مشاهده نسخه کامل
: کمک ویروس جدید
ramin1988
23-02-2010, 17:58
سلام به همه دوستان .
جدیدا یه ویروس جدید گرفته این کامپیوتر ما که هی درایو ویندوز پر میشه !
آخرین ورزن آواست رو با آپدیت نصب کردم ولی کاری نتونست بکنه .
هی درایو سی رو خالی میکنم بعد از نیم ساعت دوباره پر میشه .
picher_s
23-02-2010, 18:22
درور
مثله همیشه:
1- combofix و گزاشتن logش اینجا
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
2- اویرا
ramin1988
23-02-2010, 18:40
آقا نصب کردم اینم log
ComboFix 10-02-22.07 - RAMIN 02/22/2010 18:24:21.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1455 [GMT 3.5:30]
Running from: F:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.
2010-02-22 14:53 . 2010-02-22 14:53 -------- d-----w- C:\32788R22FWJFW
2010-02-21 18:58 . 2010-02-21 18:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll
2010-02-21 18:56 . 2010-02-21 18:56 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2010-02-21 18:52 . 2010-02-21 18:52 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-02-20 13:47 . 2010-02-22 03:44 -------- d-----w- c:\users\RAMIN\Tracing
2010-02-20 13:46 . 2010-02-20 13:46 -------- d-----w- c:\program files\Microsoft
2010-02-20 13:46 . 2010-02-20 13:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-20 13:46 . 2010-02-20 13:46 -------- d-----w- c:\program files\Windows Live
2010-02-20 13:30 . 2010-02-20 13:30 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-18 19:13 . 2010-02-18 19:13 0 ----a-w- c:\windows\nsreg.dat
2010-02-18 19:13 . 2010-02-18 19:13 -------- d-----w- c:\users\RAMIN\AppData\Local\Mozilla
2010-02-17 15:39 . 2010-02-17 16:01 -------- d-----w- c:\users\RAMIN\AppData\Local\Microsoft Games
2010-02-17 11:49 . 2010-02-17 11:49 -------- d-----w- C:\Valve
2010-02-16 18:05 . 2010-02-16 18:05 -------- d-----w- c:\users\RAMIN\AppData\Roaming\Bandoo
2010-02-16 18:05 . 2010-02-16 18:08 -------- d-----w- c:\programdata\Bandoo
2010-02-16 18:05 . 2010-02-16 18:05 -------- d-----w- c:\program files\Bandoo
2010-02-16 18:00 . 2010-02-19 04:58 -------- d-----w- c:\program files\ProgDVB
2010-02-16 17:59 . 2010-02-16 17:59 -------- d-----w- c:\programdata\Technisat
2010-02-16 17:59 . 2010-02-19 12:32 -------- d-----w- c:\program files\TechniSat ---
2010-02-16 17:58 . 2010-02-16 17:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 18:14 . 2010-02-22 03:43 -------- d-sh--r- c:\users\RAMIN\AppData\Local\Start
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\users\RAMIN\AppData\Roaming\Nero
2010-02-15 14:57 . 2006-10-26 16:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr .dll
2010-02-15 14:57 . 2006-10-26 16:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-15 14:56 . 2010-02-15 14:56 -------- d-----w- c:\program files\Microsoft Works
2010-02-15 14:56 . 2010-02-15 14:56 -------- d-----w- c:\windows\PCHEALTH
2010-02-15 14:56 . 2010-02-15 14:56 -------- d-----w- c:\program files\Microsoft.NET
2010-02-15 14:54 . 2010-02-15 14:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-15 14:54 . 2010-02-15 14:54 -------- d-----w- c:\users\RAMIN\AppData\Local\Microsoft Help
2010-02-15 14:54 . 2010-02-15 14:58 -------- d-----w- c:\programdata\Microsoft Help
2010-02-15 14:53 . 2010-02-15 14:53 -------- d-----r- C:\MSOCache
2010-02-15 14:48 . 2010-02-15 14:48 -------- d-----w- c:\programdata\FLEXnet
2010-02-15 14:47 . 2010-02-15 14:48 -------- d-----w- c:\users\RAMIN\AppData\Local\Adobe
2010-02-15 14:47 . 2010-02-15 14:47 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-15 14:47 . 2008-04-07 11:08 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-15 14:44 . 2010-02-15 14:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-15 12:31 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-02-15 12:31 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2010-02-15 12:31 . 2010-02-15 12:31 -------- d-----w- c:\program files\Alwil Software
2010-02-15 12:28 . 2010-02-15 12:28 -------- d-----w- c:\users\RAMIN\AppData\Local\Ahead
2010-02-15 12:28 . 2010-02-15 12:28 -------- d-----w- c:\program files\NeroInstall.bak
2010-02-15 12:27 . 2010-02-15 12:27 -------- d-----w- c:\programdata\Nero
2010-02-15 12:27 . 2010-02-15 12:27 -------- d-----w- c:\program files\Nero
2010-02-15 12:27 . 2010-02-15 12:27 -------- d-----w- c:\program files\Common Files\Nero
2010-02-15 08:56 . 2010-02-15 08:56 -------- d-----w- c:\users\RAMIN\AppData\Roaming\COWON
2010-02-15 08:55 . 2010-02-16 17:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 08:55 . 2010-02-15 08:55 -------- d-----w- c:\program files\JetAudio
2010-02-15 08:55 . 2010-02-15 08:55 -------- d-----w- c:\program files\Common Files\COWON
2010-02-15 08:55 . 2010-02-15 08:55 -------- d-----w- c:\users\RAMIN\AppData\Roaming\InstallShield
2010-02-15 08:53 . 2010-02-15 08:53 -------- d-----w- c:\program files\Boot Configuration
2010-02-15 08:53 . 2010-02-15 08:53 -------- d-----w- c:\windows\system32\Macromed
2010-02-15 08:49 . 2010-02-15 08:49 -------- d-----w- c:\users\RAMIN\AppData\Roaming\Media Player Classic
2010-02-15 08:41 . 2010-02-15 08:52 -------- d-----w- c:\windows\Panther
2010-02-15 08:41 . 2010-02-15 08:41 -------- d-----w- C:\Boot
2010-02-15 07:41 . 2010-02-16 18:00 109920 ----a-w- c:\users\RAMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-15 05:07 . 2010-02-15 05:07 -------- d-----w- c:\users\RAMIN\AppData\Local\Yahoo
2010-02-14 21:52 . 2010-01-14 07:42 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-14 21:52 . 2010-02-14 21:52 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2010-02-14 21:35 . 2010-02-22 03:44 -------- d-----w- c:\programdata\NVIDIA
2010-02-14 21:35 . 2010-02-14 21:35 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-14 21:35 . 2010-02-14 21:35 -------- d-----w- c:\windows\system32\AGEIA
2010-02-14 21:35 . 2010-02-14 21:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-14 21:35 . 2010-02-14 21:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-14 21:32 . 2010-02-22 11:31 -------- d-----w- c:\windows\system32\wbem\Performance
2010-02-14 21:30 . 2010-02-14 21:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-14 21:30 . 2010-02-14 21:33 -------- d-----w- c:\users\RAMIN\AppData\Roaming\Winamp
2010-02-14 21:30 . 2010-02-14 21:30 -------- d-----w- c:\program files\Winamp
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\programdata\Yahoo!
2010-02-14 21:29 . 2009-08-18 14:08 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\program files\AsiaTech
2010-02-14 21:29 . 2003-08-15 21:51 24576 ----a-w- c:\windows\system32\CoInst.dll
2010-02-14 21:29 . 2003-08-15 19:56 138402 ----a-w- c:\windows\system32\drivers\glausb.sys
2010-02-14 21:29 . 2003-08-14 20:29 160963 ----a-w- c:\windows\system32\drivers\gtipdsp.bin
2010-02-14 21:29 . 2003-06-10 21:55 12288 ------w- c:\windows\system32\CplEng.dll
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\program files\Yahoo!
2010-02-14 21:29 . 2010-02-20 13:47 -------- d-sh--w- c:\windows\Installer
2010-02-14 21:24 . 2010-02-14 21:24 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-02-15 14:56 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-02-15 12:30 . 2010-02-15 12:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2010-02-14 21:32 . 2010-02-14 21:31 -------- d-----w- c:\program files\DAP
2010-02-14 21:31 . 2010-02-14 21:31 -------- d-----w- c:\programdata\SpeedBit
2010-02-14 21:31 . 2010-02-14 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2010-01-18 23:31 2074048 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-02-14 2803200]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DSLSTATEXE"="c:\program files\AsiaTech\ADSL\dslstat.exe" [2003-06-10 299008]
"DSLAGENTEXE"="c:\program files\AsiaTech\ADSL\dslagent.exe" [2003-08-19 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-07-09 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11/20/2009 7:17 PM 240232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [6/11/2009 12:48 AM 139776]
R3 SkyNetBDA;TechniSat ----PC TV Star PCI (BDA);c:\windows\System32\drivers\SkyNetBDA.sys [1/9/2010 3:49 PM 551824]
S3 SKYNET;TechniSat ----PC TV Star PCI;c:\windows\System32\drivers\SkyNET.sys [1/10/2010 9:15 PM 507408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
uInternet Settings,ProxyOverride = local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\RAMIN\AppData\Roaming\Mozilla\Firefox\Pro files\gtzxcsxk.default\
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-22 18:32:12
ComboFix-quarantined-files.txt 2010-02-22 15:02
Pre-Run: 43,532,288 bytes free
Post-Run: 288,112,640 bytes free
- - End Of File - - E4EA3E6E7308E1587F89502822AC3F68
picher_s
23-02-2010, 19:01
خوب حالا آویرا.... حتما بخبر.
مطمئنید نرم افزاری مثله فوتوشاب باز نمیکنید و بعد هم یه هو نمیبندید؟!!!
ramin1988
23-02-2010, 19:11
خوب حالا آویرا.... حتما بخبر.
مطمئنید نرم افزاری مثله فوتوشاب باز نمیکنید و بعد هم یه هو نمیبندید؟!!!
نه اصلا رو ویندوزم فتوشاپ نصب نیست .
ramin1988
24-02-2010, 13:20
داداش آویرا هم نصب کردم . ولی بازم ..........
picher_s
24-02-2010, 18:01
نهههههههههههههههههههههههه ههه!!!
مطمئنی به روز هست؟!!!
تنها چیزی از Combofix معلوم شد : G:\Autorun.inf بود!!
پس SuperAntiSpyware رو دیگه دون و اجرا کن.
ما اصولا با این دوتا این جور نرم افزارهای مخرب و پاک میکنیم!!!
دوباره بیا.
vBulletin , Copyright ©2000-2024, Jelsoft Enterprises Ltd.