- This topic has 1 ответ, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Я уже здесь подобнве те мы о всплытии такого порно-окошка. Но сам я в компьютере почти не смыслю. Что делать??
ComboFix 09-02-25.02 — Роман 2009-02-26 7:53:53.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1023.666 [GMT 2:00]
Running from: c:documents and settingsРоманРабочий столComboFix.exe
Command switches used :: c:documents and settingsРоманРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowsamih.reg
c:windowsarybyjumo.vbs
c:windowsbigeziby.bin
c:windowsebobaqah.dll
c:windowsepiqagivy.vbs
c:windowsfupi.com
c:windowsifibadoqem.bin
c:windowsifujaf.sys
c:windowsizykuruhi.bin
c:windowskibuzyjy.vbs
c:windowsloxita.exe
c:windowsmegitavun.scr
c:windowsodemosur.bin
c:windowsoxezagelu.reg
c:windowssiqekelym.reg
c:windowssystem32hixebemoty.pif
c:windowssystem32imybel.reg
c:windowssystem32nyrasybir.dll
c:windowssystem32ojajecocew.sys
c:windowssystem32qaloqu.pif
c:windowssystem32rawymixi.sys
c:windowsumyf.sys
c:windowswiviqy.vbs
c:windowsxodi.pif
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsРоманLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsРоманLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsРоманLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsРоманLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsРоманLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsРоманLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.jpg
c:documents and settingsРоманLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsРоманLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.jpg
c:documents and settingsРоманLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.jpg
c:documents and settingsРоманLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsРоманLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.2009-02-26 06:50 . 2009-02-26 06:50
d
c:documents and settingsРоманApplication DataSoftInform
2009-02-26 06:49 . 2009-02-26 06:49 58 —a
c:cWINDOWSwininit.ini
2009-02-26 06:45 . 2009-02-26 07:45d
c:program filesiNetFormFiller Trial
2009-02-26 06:45 . 2009-02-26 06:50d
c:documents and settingsРоманApplication DataiNetFormFiller
2009-02-26 06:27 . 2009-02-26 06:27d
c:program filesSoftInform
2009-02-26 06:27 . 2009-02-26 06:54d
c:documents and settingsРоманApplication DataAdsCleaner
2009-02-26 06:08 . 2009-02-26 06:08d
c:program filesWinAVI Video Converter
2009-02-26 05:36 . 2009-02-26 05:36 506,368 —a
c:documents and settingsAll Users.WINDOWSApplication Datayzdlib.dll
2009-02-26 05:30 . 2009-02-26 05:31d
c:documents and settingsРоманApplication DataGetRightToGo
2009-02-19 11:58 . 2009-02-19 11:58 0 -rahs—- C:khs
2009-02-07 19:31 . 2009-02-18 16:26 247,624 —a
c:cWINDOWSsystem32ht8x4.exe
2009-02-05 15:23 . 2009-02-05 15:23d
C:MSDERelA
2009-02-04 14:44 . 2009-02-04 14:44d
c:program filesDAEMON Tools
2009-02-04 14:40 . 2009-02-04 14:40 646,392 —a
c:cWINDOWSsystem32driverssptd.sys
2009-02-04 14:39 . 2009-02-04 14:39d
c:program filesXviD
2009-02-04 12:18 . 2009-02-04 12:19d
c:program filesQIP Infium
2009-02-04 11:21 . 1998-10-29 15:45 306,688 —a
c:cWINDOWSIsUninst.exe
2009-02-04 11:21 . 2002-12-17 16:23 33,340 —a
c:cWINDOWSsystem32dbmsqlgc.dll
2009-02-04 11:21 . 2002-10-20 14:05 24,576 —a
c:cWINDOWSsystem32dbmsgnet.dll
2009-02-01 12:48 . 2009-02-01 12:48d
c:documents and settingsРоманApplication DataCPUControl
2009-01-30 16:59 . 2009-01-30 16:59d
c:documents and settingsAll Users.WINDOWSApplication DataBlender Foundation
2009-01-30 16:59 . 2009-01-30 16:59d
c:documents and settingsРоманApplication DataBlender Foundation
2009-01-30 15:26 . 2009-01-30 15:26d—h
c:cWINDOWSPIF
2009-01-30 15:08 . 2009-01-30 15:08d
c:documents and settingsРоманApplication DataTalkback
2009-01-27 08:18 . 2005-02-28 19:10 205,824 —a
c:cWINDOWSpatchw32.dll
2009-01-27 08:16 . 2005-02-28 19:10 205,824 —a
c:cWINDOWSpw32a.dll
2009-01-26 18:45 . 2009-02-19 05:17 8,192 —a
c:cWINDOWSsystem32ubb.exe
2009-01-26 18:45 . 2009-01-26 18:45 1,821 -rahs—- c:cWINDOWSsystem32autorun.in
2009-01-26 18:45 . 2009-01-26 18:45 1,134 -rahs—- c:cWINDOWSsystem32autorun.i.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 18:02
d
w c:program filesVirtualDub
2009-02-25 16:36
d
w c:program filesFieryAds
2009-02-25 16:34 909 —-a-w c:documents and settingsРоманApplication Datafieryads.dat
2009-02-15 08:57
d
w c:documents and settingsРоманApplication DataICQ
2009-02-02 17:27
d—h—w c:program filesInstallShield Installation Information
2009-02-01 10:12
d
w c:documents and settingsРоманApplication DatauTorrent
2009-01-25 07:37
d
w c:program filesOpera
2009-01-25 06:18
d
w c:program filesuTorrent
2009-01-23 05:25 41,888 —-a-w c:cWINDOWSsystem32driversOreans.sys
2009-01-23 05:11
d
w c:program filesRed Orchestra Ostfront 41-45
2009-01-22 02:48
d
w c:program filesLead Pursuit
2009-01-21 18:50
d
w c:program filesICQ6Toolbar
2009-01-21 18:50
d
w c:documents and settingsAll Users.WINDOWSApplication DataICQ
2009-01-21 14:45
d
w c:documents and settingsРоманApplication DataQIP.Online
2009-01-20 08:36 577,536 —-a-w c:cWINDOWSsystem32user32.DLL
2009-01-18 16:27
d
w c:program filesESET
2009-01-18 16:27
d
w c:documents and settingsAll Users.WINDOWSApplication DataESET
2009-01-17 06:01
d
w c:program filesmyxml4in
2009-01-17 05:39
d
w c:program filesK-Lite Codec Pack
2009-01-16 16:25
d
w c:program filesHero Editor
2009-01-16 16:24 73,216 —-a-w c:cWINDOWSST6UNST.EXE
2009-01-16 16:24 249,856
w c:cWINDOWSSetup1.exe
2009-01-16 14:17
d
w c:program filesMyCentria
2009-01-16 13:15
d
w c:documents and settingsAll Users.WINDOWSApplication DataUbisoft
2009-01-16 13:07 98,304 —-a-w c:cWINDOWSsystem32CmdLineExt.dll
2009-01-16 13:07
d—h—r c:documents and settingsРоманApplication DataSecuROM
2009-01-16 12:24
d-s—w c:program filesXfire
2009-01-16 12:24
d
w c:program filesAGEIA Technologies
2009-01-16 12:24
d
w c:documents and settingsРоманApplication DataXfire
2009-01-11 12:35 359,040
w c:cWINDOWSsystem32driverstcpip.sys
2009-01-09 16:13
d
w c:program filesImage-Line
2009-01-08 17:08
d
w c:documents and settingsРоманApplication DataAdobeUM
2009-01-07 14:59
d
w c:program filesShasoft eBook 3.0
2009-01-07 12:00
d
w c:documents and settingsРоманApplication DataEPSON
2009-01-06 11:17
d
w c:program filesEltima Software
2009-01-06 11:17
d
w c:documents and settingsРоманApplication DataEltima Software
2009-01-06 07:04
d
w c:program filesRADVideo
2009-01-04 11:30 43,520 —-a-w c:cWINDOWSsystem32CmdLineExt03.dll
2009-01-04 09:22 577,536 —-a-w c:cWINDOWSsystem32USER32.DLL.TMP
2009-01-03 16:41 14,116 —-a-w c:cWINDOWSkkkfucku.exe
2009-01-02 14:37
d
w c:program filesdir9
2009-01-02 05:22
d
w c:program filesATMA
2008-12-31 17:51
d
w c:documents and settingsРоманApplication DataDownload Master
2008-12-31 17:42
d
w c:program filesRealtek AC97
2008-12-31 17:38
d
w c:documents and settingsAll Users.WINDOWSApplication DataInstallShield
2008-12-31 17:36
d
w c:documents and settingsAll Users.WINDOWSApplication DataUDL
2008-12-31 17:35
d
w c:program filesepson
2008-12-31 17:26
d
w c:program files7-Zip
2008-12-31 17:25
d
w c:program filesAlcohol Soft
2008-12-31 17:23
d
w c:program filesAhead
2008-12-31 17:19
d
w c:documents and settingsAll Users.WINDOWSApplication DataACD Systems
2008-12-31 17:17
d
w c:program filesXnView
2008-12-31 17:17
d
w c:documents and settingsРоманApplication DataXnView
2008-12-31 17:15
d
w c:program filesCommon FilesAdobe
2008-12-31 17:15
d
w c:documents and settingsAll Users.WINDOWSApplication DataMacrovision
2008-12-31 17:01
d
w c:program filesKaspersky Lab
2008-12-31 17:00
d
w c:documents and settingsAll Users.WINDOWSApplication DataKaspersky Lab Setup Files
2008-12-31 16:54
d
w c:documents and settingsРомаApplication DataAny Video Converter
2008-12-31 16:51
d
w c:documents and settingsРоманApplication DataABBYY
2008-12-31 16:45
d
w c:documents and settingsAll Users.WINDOWSApplication DataNVIDIA
2008-12-31 16:13
d
w c:documents and settingsРоманApplication DataQIP
2008-12-31 07:51
d
w c:documents and settingsРомаApplication DataDownload Master
2008-12-28 17:56
d
w c:documents and settingsРомаApplication DataOpenOffice.org2
2008-12-28 03:32
d
w c:program filesQIP
2008-12-27 16:16
d
w c:program filesYandex
2008-12-27 12:26
d
w c:documents and settingsРомаApplication DataQIP.Online
2008-12-12 14:20 22,328 —-a-w c:documents and settingsРомаApplication DataPnkBstrK.sys
2007-12-29 12:59 3,566,536 —-a-w c:program filesdaemon4112-lite.exe
2007-12-15 15:40 2,654,664 —-a-w c:program filesDAEMON411-LITE-X64.EXE
2007-12-14 20:42 2,492,360 —-a-w c:program filesDAEMON411-LITE-X86.EXE
2007-09-20 12:58 1,101 —-a-w c:documents and settingsАдминистраторDropTeamSettings.dat
2007-09-20 12:58 0 —-a-w c:documents and settingsАдминистраторDropTeamServerExtras.dat
2007-09-20 12:57 10 —-a-w c:documents and settingsАдминистраторDropTeamTips.dat
2007-01-13 20:36 1,694,616 —-a-w c:program filesdaemon408-139-x64.exe
2007-01-10 15:57 1,527,192 —-a-w c:program filesdaemon408-139-x86.exe
2006-10-23 17:38 498 —ha-w c:program filescontents.obv
2007-11-15 18:49 67,696 —-a-w c:program filesmozilla firefoxcomponentsjar50.dll
2007-11-15 18:49 54,376 —-a-w c:program filesmozilla firefoxcomponentsjsd3250.dll
2007-11-15 18:49 34,952 —-a-w c:program filesmozilla firefoxcomponentsmyspell.dll
2007-11-15 18:49 46,720 —-a-w c:program filesmozilla firefoxcomponentsspellchk.dll
2007-11-15 18:49 172,144 —-a-w c:program filesmozilla firefoxcomponentsxpinstal.dll
.
Sigcheck
2004-08-03 19:14 359040 9f4b36614a0fc234525ba224957de55c c:cWINDOWSsystem32dllcachetcpip.sys
2009-01-11 14:35 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:cWINDOWSsystem32driverstcpip.sys2004-09-17 12:16 503808 a975a70fcefe2a224412214320c89ded c:cWINDOWSsystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{95289393-33EA-4F8D-B952-483415B9C955}»= «c:documents and settingsРоманApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-01-20 131072][HKEY_CLASSES_ROOTclsid{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{3802F364-62DD-4112-BF89-D8E6454FD755}]
2009-02-26 05:36 506368 —a
c:documents and settingsAll Users.WINDOWSApplication Datayzdlib.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
2009-01-20 13:09 131072 —a
c:documents and settingsРоманApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:cWINDOWSsystem32ctfmon.exe» [2004-08-17 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:cWINDOWSsystem32NvCpl.dll» [2007-04-19 7700480]
«SoundMan»=»SOUNDMAN.EXE» [2005-05-17 c:cWINDOWSSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:cWINDOWSsystem32CTFMON.EXE» [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2 (0x2)
«lanmanserver»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:cWINDOWSsystem32driverssfdrv01a.sys [2006-07-05 63352]
R1 epfwtdir;epfwtdir;c:cWINDOWSsystem32driversepfwtdir.sys [2008-02-06 34312]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-02-06 472320]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [2009-01-21 222456]
S2 wmiApSvc;WMI Performan Adapter; [x]
S4 Cmddsov;Cmddsov; [x][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{81e72356-d7cf-11dd-93c7-0017314aa3a1}]
ShellAutoRuncommand — F:btoiof.exe
ShellexploreCommand — F:btoiof.exe
ShellopenCommand — F:btoiof.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}]
c:systemS-1-5-21-1482476501-1644491937-682003330-1013system.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}]
c:recycleD-0-060-0000000000-1111111-2222222fix.exe
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = http://www.APEHA.ru
uInternet Connection Wizard,ShellNext = hxxp://www.epson.ru/registration
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {9B531186-58CE-4E22-9BDA-99387E1B8830} = 62.213.0.12 62.213.2.1
TCP: {B99E6C81-2308-479F-96A3-3DAA7D08B3D7} = 62.213.0.12,62.213.2.1
FF — ProfilePath —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 07:54:57
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-02-26 7:55:59
ComboFix-quarantined-files.txt 2009-02-26 05:55:53
ComboFix2.txt 2009-02-26 05:52:34
ComboFix3.txt 2009-02-26 05:43:42Pre-Run: 43 354 210 304 байт свободно
Post-Run: 43,345,641,472 байт свободно246 — E O F — 2009-01-01 05:46:06
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по Combofix логу ваш компьютер так же заражён autorun.inf вирусом.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
wmiApSvc
Cmddsov
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{3802F364-62DD-4112-BF89-D8E6454FD755}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{81e72356-d7cf-11dd-93c7-0017314aa3a1}]
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}]
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}]
File::
c:documents and settingsAll Users.WINDOWSApplication Datayzdlib.dll
F:btoiof.exe
Folder::
c:system
c:recycleЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.
- Для ответа в этой теме необходимо авторизоваться.
