023.CHK
c:\found.002\FILE0024.CHK
c:\found.002\FILE0025.CHK
c:\found.002\FILE0026.CHK
c:\found.002\FILE0027.CHK
c:\found.002\FILE0028.CHK
c:\found.002\FILE0029.CHK
c:\found.002\FILE0030.CHK
c:\found.002\FILE0031.CHK
c:\found.002\FILE0032.CHK
c:\found.002\FILE0033.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
c:\found.003\FILE0007.CHK
c:\found.003\FILE0008.CHK
c:\found.003\FILE0009.CHK
c:\found.003\FILE0010.CHK
c:\found.003\FILE0011.CHK
c:\found.003\FILE0012.CHK
c:\found.003\FILE0013.CHK
c:\found.003\FILE0014.CHK
c:\found.003\FILE0015.CHK
c:\found.003\FILE0016.CHK
c:\found.003\FILE0017.CHK
c:\found.003\FILE0018.CHK
c:\found.003\FILE0019.CHK
c:\found.003\FILE0020.CHK
c:\found.003\FILE0021.CHK
c:\found.003\FILE0022.CHK
c:\found.003\FILE0023.CHK
c:\found.003\FILE0024.CHK
c:\found.003\FILE0025.CHK
c:\found.003\FILE0026.CHK
C:\GLFEB.tmp.dll
C:\Let1000
c:\let1000\CDROM.INI
c:\let1000\Let200.REP
c:\let1000\Lettres\LET.DOC
c:\let1000\Lettres\LET0138.DOC
c:\let1000\Lettres\LET0219.DOC
c:\let1000\Lettres\LET0225.DOC
c:\let1000\Lettres\LET0226.DOC
c:\let1000\Lettres\LET0324.DOC
c:\let1000\Lettres\LET0331.DOC
c:\let1000\Lettres\LET0386.DOC
c:\let1000\Lettres\LET0614.DOC
c:\let1000\Lettres\LET0615.DOC
c:\let1000\Lettres\LET0640.DOC
c:\let1000\Lettres\LET0641.DOC
c:\let1000\Lettres\LET0724.DOC
c:\let1000\Lettres\LET0750.DOC
c:\let1000\Lettres\LET0856.DOC
c:\let1000\Lettres\LET0858.DOC
c:\let1000\Lettres\LET0859.DOC
C:\Temp
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.
2009-10-31 00:29 . 2004-08-03 18:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 00:29 . 2004-08-03 18:59 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-30 21:29 . 2009-10-30 21:29 -------- d-----w- c:\program files\Trend Micro
2009-10-30 21:10 . 2009-10-30 21:10 -------- d-----w- c:\documents and settings\mostafa\Application Data\QuickScan
2009-10-30 21:04 . 2009-10-30 21:04 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Runscanner.net
2009-10-30 19:40 . 2009-10-30 19:59 0 ----a-w- C:\osy3.sys
2009-10-30 17:53 . 2009-10-30 17:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 17:53 . 2009-10-30 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 16:00 . 2009-10-30 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-30 15:27 . 2009-10-30 15:27 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Threat Expert
2009-10-30 15:23 . 2009-10-30 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 14:28 . 2009-10-30 14:29 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Ashampoo
2009-10-30 12:15 . 2009-10-30 12:15 -------- d-----w- c:\program files\Beirut Script v3
2009-10-30 11:05 . 2009-10-30 11:05 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 10:45 . 2009-10-30 10:45 -------- d-----w- c:\windows\system32\LogFiles
2009-10-30 09:51 . 2009-10-30 09:51 -------- d-----w- C:\zyz_cleaner
2009-10-30 07:05 . 2009-10-30 07:05 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Identities
2009-10-30 00:25 . 2009-10-30 00:25 63 ----a-w- c:\windows\AlfaStart.CMD
2009-10-30 00:25 . 2009-10-30 00:25 -------- d-----w- c:\program files\Alfa Autorun Killer 2
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\documents and settings\mostafa\Application Data\Malwarebytes
2009-10-29 23:42 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 23:42 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 23:42 . 2009-10-29 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 17:10 . 2009-10-28 17:10 -------- d-----w- c:\documents and settings\mostafa\Application Data\Thinstall
2009-10-28 03:13 . 2009-10-28 19:52 882 ----a-w- c:\windows\system32\wininit.dll
2009-10-26 14:31 . 2009-10-26 14:31 -------- d-----w- C:\EmEdit
2009-10-24 14:49 . 2009-10-24 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1004
2009-10-24 08:34 . 2009-10-24 08:34 -------- d-----w- c:\program files\Duplicate File Remover
2009-10-23 23:03 . 2009-10-23 23:03 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Downloaded Installations
2009-10-23 19:52 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-10-23 19:52 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-10-23 19:52 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-10-23 19:52 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-10-23 19:52 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-10-23 19:52 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-10-23 19:52 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-10-23 19:52 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-10-23 19:52 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-10-23 19:52 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-10-23 19:51 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-10-23 19:51 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-10-23 19:51 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-23 19:51 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-23 19:48 . 2009-10-23 19:48 -------- d-----w- c:\program files\Mercury Pocket Cam II
2009-10-23 19:48 . 2002-09-18 07:52 45056 ----a-r- c:\windows\system32\mr310exv.dll
2009-10-23 19:48 . 2002-09-18 07:52 36864 ----a-r- c:\windows\system32\mr310exd.dll
2009-10-23 19:48 . 2002-08-21 16:38 61440 ----a-r- c:\windows\system32\mr310ifv.dll
2009-10-23 19:48 . 2002-08-14 14:13 135168 ----a-r- c:\windows\system32\mr310ipv.dll
2009-10-23 19:48 . 2001-12-20 16:20 205824 ----a-r- c:\windows\system32\Vic32.dll
2009-10-23 19:48 . 2001-05-29 22:00 352256 ----a-r- c:\windows\system32\ijl15.dll
2009-10-23 19:48 . 2009-10-23 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 19:48 . 2002-11-27 06:18 116126 ----a-w- c:\windows\system32\drivers\MR97310v.sys
2009-10-23 19:48 . 2009-10-23 19:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-23 15:24 . 2009-10-23 15:24 -------- d--h--w- c:\windows\PIF
2009-10-23 01:58 . 2009-10-23 01:58 -------- d-----w- c:\documents and settings\mostafa\Application Data\Syntrillium
2009-10-23 01:58 . 2001-10-19 12:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-10-23 01:58 . 2001-10-19 12:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2009-10-23 01:58 . 2001-10-19 12:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2009-10-23 01:58 . 2001-10-19 12:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2009-10-23 01:56 . 2009-10-23 01:56 -------- d-----w- c:\program files\coolpro2
2009-10-22 14:08 . 2009-10-29 16:04 1524 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-21 23:37 . 2009-10-21 23:38 1636 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 12:32 . 2005-07-24 21:26 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\WinPcap
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\netcut
2009-10-18 23:35 . 2009-10-18 23:35 -------- d-----w- c:\documents and settings\mostafa\Application Data\Yahoo!
2009-10-18 16:29 . 2009-10-18 16:29 -------- d-----w- c:\documents and settings\mostafa\Application Data\Media Player Classic
2009-10-18 14:47 . 2009-10-18 14:47 -------- d-s---w- c:\documents and settings\mostafa\UserData
2009-10-18 14:30 . 2009-10-18 14:30 -------- d-----w- c:\documents and settings\mostafa\Contacts
2009-10-18 14:30 . 2009-10-18 14:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
2009-10-18 14:30 . 2009-10-18 14:30 -------- d-----w- c:\program files\WinSysClean 2008 Trial
2009-10-18 14:27 . 2009-10-18 14:27 -------- d-----w- c:\documents and settings\mostafa\Local Settings\Application Data\Mozilla
2009-10-18 14:15 . 2009-10-18 14:15 -------- d-----w- c:\documents and settings\mostafa\Application Data\IDM
2009-10-18 14:15 . 2009-10-18 14:15 -------- d-----w- c:\documents and settings\mostafa\Application Data\DMCache
2009-10-18 14:14 . 2009-10-18 14:14 -------- d-----w- c:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 15:38 . 2004-08-03 20:56 30208 ----a-w- c:\windows\system32\ctfmon.exe
2009-10-21 12:39 . 2009-10-18 13:45 31624 ----a-w- c:\documents and settings\mostafa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 21:50 . 2009-10-18 13:46 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 13:59 . 2009-10-18 13:59 -------- d-----w- c:\program files\MSN Messenger
2009-10-18 13:59 . 2009-10-18 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-18 13:58 . 2009-10-18 13:57 -------- d-----w- c:\program files\Yahoo!
2009-10-18 13:52 . 2009-10-18 13:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-18 13:51 . 2009-10-18 13:51 -------- d-----w- c:\program files\Winamp
2009-10-18 13:46 . 2009-10-18 13:46 -------- d-----w- c:\program files\Avira
2009-10-18 13:46 . 2009-10-18 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-18 13:31 . 2009-10-18 13:31 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 13:24 . 2009-10-18 13:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-09 10:43 . 2009-10-15 06:09 210352 ----a-w- c:\windows\system32\idmmbc.dll
.
------- Sigcheck -------
[-] 2009-10-29 15:38 . 5120FC8A90127C08974B32006394E545 . 30208 . . [------] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-29 30208]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/10/2009 03:46 م 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/10/2009 01:42 ص 269648]
R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [18/10/2009 03:13 م 3072]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [18/10/2009 03:13 م 72832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/10/2009 01:42 ص 19160]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\drivers\MR97310v.sys [23/10/2009 09:48 م 116126]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 11:10 م 32512]
--- Other Services/Drivers In Memory ---
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
FF - ProfilePath - c:\documents and settings\mostafa\Application Data\Mozilla\Firefox\Profiles\lkyi9x30.default\
FF - component: c:\documents and settings\mostafa\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-10-31 02:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(492)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2009-10-31 2:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 00:44
ComboFix2.txt 2009-10-30 23:13
ComboFix3.txt 2009-10-30 22:20
Pre-Run: 4,550,828,032 bytes free
Post-Run: 4,563,734,528 bytes free
- - End Of File - - E86A91B1CE992CDBB239B092076CA8A7
 
تأييد 0
طيب حمل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

التالي واعمل كما بالسابق

وقولنا هل تم حل المشكله الان؟

 
تأييد 0
تم حل المشكلة ذهب الفيروس بلا رجعة اشكركم جزيل الشكر اخوانى
 
تأييد 0
العفو يالغالي :)
 
تأييد 0
بارك الله فيكم
يغلق لانتهاءة
 
توقيع : السّاجد لله
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى