Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Win32: Chydo зараза

ferynico
в Премахване на зловреден софтуер

Featured Replies

Здравейте,и аз мисля, че съм със същия проблем. Прочетох и приложих съветите на Maniac дословно. Ето резултата ComboFix.txt. Трябва ли да правя още нещо или с това се приключва ?

ComboFix 09-12-21.04 - Sany 12/22/2009 13:16:11.1.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.359.1033.18.2012.1277 [GMT 2:00]

Running from: c:\users\Sany\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\nbkwlxkufpts.bat

C:\ndocthwivhnotj.bat

c:\program files\FunWebProducts

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll

c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll

c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL

c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll

c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL

c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll

c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll

c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

C:\vhoylvgoxf.bat

c:\windows\system32\ammppg.dll

c:\windows\system32\f3PSSavr.scr

D:\autorun.inf

D:\nbkwlxkufpts.bat

D:\ndocthwivhnotj.bat

D:\vhoylvgoxf.bat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Ias

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))

.

2009-12-22 11:22 . 2009-12-22 11:25 -------- d-----w- c:\users\Sany\AppData\Local\temp

2009-12-22 11:22 . 2009-12-22 11:22 -------- d-----w- c:\users\user\AppData\Local\temp

2009-12-22 11:22 . 2009-12-22 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-21 14:10 . 2009-12-22 10:55 -------- d-----w- C:\Antivir

2009-12-21 13:58 . 2009-12-21 13:58 -------- d-----w- c:\users\Sany\AppData\Local\Apple

2009-12-21 13:39 . 2009-12-21 13:39 -------- d-----w- c:\programdata\Winferno

2009-12-21 13:35 . 2004-10-19 12:30 380928 ----a-w- c:\windows\3D Snowy Cottage Full.scr

2009-12-21 13:34 . 2009-12-21 13:34 -------- d-----w- c:\program files\Freeze.com

2009-12-21 13:34 . 2004-04-29 12:24 28672 ----a-w- c:\windows\vorbisfile.dll

2009-12-21 13:34 . 2004-04-29 12:24 974848 ----a-w- c:\windows\vorbis.dll

2009-12-21 13:34 . 2004-04-29 12:24 49152 ----a-w- c:\windows\ogg.dll

2009-12-21 13:34 . 2006-10-09 11:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL

2009-12-21 13:34 . 2006-05-17 06:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL

2009-12-21 13:34 . 2009-12-21 13:34 -------- d-----w- c:\program files\Winferno

2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\programdata\ParetoLogic

2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\Common Files\XoftSpySE

2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\programdata\XoftSpySE

2009-12-21 13:25 . 2009-12-21 13:25 99864 ----a-w- c:\users\Sany\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\XoftSpySE6

2009-12-21 11:25 . 2009-12-21 11:25 -------- d-----w- c:\program files\Runtimeware.com

2009-12-21 10:03 . 2009-12-21 10:03 0 ----a-w- c:\windows\nsreg.dat

2009-12-21 10:03 . 2009-12-21 10:03 -------- d-----w- c:\users\Sany\AppData\Local\Mozilla

2009-12-16 16:27 . 2009-12-16 16:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-16 16:26 . 2009-12-16 16:26 -------- d-----w- c:\program files\Skype

2009-12-16 16:25 . 2009-12-16 16:26 -------- d-----w- c:\program files\Common Files\Skype

2009-12-16 12:21 . 2009-12-16 12:21 -------- d-----w- c:\users\Guest\AppData\Local\CyberDefender Internet Security

2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\WCProInbox.exe

2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\0000\0000.exe

2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\0001\0001.scr

2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\0000\0000.exe

2009-12-15 13:46 . 2009-12-21 05:26 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\Templates.bat

2009-12-15 13:46 . 2009-12-21 05:26 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\0001\0001.scr

2009-12-10 18:40 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-10 18:40 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll

2009-12-10 18:40 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-09 11:48 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll

2009-12-09 11:48 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

2009-12-06 23:11 . 2009-12-06 23:11 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-04 12:45 . 2009-12-04 12:45 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-04 12:44 . 2009-12-04 12:44 -------- d-----w- c:\program files\Java

2009-11-26 19:59 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 07:54 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 07:54 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 11:27 . 2009-12-15 12:23 2408 ---h--w- c:\program files\vhoylvgoxfhefrghejvcmzjucltvstfu.sxj

2009-12-22 11:27 . 2009-12-15 12:23 280 ---h--w- c:\program files\zbyybbcazxpctvarezbyyb.caz

2009-12-22 11:26 . 2009-12-15 12:23 1332 ---h--w- c:\program files\mblyobpamxccgvnrrzoylbocnzkpptiaeem.lyo

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\pngcbxuojdranlmzizxqml.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\yvnigbxqkdqykhhtbrogb.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\wrhawpjasjuakfdnthc.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\lfumhzsizpzenhensf.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\jfwqnhcunfryjfepwlhy.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\vnaqjzqethpszrmt.exe

2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\cvjauldsixgkslhpt.exe

2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\pngcbxuojdranlmzizxqml.exe

2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\yvnigbxqkdqykhhtbrogb.exe

2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\wrhawpjasjuakfdnthc.exe

2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\lfumhzsizpzenhensf.exe

2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\cvjauldsixgkslhpt.exe

2009-12-22 11:24 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\vnaqjzqethpszrmt.exe

2009-12-22 11:07 . 2009-12-15 12:23 2153 ---h--w- c:\program files\ndocthwivhnotjchirhsgxlamzlrsxnglmvl.kbp

2009-12-22 10:52 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\jfwqnhcunfryjfepwlhy.exe

2009-12-21 09:48 . 2009-06-26 19:18 -------- d-----w- c:\users\user\AppData\Roaming\Skype

2009-12-21 09:20 . 2009-08-03 13:39 -------- d-----w- c:\users\user\AppData\Roaming\skypePM

2009-12-17 20:33 . 2009-06-22 13:17 1356 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat

2009-12-17 14:14 . 2009-12-15 12:23 4488 ---h--w- c:\program files\qdlwkvhqajmkmzprpviqbpamvforpreuw.anv

2009-12-16 19:31 . 2009-07-01 07:16 -------- d-----w- c:\program files\BitComet

2009-12-16 16:26 . 2009-08-03 13:35 -------- d-----w- c:\programdata\Skype

2009-12-10 22:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-11-22 07:52 . 2009-11-22 07:52 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp

2009-11-22 00:35 . 2009-06-28 00:19 -------- d-----w- c:\users\Miss Shady\AppData\Roaming\Skype

2009-11-21 06:40 . 2009-12-09 11:53 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 11:53 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 06:34 . 2009-12-09 11:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 04:59 . 2009-12-09 11:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-10 13:26 . 2009-11-10 13:26 -------- d-----w- c:\program files\Ask.com

2009-11-10 13:26 . 2009-11-10 13:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-11-10 13:21 . 2009-11-10 13:17 -------- d-----w- c:\program files\Xvid

2009-11-02 18:42 . 2009-10-03 13:55 195456 ------w- c:\windows\system32\MpSigStub.exe

2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"qhtiapfsgtacizt"="wrhawpjasjuakfdnthc.exe" [2009-12-22 569344]

"nbkwlxkufpts"="c:\users\Sany\AppData\Local\Temp\cvjauldsixgkslhpt.exe" [2009-12-22 569344]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"vnaqjzqethpszrmt"="yvnigbxqkdqykhhtbrogb.exe ." [X]

"mblyobpamxccg"="c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe" [2009-12-22 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-11 145944]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"QuickTime Task"="d:\downloads\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-04 149280]

"nbkwlxkufpts"="yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344]

"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-10-23 4854040]

"lfumhzsizpzenhensf"="c:\users\Sany\AppData\Local\Temp\yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"mblyobpamxccg"="lfumhzsizpzenhensf.exe ." [X]

"cvjauldsixgkslhpt"="c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe" [2009-12-22 569344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"ndocthwivhnotj"="yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344]

"qdlwkvhqajm"="c:\users\Sany\AppData\Local\Temp\jfwqnhcunfryjfepwlhy.exe" [2009-12-22 569344]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-14 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableVirtualization"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2005-09-03 12:18 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2008-10-31 09:17 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe --> c:\program files\System Control Manager\MSIService.exe [?]

S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 11:58 PM 582424]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {C18DF632-BFF1-4CD6-B221-C0AF809A82E7} = 192.168.0.1

FF - ProfilePath - c:\users\Sany\AppData\Roaming\Mozilla\Firefox\Profiles\yjf9ffb5.default\

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=cg0827dIRufr89euO6HumA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

FF - plugin: d:\downloads\Plugins\npqtplugin.dll

FF - plugin: d:\downloads\Plugins\npqtplugin2.dll

FF - plugin: d:\downloads\Plugins\npqtplugin3.dll

FF - plugin: d:\downloads\Plugins\npqtplugin4.dll

FF - plugin: d:\downloads\Plugins\npqtplugin5.dll

FF - plugin: d:\downloads\Plugins\npqtplugin6.dll

FF - plugin: d:\downloads\Plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

AddRemove-Free YouTube Download_is1 - c:\users\user\Desktop\Free YouTube Download\unins000.exe

AddRemove-save2pc Light_is1 - c:\users\user\Desktop\save2pc\unins000.exe

AddRemove-save2pc_is1 - c:\users\user\Desktop\save2pc\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 13:25

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000001E970CF32F0284189 524288 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WLANExt.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\System32\jfwqnhcunfryjfepwlhy.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\users\Sany\AppData\Local\Temp\wfjqahp.exe

c:\users\Sany\AppData\Local\Temp\wfjqahp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2009-12-22 13:29:26 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-22 11:29

Pre-Run: 2,121,576,448 bytes free

Post-Run: 2,126,336,000 bytes free

- - End Of File - - E558B1F6EEAF5255CE825A6A7A1C6EE5

Редактирано от ferynico (преглед на промените)

  • Цитирай

    Отворете Notepad.exe и с copy/paste въведете:

    
http://www.kaldata.com/forums/index.php?showtopic=145144


KILLALL::

Rootkit::

c:\windows\TEMP\TMP00000001E970CF32F0284189


COLLECT::

c:\program files\vhoylvgoxfhefrghejvcmzjucltvstfu.sxj

c:\program files\zbyybbcazxpctvarezbyyb.caz

c:\program files\mblyobpamxccgvnrrzoylbocnzkpptiaeem.lyo

c:\windows\pngcbxuojdranlmzizxqml.exe

c:\windows\yvnigbxqkdqykhhtbrogb.exe

c:\windows\wrhawpjasjuakfdnthc.exe

c:\windows\lfumhzsizpzenhensf.exe

c:\windows\jfwqnhcunfryjfepwlhy.exe

c:\windows\vnaqjzqethpszrmt.exe

c:\windows\cvjauldsixgkslhpt.exe

c:\windows\system32\pngcbxuojdranlmzizxqml.exe

c:\windows\system32\yvnigbxqkdqykhhtbrogb.exe

c:\windows\system32\wrhawpjasjuakfdnthc.exe

c:\windows\system32\lfumhzsizpzenhensf.exe

c:\windows\system32\cvjauldsixgkslhpt.exe

c:\windows\system32\vnaqjzqethpszrmt.exe

c:\program files\ndocthwivhnotjchirhsgxlamzlrsxnglmvl.kbp

c:\windows\system32\jfwqnhcunfryjfepwlhy.exe

c:\program files\qdlwkvhqajmkmzprpviqbpamvforpreuw.anv

c:\users\Sany\AppData\Local\Temp\cvjauldsixgkslhpt.exe

c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe

c:\users\Sany\AppData\Local\Temp\yvnigbxqkdqykhhtbrogb.exe

c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe

c:\users\Sany\AppData\Local\Temp\jfwqnhcunfryjfepwlhy.exe


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"qhtiapfsgtacizt"=-

"nbkwlxkufpts"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"vnaqjzqethpszrmt"=-

"mblyobpamxccg"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nbkwlxkufpts"=-

"lfumhzsizpzenhensf"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"mblyobpamxccg"=-

"cvjauldsixgkslhpt"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"ndocthwivhnotj"=-

"qdlwkvhqajm"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 0

    Запазете файла с име CFScript и го пуснете в Combofix.

    cfscript10uc2.gif

    Публикувайте новия лог файл.

  • Цитирай

    • Добавете отговор

    Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
    Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

    Гост
    Публикацията ви съдържа термини, които не допускаме! Моля, редактирайте съдържанието си и премахнете подчертаните думи по-долу. Ако замените букви от думата със звездички или друго, за да заобиколите това предупреждение, профилът ви ще бъде блокиран и наказан!
    Напишете отговор в тази тема...
    Назад

    Разглеждащи това в момента 0

    • Няма регистрирани потребители разглеждащи тази страница.

    Дарение

    • Подкрепи съществуването на форума - направи дарение
      25%
      Дарени 252.69 EUR от нужните 1,000.00 EUR

    Бюлетин

    Получавайте известие, когато има важна промяна или новина свързана с форума.
    Абонирайте се

    Профил

    Навигация

    Търсене

    Търсене

    Конфигуриране на push известия в браузъра
    Chrome (Android)
    1. Докоснете иконата на катинар до адресната лента.
    2. Докоснете Разрешения → Известия.
    3. Променете предпочитанията си.
    Chrome (Desktop)
    1. Кликнете върху иконата на катинар в адресната лента.
    2. Изберете Настройки на сайта.
    3. Намерете Известия и коригирайте предпочитанията си.