تبلیغات :
ماهان سرور
آکوستیک ، فوم شانه تخم مرغی ، پنل صداگیر ، یونولیت
دستگاه جوجه کشی حرفه ای
فروش آنلاین لباس کودک
خرید فالوور ایرانی
خرید فالوور اینستاگرام
خرید ممبر تلگرام

[ + افزودن آگهی متنی جدید ]




نمايش نتايج 1 به 9 از 9

نام تاپيک: w32.fujacks.ce!infچطورميشه پاكش كرد

  1. #1
    داره خودمونی میشه رضاانزلي's Avatar
    تاريخ عضويت
    May 2009
    محل سكونت
    از unام پيداست.جاي قشنگيه
    پست ها
    32

    پيش فرض w32.fujacks.ce!infچطورميشه پاكش كرد

    با سلام خدمت دوستان
    توي يكي از سيستمهاي شبكه ويروسي با نام w32.fujacks.ce!infافتاده كه sysmantec,macاونو lيشناسه يك بارclean ويك بارdelميكنن ولي بازم ويندوزو به هم ميريزه وپيغام Schost.exe,lsasc.exe cannot read memory...ميده combofixهم نتونست كاري بكنه لطفا راهي نشون بديد ممنون

  2. #2
    کاربر فعال انجمن نرم افزار picher_s's Avatar
    تاريخ عضويت
    Dec 2008
    محل سكونت
    زیر چتر اویرا در تفریج!
    پست ها
    1,453

    پيش فرض

    درود

    چطوری رفیق؟!!

    موسستون خوب هستند؟!

    خوب بعد از اجرای Combofix شما متنه Logَ رو اینجا Paste کنید.

    بعد هم آویرا بنصبید.
    Last edited by picher_s; 06-02-2010 at 12:17.

  3. #3
    کاربر فعال انجمن نرم افزار picher_s's Avatar
    تاريخ عضويت
    Dec 2008
    محل سكونت
    زیر چتر اویرا در تفریج!
    پست ها
    1,453

    پيش فرض

    ...........

  4. #4
    آخر فروم باز amd>intel's Avatar
    تاريخ عضويت
    Nov 2005
    پست ها
    3,446

    پيش فرض

    با استرینگر مکافی هم میتونی پاکش کنی

  5. #5
    داره خودمونی میشه رضاانزلي's Avatar
    تاريخ عضويت
    May 2009
    محل سكونت
    از unام پيداست.جاي قشنگيه
    پست ها
    32

    پيش فرض

    lo combo
    ComboFix 10-02-01.02 - Administrator 02/08/2010 8:19.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1256.981.1033.18.959.400 [GMT 3.5:30]
    Running from: f:\anti viruse\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\c.exe
    c:\windows\kb913800.exe
    c:\windows\system32\asycfilt.dllkLMYS
    c:\windows\system32\c_30218.nls
    c:\windows\system32\cryptcom.dll
    c:\windows\system32\dllcache\asycfilt.dllkLMYS
    c:\windows\system32\dllcache\dsound.dllIExRj
    c:\windows\system32\drivers\dHook.sys
    c:\windows\system32\dsound.dllIExRj
    c:\windows\system32\fyddos.dll
    c:\windows\system32\iscsrunsrv.dll
    c:\windows\system32\t320067.dll
    c:\windows\system32\t320067.ini
    c:\windows\system32\t322044.dll
    c:\windows\system32\t322044.ini
    c:\windows\system32\t329139.dll
    c:\windows\system32\t329139.ini
    c:\windows\Temp\1057.exe
    c:\windows\Temp\1716000.exe
    c:\windows\Temp\1835328.exe
    c:\windows\Temp\2475250.exe
    c:\windows\Temp\2498109.exe
    c:\windows\Temp\2580500.exe
    c:\windows\Temp\2607234.exe
    c:\windows\Temp\2659375.exe
    c:\windows\Temp\2688859.exe
    c:\windows\Temp\2773671.exe
    c:\windows\Temp\2800281.exe
    c:\windows\Temp\2807468.exe
    c:\windows\Temp\2852562.exe
    c:\windows\Temp\2934875.exe
    c:\windows\Temp\2964734.exe
    c:\windows\Temp\3015390.exe
    c:\windows\Temp\3097781.exe
    c:\windows\Temp\3130500.exe
    c:\windows\Temp\432359.exe
    c:\windows\Temp\4495546.exe
    c:\windows\Temp\4553593.exe
    c:\windows\Temp\458656.exe
    c:\windows\Temp\4680656.exe
    c:\windows\Temp\4707062.exe
    c:\windows\Temp\4849625.exe
    c:\windows\Temp\4876343.exe
    c:\windows\Temp\4960921.exe
    c:\windows\Temp\4997343.exe
    c:\windows\Temp\5005078.exe
    c:\windows\Temp\5014734.exe
    c:\windows\Temp\5029906.exe
    c:\windows\Temp\5048281.exe
    c:\windows\Temp\5064906.exe
    c:\windows\Temp\5080796.exe
    c:\windows\Temp\5102250.exe
    c:\windows\Temp\5125234.exe
    c:\windows\Temp\5221703.exe
    c:\windows\Temp\5333234.exe
    c:\windows\Temp\542656.exe
    c:\windows\Temp\5491875.exe
    c:\windows\Temp\570234.exe
    c:\windows\Temp\5882984.exe
    c:\windows\Temp\5926140.exe
    c:\windows\Temp\608328.exe
    c:\windows\Temp\663000.exe
    c:\windows\Temp\748968.exe
    c:\windows\Temp\788250.exe
    c:\windows\Temp\796734.exe
    c:\windows\Temp\815109.exe
    c:\windows\Temp\910375.exe
    c:\windows\Temp\939546.exe
    c:\windows\TEMP\Win_XP\Win_XP\WindowsXP-KB958644-x86-ENU.exe
    D:\cconter.exe
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\1033\MSOHELP.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\1033\SCHDPL32.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\1033\UNPACK.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\DSSM.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\EXCEL.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\FINDER.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\GRAPH.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\INFOPATH.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSACCESS.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSE7.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSOHTMED.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSPUB.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSQRY32.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSTORDB.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\MSTORE.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\OIS.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\OSA.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\OUTLOOK.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\POWERPNT.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\PPTVIEW.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\PROFLWIZ.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\SELFCERT.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\SETLANG.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\UNBIND.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\WAVTOASF.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Microsoft Office\OFFICE11\WINWORD.EXE
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Mozilla Firefox\crashreporter.exe
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Mozilla Firefox\firefox.exe
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Mozilla Firefox\uninstall\helper.exe
    d:\recycler\S-1-5-21-1801674531-1770027372-839522115-500\Dd1\Mozilla Firefox\updater.exe
    -- Previous Run --
    Infected copy of c:\windows\system32\rpcss.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\rpcss.dll
    Infected copy of c:\windows\system32\rpcss.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\rpcss.dll
    Infected copy of c:\windows\system32\lpk.dll was found and disinfected
    Restored copy from - c:\system volume information\_restore{C25D4C75-A720-4842-9297-DC6EC4F855A0}\RP9\A0001238.dll
    Infected copy of c:\windows\system32\rpcss.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\rpcss.dll
    Infected copy of c:\windows\system32\lpk.dll was found and disinfected
    Restored copy from - c:\system volume information\_restore{C25D4C75-A720-4842-9297-DC6EC4F855A0}\RP9\A0001238.dll
    Infected copy of c:\windows\system32\asycfilt.dll was found and disinfected
    Restored copy from - c:\system volume information\_restore{C25D4C75-A720-4842-9297-DC6EC4F855A0}\RP9\A0001241.dll
    Infected copy of c:\windows\system32\rpcss.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\rpcss.dll
    Infected copy of c:\windows\system32\lpk.dll was found and disinfected
    Restored copy from - c:\system volume information\_restore{C25D4C75-A720-4842-9297-DC6EC4F855A0}\RP9\A0001238.dll
    Infected copy of c:\windows\system32\asycfilt.dll was found and disinfected
    Restored copy from - c:\system volume information\_restore{C25D4C75-A720-4842-9297-DC6EC4F855A0}\RP9\A0001241.dll
    Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll
    --------
    Infected copy of c:\windows\system32\xmlprov.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\xmlprov.dll
    Infected copy of c:\windows\system32\ntmssvc.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\ntmssvc.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_BACKGROUND_SWITCH
    -------\Legacy_MEDIACENTER
    -------\Legacy_SLENUMHOOK2
    -------\Legacy_WINDOWSREMOTE
    -------\Service_BackGround switch
    -------\Service_MediaCenter
    -------\Service_WindowsRemote
    -------\Legacy_iScsSrv
    -------\Service_iScsSrv

    ((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
    .
    2010-02-08 04:11 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\lpk.dll
    2010-02-07 05:06 . 2010-02-07 05:06 21576704 -csha-w- c:\windows\system32\dllcache\qmgr.dll
    2010-02-07 05:06 . 2010-02-07 05:06 21576704 --sha-w- c:\windows\system32\qmgr.dll
    2010-02-07 05:03 . 2010-02-07 05:11 -------- d-----w- c:\windows\system32\TFLKKZ7L8O
    2010-02-07 04:58 . 2010-02-07 04:59 -------- d-----w- c:\windows\system32\SA4T7LX8MJ
    2010-02-07 04:40 . 2004-08-03 23:56 65024 ----a-w- c:\windows\system32\asycfilt.dll
    2010-02-07 04:40 . 2010-02-07 04:40 33604 ----a-w- c:\windows\system\TrJcv.DRV
    2010-02-07 04:40 . 2010-02-07 04:39 36164 ----a-w- c:\windows\system\HoBjm.DRV
    2010-02-07 04:38 . 2010-02-07 04:38 27136 ----a-w- c:\windows\system32\Intelproc.dll
    2010-02-07 04:37 . 2010-02-07 04:37 72792 ----a-w- c:\documents and settings\NetworkService\Application Data\Dbg32.Sys
    2010-02-07 04:29 . 2010-02-07 04:30 -------- d-----w- c:\windows\system32\MHFNC6IVDB
    2010-02-07 04:26 . 2010-02-07 04:28 -------- d-----w- c:\windows\system32\LZUDXCLW9R
    2010-02-07 03:44 . 2010-02-07 03:47 -------- d-----w- c:\windows\system32\C139BMFUG7
    2010-02-07 03:41 . 2010-02-07 03:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\ACD Systems
    2010-02-07 03:38 . 2010-02-07 03:42 -------- d-----w- c:\windows\system32\BFA0RP22H2
    2010-02-07 03:35 . 2010-02-07 03:38 -------- d-----w- c:\windows\system32\AVZ48MPJEE
    2010-02-07 03:34 . 2010-02-07 03:34 10368 --sh--w- c:\windows\bfgdc.exe
    2010-02-07 03:33 . 2010-02-07 03:35 -------- d-----w- c:\windows\system32\APKR2A67A3
    2010-02-07 03:29 . 2010-02-07 03:29 239959 ------w- c:\windows\system32\panp.exe
    2010-02-07 03:29 . 2010-02-07 03:30 -------- d-----w- c:\windows\system32\9QDKJ9LCSP
    2010-02-07 03:28 . 2010-02-07 05:02 275992 ------w- c:\windows\system32\iscslogsrv.dll
    2010-02-06 13:01 . 2010-02-06 13:05 -------- d-----w- C:\My Photos
    2010-02-06 10:41 . 2010-02-06 10:41 378440 ----a-w- c:\windows\system32\uvafuz.exe
    2010-02-06 10:39 . 2010-02-06 10:41 -------- d-----w- c:\windows\system32\8SIQAOSXI9
    2010-02-06 10:37 . 2010-02-06 10:38 -------- d-----w- c:\windows\system32\7TGC4M2WZF
    2010-02-06 10:28 . 2006-07-12 11:20 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2010-02-06 10:12 . 2010-02-06 10:15 -------- d-----w- c:\windows\system32\2V606FGZ33
    2010-02-06 10:08 . 2010-02-07 03:41 54784 ----a-w- c:\windows\system32\tcpsves.exe
    2010-02-06 10:07 . 2010-02-06 10:09 -------- d-----w- c:\windows\system32\1SI839RYWR
    2010-02-06 10:06 . 2010-02-06 10:07 -------- d-----w- c:\windows\system32\iB
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-02-08 04:53 . 2010-02-06 06:14 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-02-07 13:29 . 2010-02-06 06:14 -------- d-----w- c:\program files\Symantec
    2010-02-07 12:46 . 2010-02-06 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Babylon
    2010-02-07 04:37 . 2010-02-07 04:38 72792 ----a-w- c:\documents and settings\NetworkService\Application Data\Bug.Tmp
    2010-02-06 10:28 . 2010-02-06 08:37 -------- d-----w- c:\program files\InstallShield Installation Information
    2010-02-06 10:12 . 2010-02-06 09:47 -------- d-----w- c:\program files\ScannerU
    2010-02-06 09:58 . 2010-02-06 09:57 -------- d-----w- c:\program files\VIA
    2010-02-06 09:57 . 2010-02-06 09:57 -------- d-----w- c:\program files\S3
    2010-02-06 09:57 . 2010-02-06 08:37 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-02-06 09:49 . 2010-02-06 09:49 -------- d-----w- c:\program files\NewSoft
    2010-02-06 09:31 . 2010-02-06 09:31 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D 051297E77.exe
    2010-02-06 09:31 . 2010-02-06 09:29 -------- d-----w- c:\program files\Hewlett-Packard
    2010-02-06 09:30 . 2010-02-06 09:29 -------- d-----w- c:\program files\Zero G Registry
    2010-02-06 09:29 . 2010-02-06 09:29 -------- d-----w- c:\program files\HP
    2010-02-06 09:27 . 2010-02-06 09:27 -------- d-----w- c:\program files\Common Files\SWF Studio
    2010-02-06 09:19 . 2010-02-06 09:19 -------- d-----w- c:\program files\Common Files\L&H
    2010-02-06 09:19 . 2010-02-06 09:19 -------- d-----w- c:\program files\Microsoft.NET
    2010-02-06 09:19 . 2010-02-06 09:19 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-02-06 09:18 . 2010-02-06 09:18 -------- d-----w- c:\program files\Microsoft Works
    2010-02-06 09:11 . 2010-02-06 09:06 -------- d-----w- c:\program files\The KMPlayer
    2010-02-06 09:10 . 2010-02-06 09:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
    2010-02-06 09:09 . 2010-02-06 09:09 -------- d-----w- c:\program files\Common Files\ACD Systems
    2010-02-06 09:09 . 2010-02-06 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
    2010-02-06 09:09 . 2010-02-06 09:09 -------- d-----w- c:\program files\ACD Systems
    2010-02-06 08:52 . 2010-02-06 08:50 -------- d-----w- c:\program files\DAP
    2010-02-06 08:52 . 2010-02-06 08:52 2368 ----a-w- c:\windows\system32\SVKP.sys
    2010-02-06 08:50 . 2010-02-06 08:50 50688 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-02-06 08:48 . 2010-02-06 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
    2010-02-06 08:48 . 2010-02-06 08:48 -------- d-----w- c:\program files\Babylon
    2010-02-06 08:48 . 2010-02-06 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-02-06 08:47 . 2010-02-06 08:47 -------- d-----w- c:\program files\Yahoo!
    2010-02-06 08:47 . 2010-02-06 08:47 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-06 08:47 . 2010-02-06 08:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterTrust
    2010-02-06 08:39 . 2010-02-06 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2010-02-06 08:39 . 2010-02-06 08:38 -------- d-----w- c:\program files\CyberLink
    2010-02-06 08:38 . 2010-02-06 08:37 -------- d-----w- c:\program files\JetAudio
    2010-02-06 08:32 . 2010-02-06 08:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
    2010-02-06 06:15 . 2010-02-06 06:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-02-06 06:15 . 2010-02-06 06:15 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-02-06 06:15 . 2010-02-06 06:15 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-02-06 06:15 . 2010-02-06 06:15 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-02-06 06:15 . 2010-02-06 06:15 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-02-06 06:14 . 2010-02-06 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-02-06 06:02 . 2010-02-06 06:02 -------- d-----w- c:\program files\microsoft frontpage
    2010-02-06 06:01 . 2010-02-06 06:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-02-06 05:59 . 2010-02-06 05:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-02-06 05:58 . 2010-02-06 05:58 -------- d-----w- c:\program files\Windows Media Connect 2
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RgmptwC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RjmktrC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RlmuthC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RqmrtmC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RtmqtfC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RwmrtsC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RwmttmC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RzmmttC.dll
    2004-08-17 16:30 . 2004-08-17 16:30 351772 --sh--w- c:\windows\system32\RzmotrC.dll
    .
    ------- Sigcheck -------
    [7] 2007-02-18 . 9941382A1C2289F5FB4C87D0DAACC21C . 360704 . . [5.1.2600.2956] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2007-02-18 . 2E231F82BF3BACCC360B03BE39BB0620 . 360704 . . [5.1.2600.2956] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2010-02-07 05:06 . DE24F1D4FF06E44F6B8D630FD5E25356 . 21576704 . . [1.0.0.1] . . c:\windows\system32\qmgr.dll
    [-] 2010-02-07 05:06 . DE24F1D4FF06E44F6B8D630FD5E25356 . 21576704 . . [1.0.0.1] . . c:\windows\system32\dllcache\qmgr.dll
    [-] 2004-08-03 23:56 . 873C66E52C06F7110EAC11AA7D825F40 . 249344 . . [------] . . c:\windows\system32\xmlprov.dll
    [7] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
    [-] 2004-08-03 23:56 . 873C66E52C06F7110EAC11AA7D825F40 . 249344 . . [------] . . c:\windows\system32\appmgmts.dll
    [7] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-08-09 4617720]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Device Detector"="DevDetect.exe -autorun" [X]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 303104]
    "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-01 890880]
    "StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
    "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 442368]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
    "VTTimer"="VTTimer.exe" [2004-01-15 49152]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    KYESCAN.lnk - c:\progra~1\ScannerU\KYESCAN.exe [2010-2-6 172032]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    R2 BulkUsb;Genius ColorPage USB Scanner;c:\windows\system32\drivers\usbscan.sys [2010/02/06 01:17 ب.ظ 15104]
    R2 fars;feas;c:\windows\system32\APKR2A67A3\J001.exe [2010/02/07 07:04 ق.ظ 73728]
    R2 fuj;ilk;c:\windows\system32\1SI839RYWR\D001.exe [2010/02/06 01:37 ب.ظ 65536]
    R2 gu;cf;c:\windows\system32\TFLKKZ7L8O\J001.exe [2010/02/07 08:35 ق.ظ 65536]
    R2 nhfg;mgh;c:\windows\bfgdc.exe [2010/02/07 07:04 ق.ظ 10368]
    R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010/02/06 12:22 ب.ظ 2368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010/02/06 09:57 ق.ظ 102448]
    S2 saytst;saytst;c:\windows\system32\uvafuz.exe [2010/02/06 02:11 ب.ظ 378440]
    S2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);\??\c:\windows\system32\drivers\tcpz-x86d.sys --> c:\windows\system32\drivers\tcpz-x86d.sys [?]
    S2 VMservices;VMservices;c:\windows\system32\panp.exe [2010/02/07 06:59 ق.ظ 239959]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007/10/07 08:48 ب.ظ 116664]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iScsSrv REG_MULTI_SZ iScsSrv iSCS
    nhibbwvy REG_MULTI_SZ nhibbwvy
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{LMS03AB-B707-11d2-9CBD-0000F87A369E}]
    2010-02-06 10:41 274432 ----a-w- c:\program files\Microsoft Office\svchost.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.live.com
    uInternet Settings,ProxyOverride = <local>
    IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
    IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {5EF5C567-4593-4747-86A9-50801BDA98D5} = 20.0.0.30,217.219.187.0
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    .
    - - - - ORPHANS REMOVED - - - -
    ShellExecuteHooks-{36341DC2-9E82-4F3A-BD91-92A15251AA0F} - c:\documents and settings\Administrator\Application Data\Dbg32.Sys

    ************************************************** ************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]
    Rootkit scan 2010-02-08 08:23
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    ************************************************** ************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 5EF5C567-4593-4747-86A9-50801BDA98D5}]
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(4640)
    c:\windows\system32\msi.dll
    c:\program files\Babylon\Babylon-Pro\CAPTLIB.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
    c:\windows\system32\VTTimer.exe
    c:\windows\SOUNDMAN.EXE
    c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\windows\system32\drwtsn32.exe
    .
    ************************************************** ************************
    .
    Completion time: 2010-02-08 0809 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-08 05:01
    Pre-Run: 15,466,172,416 bytes free
    Post-Run: 15,296,925,696 bytes free
    - - End Of File - - BDFFA68F7E28FD23B9576EA7497BA5AB

  6. #6
    آخر فروم باز saeed774's Avatar
    تاريخ عضويت
    Jan 2006
    پست ها
    4,092

    پيش فرض

    با اجازه دوستان
    از استارآپ دو فايلي كه پيغام پيدا نشدن ميده رو بردار . كمبوفيكس كه اكثر ويروس ها رو برات پاك كرده !!
    با همون آويرا يا سيمانتك بعد آپديت فول اسكن بزن و دوباره كمبو رو اجرا كن مشكلت حل ميشه .

  7. #7
    کاربر فعال انجمن نرم افزار picher_s's Avatar
    تاريخ عضويت
    Dec 2008
    محل سكونت
    زیر چتر اویرا در تفریج!
    پست ها
    1,453

    پيش فرض

    درود

    ما هم با اجازه سعيد

    رضا خان اين سيستم باحال ماله كجاست؟

    تا به حال اينقدر مشكل نديده بودم Combofix‌گزارش بده.

    Infected copy of c:\windows\system32\asycfilt.dll was found and disinfected
    حتما يه فايلهاي سيستميت رو با SFC /Scannow دوباره جايگزين كن.



  8. این کاربر از picher_s بخاطر این مطلب مفید تشکر کرده است


  9. #8
    داره خودمونی میشه رضاانزلي's Avatar
    تاريخ عضويت
    May 2009
    محل سكونت
    از unام پيداست.جاي قشنگيه
    پست ها
    32

    پيش فرض fujackc.ce!inf avz log

    سلام ممنون ازت اگه بشه كمكي بكني خيلي كمكم كردي فردا آخره ماهه ومن بايد به سيستم كليه شعب وصل بشم
    راستي ويروسي كه سيمانتك ميشناسه وكلين مكنه fujackc.ce!infوسايتش ميكه مربوط به فايلهاي HTMLاست
    log avz pc khodam
    Attention !!! Database was last updated 2009/08/17 it is necessary to update the bases using automatic updates (File/Database update)
    >>>> Danger - the avz.exe file is changed, check of its CRC by Trusted Objects Database failed
    AVZ Antiviral Toolkit log; AVZ version is 4.30
    Scanning started at 2010/02/16 1153 ق.ظ
    Database loaded: signatures - 237476, NN profile(s) - 2, microprograms of healing - 56, signature database released 17.08.2009 20:49
    Heuristic microprograms loaded: 374
    SPV microprograms loaded: 9
    Digital signatures of system files loaded: 134337
    Heuristic analyzer mode: Medium heuristics level
    Healing mode: disabled
    Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
    System Restore: enabled
    1. Searching for Rootkits and programs intercepting API functions
    1.1 Searching for user-mode API hooks
    Analysis: kernel32.dll, export table found in section .text
    Analysis: ntdll.dll, export table found in section .text
    Analysis: user32.dll, export table found in section .text
    Analysis: advapi32.dll, export table found in section .text
    Analysis: ws2_32.dll, export table found in section .text
    Analysis: wininet.dll, export table found in section .text
    Analysis: rasapi32.dll, export table found in section .text
    Analysis: urlmon.dll, export table found in section .text
    Analysis: netapi32.dll, export table found in section .text
    1.2 Searching for kernel-mode API hooks
    Driver loaded successfully
    SDT found (RVA=085700)
    Kernel ntkrnlpa.exe found in memory at address 804D7000
    SDT = 8055C700
    KiST = 80504450 (284)
    Function NtAlertResumeThread (0C) intercepted (805D4B3A->8A89D590), hook not defined
    Function NtAlertThread (0D) intercepted (805D4AEA->8A811350), hook not defined
    Function NtAllocateVirtualMemory (11) intercepted (805A8A9E->8ADC50F8), hook not defined
    Function NtAssignProcessToJobObject (13) intercepted (805D65FE->A87F41CC), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtConnectPort (1F) intercepted (805A45B4->8AD620C8), hook not defined
    Function NtCreateKey (29) intercepted (80623786->BA7A2A8E), hook not defined
    Function NtCreateMutant (2B) intercepted (80616D52->8AB5DEF8), hook not defined
    Function NtCreateThread (35) intercepted (805D0FD4->A87F4206), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtDeleteKey (3F) intercepted (80623C16->BA7A2A93), hook not defined
    Function NtDeleteValueKey (41) intercepted (80623DE6->BA7A2A9D), hook not defined
    Function NtFreeVirtualMemory (53) intercepted (805B2F7E->8AB741B0), hook not defined
    Function NtImpersonateAnonymousToken (59) intercepted (805F8A32->8AB65F90), hook not defined
    Function NtImpersonateThread (5B) intercepted (805D77BE->8AAC26A8), hook not defined
    Function NtLoadKey (62) intercepted (80625982->BA7A2AA2), hook not defined
    Function NtMapViewOfSection (6C) intercepted (805B2006->8AB7E8D0), hook not defined
    Function NtOpenEvent (72) intercepted (8060E702->8AB66AE8), hook not defined
    Function NtOpenProcess (7A) intercepted (805CB3FC->A87F451A), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtOpenProcessToken (7B) intercepted (805ED722->8AB6C570), hook not defined
    Function NtOpenThread (80) intercepted (805CB688->A87F43F6), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtOpenThreadToken (81) intercepted (805ED740->8AB749F0), hook not defined
    Function NtProtectVirtualMemory (89) intercepted (805B83DA->A87F4292), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtQueryValueKey (B1) intercepted (806219BE->8A844F20), hook not defined
    Function NtReplaceKey (C1) intercepted (80625832->BA7A2AAC), hook not defined
    Function NtRestoreKey (CC) intercepted (8062513E->BA7A2AA7), hook not defined
    Function NtResumeThread (CE) intercepted (805D4976->8AB6CE70), hook not defined
    Function NtSetContextThread (D5) intercepted (805D16F6->A87F418E), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtSetInformationProcess (E4) intercepted (805CDE46->8AB74648), hook not defined
    Function NtSetInformationThread (E5) intercepted (805CC0CA->8AB74CE0), hook not defined
    Function NtSetValueKey (F7) intercepted (80621D0C->BA7A2A98), hook not defined
    Function NtSuspendProcess (FD) intercepted (805D4A3E->8AB6C978), hook not defined
    Function NtSuspendThread (FE) intercepted (805D48B0->8AB62E20), hook not defined
    Function NtTerminateProcess (101) intercepted (805D299E->A87F464E), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtTerminateThread (102) intercepted (805D2B98->A87F4316), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Function NtUnmapViewOfSection (10B) intercepted (805B2E14->8AB74330), hook not defined
    Function NtWriteVirtualMemory (115) intercepted (805B4394->A87F434E), hook C:\WINDOWS\System32\drivers\pxrts.sys
    Functions checked: 284, intercepted: 35, restored: 0
    1.3 Checking IDT and SYSENTER
    Analysis for CPU 1
    Analysis for CPU 2
    Checking IDT and SYSENTER - complete
    1.4 Searching for masking processes and drivers
    Searching for masking processes and drivers - complete
    Driver loaded successfully
    1.5 Checking of IRP handlers
    Checking - complete
    2. Scanning memory
    Number of processes found: 41
    Number of modules loaded: 461
    Scanning memory - complete
    3. Scanning disks
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51808.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51809.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51810.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51811.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51812.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51813.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51814.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51815.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51816.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51818.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51819.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51820.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51821.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51822.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51823.tmp
    Direct reading C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache51824.tmp
    Direct reading C:\WINDOWS\system32\dllcache\ddraw.dll
    Direct reading C:\WINDOWS\system32\dllcache\olepro32.dll
    4. Checking Winsock Layered Service Provider (SPI/LSP)
    LSP settings checked. No errors detected
    5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
    6. Searching for opened TCP/UDP ports used by malicious programs
    Checking disabled by user
    7. Heuristic system check
    Danger - process debugger "360hotfix.exe" = "ntsd -d"
    Danger - process debugger "360rp.exe" = "ntsd -d"
    Danger - process debugger "360rpt.exe" = "ntsd -d"
    Danger - process debugger "360safe.exe" = "ntsd -d"
    Danger - process debugger "360safebox.exe" = "ntsd -d"
    Danger - process debugger "360sd.exe" = "ntsd -d"
    Danger - process debugger "360se.exe" = "ntsd -d"
    Danger - process debugger "360SoftMgrSvc.exe" = "ntsd -d"
    Danger - process debugger "360speedld.exe" = "ntsd -d"
    Danger - process debugger "360tray.exe" = "ntsd -d"
    Danger - process debugger "ast.exe" = "ntsd -d"
    Danger - process debugger "avcenter.exe" = "ntsd -d"
    Danger - process debugger "avgnt.exe" = "ntsd -d"
    Danger - process debugger "avguard.exe" = "ntsd -d"
    Danger - process debugger "avmailc.exe" = "ntsd -d"
    Danger - process debugger "avp.exe" = "ntsd -d"
    Danger - process debugger "avwebgrd.exe" = "ntsd -d"
    Danger - process debugger "bdagent.exe" = "ntsd -d"
    Danger - process debugger "CCenter.exe" = "ntsd -d"
    Danger - process debugger "ccSvcHst.exe" = "ntsd -d"
    Danger - process debugger "egui.exe" = "ntsd -d"
    Danger - process debugger "ekrn.exe" = "ntsd -d"
    Danger - process debugger "kavstart.exe" = "ntsd -d"
    Danger - process debugger "kissvc.exe" = "ntsd -d"
    Danger - process debugger "kmailmon.exe" = "ntsd -d"
    Danger - process debugger "kpfw32.exe" = "ntsd -d"
    Danger - process debugger "kpfwsvc.exe" = "ntsd -d"
    Danger - process debugger "krnl360svc.exe" = "ntsd -d"
    Danger - process debugger "kswebshield.exe" = "ntsd -d"
    Danger - process debugger "KVMonXP.kxp" = "ntsd -d"
    Danger - process debugger "KVSrvXP.exe" = "ntsd -d"
    Danger - process debugger "kwatch.exe" = "ntsd -d"
    Danger - process debugger "livesrv.exe" = "ntsd -d"
    Danger - process debugger "Mcagent.exe" = "ntsd -d"
    Danger - process debugger "mcmscsvc.exe" = "ntsd -d"
    Danger - process debugger "McNASvc.exe" = "ntsd -d"
    Danger - process debugger "Mcods.exe" = "ntsd -d"
    Danger - process debugger "McProxy.exe" = "ntsd -d"
    Danger - process debugger "McSACore.exe" = "ntsd -d"
    Danger - process debugger "Mcshield.exe" = "ntsd -d"
    Danger - process debugger "mcsysmon.exe" = "ntsd -d"
    Danger - process debugger "mcvsshld.exe" = "ntsd -d"
    Danger - process debugger "MpfSrv.exe" = "ntsd -d"
    Danger - process debugger "MPMon.exe" = "ntsd -d"
    Danger - process debugger "MPSVC.exe" = "ntsd -d"
    Danger - process debugger "MPSVC1.exe" = "ntsd -d"
    Danger - process debugger "MPSVC2.exe" = "ntsd -d"
    Danger - process debugger "msksrver.exe" = "ntsd -d"
    Danger - process debugger "qutmserv.exe" = "ntsd -d"
    Danger - process debugger "RavMonD.exe" = "ntsd -d"
    Danger - process debugger "RavTask.exe" = "ntsd -d"
    Danger - process debugger "RsAgent.exe" = "ntsd -d"
    Danger - process debugger "rsnetsvr.exe" = "ntsd -d"
    Danger - process debugger "RsTray.exe" = "ntsd -d"
    Danger - process debugger "safeboxTray.exe" = "ntsd -d"
    Danger - process debugger "ScanFrm.exe" = "ntsd -d"
    Danger - process debugger "sched.exe" = "ntsd -d"
    Danger - process debugger "seccenter.exe" = "ntsd -d"
    Danger - process debugger "SfCtlCom.exe" = "ntsd -d"
    Danger - process debugger "TMBMSRV.exe" = "ntsd -d"
    Danger - process debugger "TmProxy.exe" = "ntsd -d"
    Danger - process debugger "UfSeAgnt.exe" = "ntsd -d"
    Danger - process debugger "vsserv.exe" = "ntsd -d"
    Danger - process debugger "zhudongfangyu.exe" = "ntsd -d"
    Danger - process debugger "ذق¸´¹¤¾ك.exe" = "ntsd -d"
    Checking - complete
    8. Searching for vulnerabilities
    >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
    >> Services: potentially dangerous service allowed: TermService (Terminal Services)
    >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
    >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
    >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
    >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
    >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
    > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    >> Security: administrative shares (C$, D$ ...) are enabled
    >> Security: anonymous user access is enabled
    >> Security: terminal connections to the PC are allowed
    >> Security: sending Remote Assistant queries is enabled
    Checking - complete
    9. Troubleshooting wizard
    >> HDD autorun are allowed
    >> Autorun from network drives are allowed
    >> Removable media autorun are allowed
    Checking - complete
    Files scanned: 260115, extracted from archives: 224008, malicious software found 0, suspicions - 0
    Scanning finished at 2010/02/16 0315 ب.ظ
    Time of scanning: 04:02:27
    If you have a suspicion on presence of viruses or questions on the suspected objects,
    you can address [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] conference

  10. #9
    کاربر فعال انجمن نرم افزار picher_s's Avatar
    تاريخ عضويت
    Dec 2008
    محل سكونت
    زیر چتر اویرا در تفریج!
    پست ها
    1,453

    پيش فرض

    درود

    آقا رضا این Log رو اشتباه گذاشتی!!!!

    لطفا یه نگاه به این بنداز

    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    منتظرم.

    راستی پسر سیستمت اینقدر مشکل امنیتی هم داره.

    >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
    >> Services: potentially dangerous service allowed: TermService (Terminal Services)
    >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
    >> Services: potentially dangerous service allowed: TlntSvr (Telnet)
    >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
    >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
    >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
    > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    >> Security: administrative shares (C$, D$ ...) are enabled
    >> Security: anonymous user access is enabled
    >> Security: terminal connections to the PC are allowed
    >> Security: sending Remote Assistant queries is enabled
    Checking - complete
    9. Troubleshooting wizard
    >> HDD autorun are allowed
    >> Autorun from network drives are allowed
    >> Removable media autorun are allowed


    ببین همون تاپیک یه جاش در مورد رفع این مشکلات هم نوشتم.

Thread Information

Users Browsing this Thread

هم اکنون 1 کاربر در حال مشاهده این تاپیک میباشد. (0 کاربر عضو شده و 1 مهمان)

User Tag List

قوانين ايجاد تاپيک در انجمن

  • شما نمی توانید تاپیک ایحاد کنید
  • شما نمی توانید پاسخی ارسال کنید
  • شما نمی توانید فایل پیوست کنید
  • شما نمی توانید پاسخ خود را ویرایش کنید
  •