- This topic has 1 ответ, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Так же проблема с лентой новостей в ИЕ
Вот лог Combofix
ComboFix 09-01-21.04 — kev 2009-01-24 20:44:46.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.415 [GMT 3:00]
Running from: c:documents and settingskevРабочий столComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: Персональный файервол ESET *enabled*
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingskevLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:documents and settingskevLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingskevLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:documents and settingskevLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingskevLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingskevLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingskevLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingskevLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingskevLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:documents and settingskevLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingskevLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingskevLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingskevLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingskevLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingskevLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingskevLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingskevLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.2009-01-24 18:44 . 2009-01-24 19:29
d
c:program filesSpybot — Search & Destroy
2009-01-24 18:44 . 2009-01-24 20:14d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-01-24 13:01 . 2009-01-24 13:01d
c:documents and settingsАдминистраторApplication DataTuneUp Software
2009-01-23 21:33 . 2009-01-23 21:33 323,584 —a
c:documents and settingsAll UsersApplication Datawxilib.dll
2009-01-11 18:52 . 2009-01-11 18:52d
c:documents and settingsAll UsersApplication DataPure Networks
2009-01-10 17:55 . 2009-01-10 17:56d
c:program filesAll Video Joiner
2009-01-10 17:24 . 1999-11-10 12:05 86,016 —a
c:windowsunvise32qt.exe
2009-01-10 17:23 . 2009-01-10 17:24d
c:windowssystem32QuickTime
2009-01-10 17:23 . 2009-01-10 17:24d
c:program filesQuickTime
2009-01-10 17:21 . 2009-01-10 17:25d
c:documents and settingsAll UsersApplication DataQuickTime
2009-01-10 17:18 . 2009-01-10 17:18d
c:program filesRiver Past
2009-01-10 17:18 . 2009-01-10 17:18 159,686 —a
c:windowsVideo Cleaner Uninstaller.exe
2009-01-10 17:09 . 2004-10-28 08:10 815,104 -ra
c:windowssystem32Flash.ocx
2009-01-09 16:52 . 2009-01-09 17:11 207 —a
c:windowsUpdateClientUI.INI
2009-01-08 21:43 . 2009-01-08 21:43d
c:documents and settingskevApplication DataGrym
2009-01-08 21:40 . 2009-01-11 21:50d
C:Temp
2009-01-08 21:10 . 2009-01-08 21:41d
c:program files2gis
2009-01-08 21:10 . 2009-01-08 21:10d
c:documents and settingsAll UsersApplication Data2GIS
2009-01-06 12:05 . 2009-01-06 14:14d
C:Женская лига
2008-12-27 21:11 . 2008-12-27 21:12d
c:program filesK-Lite Codec Pack
2008-12-27 20:10 . 2008-12-27 20:13d
c:program filesApexDC-SMOD
2008-12-27 19:31 . 2008-12-27 19:31d
c:documents and settingskevApplication DataCyberLink
2008-12-27 19:24 . 2008-12-27 19:24d
c:program filesCyberLink
2008-12-27 19:24 . 2003-07-01 18:47 9,856
c:windowssystem32driverspfc.sys
2008-12-27 19:21 . 2008-12-27 19:21d
c:program filesCommon FilesInstallShield
2008-12-27 19:17 . 2008-04-14 21:41 16,384 —a
c:windowssystem32ipsink.ax
2008-12-27 19:17 . 2008-04-14 21:41 16,384 —a—c— c:windowssystem32dllcacheipsink.ax
2008-12-27 19:17 . 2008-04-14 00:16 15,232 —a
c:windowssystem32driversStreamIP.sys
2008-12-27 19:17 . 2008-04-14 00:16 15,232 —a—c— c:windowssystem32dllcachestreamip.sys
2008-12-27 19:17 . 2008-04-14 00:16 11,136 —a
c:windowssystem32driversSLIP.sys
2008-12-27 19:17 . 2008-04-14 00:16 11,136 —a—c— c:windowssystem32dllcacheslip.sys
2008-12-27 19:17 . 2008-04-14 00:16 10,880 —a
c:windowssystem32driversNdisIP.sys
2008-12-27 19:17 . 2008-04-14 00:16 10,880 —a—c— c:windowssystem32dllcachendisip.sys
2008-12-27 19:17 . 2008-04-14 00:09 5,504 —a
c:windowssystem32driversMSTEE.sys
2008-12-27 19:17 . 2008-04-14 00:09 5,504 —a—c— c:windowssystem32dllcachemstee.sys
2008-12-27 19:13 . 2006-03-29 20:41 133,632 -ra
c:windowssystem32driversm3aux.sys
2008-12-27 19:02 . 2000-03-02 14:16 7,424 -ra
c:windowssystem32driversMMIOPORT.SYS
2008-12-27 18:41 . 2008-12-27 18:42d
c:documents and settingskevApplication DataMedia Player Classic
2008-12-27 18:35 . 2008-12-27 18:35d
c:documents and settingskevApplication DataMuldeR
2008-12-27 09:51 . 2008-12-27 09:51d
c:program files7-Zip
2008-12-24 22:08 . 2008-12-24 22:08d
c:program filesESET
2008-12-24 21:53 . 2008-12-24 21:59d
c:program filestotalcmd
2008-12-24 21:53 . 2009-01-24 20:04 3,942 —a
c:windowswincmd.ini
2008-12-24 06:19 . 2008-12-24 06:19d
c:program filesCommon FilesAdobe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 17:58
d
w c:program filesQIP
2008-12-27 16:24
d—h—w c:program filesInstallShield Installation Information
2008-12-27 16:00
d
w c:program filesAnalog Devices
2008-12-21 18:02
d
w c:documents and settingskevApplication DataThunderbird
2008-12-21 14:52
d
w c:program filesMicrosoft ActiveSync
2008-12-21 14:45
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-12-21 14:41
d
w c:program filesMSBuild
2008-12-21 14:41
d
w c:program filesMicrosoft Works
2008-12-21 14:40
d
w c:program filesMicrosoft.NET
2008-12-21 13:18
d
w c:documents and settingskevApplication DataNero
2008-12-21 13:17
d
w c:program filesCommon FilesNero
2008-12-21 13:16
d
w c:program filesNero
2008-12-21 13:16
d
w c:documents and settingsAll UsersApplication DataNero
2008-12-21 13:05
d
w c:program filesPunto Switcher
2008-12-21 13:05
d
w c:documents and settingskevApplication DataYandex
2008-12-21 06:50
d
w c:documents and settingskevApplication DataESET
2008-12-21 06:49
d
w c:documents and settingsAll UsersApplication DataESET
2008-12-19 12:15 2,688 —-a-w c:windowssystem32io02.sys
2008-12-19 04:19
d
w c:program filesSeagate
2008-12-19 04:19
d
w c:documents and settingsAll UsersApplication DataSeagate
2008-12-19 03:48 307,968 —-a-w c:windowssystem32TuneUpDefragService.exe
2008-12-19 03:48
d
w c:program filesTuneUp Utilities 2008
2008-12-19 03:48
d
w c:program filesCommon FilesWise Installation Wizard
2008-12-19 03:48
d
w c:documents and settingskevApplication DataTuneUp Software
2008-12-19 03:48
d
w c:documents and settingsAll UsersApplication DataTuneUp Software
2008-12-18 18:56
d
w c:program filesmicrosoft frontpage
2008-12-18 18:55 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-12-18 18:55
d
w c:program filesVistaDriveIcon
2008-12-18 18:55
d
w c:program filesJava
2008-12-18 18:55
d
w c:program filesCommon FilesJava
2008-12-18 18:47
d
w c:program filesWindows Media Connect 2
2008-12-08 11:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-12-07 18:08 795,648 —-a-w c:windowssystem32xvidcore.dll
2008-12-07 18:08 130,048 —-a-w c:windowssystem32xvidvfw.dll
2008-10-28 22:35 684,032 —-a-w c:windowssystem32divx.dll
.
Sigcheck
2008-09-15 00:35 592896 f7af57aa04ec029609f083c07e691e37 c:windowssystem32user32.dll2008-09-15 00:36 1061376 b4c6c4d50f2dab96d7f66bd11482c8a5 c:windowssystem32wininet.dll
2008-04-15 13:00 361344 eaec6ea32bdabd7622371c10b8d68a17 c:windowssystem32driverstcpip.sys
2008-09-15 00:30 2165248 9c8b91ff9f5cc6c6c17a1593255f46d3 c:windowssystem32ntkrnlpa.exe
2008-09-15 00:26 2286592 047953a8b30891f5f8f0bf68abfea339 c:windowssystem32ntoskrnl.exe
2008-09-15 00:34 1619456 a6add9aaa27cfc44b8af42732ebea899 c:windowsexplorer.exe
2008-09-15 00:34 37376 01e0bc2b993ebcca9dbc6d878f14a878 c:windowssystem32ctfmon.exe
2008-09-15 00:36 76488 8c0c6aeb8e39913d95c66b1040f0d7bb c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}]
2009-01-23 21:33 323584 —a
c:documents and settingsAll UsersApplication Datawxilib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-09-15 37376]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-10-23 202024]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncWcescomm.exe» [2006-11-13 1289000][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-10-14 110592]
«MaxMenuMgr»=»c:program filesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe» [2008-07-17 177448]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-09-20 1836328]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2008-08-18 1447168]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-01-10 98304][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-09-15 37376]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-09-15 c:windowssystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«VistaIcon»=c:program filesVistaDriveIconVistaDrv.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableNotifications»= 1 (0x1)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR4 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R4 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [2008-08-18 468224]
R4 FreeAgentGoNext Service;Seagate Service;c:program filesSeagateSeagateManagerSyncFreeAgentService.exe [2008-07-17 161064]
S3 cpuz129;cpuz129;??c:docume~1kevLOCALS~1Tempcpuz_x32.sys —> c:docume~1kevLOCALS~1Tempcpuz_x32.sys [?]
S3 io02;Hardware Access Driver;c:windowssystem32io02.sys [2008-12-19 2688]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-01-24 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClickStarter.exe [2008-02-29 14:24]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://xtreme.ws/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingskevApplication DataMozillaFirefoxProfilesq5oyn134.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 20:45:32
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1008)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(1064)
c:windowssystem32setupapi.dll
.
Completion time: 2009-01-24 20:46:14
ComboFix-quarantined-files.txt 2009-01-24 17:46:12
ComboFix2.txt 2009-01-24 17:31:44
ComboFix3.txt 2009-01-24 17:13:58
ComboFix4.txt 2009-01-24 17:01:07Pre-Run: 57 051 213 824 байт свободно
Post-Run: 57,041,952,768 байт свободно227
Здравствуйте, добро пожаловать на Spyware-ru форум.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
cpuz129
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}]
File::
c:documents and settingsAll UsersApplication Datawxilib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.
- Для ответа в этой теме необходимо авторизоваться.
