مشکل با یک ویروس

درود


1-اجرا

کد:

---

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

---

و قرار دادن Logش اینجا.

2- آویرا

3- Super Anti Spy ware این نرم افزار از Homepage شما محافظت میکنه.
مطئن باشید حل خواهد شد.

پیروز باشید.

نقل قول:

---

نوشته شده توسط picher_s [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

درود


1-اجرا

کد:

---

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

---

و قرار دادن Logش اینجا.

2- آویرا

3- Super Anti Spy ware این نرم افزار از Homepage شما محافظت میکنه.
مطئن باشید حل خواهد شد.

پیروز باشید.

---

کوبو فیکس را از قبل داشتم
اجراش کردم اپدیت کرد چون قدیمی بود
آویرا ندارم
هوم پیج هم درست شده
اینم لوگوی کوبو فیکس :

ComboFix 10-07-16.02 - Esi 19-07-2010 12.11.25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2047.1627 [GMT 4,5:30]
Running from: e:\software\Anti Virus\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-08-17 08:08 . 2010-08-17 08:08 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2010-08-17 08:08 . 2010-08-17 08:07 990208 ----a-w- c:\windows\system32\syssetup.dll
2010-07-18 21:48 . 2010-07-05 10:00 3687344 ----a-w- c:\documents and settings\Esi\Application Data\Simply Super Software\Trojan Remover\awe3.exe
2010-07-16 12:31 . 2010-07-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 11:17 . 2010-07-16 11:17 -------- d-----w- c:\documents and settings\Esi\Local Settings\Application Data\ESET
2010-07-16 10:47 . 2010-07-16 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-16 07:43 . 2010-07-17 22:40 -------- d-----w- c:\program files\Valve
2010-07-15 22:45 . 2010-07-15 22:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-15 21:36 . 2010-07-15 21:36 -------- d-----w- c:\documents and settings\Esi\Application Data\GRETECH
2010-07-15 19:10 . 2010-07-18 21:29 -------- d-----w- c:\program files\sXe Injected
2010-07-15 18:41 . 2010-07-18 21:29 -------- d-----w- c:\program files\CS22
2010-07-15 18:39 . 2010-07-15 18:39 -------- d-----w- c:\documents and settings\Esi\Application Data\ESET
2010-07-15 18:38 . 2010-07-15 18:38 -------- d-----w- c:\program files\ESET
2010-07-15 18:38 . 2010-07-15 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-15 18:30 . 2010-07-15 18:30 -------- d-----w- c:\documents and settings\Esi\Application Data\NVIDIA
2010-07-15 18:26 . 2010-07-15 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-15 17:57 . 2010-07-15 17:57 -------- d-----w- c:\program files\Eidos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-19 07:37 . 2010-07-09 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-07-18 21:48 . 2010-07-16 12:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-18 21:40 . 2010-07-16 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 21:39 . 2010-07-18 21:37 -------- d-----w- c:\program files\Trojan Remover
2010-07-18 21:37 . 2010-07-18 21:37 -------- d-----w- c:\documents and settings\Esi\Application Data\Simply Super Software
2010-07-18 21:37 . 2010-07-18 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-07-17 23:12 . 2010-07-09 12:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 12:31 . 2010-07-16 12:31 -------- d-----w- c:\documents and settings\Esi\Application Data\Malwarebytes
2010-07-16 07:43 . 2010-07-09 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 22:31 . 2010-07-09 13:23 -------- d-----w- c:\documents and settings\Esi\Application Data\IDM
2010-07-15 21:52 . 2010-07-09 13:16 -------- d-----w- c:\documents and settings\Esi\Application Data\Babylon
2010-07-15 18:29 . 2010-07-09 12:43 64688 ----a-w- c:\documents and settings\Esi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 18:06 . 2010-07-09 13:24 -------- d-----w- c:\program files\Opera
2010-07-09 13:40 . 2010-07-09 13:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-09 13:38 . 2010-07-09 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-07-09 13:38 . 2010-07-09 13:38 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-07-09 13:35 . 2010-07-09 13:35 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 13:34 . 2010-07-09 13:34 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 13:30 . 2010-07-09 13:30 -------- d-----w- c:\program files\Alcohol Soft
2010-07-09 13:27 . 2010-07-09 13:26 -------- d-----w- c:\program files\Video Convert Master
2010-07-09 13:27 . 2010-07-09 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-09 13:25 . 2010-07-09 13:25 0 ----a-w- c:\windows\nsreg.dat
2010-07-09 13:23 . 2010-07-09 13:23 -------- d-----w- c:\program files\Internet Download Manager
2010-07-09 13:23 . 2010-07-09 13:23 218544 ----a-w- c:\documents and settings\Esi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-07-09 13:23 . 2010-07-09 13:23 -------- d-----w- c:\documents and settings\Esi\Application Data\DMCache
2010-07-09 13:18 . 2010-07-09 13:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-09 13:16 . 2010-07-09 13:16 -------- d-----w- c:\program files\Babylon
2010-07-09 13:16 . 2010-07-09 13:16 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-09 13:15 . 2010-07-09 13:15 -------- d-----w- c:\program files\Nero
2010-07-09 13:15 . 2010-07-09 13:15 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-09 13:15 . 2010-07-09 13:15 -------- d-----w- c:\program files\Franzis
2010-07-09 13:10 . 2010-07-09 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 13:08 . 2010-07-09 13:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-09 13:05 . 2010-07-09 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-09 13:04 . 2010-07-09 13:04 124800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\MSBuild
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\Yahoo!
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\Reference Assemblies
2010-07-09 13:02 . 2010-07-09 13:02 -------- d-----w- c:\program files\Real Alternative
2010-07-09 13:01 . 2010-07-09 13:01 -------- d-----w- c:\program files\GRETECH
2010-07-09 13:00 . 2010-07-09 13:00 -------- d-----w- c:\program files\OpenTarget
2010-07-09 12:59 . 2010-07-09 12:59 -------- d-----w- c:\program files\HamiSoft Nastaliq For Office
2010-07-09 12:56 . 2010-07-09 12:56 -------- d-----w- c:\program files\PC Camera
2010-07-09 12:56 . 2010-07-09 12:56 -------- d-----w- c:\program files\Common Files\PCCamera
2010-07-09 12:55 . 2010-07-09 12:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-09 12:55 . 2010-07-09 12:55 -------- d-----w- c:\program files\USB Vibration
2010-07-09 12:49 . 2010-07-09 12:49 -------- d-----w- c:\program files\Intel
2010-07-09 12:35 . 2010-07-09 12:35 -------- d-----w- c:\program files\microsoft frontpage
2010-07-09 12:33 . 2010-07-09 12:33 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-09 12:28 . 2010-07-09 12:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 11:09 . 2010-07-18 21:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 11:09 . 2010-07-18 21:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[-] 2009-08-25 . D9E2C0E8AA247A1D4F895DE38E393B82 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2010-08-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-09 3220912]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Esi\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\binaries\\ShippingPC-BmGame.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16-11-2009 09.03.36 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-11-2009 09.04.30 735960]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [09-07-2010 21.07.25 72192]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\phtvtune.sys [09-07-2010 17.24.30 24608]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [28-05-2010 10.34.51 91776]
S3 hid8101;hid8101;c:\windows\system32\drivers\system 32.sys [09-07-2010 17.25.12 64880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2010 17.45.43 722416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://search.localstrike.com.ar/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\Esi\Application Data\Mozilla\Firefox\Profiles\3uyj11nv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LocalStrike
FF - prefs.js: browser.startup.homepage - hxxp://search.localstrike.com.ar/
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Esi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Video Convert Master\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
HKLM-Run-59xad - 1e115.exe
HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

کد:

---

http://www.gmer.net

---

Rootkit scan 2010-07-19 12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (A B C D 2 3 5 6) (Everyone)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,f d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(880)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-07-19 12:15:13
ComboFix-quarantined-files.txt 2010-07-19 07:45

Pre-Run: 36.354.527.232 bytes free
Post-Run: 36.404.457.472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A181FC076954985EF9CFCD4BC9447385