07-03-2008, 18:46
|
|
|
|
חבר מתאריך: 26.08.04
הודעות: 478
|
|
|
חטפתי וירוס heur backdoor generic
יש לי קספרסקי והוא זיהה לי את הוירוס הנ"ל שנדבק בקובץ svchost ולא ניתן להסיר אותו או למחוק את הקובץ.
כמו כן בתיקייה היכן שיורדות ההורדות של האימיול כל פעם כשאני מאתחל את המחשב מופיעים לי אלפי קבצי ראר של תוכנות כשלהם.
אחרי חיפוש קצר בגוגל הורדתי את התוכנה combofix והפעלתי אותה אך הוירוס עדיין ישנו.
זה הלוג אחרי הפעולה של הקומבופיקס
ComboFix 08-03-07.1 - Koby 03/07/2008 17:40:01.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.1754 [GMT 2:00]
Running from: C:\Documents and Settings\Koby\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-07 15:37 63,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-07 15:37 5,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-07 15:37 4,368,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-07 15:37 34,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-07 11:55 --------- d-----w C:\Program Files\eMule
2008-03-07 11:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 11:49 --------- d-----w C:\Program Files\XoftSpySE
2008-03-06 18:17 753,664 ----a-w C:\WINDOWS\system32\NTSpool.exe
2008-03-06 18:17 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-03-04 19:54 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-03-04 19:54 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-04 19:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-04 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-01 01:47 --------- d-----w C:\Documents and Settings\Koby\Application Data\uTorrent
2008-02-29 13:27 --------- d-----w C:\Documents and Settings\Koby\Application Data\AVG7
2008-02-28 14:36 --------- d-----w C:\Documents and Settings\Koby\Application Data\ZoomBrowser EX
2008-02-28 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-22 09:39 --------- d-----w C:\Program Files\AVI ReComp
2008-02-15 12:00 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-14 19:17 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-14 19:17 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-14 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 19:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-14 19:05 --------- d-----w C:\Documents and Settings\Koby\Application Data\DAEMON Tools
2008-02-14 18:59 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-14 18:48 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-14 18:31 --------- d-----w C:\Documents and Settings\Koby\Application Data\Ahead
2008-02-14 17:01 --------- d-----w C:\Documents and Settings\Koby\Application Data\Microsoft Games
2008-02-10 10:56 --------- d-----w C:\Documents and Settings\Koby\Application Data\Bioshock
2008-02-10 08:36 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-02-10 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-10 08:28 --------- d-----w C:\Documents and Settings\Koby\Application Data\Comodo
2008-02-10 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-02-08 10:29 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-07 17:00 --------- d-----w C:\Program Files\DIFX
2008-02-07 16:20 --------- d-----w C:\Documents and Settings\Koby\Application Data\InstallShield Installation Information
2008-02-07 16:06 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-07 16:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 18:07 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-01 18:07 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-01 18:06 --------- d-----w C:\Program Files\Futuremark
2008-01-31 20:06 --------- d-----w C:\Program Files\Canon
2008-01-31 20:03 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-25 13:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-25 13:06 --------- d--h--r C:\Documents and Settings\Koby\Application Data\SecuROM
2008-01-25 13:00 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 10:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-19 10:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-19 10:24 --------- d-----w C:\Program Files\COMODO
2008-01-19 10:21 --------- d-----w C:\Documents and Settings\Koby\Application Data\Hewlett-Packard
2008-01-18 20:37 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-18 20:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-18 20:35 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-18 17:06 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-18 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-18 17:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-18 17:01 --------- d-----w C:\Program Files\Nero
2008-01-18 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-18 12:08 --------- d-----w C:\Program Files\ICQLite
2008-01-18 12:08 --------- d-----w C:\Documents and Settings\Koby\Application Data\ICQLite
2008-01-18 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-18 08:59 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-18 07:56 --------- d-----w C:\Program Files\Mv2Player
2008-01-18 00:10 --------- d-----w C:\Documents and Settings\Koby\Application Data\Media Player Classic
2008-01-18 00:06 --------- d-----w C:\Program Files\uTorrent
2008-01-17 23:03 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-17 21:26 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.1
2008-01-17 19:39 --------- d-----w C:\Program Files\ffdshow
2008-01-17 18:41 --------- d-----w C:\Program Files\Mirsh
2008-01-17 18:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-17 18:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-01-17 11:32 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007011720070 118\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/10/2008 10:36 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [02/10/2008 10:36 AM 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]
"Windows Security Tool"= WinSecure.exe
"NTSpool"= NTSpool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"E:\\Games\\World in Conflict\\wic.exe"=
"E:\\Games\\World in Conflict\\wic_online.exe"=
"E:\\Games\\World in Conflict\\wic_ds.exe"=
"E:\\Games\\FEAR\\FEAR.exe"=
"E:\\Games\\FEAR\\FEARMP.exe"=
"E:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"E:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.ex e"=
"E:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Games\\Universe At War Earth Assault\\UAWEA.exe"=
"E:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"E:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [01/17/2007 01:51 PM]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 15:00:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-07 11:46:44 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 17:41:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 03/07/2008 17:41:51
|
ראשי
צ'אט
מצב כלאיים
