مشاهده نسخه کامل
: کمک!!!!
سلام
سیستمم ویروسی داره که وقتی درایوی رو باز میکنم کزینه back رو نداره به عبارتی تولبار بالای ویندوز رو نداره، در صفحه اول فروم گفته بودند یه سری مراحل رو بریم تا سیستم درست شه من اشتباها اول Malwarebytes' Anti-Malware رو اجرا کردم و بعد rkill.log که باید عکس این کار را می کردم، به هر حال Malwarebytes' Anti-Malware ( البته چون از dial up استفاده می کنم آبدیت نکردمش، چند تا فایل رو ویروسی تشخیص داد و پاککرد و یه گزارشم بم داد. و در نهایت هم من فایل RRT رو اجرا کردم. لازم به ذکر است پس از اجرای این فایلها و آنتی ویروسهادر درایوهام چند تا فایل به صورت hidden پیدا شده (RECYCLER و System Volume Information
1- آیا اشتباه من تاثیری در روند پاکسازی داشته؟
2 - طبق توضیحاتتون فک می کردم بعد از اجرای فایل RRT تولبار بالای صفحات بالای ویندوز درست میشه که نشد چرا؟؟
3 چه پیشنهادی دارید تا سیستمم به حالت عادی برگرده؟
ممنون ام
حذف شدن تولبار کمتر به ویروسی بودن سیستم بر می گرده
1- نه چون ویروس خاصی نداشتید مشکلی وجود نداره
2- چون کمتر ویروسی میاد تولبار رو غیر فعال کنه برا همین تو اون برنامه همچین امکانی گذاشته نشده
3- برای درست شدن تولبار
[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
البته از منوی View --> Toolbars --> Customize هم می شه به اونجا رفت
برای حل مشکل RECYCLER و System Volume Information از دو گزینه نشان داده شده پایینی باید تیک داشته باشه
[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
Dr Hannibal
08-08-2011, 14:23
احیانا اگر با پست بالا درست نشد :
لاگ DDS و rkil رو اینجا past کنید.
یک تاپیک دیگه در انجمن ویندوز مربوه بزنید و موضوع رو غیر از ویروسی بودن هم پیگیری کنید.
موفق باشید
با سلام
گزینه های Back , folder option و ..... رو کلا در بالای صفحه ویندوز ندارم
1- لاگ dds مربوط به کدو منرم افزاره؟
این مال Malwarebytes' Anti-Malware هستش::
Malwarebytes' Anti-Malware 1.51.1.1800
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنیدDatabase version: 7035
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6/25/2011 6:48:16 PM
mbam-log-2011-06-25 (18-48-16).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 891012
Time elapsed: 2 hour(s), 10 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 77
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_MRXCLS (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_MRXNET (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MRxCls (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MRxNet (Rootkit.TmpHider) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP130\A0078587.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079453.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079478.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079499.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079520.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079544.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079571.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079605.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079626.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP144\A0079661.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079708.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079753.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079777.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079805.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079825.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0079872.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0080862.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP147\A0080943.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081001.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081038.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081071.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081101.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082101.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082126.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\alcohol 120\alcohol_120__1.9.6.5429\alcohol 120% 1.9.6.5429 retail\Patch\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\internet_download_manager_5.12\internet download manager 5.12\Patch\Patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\office 2007\soft ware\Internet\ccproxy 6.4.2\ccproxysetup.exe (PUP.CCProxy) -> Not selected for removal.
e:\office 2007\soft ware\Internet\getright pro 6.3.04\Crack\GetRight.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\office 2007\soft ware\Internet\multi cam pro 2.0\Crack\crack.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
e:\office 2007\soft ware\Internet\multi yahoo 8\multi yahoo8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079455.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079480.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079501.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079522.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079546.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079573.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079607.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079628.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP144\A0079663.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079710.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079755.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079779.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079807.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079827.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0079874.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0080864.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP147\A0080945.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081003.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081040.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081073.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081103.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082103.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082128.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
e:\babylon (d)\babylon 5.0 pro\Crack\babylon pro v5.0 crack.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079457.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079482.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079503.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079524.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079548.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP142\A0079575.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079609.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP143\A0079630.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP144\A0079665.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079712.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079757.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079781.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079809.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP145\A0079829.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0079876.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP146\A0080866.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP147\A0080947.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081005.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081042.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081075.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0081105.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082105.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1d06be76-bf83-4922-9554-5ad211617586}\RP148\A0082130.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
3 - این مال rkill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 06/25/2011 at 19:00:25.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Rkill completed on 06/25/2011 at 19:00:27.
توضيحات و لينك دانلود DDS اينجا هست
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
احتمالا سيستم شما به Stuxnet آلوده شده
اين فايلها رو اگه وجود داشتند به ويروس توتال آپلود كنيد و لينك اسكن رو اينجا بزاريد
C:\WINDOWS\system32\MRxNet.sys
C:\WINDOWS\system32\mrxcls.sys
Dr Hannibal
10-08-2011, 04:11
RRT رو دوباره اجرا کنید بگید سیستم در چه وضعیته.
اگه مشکل نت ندارید و باز با rrt حل نشد از لینک زیر removal tool کسپرسکی اجرا و اسکن کنید.
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
سلام
1- این دو تا نتیجه از اجرای DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2009 10:22:32 PM
System Uptime: 7/14/2011 5:12:42 AM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA69G-S3H
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket M2 | 2505/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket M2 | 2505/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 0.268 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 33.339 GiB free.
E: is FIXED (NTFS) - 49 GiB total, 27.798 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 0.128 GiB free.
G: is CDROM (CDFS)
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP100: 6/7/2012 10:51:24 AM - Software Distribution Service 3.0
RP101: 6/7/2012 10:36:34 PM - Software Distribution Service 3.0
RP102: 6/11/2012 6:46:02 AM - System Checkpoint
RP103: 6/11/2012 7:09:09 AM - Removed ESET Smart Security
RP104: 6/11/2012 7:10:49 AM - Installed ESET Smart Security
RP105: 6/11/2012 7:17:42 AM - Installed ESET Smart Security
RP106: 6/11/2011 8:02:30 PM - System Checkpoint
RP107: 6/12/2011 6:39:10 PM - Software Distribution Service 3.0
RP108: 6/13/2011 12:30:42 PM - Software Distribution Service 3.0
RP109: 6/14/2011 5:04:11 PM - Software Distribution Service 3.0
RP110: 6/19/2011 9:08:28 AM - System Checkpoint
RP111: 6/20/2011 9:48:47 AM - System Checkpoint
RP112: 6/21/2011 10:17:14 AM - System Checkpoint
RP113: 6/22/2011 10:53:25 AM - System Checkpoint
RP114: 6/25/2011 4:53:05 PM - System Checkpoint
RP115: 6/25/2011 9:24:05 PM - Software Distribution Service 3.0
RP116: 6/27/2011 11:52:30 AM - Software Distribution Service 3.0
RP117: 6/29/2011 2:02:12 PM - System Checkpoint
RP118: 7/4/2011 5:10:31 PM - System Checkpoint
RP119: 7/4/2011 7:56:01 PM - Software Distribution Service 3.0
RP120: 7/7/2011 1:51:21 PM - System Checkpoint
RP121: 7/13/2011 1:35:26 AM - System Checkpoint
RP122: 7/14/2011 6:42:44 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATP/MinGW and tools (remove only)
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ESET Smart Security
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Longman Active Study Dictionary
Longman Dictionary of Contemporary English 5th Edition
Malwarebytes' Anti-Malware version 1.51.1.1800
Mathematica 5
MATLAB R2007a
MATLAB R2008a
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
Nero 6 Ultra Edition
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
QUICKfind server v1.1
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Shockwave
Skins
TELL ME MORE
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinZip
Yahoo! Companion
Yahoo! Messenger
Zoltrix Conexant 3chips Faxmodem
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 7:46:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
2/9/2012 7:46:32 AM, error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2012 7:32:33 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/28/2012 12:56:42 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/28/2012 12:56:42 AM, error: SideBySide [59] - Generate Activation Context failed for h:\win32\bin\win32\VCRT_check.exe. Reference error message: The operation completed successfully. .
1/28/2012 12:56:42 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/28/2012 12:48:22 AM, error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
1/22/2012 8:03:33 AM, error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/22/2012 8:03:33 AM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
************************************************** ***
************************************************** ******
و دومیش
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Somayeh at 8:55:33 on 2011-07-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.989 [GMT 3.5:30]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Somayeh\Desktop\Somi Anti\RRT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
mDefault_Page_URL = hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
mStart Page = hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
mWinlogon: Userinit=userinit.exe
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.d ll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.d ll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RRT-Auto] c:\documents and settings\somayeh\desktop\somi anti\RRT.exe auto
StartupFolder: c:\docume~1\somayeh\startm~1\programs\startup\adob eg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado bea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win zip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\somayeh\application data\mozilla\firefox\profiles\y5r5avhp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-27 366640]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-6-27 22712]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-6-27 41272]
S3 NvLock;NvLock;c:\windows\system32\drivers\NvLock.s ys [2010-1-8 8380]
.
=============== Created Last 30 ================
.
2012-06-07 07:21:29 -------- d-----w- c:\windows\system32\PreInstall
2012-06-07 07:21:27 -------- d--h--w- c:\windows\$hf_mig$
2012-01-07 22:48:37 -------- d-----w- c:\windows\system32\appmgmt
2012-01-01 04:38:45 -------- d-----w- c:\program files\MATLAB71
2011-12-29 21:00:25 -------- d-----w- c:\program files\Auralog
2011-12-27 22:53:16 -------- d-----w- c:\documents and settings\somayeh\application data\MathWorks
2011-12-27 22:45:53 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-12-27 22:45:53 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-12-27 22:45:52 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-12-27 22:10:03 -------- d-----w- c:\program files\MATLAB
2011-12-27 21:53:04 -------- d-----w- c:\program files\Alcohol Soft
2011-12-27 21:51:28 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-27 21:31:57 -------- d-----w- c:\documents and settings\somayeh\local settings\application data\Mathematica
2011-12-27 21:31:57 -------- d-----w- c:\documents and settings\all users\application data\Mathematica
2011-12-27 21:31:56 -------- d-----w- c:\documents and settings\somayeh\application data\Mathematica
2011-12-27 21:29:48 -------- d-----w- c:\program files\Wolfram Research
2011-12-17 16:40:14 -------- d-----w- C:\ATP
2011-11-23 07:13:56 -------- d-----w- c:\documents and settings\somayeh\local settings\application data\Ahead
2011-11-20 05:21:04 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-11-20 05:21:04 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-11-20 05:21:03 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-11-20 05:21:03 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-11-07 18:40:56 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr .dll
2011-11-07 18:40:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-11-07 18:36:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-11-07 18:36:16 -------- d-----w- c:\documents and settings\somayeh\local settings\application data\Microsoft Help
2011-10-27 14:39:16 -------- d-----w- c:\documents and settings\somayeh\application data\ESET
2011-09-29 15:54:45 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-09-27 21:47:09 -------- d-----w- c:\documents and settings\somayeh\local settings\application data\Identities
2011-07-27 10:48:03 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2011-07-27 10:48:03 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2011-07-27 10:47:54 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-07-27 10:47:54 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-07-27 10:47:54 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-07-27 10:47:54 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-07-27 10:47:54 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2011-07-27 10:47:54 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-06-27 08:25:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-27 08:25:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 08:25:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 12:52:13 -------- d-----w- c:\documents and settings\somayeh\application data\Malwarebytes
2011-06-25 12:52:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
1999-06-25 08:25:30 149504 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 8:56:02.56 ===============
2- این هم نتیجه FULL SCAN دوباره با َ RRT.
DETECTED Malware-win32 classid-61348 AND REMOVED
ولی چیزی درست نشد
3- سیستم 32 رو هم گشتم اون دو تا فایل نبود
4- راستی من فایل این برنامه ها رو یه بار از کافی نت گرفتم و اوردمخونه ودیگه آبدیت نکردم.
5- اگه راه آخر رو دانلود و اجرای کاسپرسکای میدونید باز برم کافی نت!!!
ممنون ام از کمکتون
Dr Hannibal
11-08-2011, 12:12
کسپرسکی پروتابل هست ، و نیار به اپدیت نداره. removal tool
آپدیت مالوربایت از این لینک:
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
داخلش یک فایل به اسم rules.ref هست.
این فایل رو باید به مسیر زیر انتقال بدی
Windows XP rules.ref location:
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
Vista rules.ref location:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
آپدیت خیلی تاثیر گذاره.
Dr Hannibal
11-08-2011, 12:28
روش دستی هم تست کنید که نیاز به نت نداره !
1- از Start Menu وارد Run بشيد و در اونجا تايپ کنيد : regedit
وقتي صفحه ي رجيستري باز شد ، از سمت چپ وارد اين مسير بشيد :
کد:
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنیددر اين قسمت ، در ليست متغير هايي که سمت راست وجود دارند ، متغير آبي رنگي ( DWORD Value ) رو به نام Hidden پيدا کنيد و روی ان دابل کليک کنيد . اگر مقدارش ( Value data ) به 0 تغيير کرده ، ان را به 1 یا 2 تغییر دهید و OK کنيد . حالا رجيستري رو ببنديد و ريستارت کنيد .
2- مسير زير رو دنبال کنيد :
کد:
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنیداکنون در سمت راست پنجره ي Regedit روي Type دو بار کليک کرده و مقدار آن رو برابر با group قرار دهيد ( يعني در پنجره اي که باز ميشه کلمه ي group رو تايپ کنيد ).
با اين کار تونستيد Show Hidden Files از دست رفته را که دیده نمی شد برگردونید .
3-مسير زير رو دنبال کنيد :
کد:
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنیددر سمت راست پنجره ي Regedit مقدار CheckedValue رو برابر با 1 قرار بديد.
گرفتن و اجرا کردن این برنامه . وقتی برنامه را اجرا کردید به اخطار داده شده توجهی نکنید و روی ok کلیک کنید .
با سلام و تشکر فراوان
1-سوالی داشتم که می خوام شکلشو past کنم، نشد، راهش چیه؟
2-در مورد روش دستی قسمت اول که 1 بود قسمت دوم گزینه type ( که در قسمت با پس زمینه کرم قرار داره )قابل کلیک شدن نیست!
بايد عكس ها رو اول به سايت هاي آپلود عكس مثل
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
آپلود كنيد و بعد لينكي رو كه بهتون مي دن رو اينجا بزاريد
روي type نبايد كليك كنيد بايد روي نام متغيير كه اينجا Hidden هست دوبار كليك كنيد و تو كادر نشون داده شده اون مقدار رو وارد كنيد
vBulletin , Copyright ©2000-2024, Jelsoft Enterprises Ltd.