مشکل با یک ویروس

**picher_s** · 18-07-2010, 13:24

درود

1-اجرا

کد:

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

و قرار دادن Logش اینجا.

2- آویرا

3- Super Anti Spy ware این نرم افزار از Homepage شما محافظت میکنه.
مطئن باشید حل خواهد شد.

پیروز باشید.

**golmohammadi** · 19-07-2010, 07:50

نوشته شده توسط picher_s [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

درود

1-اجرا

کد:

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

و قرار دادن Logش اینجا.

2- آویرا

3- Super Anti Spy ware این نرم افزار از Homepage شما محافظت میکنه.
مطئن باشید حل خواهد شد.

پیروز باشید.

کوبو فیکس را از قبل داشتم
اجراش کردم اپدیت کرد چون قدیمی بود
آویرا ندارم
هوم پیج هم درست شده
اینم لوگوی کوبو فیکس :

ComboFix 10-07-16.02 - Esi 19-07-2010 12.11.25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2047.1627 [GMT 4,5:30]
Running from: e:\software\Anti Virus\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-08-17 08:08 . 2010-08-17 08:08 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2010-08-17 08:08 . 2010-08-17 08:07 990208 ----a-w- c:\windows\system32\syssetup.dll
2010-07-18 21:48 . 2010-07-05 10:00 3687344 ----a-w- c:\documents and settings\Esi\Application Data\Simply Super Software\Trojan Remover\awe3.exe
2010-07-16 12:31 . 2010-07-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 11:17 . 2010-07-16 11:17 -------- d-----w- c:\documents and settings\Esi\Local Settings\Application Data\ESET
2010-07-16 10:47 . 2010-07-16 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-16 07:43 . 2010-07-17 22:40 -------- d-----w- c:\program files\Valve
2010-07-15 22:45 . 2010-07-15 22:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-15 21:36 . 2010-07-15 21:36 -------- d-----w- c:\documents and settings\Esi\Application Data\GRETECH
2010-07-15 19:10 . 2010-07-18 21:29 -------- d-----w- c:\program files\sXe Injected
2010-07-15 18:41 . 2010-07-18 21:29 -------- d-----w- c:\program files\CS22
2010-07-15 18:39 . 2010-07-15 18:39 -------- d-----w- c:\documents and settings\Esi\Application Data\ESET
2010-07-15 18:38 . 2010-07-15 18:38 -------- d-----w- c:\program files\ESET
2010-07-15 18:38 . 2010-07-15 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-15 18:30 . 2010-07-15 18:30 -------- d-----w- c:\documents and settings\Esi\Application Data\NVIDIA
2010-07-15 18:26 . 2010-07-15 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-15 17:57 . 2010-07-15 17:57 -------- d-----w- c:\program files\Eidos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-19 07:37 . 2010-07-09 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-07-18 21:48 . 2010-07-16 12:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-18 21:40 . 2010-07-16 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 21:39 . 2010-07-18 21:37 -------- d-----w- c:\program files\Trojan Remover
2010-07-18 21:37 . 2010-07-18 21:37 -------- d-----w- c:\documents and settings\Esi\Application Data\Simply Super Software
2010-07-18 21:37 . 2010-07-18 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-07-17 23:12 . 2010-07-09 12:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-16 12:31 . 2010-07-16 12:31 -------- d-----w- c:\documents and settings\Esi\Application Data\Malwarebytes
2010-07-16 07:43 . 2010-07-09 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 22:31 . 2010-07-09 13:23 -------- d-----w- c:\documents and settings\Esi\Application Data\IDM
2010-07-15 21:52 . 2010-07-09 13:16 -------- d-----w- c:\documents and settings\Esi\Application Data\Babylon
2010-07-15 18:29 . 2010-07-09 12:43 64688 ----a-w- c:\documents and settings\Esi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 18:06 . 2010-07-09 13:24 -------- d-----w- c:\program files\Opera
2010-07-09 13:40 . 2010-07-09 13:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-09 13:38 . 2010-07-09 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-07-09 13:38 . 2010-07-09 13:38 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-07-09 13:35 . 2010-07-09 13:35 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 13:34 . 2010-07-09 13:34 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 13:30 . 2010-07-09 13:30 -------- d-----w- c:\program files\Alcohol Soft
2010-07-09 13:27 . 2010-07-09 13:26 -------- d-----w- c:\program files\Video Convert Master
2010-07-09 13:27 . 2010-07-09 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-09 13:25 . 2010-07-09 13:25 0 ----a-w- c:\windows\nsreg.dat
2010-07-09 13:23 . 2010-07-09 13:23 -------- d-----w- c:\program files\Internet Download Manager
2010-07-09 13:23 . 2010-07-09 13:23 218544 ----a-w- c:\documents and settings\Esi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-07-09 13:23 . 2010-07-09 13:23 -------- d-----w- c:\documents and settings\Esi\Application Data\DMCache
2010-07-09 13:18 . 2010-07-09 13:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-09 13:16 . 2010-07-09 13:16 -------- d-----w- c:\program files\Babylon
2010-07-09 13:16 . 2010-07-09 13:16 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-09 13:15 . 2010-07-09 13:15 -------- d-----w- c:\program files\Nero
2010-07-09 13:15 . 2010-07-09 13:15 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-09 13:15 . 2010-07-09 13:15 -------- d-----w- c:\program files\Franzis
2010-07-09 13:10 . 2010-07-09 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 13:08 . 2010-07-09 13:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-09 13:05 . 2010-07-09 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-09 13:04 . 2010-07-09 13:04 124800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\MSBuild
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\Yahoo!
2010-07-09 13:03 . 2010-07-09 13:03 -------- d-----w- c:\program files\Reference Assemblies
2010-07-09 13:02 . 2010-07-09 13:02 -------- d-----w- c:\program files\Real Alternative
2010-07-09 13:01 . 2010-07-09 13:01 -------- d-----w- c:\program files\GRETECH
2010-07-09 13:00 . 2010-07-09 13:00 -------- d-----w- c:\program files\OpenTarget
2010-07-09 12:59 . 2010-07-09 12:59 -------- d-----w- c:\program files\HamiSoft Nastaliq For Office
2010-07-09 12:56 . 2010-07-09 12:56 -------- d-----w- c:\program files\PC Camera
2010-07-09 12:56 . 2010-07-09 12:56 -------- d-----w- c:\program files\Common Files\PCCamera
2010-07-09 12:55 . 2010-07-09 12:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-09 12:55 . 2010-07-09 12:55 -------- d-----w- c:\program files\USB Vibration
2010-07-09 12:49 . 2010-07-09 12:49 -------- d-----w- c:\program files\Intel
2010-07-09 12:35 . 2010-07-09 12:35 -------- d-----w- c:\program files\microsoft frontpage
2010-07-09 12:33 . 2010-07-09 12:33 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-09 12:28 . 2010-07-09 12:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 11:09 . 2010-07-18 21:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 11:09 . 2010-07-18 21:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[-] 2009-08-25 . D9E2C0E8AA247A1D4F895DE38E393B82 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2010-08-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-09 3220912]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Esi\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\binaries\\ShippingPC-BmGame.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16-11-2009 09.03.36 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-11-2009 09.04.30 735960]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [09-07-2010 21.07.25 72192]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\phtvtune.sys [09-07-2010 17.24.30 24608]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [28-05-2010 10.34.51 91776]
S3 hid8101;hid8101;c:\windows\system32\drivers\system 32.sys [09-07-2010 17.25.12 64880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2010 17.45.43 722416]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://search.localstrike.com.ar/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\Esi\Application Data\Mozilla\Firefox\Profiles\3uyj11nv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LocalStrike
FF - prefs.js: browser.startup.homepage - hxxp://search.localstrike.com.ar/
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Esi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Video Convert Master\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
HKLM-Run-59xad - 1e115.exe
HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

کد:

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

Rootkit scan 2010-07-19 12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (A B C D 2 3 5 6) (Everyone)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,f d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(880)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-07-19 12

13
ComboFix-quarantined-files.txt 2010-07-19 07:45

Pre-Run: 36.354.527.232 bytes free
Post-Run: 36.404.457.472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A181FC076954985EF9CFCD4BC9447385

نام تاپيک: مشکل با یک ویروس

اختيارات تاپيک

این کاربر از picher_s بخاطر این مطلب مفید تشکر کرده است

Thread Information

Users Browsing this Thread

User Tag List

قوانين ايجاد تاپيک در انجمن