- This topic has 9 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Доброго времени суток, прошу помощи в файрфоксе постоянно выбиваются баннеры с порно
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:37, on 11.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32CTFMON.EXE
C:Program FilesDownload Masterdmaster.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumsched.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavguard.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavesvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesBorlandInterBasebinibguard.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavmailc.exe
C:Program FilesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesBorlandInterBasebinibserver.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesRegCleanerRegCleanr.exe
C:Program FilesGlobalSCAPECuteFTP 8 Professionalcuteftppro.exe
C:WINDOWSexplorer.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavgnt.exe
C:Program FilesThe Bat!thebat.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMalwarebytes’ Anti-Malwarembam.exe
C:Program FilesTrend MicroHijackThisHijackThis.exeR1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Premiumavgnt.exe» /min
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [JMB36X IDE Setup] C:WINDOWSRaidToolxInsIDE.exe
O4 — HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32xRaidSetup.exe boot
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 — Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) — C:Program FilesYahoo!Commonyinsthelper.dll
O17 — HKLMSystemCCSServicesTcpip..{EC42E6CF-36A0-48A9-83F1-C5607E858D98}: NameServer = 192.168.51.1
O17 — HKLMSystemCCSServicesTcpip..{ED49D81B-7D3C-4B49-9670-E823C54552BA}: NameServer = 62.80.160.130,62.80.160.140
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~3Office12GR99D3~1.DLL
O23 — Service: Lavasoft Ad-Aware Service (aawservice) — Lavasoft — C:Program FilesLavasoftAd-Awareaawservice.exe
O23 — Service: Avira AntiVir Premium MailGuard (AntiVirMailService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavmailc.exe
O23 — Service: Планировщик Avira AntiVir Premium (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumsched.exe
O23 — Service: Avira AntiVir Premium Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavguard.exe
O23 — Service: Avira AntiVir Premium WebGuard (antivirwebservice) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE
O23 — Service: Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты) (AVEService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavesvc.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: InterBase Guardian (InterBaseGuardian) — Borland Software Corporation — C:Program FilesBorlandInterBasebinibguard.exe
O23 — Service: InterBase Server (InterBaseServer) — Borland Software Corporation — C:Program FilesBorlandInterBasebinibserver.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe—
End of file — 9839 bytesЗдравствуйте, добро пожаловать на Spyware-ru форум.
что никто не знает как бороться?
Подобная проблема уже была решена на форуме, так что попробуем вылечить ваш компьютер.
HijackThis лог не показывает заражения.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.вот лог
ComboFix 08-11-10.01 — Administrator 2008-11-12 0:15:04.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2751 [GMT 2:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.2008-11-11 14:26 . 2008-11-11 18:38
d
c:windowssystem32Filt
2008-11-11 14:26 .c:windowsLastGood.Tmp
2008-11-11 14:26 . 2008-11-11 14:26d
c:program filesAgnitum
2008-11-11 14:26 . 2008-11-11 14:26d
c:documents and settingsAll UsersApplication DataAgnitum
2008-11-11 14:26 . 2008-07-04 14:44 672,896 —a
c:windowssystem32driversSandBox.sys
2008-11-11 14:26 . 2008-06-30 17:16 234,640 —a
c:windowssystem32driversafwcore.sys
2008-11-11 14:26 . 2008-06-30 17:16 30,864 —a
c:windowssystem32driversafw.sys
2008-11-11 14:26 . 2007-10-25 19:17 49 —a
c:windowstransp.gif
2008-11-11 11:29 . 2008-11-12 00:17d
c:program filesSpybot — Search & Destroy
2008-11-11 11:29 . 2008-11-12 00:19d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-11-11 03:49 . 2008-11-11 03:49d
c:program filesTrend Micro
2008-11-11 03:39 . 2008-11-11 03:39d
c:program filesMalwarebytes’ Anti-Malware
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAdministratorApplication DataMalwarebytes
2008-11-11 03:39 . 2008-10-22 16:10 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 03:39 . 2008-10-22 16:10 15,504 —a
c:windowssystem32driversmbam.sys
2008-11-11 01:12 . 2008-11-11 01:12d
c:documents and settingsAll UsersApplication DataYahoo! Companion
2008-11-11 01:06 . 2008-11-11 01:06d
c:program filesYahoo!
2008-11-11 01:06 . 2008-11-11 01:07d
c:program filesCCleaner
2008-11-11 01:04 . 2008-11-11 01:06d
c:program filesRegCleaner
2008-11-09 18:32 . 2008-11-09 18:35d
c:program filesNotepad++
2008-11-09 18:32 . 2008-11-09 18:35d
c:documents and settingsAdministratorApplication DataNotepad++
2008-11-09 17:15 . 2008-11-09 17:15d
c:documents and settingsAdministrator.borland
2008-11-09 17:03 . 2008-11-09 17:03d
c:documents and settingsAdministratorWINDOWS
2008-11-09 16:57 . 2008-11-09 17:00d
c:program filesCommon FilesBorland Shared
2008-11-09 16:57 . 2008-11-09 17:01d
c:program filesBorland
2008-11-09 16:49 . 2001-11-29 01:50 430,080 —a
c:windowssystem32ibmgr.cpl
2008-11-09 16:49 . 2001-11-29 01:50 376,832 —a
c:windowssystem32gds32.dll
2008-11-09 16:49 . 2001-11-29 01:50 177,152 —a
c:windowssystem32ibinstall.dll
2008-11-09 16:49 . 2001-11-29 01:50 28,672 —a
c:windowssystem32ibxml.dll
2008-11-09 16:09 . 2008-11-09 16:09d
c:program filesLavasoft
2008-11-09 16:09 . 2008-11-09 16:24d
c:documents and settingsAll UsersApplication DataLavasoft
2008-11-09 16:08 . 2008-11-09 16:08d
c:program filesCommon FilesWise Installation Wizard
2008-11-09 13:25 . 2008-11-09 13:26d
c:documents and settingsAdministratorApplication DataCTdeveloping
2008-11-09 13:13 . 2008-11-09 17:03d
c:program filesTotal PDF ConverterX
2008-11-09 13:11 . 2008-11-09 13:12 180 —a
c:windowspdf2word.INI
2008-11-08 01:38 . 2008-11-11 03:24d
c:documents and settingsAdministratorGoogle
2008-11-08 01:37 . 2008-11-11 01:39d
c:program filesGoogle
2008-11-07 07:54 . 2008-11-07 07:55 22,328 —a
c:windowssystem32driversPnkBstrK.sys
2008-11-07 07:53 . 2008-11-07 07:55 103,736 —a
c:windowssystem32PnkBstrB.exe
2008-11-07 07:53 . 2008-11-07 07:53 66,872 —a
c:windowssystem32PnkBstrA.exe
2008-11-07 01:19 . 2008-11-07 01:45d
c:program filesNeed for Speed ProStreet
2008-11-03 17:11 . 2008-11-11 12:05 69 —a
c:windowsNeroDigital.ini
2008-10-30 14:24 . 2008-10-30 14:24d
c:program fileshexplorer
2008-10-30 14:24 . 2008-11-06 12:26 1,080 —a
c:documents and settingsAdministratorApplication Datahexplorer.dat
2008-10-30 14:24 . 2008-11-06 12:26 25 —a
c:documents and settingsAdministratorApplication Datamclip.dat
2008-10-30 14:08 . 2008-10-30 14:08d
c:windowssystem32XPSViewer
2008-10-30 14:08 . 2008-10-30 14:08d
c:program filesReference Assemblies
2008-10-30 14:07 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-10-28 20:55 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2008-10-28 20:54 . 2008-10-30 14:08d
c:program filesMSBuild
2008-10-28 20:54 . 2008-10-28 20:54d
c:program filesMicrosoft Works
2008-10-28 20:53 . 2008-10-28 20:53d
c:program filesMicrosoft.NET
2008-10-28 20:52 . 2008-10-28 20:52d
c:program filesMicrosoft Visual Studio 8
2008-10-28 20:51 . 2008-10-28 20:54d
c:windowsSHELLNEW
2008-10-28 20:51 . 2008-10-28 20:55d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-28 20:50 . 2008-10-28 20:50dr-h
C:MSOCache
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesfree-downloads.net
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesConduit
2008-10-28 20:40 . 2008-10-28 20:40d
c:program filesAlcohol Soft
2008-10-28 20:36 . 2008-10-28 20:39 716,272 —a
c:windowssystem32driverssptd.sys
2008-10-28 07:40 . 2008-11-12 00:01d
c:documents and settingsAdministratorApplication DataWebMoney
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney Agent
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney
2008-10-28 07:38 . 2008-11-12 00:10d-a
c:documents and settingsAll UsersApplication DataTEMP
2008-10-27 12:56 . 2008-10-27 12:56d
c:program filesRndLabs
2008-10-27 07:51 . 2008-10-27 07:51d
c:documents and settingsAdministratorApplication DataGlobalSCAPE
2008-10-26 18:27 . 2008-10-26 18:27d
c:documents and settingsAdministratorApplication DataAvira
2008-10-26 08:16 . 2008-10-26 08:16d
c:documents and settingsAdministratorApplication DataBSplayer PRO
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAll UsersApplication DataScreaming Bee
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAdministratorApplication DataScreaming Bee
2008-10-26 00:04 . 2008-10-27 12:38d
c:documents and settingsAdministratorApplication DataDownload Master
2008-10-25 23:14 . 2008-10-25 23:14d
c:documents and settingsAdministratorApplication DataGRETECH
2008-10-25 19:33 . 2008-11-07 21:31d
c:program fileseMule
2008-10-24 14:51 . 2008-11-07 09:16d
c:documents and settingsAdministratorApplication DataU3
2008-10-24 11:10 . 2008-10-01 17:44 38 —a
c:windowsavisplitter.INI
2008-10-22 18:42 . 2008-10-22 18:42d
c:program filesNetPromoter
2008-10-21 13:16 . 2008-10-21 14:47d
c:documents and settingsAdministratorApplication DataMedia Player Classic
2008-10-21 13:16 . 2008-07-04 08:34 860,160 —a
c:windowssystem32lameACM.acm
2008-10-21 13:16 . 2007-09-04 18:56 164,352 —a
c:windowssystem32unrar.dll
2008-10-21 13:16 . 2007-10-03 17:03 414 —a
c:windowssystem32lame_acm.xml
2008-10-21 13:15 . 2008-10-21 13:15d
c:program filesK-Lite Codec Pack
2008-10-21 13:15 . 2008-05-23 00:22 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-10-21 13:15 . 2008-01-10 14:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-10-21 13:15 . 2008-05-31 01:22 683,520 —a
c:windowssystem32divx.dll
2008-10-21 13:15 . 2004-01-12 00:00 348,160 —a
c:windowssystem32msvcr71.dll
2008-10-21 13:15 . 2004-01-25 18:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-10-21 13:15 . 2008-01-10 14:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-10-21 13:15 . 2007-09-21 02:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-10-21 13:15 . 2008-05-23 00:19 81,920 —a
c:windowssystem32dpl100.dll
2008-10-21 13:15 . 2008-06-12 20:36 7,680 —a
c:windowssystem32ff_vfw.dll
2008-10-21 13:15 . 2007-07-10 18:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-10-21 12:46 . 2008-10-21 12:46d
c:program filesWebteh
2008-10-20 12:45 . 2008-10-20 12:45d
c:program filesLanTricks
2008-10-18 08:15 . 2004-08-03 22:08 26,496 —a—c— c:windowssystem32dllcacheusbstor.sys
2008-10-17 13:24 . 2008-10-17 13:24d
c:program filesGuitar Pro 5
2008-10-16 23:44 . 2008-10-16 23:44d
c:program filesOpera
2008-10-16 19:35 . 2008-11-11 15:26d
C:Downloads
2008-10-16 19:34 . 2008-10-16 19:34d
c:program filesDownload Master
2008-10-16 13:49 . 2008-10-16 13:49d
c:documents and settingsAdministratorApplication DataVyPRESS
2008-10-16 06:22 . 2008-10-16 06:22d
c:windowsRaidTool
2008-10-16 06:22 . 2007-03-28 09:25 1,953,792 -r
c:windowssystem32xRaidSetup.exe
2008-10-16 06:22 . 2007-03-28 09:26 143,360 -r
c:windowssystem32xRaidAPI.dll
2008-10-16 06:22 . 2006-02-07 13:52 6,912 -ra
c:windowssystem32driversJGOGO.sys
2008-10-16 01:40 . 2008-10-16 01:40d
c:program filesWebLogAnalyzer
2008-10-16 00:19 . 2008-10-16 00:19d
c:documents and settingsAll UsersApplication DataFLEXnet
2008-10-16 00:14 . 2008-10-16 00:14d
c:program filesBonjour
2008-10-16 00:09 . 2008-10-16 00:09d
c:program filesCommon FilesMacrovision Shared
2008-10-16 00:08 . 2008-10-16 03:36d
c:program filesCommon FilesAdobe
2008-10-15 23:52 . 2008-10-15 23:52d
c:documents and settingsAll UsersApplication DataGlobalSCAPE
2008-10-15 23:51 . 2008-10-15 23:51d
c:program filesGlobalSCAPE
2008-10-15 21:39 . 2008-10-15 21:41d
c:documents and settingsAdministratorApplication DataWinamp
2008-10-15 20:19 . 2008-11-11 20:29d
c:documents and settingsAdministratorApplication DataThe Bat!.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 15:04
d
w c:program filesMinilyrics
2008-11-09 15:01
d
w c:program filesWinamp
2008-11-07 14:05
d
w c:program filesTotal Commander
2008-10-24 18:57
d
w c:program filesUnlocker
2008-10-22 16:42
d—h—w c:program filesInstallShield Installation Information
2008-10-15 21:51
d
w c:program filesCommon FilesInstallShield
2008-10-15 19:11
d
w c:program filesQIP
2008-10-15 18:16
d
w c:program filesThe Bat!
2008-10-15 18:14
d
w c:program filesAvira
2008-10-15 18:14
d
w c:documents and settingsAll UsersApplication DataAvira
2008-10-15 18:10 315,392 —-a-w c:windowsHideWin.exe
2008-10-15 18:10
d
w c:program filesRealtek
2008-10-15 18:06
d
w c:program filesIntel
2008-10-15 18:03
d
w c:program filesMy Company Name
2008-10-15 17:57 67,654 —-a-w c:windowsBricoPackUninst.cmd
2008-10-15 17:57 5,683 —-a-w c:windowsBricoPackFoldersDelete.cmd
2008-10-15 17:57 218,624 —-a-w c:windowssystem32uxtheme.dll
2008-10-15 17:55
d
w c:program filesQuickTime
2008-10-15 17:55
d
w c:program filesIrfanView
2008-10-15 17:55
d
w c:program filesGRETECH
2008-10-15 17:54 25,992 —-a-w c:windowssystem32pgdfgsvc.exe
2008-10-15 17:54
d
w c:program filesSysinternals
2008-10-15 17:54
d
w c:program filesDRV
2008-10-15 17:53
d
w c:program filesWindows Media Connect 2
2008-10-15 17:44
d
w c:program filesmicrosoft frontpage
2008-10-15 17:39
d
w c:program filesMicrosoft PowerToys
2008-10-15 17:39
d
w c:program filesHashTab Shell Extension
2008-10-02 16:15
d
w c:program filesCommon FilesNero
2008-10-02 16:15
d
w c:documents and settingsAdministratorApplication DataNero
2008-10-02 16:14
d
w c:program filesNero
2008-10-02 16:14
d
w c:documents and settingsAll UsersApplication DataNero
.((((((((((((((((((((((((((((( snapshot@2008-11-11_ 1.41.06,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 —-a-w c:windowsERDNTsubsERDNT.EXE
+ 2008-07-04 12:45:26 33,408 —-a-w c:windowssystem32FiltASWFilt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3286016]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-02-22 217544]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-06-24 1840424]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-04 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-04 81920]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe» [2008-06-12 266497]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-07-09 36352]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-28 1953792]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-06-19 570664]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-06-08 2221352]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-04 1159496]
«nwiz»=»nwiz.exe» [2007-12-04 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2007-07-05 c:windowsRTHDCPL.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2006-10-17 c:windowssystem32advpack.dll]c:documents and settingsAdministratorStart MenuProgramsStartup
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-06-25 2893800]
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.divxa32″= msaud32_divx.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«d:\раб\New Folder\Vypress Chat\VyChat.exe»=
«d:\Игры\1.6\hl.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=R1 SandBox;SandBox;c:windowssystem32DRIVERSSandBox.sys [2008-07-04 672896]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-07-04 1238344]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты);c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2008-05-09 41217]
R3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-30 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-06-30 234640]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-07-04 33408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [ ][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
ShellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0586fa27-9b3a-11dd-99c6-001e90cdde4b}]
ShellAutoRuncommand — H:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f7-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f8-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — H:xdpyjb.exe
ShellexploreCommand — H:xdpyjb.exe
ShellopenCommand — H:xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56fd-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — F:xdpyjb.exe
ShellexploreCommand — F:xdpyjb.exe
ShellopenCommand — F:xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{68d8ca9f-a069-11dd-99ca-001e90cdde4b}]
ShellAutoRuncommand — F:bo1dhu.bat
ShellexploreCommand — F:bo1dhu.bat
ShellopenCommand — F:bo1dhu.bat[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bca0243d-9fb3-11dd-99c9-001e90cdde4b}]
ShellAutoRuncommand — xdpyjb.exe
ShellexploreCommand — xdpyjb.exe
ShellopenCommand — xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7ccaaa1-a51f-11dd-99d6-001e90cdde4b}]
ShellAutoRuncommand — F:start.exe*Newly Created Service* — AFWCORE
.
.
Supplementary Scan
.
FireFox -: Profile — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesphsvhf6l.default
FireFox -: prefs.js — SEARCH.DEFAULTURL — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin — c:program filesOperaprogrampluginsNPOFF12.DLL
FF -: plugin — c:program filesYahoo!Commonnpyaxmpb.dll
FF -: plugin — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 00:18:10
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
PROCESS: c:windowsexplorer.exe
-> c:program filesUnlockerUnlockerHook.dll
.
Other Running Processes
.
c:program filesLavasoftAd-Awareaawservice.exe
c:program filesAviraAntiVir PersonalEdition Premiumsched.exe
c:windowssystem32rundll32.exe
c:program filesAviraAntiVir PersonalEdition Premiumavguard.exe
c:program filesBonjourmDNSResponder.exe
c:program filesBorlandInterBasebinibguard.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32IoctlSvc.exe
c:windowssystem32PnkBstrA.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesBorlandInterBasebinibserver.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-12 0:21:55 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 22:21:51
ComboFix2.txt 2008-11-10 23:42:47Pre-Run: 3 928 748 032 bytes free
Post-Run: 3,846,152,192 bytes free295
Судя по Combofix логу, ваш компьютер также заражён autorun.inf трояном.
Для начала вам необходимо прочитать эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.Далее, откройте блокнот и вставьте в него следующий текст:
Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0586fa27-9b3a-11dd-99c6-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f7-a1bc-11dd-99cc-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f8-a1bc-11dd-99cc-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56fd-a1bc-11dd-99cc-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{68d8ca9f-a069-11dd-99ca-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bca0243d-9fb3-11dd-99c9-001e90cdde4b}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7ccaaa1-a51f-11dd-99d6-001e90cdde4b}]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
В результате ваших действий запуститься Combofix и выполнит созданный нами скрипт.
По окончании работы будет показан свежий Combofix лог. Вставьте его в ваш ответ.И ещё, по-поводу всплывающих окон. К сожалению Combofix не показывает заражения поражающие Firefox. Плэтому чтобы излечиться от таких вредоносных программы, а они устанавливаются как Дополнения, можно сделать одно — установить Firefox заново.
Кликните Пуск -> Настройка -> Панель управления,
Кликните дважды по иконке Установка и удаление программ.
В списке установленных программ найдите Mozilla Firefox, выделите этот пункт кликнув один раз по нему.
Затем кликните по кнопке Удалить и следуйте указаниям.
Закройте Панель управления и окно Установки и удаления программ.Кликните Пуск -> Выполнить
В поле ввода введите%APPDATA%Нажмите Enter.
Откроется содержимое папки Application Data.
Удалите папку Mozilla.Откройте папку C:Program Files и в ней удалите папку Mozilla Firefox.
Теперь скачайте свежую версию Firefox и установите программу на компьютер.
спасибо за такой полный ответ, как только приеду домой обязательно проделаю все действия и отпишу о результате
новый лог
ComboFix 08-11-10.01 — Administrator 2008-11-16 19:53:02.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2592 [GMT 2:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.2008-11-16 13:30 . 2008-11-16 13:30
d
c:documents and settingsAll UsersApplication DataWebLogAnalyzer
2008-11-15 21:38 . 2008-11-15 21:40d
c:documents and settingsAdministratorApplication DataVKLife
2008-11-13 16:16 . 2008-11-16 19:50d
C:WebServers
2008-11-12 14:21 . 2008-11-12 14:21d
c:program filesYandex
2008-11-12 14:21 . 2008-11-12 14:21d
c:program filesCommon FilesYandex
2008-11-12 14:21 . 2008-11-12 14:21d
c:documents and settingsAdministratorApplication DataYandex
2008-11-11 14:26 . 2008-11-14 18:51d
c:windowssystem32Filt
2008-11-11 14:26 . 2008-11-11 14:26d
c:program filesAgnitum
2008-11-11 14:26 . 2008-11-11 14:26d
c:documents and settingsAll UsersApplication DataAgnitum
2008-11-11 14:26 . 2008-07-04 14:44 672,896 —a
c:windowssystem32driversSandBox.sys
2008-11-11 14:26 . 2008-06-30 17:16 234,640 —a
c:windowssystem32driversafwcore.sys
2008-11-11 14:26 . 2008-06-30 17:16 30,864 —a
c:windowssystem32driversafw.sys
2008-11-11 14:26 . 2007-10-25 19:17 49 —a
c:windowstransp.gif
2008-11-11 11:29 . 2008-11-12 00:17d
c:program filesSpybot — Search & Destroy
2008-11-11 11:29 . 2008-11-12 00:19d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-11-11 03:49 . 2008-11-11 03:49d
c:program filesTrend Micro
2008-11-11 03:39 . 2008-11-11 03:39d
c:program filesMalwarebytes’ Anti-Malware
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAdministratorApplication DataMalwarebytes
2008-11-11 03:39 . 2008-10-22 16:10 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 03:39 . 2008-10-22 16:10 15,504 —a
c:windowssystem32driversmbam.sys
2008-11-11 01:12 . 2008-11-11 01:12d
c:documents and settingsAll UsersApplication DataYahoo! Companion
2008-11-11 01:06 . 2008-11-11 01:06d
c:program filesYahoo!
2008-11-11 01:06 . 2008-11-11 01:07d
c:program filesCCleaner
2008-11-11 01:04 . 2008-11-11 01:06d
c:program filesRegCleaner
2008-11-09 18:32 . 2008-11-09 18:35d
c:program filesNotepad++
2008-11-09 18:32 . 2008-11-09 18:35d
c:documents and settingsAdministratorApplication DataNotepad++
2008-11-09 17:15 . 2008-11-09 17:15d
c:documents and settingsAdministrator.borland
2008-11-09 17:03 . 2008-11-09 17:03d
c:documents and settingsAdministratorWINDOWS
2008-11-09 16:57 . 2008-11-09 17:00d
c:program filesCommon FilesBorland Shared
2008-11-09 16:57 . 2008-11-09 17:01d
c:program filesBorland
2008-11-09 16:49 . 2001-11-29 01:50 430,080 —a
c:windowssystem32ibmgr.cpl
2008-11-09 16:49 . 2001-11-29 01:50 376,832 —a
c:windowssystem32gds32.dll
2008-11-09 16:49 . 2001-11-29 01:50 177,152 —a
c:windowssystem32ibinstall.dll
2008-11-09 16:49 . 2001-11-29 01:50 28,672 —a
c:windowssystem32ibxml.dll
2008-11-09 16:09 . 2008-11-09 16:09d
c:program filesLavasoft
2008-11-09 16:09 . 2008-11-09 16:24d
c:documents and settingsAll UsersApplication DataLavasoft
2008-11-09 16:08 . 2008-11-09 16:08d
c:program filesCommon FilesWise Installation Wizard
2008-11-09 13:25 . 2008-11-09 13:26d
c:documents and settingsAdministratorApplication DataCTdeveloping
2008-11-09 13:13 . 2008-11-09 17:03d
c:program filesTotal PDF ConverterX
2008-11-09 13:11 . 2008-11-09 13:12 180 —a
c:windowspdf2word.INI
2008-11-08 01:38 . 2008-11-11 03:24d
c:documents and settingsAdministratorGoogle
2008-11-08 01:37 . 2008-11-11 01:39d
c:program filesGoogle
2008-11-07 07:54 . 2008-11-07 07:55 22,328 —a
c:windowssystem32driversPnkBstrK.sys
2008-11-07 07:53 . 2008-11-07 07:55 103,736 —a
c:windowssystem32PnkBstrB.exe
2008-11-07 07:53 . 2008-11-07 07:53 66,872 —a
c:windowssystem32PnkBstrA.exe
2008-11-07 01:19 . 2008-11-07 01:45d
c:program filesNeed for Speed ProStreet
2008-11-03 17:11 . 2008-11-15 23:22 69 —a
c:windowsNeroDigital.ini
2008-10-30 14:24 . 2008-10-30 14:24d
c:program fileshexplorer
2008-10-30 14:24 . 2008-11-12 11:33 1,080 —a
c:documents and settingsAdministratorApplication Datahexplorer.dat
2008-10-30 14:24 . 2008-11-12 11:33 25 —a
c:documents and settingsAdministratorApplication Datamclip.dat
2008-10-30 14:08 . 2008-10-30 14:08d
c:windowssystem32XPSViewer
2008-10-30 14:08 . 2008-10-30 14:08d
c:program filesReference Assemblies
2008-10-30 14:07 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-10-28 20:55 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2008-10-28 20:54 . 2008-10-30 14:08d
c:program filesMSBuild
2008-10-28 20:54 . 2008-10-28 20:54d
c:program filesMicrosoft Works
2008-10-28 20:53 . 2008-10-28 20:53d
c:program filesMicrosoft.NET
2008-10-28 20:52 . 2008-10-28 20:52d
c:program filesMicrosoft Visual Studio 8
2008-10-28 20:51 . 2008-10-28 20:54d
c:windowsSHELLNEW
2008-10-28 20:51 . 2008-10-28 20:55d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-28 20:50 . 2008-10-28 20:50dr-h
C:MSOCache
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesfree-downloads.net
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesConduit
2008-10-28 20:40 . 2008-10-28 20:40d
c:program filesAlcohol Soft
2008-10-28 20:36 . 2008-10-28 20:39 716,272 —a
c:windowssystem32driverssptd.sys
2008-10-28 07:40 . 2008-11-16 19:21d
c:documents and settingsAdministratorApplication DataWebMoney
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney Agent
2008-10-28 07:38 . 2008-11-16 13:20d
c:program filesWebMoney
2008-10-28 07:38 . 2008-11-16 19:52d-a
c:documents and settingsAll UsersApplication DataTEMP
2008-10-27 12:56 . 2008-10-27 12:56d
c:program filesRndLabs
2008-10-27 07:51 . 2008-10-27 07:51d
c:documents and settingsAdministratorApplication DataGlobalSCAPE
2008-10-26 18:27 . 2008-10-26 18:27d
c:documents and settingsAdministratorApplication DataAvira
2008-10-26 08:16 . 2008-10-26 08:16d
c:documents and settingsAdministratorApplication DataBSplayer PRO
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAll UsersApplication DataScreaming Bee
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAdministratorApplication DataScreaming Bee
2008-10-26 00:04 . 2008-11-15 14:01d
c:documents and settingsAdministratorApplication DataDownload Master
2008-10-25 23:14 . 2008-10-25 23:14d
c:documents and settingsAdministratorApplication DataGRETECH
2008-10-25 19:33 . 2008-11-07 21:31d
c:program fileseMule
2008-10-24 14:51 . 2008-11-07 09:16d
c:documents and settingsAdministratorApplication DataU3
2008-10-24 11:10 . 2008-11-14 12:51 38 —a
c:windowsavisplitter.INI
2008-10-22 18:42 . 2008-10-22 18:42d
c:program filesNetPromoter
2008-10-21 13:16 . 2008-10-21 14:47d
c:documents and settingsAdministratorApplication DataMedia Player Classic
2008-10-21 13:16 . 2008-07-04 08:34 860,160 —a
c:windowssystem32lameACM.acm
2008-10-21 13:16 . 2007-09-04 18:56 164,352 —a
c:windowssystem32unrar.dll
2008-10-21 13:16 . 2007-10-03 17:03 414 —a
c:windowssystem32lame_acm.xml
2008-10-21 13:15 . 2008-10-21 13:15d
c:program filesK-Lite Codec Pack
2008-10-21 13:15 . 2008-05-23 00:22 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-10-21 13:15 . 2008-01-10 14:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-10-21 13:15 . 2008-05-31 01:22 683,520 —a
c:windowssystem32divx.dll
2008-10-21 13:15 . 2004-01-12 00:00 348,160 —a
c:windowssystem32msvcr71.dll
2008-10-21 13:15 . 2004-01-25 18:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-10-21 13:15 . 2008-01-10 14:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-10-21 13:15 . 2007-09-21 02:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-10-21 13:15 . 2008-05-23 00:19 81,920 —a
c:windowssystem32dpl100.dll
2008-10-21 13:15 . 2008-06-12 20:36 7,680 —a
c:windowssystem32ff_vfw.dll
2008-10-21 13:15 . 2007-07-10 18:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-10-21 12:46 . 2008-10-21 12:46d
c:program filesWebteh
2008-10-20 12:45 . 2008-10-20 12:45d
c:program filesLanTricks
2008-10-18 08:15 . 2004-08-03 22:08 26,496 —a—c— c:windowssystem32dllcacheusbstor.sys
2008-10-17 13:24 . 2008-10-17 13:24d
c:program filesGuitar Pro 5
2008-10-16 23:44 . 2008-10-16 23:44d
c:program filesOpera
2008-10-16 19:35 . 2008-11-11 15:26d
C:Downloads
2008-10-16 19:34 . 2008-10-16 19:34d
c:program filesDownload Master
2008-10-16 13:49 . 2008-10-16 13:49d
c:documents and settingsAdministratorApplication DataVyPRESS
2008-10-16 06:22 . 2008-10-16 06:22d
c:windowsRaidTool
2008-10-16 06:22 . 2007-03-28 09:25 1,953,792 -r
c:windowssystem32xRaidSetup.exe
2008-10-16 06:22 . 2007-03-28 09:26 143,360 -r
c:windowssystem32xRaidAPI.dll
2008-10-16 06:22 . 2006-02-07 13:52 6,912 -ra
c:windowssystem32driversJGOGO.sys
2008-10-16 01:40 . 2008-11-16 13:30d
c:program filesWebLogAnalyzer
2008-10-16 00:19 . 2008-10-16 00:19d
c:documents and settingsAll UsersApplication DataFLEXnet
2008-10-16 00:14 . 2008-10-16 00:14d
c:program filesBonjour
2008-10-16 00:09 . 2008-10-16 00:09d
c:program filesCommon FilesMacrovision Shared
2008-10-16 00:08 . 2008-10-16 03:36d
c:program filesCommon FilesAdobe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 14:05
d
w c:documents and settingsAdministratorApplication DataThe Bat!
2008-11-09 15:04
d
w c:program filesMinilyrics
2008-11-09 15:01
d
w c:program filesWinamp
2008-11-07 14:05
d
w c:program filesTotal Commander
2008-10-24 18:57
d
w c:program filesUnlocker
2008-10-22 16:42
d—h—w c:program filesInstallShield Installation Information
2008-10-15 21:52
d
w c:documents and settingsAll UsersApplication DataGlobalSCAPE
2008-10-15 21:51
d
w c:program filesGlobalSCAPE
2008-10-15 21:51
d
w c:program filesCommon FilesInstallShield
2008-10-15 19:41
d
w c:documents and settingsAdministratorApplication DataWinamp
2008-10-15 19:11
d
w c:program filesQIP
2008-10-15 18:16
d
w c:program filesThe Bat!
2008-10-15 18:14
d
w c:program filesAvira
2008-10-15 18:14
d
w c:documents and settingsAll UsersApplication DataAvira
2008-10-15 18:10 315,392 —-a-w c:windowsHideWin.exe
2008-10-15 18:10
d
w c:program filesRealtek
2008-10-15 18:06
d
w c:program filesIntel
2008-10-15 18:03
d
w c:program filesMy Company Name
2008-10-15 17:57 67,654 —-a-w c:windowsBricoPackUninst.cmd
2008-10-15 17:57 5,683 —-a-w c:windowsBricoPackFoldersDelete.cmd
2008-10-15 17:57 218,624 —-a-w c:windowssystem32uxtheme.dll
2008-10-15 17:55
d
w c:program filesQuickTime
2008-10-15 17:55
d
w c:program filesIrfanView
2008-10-15 17:55
d
w c:program filesGRETECH
2008-10-15 17:54 25,992 —-a-w c:windowssystem32pgdfgsvc.exe
2008-10-15 17:54
d
w c:program filesSysinternals
2008-10-15 17:54
d
w c:program filesDRV
2008-10-15 17:53
d
w c:program filesWindows Media Connect 2
2008-10-15 17:44
d
w c:program filesmicrosoft frontpage
2008-10-15 17:39
d
w c:program filesMicrosoft PowerToys
2008-10-15 17:39
d
w c:program filesHashTab Shell Extension
2008-10-02 16:15
d
w c:program filesCommon FilesNero
2008-10-02 16:15
d
w c:documents and settingsAdministratorApplication DataNero
2008-10-02 16:14
d
w c:program filesNero
2008-10-02 16:14
d
w c:documents and settingsAll UsersApplication DataNero
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3286016]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-02-22 217544]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-06-24 1840424]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-09-01 479496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-04 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-04 81920]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe» [2008-06-12 266497]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-07-09 36352]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-28 1953792]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-06-19 570664]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-06-08 2221352]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-04 1159496]
«nwiz»=»nwiz.exe» [2007-12-04 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2007-07-05 c:windowsRTHDCPL.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2006-10-17 c:windowssystem32advpack.dll]c:documents and settingsAdministratorStart MenuProgramsStartup
Create virtual drive for Denwer.lnk — c:webserversdenwerBoot.exe [2008-11-13 6656]
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-06-25 2893800]
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.divxa32″= msaud32_divx.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«d:\раб\New Folder\Vypress Chat\VyChat.exe»=
«d:\Игры\1.6\hl.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=R1 SandBox;SandBox;c:windowssystem32DRIVERSSandBox.sys [2008-07-04 672896]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-07-04 1238344]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты);c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2008-05-09 41217]
R3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-30 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-06-30 234640]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-07-04 33408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [ ]
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 19:54:48
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-11-16 19:55:22
ComboFix-quarantined-files.txt 2008-11-16 17:55:20
ComboFix2.txt 2008-11-11 22:21:57
ComboFix3.txt 2008-11-10 23:42:47Pre-Run: 1 860 644 864 bytes free
Post-Run: 1,865,867,264 bytes free248
Combofix лог выглядит нормально.
Как работает компьютер, есть ли проблемы с Firefox ?Когда я предлагаю выполнить инструкции, то жду их выполнения.
Да, вы прислали Combofix лог, но вы выполнили инструкцию касательно полного удаления и свежей установки Firefox ? Combofix лог не показал создание новых каталогов, то есть нет.Кроме этого сообщите, всплывающие окна появляются только при запуске браузера ? Они одинаковы или различны для каждого браузера. Пришлите скриншот экрана вместе с банером мне через личные сообщения. И ещё, если запустить первым делом InternetExplorer этот банер выскакивает тоже сразу же?
К вашему ответу приложите Combofix лог.
- Для ответа в этой теме необходимо авторизоваться.
