עבור לתוכן

חטפתי וירוס heur backdoor generic

על-ידי Optimus_Prime99
ב Windows

Featured Replies

פורסם

הקספרסקי זיהה לי את הוירוס והוא הדביק לי את הקובץ של הווינדוס svchot ואני לא יכול למחוק אותו.

כמו כן בתיקייה היכן שהקבצים מורדים מהאימיול שנמצאת בכונן אחר כל פעם בעת איתחול המחש מחדש מופיעים אלפי קבצי ראר של תוכנות כלשהם.

  • ציטוט
    • פורסם
    • מחבר

    זה לא עבד הוירוס עדיין ישנו הנה הקובץ לוג

    ComboFix 08-03-07.1 - Koby 03/07/2008 17:40:01.3 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.1754 [GMT 2:00]

    Running from: C:\Documents and Settings\Koby\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))

    .

    No new files created in this timespan

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-07 15:37 63,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

    2008-03-07 15:37 5,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

    2008-03-07 15:37 4,368,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

    2008-03-07 15:37 34,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

    2008-03-07 11:55 --------- d-----w C:\Program Files\eMule

    2008-03-07 11:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

    2008-03-07 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    2008-03-07 11:49 --------- d-----w C:\Program Files\XoftSpySE

    2008-03-06 18:17 753,664 ----a-w C:\WINDOWS\system32\NTSpool.exe

    2008-03-06 18:17 37,888 ----a-w C:\WINDOWS\system32\rar.exe

    2008-03-04 19:54 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat

    2008-03-04 19:54 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat

    2008-03-04 19:43 --------- d-----w C:\Program Files\Kaspersky Lab

    2008-03-04 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

    2008-03-01 01:47 --------- d-----w C:\Documents and Settings\Koby\Application Data\uTorrent

    2008-02-29 13:27 --------- d-----w C:\Documents and Settings\Koby\Application Data\AVG7

    2008-02-28 14:36 --------- d-----w C:\Documents and Settings\Koby\Application Data\ZoomBrowser EX

    2008-02-28 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser

    2008-02-22 09:39 --------- d-----w C:\Program Files\AVI ReComp

    2008-02-15 12:00 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}

    2008-02-14 19:17 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

    2008-02-14 19:17 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

    2008-02-14 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-02-14 19:05 --------- d-----w C:\Program Files\DAEMON Tools

    2008-02-14 19:05 --------- d-----w C:\Documents and Settings\Koby\Application Data\DAEMON Tools

    2008-02-14 18:59 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

    2008-02-14 18:48 --------- d-----w C:\Program Files\Alcohol Soft

    2008-02-14 18:31 --------- d-----w C:\Documents and Settings\Koby\Application Data\Ahead

    2008-02-14 17:01 --------- d-----w C:\Documents and Settings\Koby\Application Data\Microsoft Games

    2008-02-10 10:56 --------- d-----w C:\Documents and Settings\Koby\Application Data\Bioshock

    2008-02-10 08:36 --------- d-----w C:\Program Files\ZoneAlarmSB

    2008-02-10 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier

    2008-02-10 08:28 --------- d-----w C:\Documents and Settings\Koby\Application Data\Comodo

    2008-02-10 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo

    2008-02-08 10:29 --------- d-----w C:\Program Files\SystemRequirementsLab

    2008-02-07 17:00 --------- d-----w C:\Program Files\DIFX

    2008-02-07 16:20 --------- d-----w C:\Documents and Settings\Koby\Application Data\InstallShield Installation Information

    2008-02-07 16:06 --------- d-----w C:\Program Files\AGEIA Technologies

    2008-02-07 16:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

    2008-02-01 18:07 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

    2008-02-01 18:07 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

    2008-02-01 18:06 --------- d-----w C:\Program Files\Futuremark

    2008-01-31 20:06 --------- d-----w C:\Program Files\Canon

    2008-01-31 20:03 --------- d-----w C:\Program Files\Common Files\Canon

    2008-01-25 13:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

    2008-01-25 13:06 --------- d--h--r C:\Documents and Settings\Koby\Application Data\SecuROM

    2008-01-25 13:00 --------- d-----w C:\Program Files\Lavasoft

    2008-01-25 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

    2008-01-19 10:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

    2008-01-19 10:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

    2008-01-19 10:24 --------- d-----w C:\Program Files\COMODO

    2008-01-19 10:21 --------- d-----w C:\Documents and Settings\Koby\Application Data\Hewlett-Packard

    2008-01-18 20:37 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS

    2008-01-18 20:37 --------- d-----w C:\Program Files\Hewlett-Packard

    2008-01-18 20:35 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

    2008-01-18 17:06 --------- d-----w C:\Program Files\Common Files\LightScribe

    2008-01-18 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe

    2008-01-18 17:05 --------- d-----w C:\Program Files\Common Files\Ahead

    2008-01-18 17:01 --------- d-----w C:\Program Files\Nero

    2008-01-18 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

    2008-01-18 12:08 --------- d-----w C:\Program Files\ICQLite

    2008-01-18 12:08 --------- d-----w C:\Documents and Settings\Koby\Application Data\ICQLite

    2008-01-18 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems

    2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared

    2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe

    2008-01-18 08:59 --------- d-----w C:\Program Files\Guitar Pro 5

    2008-01-18 07:56 --------- d-----w C:\Program Files\Mv2Player

    2008-01-18 00:10 --------- d-----w C:\Documents and Settings\Koby\Application Data\Media Player Classic

    2008-01-18 00:06 --------- d-----w C:\Program Files\uTorrent

    2008-01-17 23:03 --------- d-----w C:\Program Files\K-Lite Codec Pack

    2008-01-17 21:26 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.1

    2008-01-17 19:39 --------- d-----w C:\Program Files\ffdshow

    2008-01-17 18:41 --------- d-----w C:\Program Files\Mirsh

    2008-01-17 18:41 --------- d-----w C:\Program Files\Microsoft ActiveSync

    2008-01-17 18:41 --------- d-----w C:\Program Files\Common Files\InstallShield

    2007-01-17 11:32 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007011720070118\index.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

    02/10/2008 10:36 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [02/10/2008 10:36 AM 262144]

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM 8523776]

    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

    "Windows Security Tool"= WinSecure.exe

    "NTSpool"= NTSpool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"= ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

    "C:\\Program Files\\uTorrent\\utorrent.exe"=

    "E:\\Games\\World in Conflict\\wic.exe"=

    "E:\\Games\\World in Conflict\\wic_online.exe"=

    "E:\\Games\\World in Conflict\\wic_ds.exe"=

    "E:\\Games\\FEAR\\FEAR.exe"=

    "E:\\Games\\FEAR\\FEARMP.exe"=

    "E:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=

    "C:\\Program Files\\ICQLite\\ICQLite.exe"=

    "C:\\Program Files\\eMule\\emule.exe"=

    "E:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

    "E:\\Games\\Crysis\\Bin32\\Crysis.exe"=

    "E:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

    "E:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=

    "E:\\Games\\Universe At War Earth Assault\\UAWEA.exe"=

    "E:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

    "E:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

    S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [01/17/2007 01:51 PM]

    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-03-07 15:00:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    "2008-03-07 11:46:44 C:\WINDOWS\Tasks\XoftSpySE.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-07 17:41:23

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 03/07/2008 17:41:51

  • ציטוט

    • ארכיון

    דיון זה הועבר לארכיון ולא ניתן להוסיף בו תגובות חדשות.

    עבור לרשימת הדיונים

    דיונים חדשים