- This topic has 10 ответов, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
Помогите пожалуйста в анализе лога Combofix и HijackThis . Спасибо !
ComboFix 08-09-25.07 — Admin 2008-09-26 21:40:26.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2904 [GMT 4:00]
Running from: D:ЗагрузкиComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesSuggestedSites.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.2008-09-26 20:23 . 2008-09-26 20:23 304,160 —a
C:PA207.DAT
2008-09-25 19:29 . 2008-09-25 19:29d
C:Program FilesReflexiveArcade
2008-09-25 19:29 . 2008-09-25 20:05d
C:Documents and SettingsAdminApplication DataWildfire
2008-09-25 19:29 . 2008-09-25 19:29 4,096 —a
C:WINDOWSd3dx.dat
2008-09-25 18:56 . 2008-09-25 18:56d
C:WINDOWSPixArt
2008-09-25 18:56 . 2008-09-25 18:56d
C:Program FilesCommon FilesPAC207
2008-09-25 18:56 . 2007-10-25 18:31 616,064 —a
C:WINDOWSsystem32driversPFC027.SYS
2008-09-25 18:56 . 2007-05-17 15:50 129,024 —a
C:WINDOWSsystem32SP207.AX
2008-09-25 18:56 . 2008-04-23 14:05 47,616 —a
C:WINDOWSsystem32Remove.exe
2008-09-25 18:56 . 2007-11-02 11:07 6,656 —a
C:WINDOWSsystem32CoInst_071102.dll
2008-09-25 18:56 . 2007-06-29 11:07 566 —a
C:WINDOWSsystem32SP207.ini
2008-09-25 18:56 . 2008-05-13 15:27 405 —a
C:WINDOWSsystem32Remover.ini
2008-09-24 20:10 . 2008-09-24 20:10d
C:WINDOWSAlbum
2008-09-24 20:10 . 2008-09-25 18:56d
C:Program FilesKYE
2008-09-24 20:10 . 2005-01-28 14:15 7,064 —a
C:WINDOWSsystem32WMVCORE.lib
2008-09-22 21:31 . 2008-09-22 21:31d
C:Program FilesoovooToolbar
2008-09-22 21:31 . 2008-09-22 21:31d
C:Documents and SettingsAdminApplication DataoovooToolbar
2008-09-22 21:25 . 2008-09-22 21:25d
C:Program FilesCCleaner
2008-09-22 21:09 . 2008-09-22 21:31d
C:Program FilesooVoo
2008-09-22 21:09 . 2008-09-22 21:09d
C:Documents and SettingsAdminApplication DataooVoo Details
2008-09-22 19:35 . 2008-09-22 19:35d
C:Program FilesSun
2008-09-22 19:34 . 2008-09-22 19:34 410,976 —a
C:WINDOWSsystem32deploytk.dll
2008-09-22 10:59 . 2008-09-22 10:59 259 —a
C:WINDOWSeurope.ini
2008-09-21 18:10 . 2008-09-21 18:10d—hs—- C:Documents and SettingsAdminPrivacIE
2008-09-21 17:57 . 2008-09-21 17:58d—h-c— C:WINDOWSie8
2008-09-21 12:53 . 2008-09-21 12:53d
C:Documents and SettingsAdminApplication DataPCF-VLC
2008-09-20 19:28 . 2008-09-20 19:28d
C:Documents and SettingsAdminApplication DataSamsung
2008-09-20 19:12 . 2008-09-20 19:12d
C:WINDOWSsystem32Samsung PC Studio Codecs
2008-09-20 19:12 . 2006-03-21 15:49 2,729,472 —a
C:WINDOWSsystem32fun_avcodec.dll
2008-09-20 19:12 . 2006-04-18 16:32 684,032 —a
C:WINDOWSsystem32fun_mp4_enc.dll
2008-09-20 19:12 . 2006-04-25 16:29 675,840 —a
C:WINDOWSsystem32FunDecFilter.ax
2008-09-20 19:12 . 2006-04-25 16:30 532,480 —a
C:WINDOWSsystem32FunEncFilter.ax
2008-09-20 19:12 . 2006-04-24 13:46 77,824 —a
C:WINDOWSsystem32fun_mp4_dec.dll
2008-09-20 19:12 . 2005-08-28 20:51 766 —a
C:WINDOWSsystem32Uninstall.ico
2008-09-20 19:10 . 2008-09-20 19:10d
C:WINDOWSsystem32Samsung_USB_Drivers
2008-09-20 19:10 . 2008-09-20 19:10d
C:Program FilesSamsung
2008-09-20 19:10 . 2005-08-30 01:49 94,000 —a
C:WINDOWSsystem32driversssm_mdm.sys
2008-09-20 19:10 . 2005-08-30 01:47 58,320 —a
C:WINDOWSsystem32driversssm_bus.sys
2008-09-20 19:10 . 2005-08-13 05:06 22,486 -ra
C:WINDOWSsystem32UnInstall_Driver.ico
2008-09-20 19:10 . 2005-08-30 01:49 8,336 —a
C:WINDOWSsystem32driversssm_mdfl.sys
2008-09-20 19:10 . 2005-08-30 01:49 6,176 —a
C:WINDOWSsystem32driversssm_cmnt.sys
2008-09-20 19:10 . 2005-08-30 01:49 6,176 —a
C:WINDOWSsystem32driversssm_cm.sys
2008-09-20 19:10 . 2005-08-30 01:47 5,840 —a
C:WINDOWSsystem32driversssm_whnt.sys
2008-09-20 19:10 . 2005-08-30 01:47 5,840 —a
C:WINDOWSsystem32driversssm_wh.sys
2008-09-20 11:35 . 2008-09-20 11:35d
C:Program FilesParticipatory Culture Foundation
2008-09-20 11:35 . 2008-09-20 11:35d
C:Documents and SettingsAdminApplication DataParticipatory Culture Foundation
2008-09-19 18:36 . 2008-09-19 18:36d
C:WINDOWSSun
2008-09-19 08:36 . 2008-09-19 08:35 297,472 —a
C:WINDOWSsystem32mfmlib.dll
2008-09-14 10:47 . 2008-09-14 10:47d
C:Documents and SettingsAdminApplication DataNero
2008-09-09 22:41 . 2008-09-09 22:43d—h
C:WINDOWS$hf_mig$
2008-09-09 22:41 . 2008-06-12 11:28 26,144 —a
C:WINDOWSsystem32spupdsvc.exe
2008-09-09 22:32 . 2008-08-22 03:10 11,985,408 —a—c— C:WINDOWSsystem32dllcacheieframe.dll
2008-09-09 22:32 . 2008-07-29 22:58 3,670,112 —a—c— C:WINDOWSsystem32dllcacheieapfltr.dat
2008-09-09 22:32 . 2008-08-22 03:06 1,778,688 —a—c— C:WINDOWSsystem32dllcacheiertutil.dll
2008-09-09 22:32 . 2008-09-08 20:27 1,294,336 —a—c— C:WINDOWSsystem32dllcacheieframe.dll.mui
2008-09-09 22:32 . 2008-08-22 03:05 580,608 —a—c— C:WINDOWSsystem32dllcachemsfeeds.dll
2008-09-09 22:32 . 2008-08-22 02:42 443,392 —a—c— C:WINDOWSsystem32dllcacheieapfltr.dll
2008-09-09 22:32 . 2008-08-22 03:05 61,952 —a—c— C:WINDOWSsystem32dllcacheicardie.dll
2008-09-09 22:32 . 2008-08-22 03:05 53,760 —a—c— C:WINDOWSsystem32dllcachemsfeedsbs.dll
2008-09-09 22:32 . 2008-06-23 12:23 13,824
c— C:WINDOWSsystem32dllcacheieudinit.exe
2008-09-01 20:21 . 2008-09-01 20:21d
C:Documents and SettingsAdminApplication DataMeridian93.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 17:41 602,144 —sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-09-26 17:41 29,465,888 —sha-w C:WINDOWSsystem32driversfidbox.dat
2008-09-26 17:33
d
w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-09-26 17:31 59,276 —sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-09-26 17:31 403,628 —sha-w C:WINDOWSsystem32driversfidbox.idx
2008-09-26 17:29
d
w C:Documents and SettingsAdminApplication DataSkype
2008-09-26 14:57
d
w C:Documents and SettingsAdminApplication DataskypePM
2008-09-25 14:56
d—h—w C:Program FilesInstallShield Installation Information
2008-09-25 13:32
d
w C:Program FilesCommon FilesLogitech
2008-09-22 15:34
d
w C:Program FilesJava
2008-09-21 05:27
d
w C:Program FilesOpera
2008-09-21 05:18
d
w C:Documents and SettingsAdminApplication DatauTorrent
2008-09-20 12:31
d
w C:Program FilesDownload Master
2008-08-25 16:52
d
w C:Documents and SettingsAdminApplication DataDownload Master
2008-08-24 04:49 32 —-a-w C:Documents and SettingsAll UsersApplication Dataezsid.dat
2008-08-24 04:35
d
w C:Program FilesICQ6
2008-08-24 04:30
d
w C:Documents and SettingsAdminApplication DataICQ
2008-08-21 23:08 878,592 —-a-w C:WINDOWSsystem32wininet.dll
2008-08-21 23:08 43,008 —-a-w C:WINDOWSsystem32licmgr10.dll
2008-08-21 23:07 18,944 —-a-w C:WINDOWSsystem32corpol.dll
2008-08-21 23:06 72,704 —-a-w C:WINDOWSsystem32admparse.dll
2008-08-21 23:06 71,680 —-a-w C:WINDOWSsystem32iesetup.dll
2008-08-21 23:06 434,176 —-a-w C:WINDOWSsystem32vbscript.dll
2008-08-21 23:05 48,640
w C:WINDOWSsystem32PrivacIE.dll
2008-08-21 23:05 48,128 —-a-w C:WINDOWSsystem32mshtmler.dll
2008-08-21 23:05 35,840 —-a-w C:WINDOWSsystem32imgutil.dll
2008-08-21 23:04 45,568 —-a-w C:WINDOWSsystem32mshta.exe
2008-08-21 22:57 156,160 —-a-w C:WINDOWSsystem32msls31.dll
2008-08-21 09:09
d
w C:Documents and SettingsAdminApplication DataHamachi
2008-08-21 08:50 25,280 —-a-w C:WINDOWSsystem32drivershamachi.sys
2008-08-20 15:06
d
w C:Program FilesGoogle
2008-08-18 16:27
d
w C:Documents and SettingsAdminApplication DataNetSpeakerphone
2008-08-17 13:28
d
w C:Documents and SettingsAdminApplication DataApple Computer
2008-08-13 15:34
d
w C:Program FilesICQLite
2008-08-13 15:33
d
w C:Documents and SettingsAdminApplication DataInstallShield
2008-08-13 15:32
d
w C:Program FilesQuickTime
2008-08-13 15:32
d
w C:Program FilesApple Software Update
2008-08-13 15:32
d
w C:Documents and SettingsAll UsersApplication DataApple Computer
2008-08-13 15:32
d
w C:Documents and SettingsAll UsersApplication DataApple
2008-08-13 15:32
d
w C:Documents and SettingsAdminApplication DataMra
2008-08-13 15:31
d
w C:Program FilesMail.Ru
2008-08-13 15:31
d
w C:Documents and SettingsAdminApplication DataMail.Ru
2008-08-13 15:29
d
w C:Documents and SettingsAdminApplication DataICQLite
2008-08-13 06:33
d
w C:Documents and SettingsAdminApplication DataGracebyte Software
2008-08-13 06:27
d
w C:Documents and SettingsAll UsersApplication DatanView_Profiles
2008-08-12 15:53
d
w C:Program FilesMSN Messenger
2008-08-12 15:51
dcsh—w C:Program FilesCommon FilesWindowsLiveInstaller
2008-08-12 15:51
d
w C:Program FilesWindows Live
2008-08-12 15:51
d
w C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-08-12 15:50
d
w C:Program FilesSkype
2008-08-12 15:50
d
w C:Program FilesCommon FilesSkype
2008-08-12 15:50
d
w C:Documents and SettingsAll UsersApplication DataSkype
2008-08-12 15:47
d
w C:Program Filesepson
2008-08-12 15:46
d
w C:Program FilesuTorrent
2008-08-11 17:06
d
w C:Documents and SettingsAdminApplication DataMedia Player Classic
2008-08-11 16:09
d
w C:Program FilesA4Tech
2008-08-11 08:55 96,976 —-a-w C:WINDOWSsystem32driversklin.dat
2008-08-11 08:55 87,855 —-a-w C:WINDOWSsystem32driversklick.dat
2008-08-11 08:55 112,144 —-a-w C:WINDOWSsystem32driverskl1.sys
2008-08-11 08:13
d
w C:Program FilesKaspersky Lab
2008-08-11 08:12
d
w C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2008-08-09 13:30
d
w C:Program FilesMarvell
2008-08-09 13:29
d
w C:Program FilesASUS
2008-08-09 13:21
d
w C:Program FilesCommon FilesInstallShield
2008-08-09 13:18
d
w C:Program FilesIntel
2008-08-09 11:08
d
w C:Program FilesTotal Commander
2008-08-09 11:08
d
w C:Program FilesNero
2008-08-09 11:08
d
w C:Program FilesCommon FilesNero
2008-08-09 11:07
d
w C:Program FilesThe KMPlayer
2008-08-09 11:07
d
w C:Program FilesK-Lite Codec Pack
2008-08-09 11:07
d
w C:Program FilesFSImgViewer
2008-08-09 11:07
d
w C:Program FilesCommon FilesArsenal Shared
2008-08-09 11:07
d
w C:Program FilesArsenal Company
2008-08-09 11:07
d
w C:Documents and SettingsAdminApplication DataFastStone
2008-08-09 11:04
d
w C:Program FilesMicrosoft Works
2008-08-09 11:04
d
w C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-08-09 10:28
d
w C:Program FilesMicrosoft.NET
2008-08-09 10:26
d
w C:Program FilesPunto Switcher
2008-08-09 10:26
d
w C:Program FilesFoxit Reader
2008-08-09 10:21 717,296 —-a-w C:WINDOWSsystem32driverssptd.sys
2008-08-09 10:21
d
w C:Program FilesVistaDriveIcon
2008-08-09 10:21
d
w C:Program Filesmicrosoft frontpage
2008-08-09 10:21
d
w C:Program FilesCommon FilesJava
2008-08-09 10:19
d—a-w C:Program FilesAmlMaple
2008-08-09 10:16
d
w C:Program FilesWindows Media Connect 2
2008-08-09 10:16
d
w C:Program FilesPaint.NET
2008-08-05 13:55 265,720 —-a-w C:WINDOWSsystem32msdbg2.dll
2006-06-24 06:48 32,768 —-a-r C:WINDOWSinfUpdateUSB.exe
.
Sigcheck
2008-05-20 19:54 579072 23b7d3f3f5ec8feea75ec381c71cbd5e C:WINDOWSsystem32user32.dll2008-05-20 19:52 361344 030dc4d48cc2b894fee2f390d8e66ad5 C:WINDOWSsystem32driverstcpip.sys
2008-05-20 19:53 1721344 dc5d73a9809b66026231a9d49de6987f C:WINDOWSexplorer.exe
2008-05-20 19:53 30208 ae0db25ee10900c73d923ad5880564cf C:WINDOWSsystem32ctfmon.exe
2008-05-20 19:55 80216 5f38b1b965527c6f5c30dedab0ab0550 C:WINDOWSsystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 23:56 1987544 —a
C:PROGRA~1OOVOOT~1OOVOOT~1.DLL[HKEY_LOCAL_MACHINE~Browser Helper Objects{E5F76779-DE98-4045-AE76-1B5F8CB6B98D}]
2008-09-19 08:35 297472 —a
C:WINDOWSsystem32mfmlib.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{A057A204-BACC-4D26-8087-36EE87E26986}»= «C:PROGRA~1OOVOOT~1OOVOOT~1.DLL» [2008-07-29 1987544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{A057A204-BACC-4D26-8087-36EE87E26986}»= «C:PROGRA~1OOVOOT~1OOVOOT~1.DLL» [2008-07-29 1987544][HKEY_CLASSES_ROOTclsid{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOToovooToolbar.OOVOOTOOLBAR][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»C:Program FilesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»C:Program FilesPunto Switcherps.exe» [2007-11-14 201728]
«ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe» [2008-05-20 30208]
«Google Update»=»C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-09-21 133104]
«ccleaner»=»C:Program FilesCCleanerCCleaner.exe» [2008-06-25 1209584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2007-12-05 8523776]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2007-12-05 81920]
«AmlMaple»=»C:Program FilesAmlMapleAmlMaple.exe» [2008-04-25 91648]
«Six Engine»=»C:Program FilesASUSEPU-6 EngineSixEngine.exe» [2008-06-03 5964800]
«WheelMouse»=»C:Program FilesA4TechMouseAmoumain.exe» [2006-12-26 196608]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2007-06-29 286720]
«BMISR»=»C:Program FilesKYEWebMateBM.exe» [2008-02-19 229376]
«PAC207_Monitor»=»C:WINDOWSPixArtPAC207Monitor.exe» [2006-11-03 319488]
«Monitor»=»C:WINDOWSPixArtPAC207Monitor.exe» [2006-11-03 319488]
«nwiz»=»nwiz.exe» [2007-12-05 C:WINDOWSsystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 C:WINDOWSRTHDCPL.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»C:Program FilesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-08-22 C:WINDOWSsystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-08-22 C:WINDOWSsystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.YV12″= yv12vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\MSN Messenger\msnmsgr.exe»=
«C:\Program Files\MSN Messenger\livecall.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«443:TCP»= 443:TCP:*:Disabled:ooVoo TCP порт443
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675R0 mv61xx;mv61xx;C:WINDOWSsystem32DRIVERSmv61xx.sys [2008-06-10 150568]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:WINDOWSsystem32DRIVERSl1e51x86.sys [2008-02-02 36864]
R3 PAC207;e-Messenger 112;C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-10-25 616064]*Newly Created Service* — PROCEXP90
*Newly Created Service* — SRSERVICE
.
Contents of the ‘Scheduled Tasks’ folder
.
.
Supplementary Scan
.
FireFox -: Profile — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfiles7r8eus7r.default
FF -: plugin — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdate1.2.131.11npGoogleOneClick5.dll
FF -: plugin — C:Program FilesJavajre6binnew_pluginnpdeploytk.dll
FF -: plugin — C:Program FilesJavajre6binnew_pluginnpjp2.dll
FF -: plugin — C:Program FilesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF -: plugin — C:Program FilesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF -: plugin — C:Program FilesMozilla Firefoxpluginsnpdeploytk.dll
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 21:41:32
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-09-26 21:42:04
ComboFix-quarantined-files.txt 2008-09-26 17:41:59Pre-Run: 28 747 915 264 байт свободно
Post-Run: 28,737,863,680 байт свободно276
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:51, on 28.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesAmlMapleAmlMaple.exe
C:Program FilesASUSEPU-6 EngineSixEngine.exe
C:Program FilesA4TechMouseAmoumain.exe
C:WINDOWSPixArtPAC207Monitor.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesMSN Messengerusnsvc.exe
C:Program FilesTrend MicroHijackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.samsung.com/us/consumer/learningresources/monitor/magetune/pop_intro.html
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: ooVoo Toolbar — {A057A204-BACC-4D26-8087-36EE87E26986} — C:PROGRA~1OOVOOT~1OOVOOT~1.DLL
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: mfmlibP — {E5F76779-DE98-4045-AE76-1B5F8CB6B98D} — C:WINDOWSsystem32mfmlib.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: ooVoo Toolbar — {A057A204-BACC-4D26-8087-36EE87E26986} — C:PROGRA~1OOVOOT~1OOVOOT~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [AmlMaple] C:Program FilesAmlMapleAmlMaple.exe
O4 — HKLM..Run: [Six Engine] «C:Program FilesASUSEPU-6 EngineSixEngine.exe» -r
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [BMISR] C:Program FilesKYEWebMateBM.exe
O4 — HKLM..Run: [PAC207_Monitor] C:WINDOWSPixArtPAC207Monitor.exe
O4 — HKLM..Run: [Monitor] C:WINDOWSPixArtPAC207Monitor.exe
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsAdminApplication DataMail.RuAgentmagent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsAdminApplication DataMail.RuAgentmagent.exe (HKCU)
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 — HKLMSystemCCSServicesTcpip..{04C556A2-47B7-4F16-BAEC-93C64388CF59}: NameServer = 195.161.15.19 217.30.243.130
O17 — HKLMSystemCCSServicesTcpip..{1AA94FF5-804D-41C6-A3EC-C35E8CC59594}: NameServer = 81.25.161.2
O17 — HKLMSystemCS1ServicesTcpip..{04C556A2-47B7-4F16-BAEC-93C64388CF59}: NameServer = 195.161.15.19 217.30.243.130
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Kaspersky Anti-Virus 7.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9135 bytesЗдравствуйте, добро пожаловать на Spyware-ru форум.
Перед тем как начать лечение, пожалуйста опишите подробно с какими проблемами вы столкнулись ?
Здравствуйте! Не могу никак удалить информер эротического содержания в Internet Explorer, написано, чтобы удалить информер, отправьте смс на номер…
Понятно, тогда приступим к удалению.
Откройте блокнот и вставьте в него следующий текст:
File::
C:WINDOWSsystem32mfmlib.dll
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{E5F76779-DE98-4045-AE76-1B5F8CB6B98D}]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
По окончанию работы Combofix будет создан новый лог файл, пожалуйста вставьте его в ваше ответное сообщение.
Извините, а где я могу найти новую версию Combofix? Дело в том, что когда я пытаюсь установить эту программу, выходит сообщение, что мне необходимо установить более новую версию…
Вот что у меня получилось:
ComboFix 08-09-28.05 — Admin 2008-09-30 14:44:17.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2820 [GMT 4:00]
Running from: D:ЗагрузкиComboFix.exe
Command switches used :: C:Documents and SettingsAdminРабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:WINDOWSsystem32mfmlib.dll
.((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.2008-09-28 10:42 . 2008-09-28 10:42
d
C:Program FilesTrend Micro
2008-09-26 20:23 . 2008-09-26 20:23 304,160 —a
C:PA207.DAT
2008-09-25 19:29 . 2008-09-25 19:29d
C:Program FilesReflexiveArcade
2008-09-25 19:29 . 2008-09-25 20:05d
C:Documents and SettingsAdminApplication DataWildfire
2008-09-25 19:29 . 2008-09-25 19:29 4,096 —a
C:WINDOWSd3dx.dat
2008-09-25 18:56 . 2008-09-25 18:56d
C:WINDOWSPixArt
2008-09-25 18:56 . 2008-09-25 18:56d
C:Program FilesCommon FilesPAC207
2008-09-25 18:56 . 2007-10-25 18:31 616,064 —a
C:WINDOWSsystem32driversPFC027.SYS
2008-09-25 18:56 . 2007-05-17 15:50 129,024 —a
C:WINDOWSsystem32SP207.AX
2008-09-25 18:56 . 2008-04-23 14:05 47,616 —a
C:WINDOWSsystem32Remove.exe
2008-09-25 18:56 . 2007-11-02 11:07 6,656 —a
C:WINDOWSsystem32CoInst_071102.dll
2008-09-25 18:56 . 2007-06-29 11:07 566 —a
C:WINDOWSsystem32SP207.ini
2008-09-25 18:56 . 2008-05-13 15:27 405 —a
C:WINDOWSsystem32Remover.ini
2008-09-24 20:10 . 2008-09-24 20:10d
C:WINDOWSAlbum
2008-09-24 20:10 . 2008-09-25 18:56d
C:Program FilesKYE
2008-09-24 20:10 . 2005-01-28 14:15 7,064 —a
C:WINDOWSsystem32WMVCORE.lib
2008-09-22 21:31 . 2008-09-22 21:31d
C:Program FilesoovooToolbar
2008-09-22 21:31 . 2008-09-22 21:31d
C:Documents and SettingsAdminApplication DataoovooToolbar
2008-09-22 21:25 . 2008-09-22 21:25d
C:Program FilesCCleaner
2008-09-22 21:09 . 2008-09-22 21:31d
C:Program FilesooVoo
2008-09-22 21:09 . 2008-09-22 21:09d
C:Documents and SettingsAdminApplication DataooVoo Details
2008-09-22 19:35 . 2008-09-22 19:35d
C:Program FilesSun
2008-09-22 19:34 . 2008-09-22 19:34 410,976 —a
C:WINDOWSsystem32deploytk.dll
2008-09-22 10:59 . 2008-09-22 10:59 259 —a
C:WINDOWSeurope.ini
2008-09-21 18:10 . 2008-09-21 18:10d—hs—- C:Documents and SettingsAdminPrivacIE
2008-09-21 17:57 . 2008-09-21 17:58d—h-c— C:WINDOWSie8
2008-09-21 12:53 . 2008-09-21 12:53d
C:Documents and SettingsAdminApplication DataPCF-VLC
2008-09-20 19:28 . 2008-09-20 19:28d
C:Documents and SettingsAdminApplication DataSamsung
2008-09-20 19:12 . 2008-09-20 19:12d
C:WINDOWSsystem32Samsung PC Studio Codecs
2008-09-20 19:12 . 2006-03-21 15:49 2,729,472 —a
C:WINDOWSsystem32fun_avcodec.dll
2008-09-20 19:12 . 2006-04-18 16:32 684,032 —a
C:WINDOWSsystem32fun_mp4_enc.dll
2008-09-20 19:12 . 2006-04-25 16:29 675,840 —a
C:WINDOWSsystem32FunDecFilter.ax
2008-09-20 19:12 . 2006-04-25 16:30 532,480 —a
C:WINDOWSsystem32FunEncFilter.ax
2008-09-20 19:12 . 2006-04-24 13:46 77,824 —a
C:WINDOWSsystem32fun_mp4_dec.dll
2008-09-20 19:12 . 2005-08-28 20:51 766 —a
C:WINDOWSsystem32Uninstall.ico
2008-09-20 19:10 . 2008-09-20 19:10d
C:WINDOWSsystem32Samsung_USB_Drivers
2008-09-20 19:10 . 2008-09-20 19:10d
C:Program FilesSamsung
2008-09-20 19:10 . 2005-08-30 01:49 94,000 —a
C:WINDOWSsystem32driversssm_mdm.sys
2008-09-20 19:10 . 2005-08-30 01:47 58,320 —a
C:WINDOWSsystem32driversssm_bus.sys
2008-09-20 19:10 . 2005-08-13 05:06 22,486 -ra
C:WINDOWSsystem32UnInstall_Driver.ico
2008-09-20 19:10 . 2005-08-30 01:49 8,336 —a
C:WINDOWSsystem32driversssm_mdfl.sys
2008-09-20 19:10 . 2005-08-30 01:49 6,176 —a
C:WINDOWSsystem32driversssm_cmnt.sys
2008-09-20 19:10 . 2005-08-30 01:49 6,176 —a
C:WINDOWSsystem32driversssm_cm.sys
2008-09-20 19:10 . 2005-08-30 01:47 5,840 —a
C:WINDOWSsystem32driversssm_whnt.sys
2008-09-20 19:10 . 2005-08-30 01:47 5,840 —a
C:WINDOWSsystem32driversssm_wh.sys
2008-09-20 11:35 . 2008-09-20 11:35d
C:Program FilesParticipatory Culture Foundation
2008-09-20 11:35 . 2008-09-20 11:35d
C:Documents and SettingsAdminApplication DataParticipatory Culture Foundation
2008-09-19 18:36 . 2008-09-19 18:36d
C:WINDOWSSun
2008-09-14 10:47 . 2008-09-14 10:47d
C:Documents and SettingsAdminApplication DataNero
2008-09-09 22:41 . 2008-09-09 22:43d—h
C:WINDOWS$hf_mig$
2008-09-09 22:41 . 2008-06-12 11:28 26,144 —a
C:WINDOWSsystem32spupdsvc.exe
2008-09-09 22:32 . 2008-08-22 03:10 11,985,408 —a—c— C:WINDOWSsystem32dllcacheieframe.dll
2008-09-09 22:32 . 2008-07-29 22:58 3,670,112 —a—c— C:WINDOWSsystem32dllcacheieapfltr.dat
2008-09-09 22:32 . 2008-08-22 03:06 1,778,688 —a—c— C:WINDOWSsystem32dllcacheiertutil.dll
2008-09-09 22:32 . 2008-09-08 20:27 1,294,336 —a—c— C:WINDOWSsystem32dllcacheieframe.dll.mui
2008-09-09 22:32 . 2008-08-22 03:05 580,608 —a—c— C:WINDOWSsystem32dllcachemsfeeds.dll
2008-09-09 22:32 . 2008-08-22 02:42 443,392 —a—c— C:WINDOWSsystem32dllcacheieapfltr.dll
2008-09-09 22:32 . 2008-08-22 03:05 61,952 —a—c— C:WINDOWSsystem32dllcacheicardie.dll
2008-09-09 22:32 . 2008-08-22 03:05 53,760 —a—c— C:WINDOWSsystem32dllcachemsfeedsbs.dll
2008-09-09 22:32 . 2008-06-23 12:23 13,824
c— C:WINDOWSsystem32dllcacheieudinit.exe
2008-09-01 20:21 . 2008-09-01 20:21d
C:Documents and SettingsAdminApplication DataMeridian93
2008-08-25 20:52 . 2008-08-25 20:52d
C:Documents and SettingsAdminApplication DataDownload Master
2008-08-24 08:49 . 2008-09-30 14:24d
C:Documents and SettingsAdminApplication DataskypePM
2008-08-24 08:49 . 2008-08-24 08:49 32 —a
C:Documents and SettingsAll UsersApplication Dataezsid.dat
2008-08-22 03:05 . 2008-08-22 03:05 48,640
C:WINDOWSsystem32PrivacIE.dll
2008-08-21 12:50 . 2008-08-21 13:09d
C:Documents and SettingsAdminApplication DataHamachi
2008-08-21 12:50 . 2008-08-21 12:50 25,280 —a
C:WINDOWSsystem32drivershamachi.sys
2008-08-20 19:06 . 2008-08-20 19:06d
C:Program FilesGoogle
2008-08-18 20:27 . 2008-08-18 20:27d
C:Documents and SettingsAdminApplication DataNetSpeakerphone
2008-08-17 17:28 . 2008-08-17 17:28d
C:Documents and SettingsAdminApplication DataApple Computer
2008-08-14 18:02 . 2008-08-14 18:02d
C:Documents and SettingsAdminContacts
2008-08-13 19:34 . 2008-08-24 08:30d
C:Documents and SettingsAdminApplication DataICQ
2008-08-13 19:33 . 2008-08-24 08:35d
C:Program FilesICQ6
2008-08-13 19:33 . 2008-08-13 19:33d
C:Documents and SettingsAdminApplication DataInstallShield
2008-08-13 19:32 . 2008-08-13 19:32d
C:Program FilesQuickTime
2008-08-13 19:32 . 2008-08-13 19:32d
C:Program FilesApple Software Update
2008-08-13 19:32 . 2008-08-13 19:32d
C:Documents and SettingsAll UsersApplication DataApple Computer
2008-08-13 19:32 . 2008-08-13 19:32d
C:Documents and SettingsAll UsersApplication DataApple
2008-08-13 19:31 . 2008-08-13 19:31d
C:Program FilesMail.Ru
2008-08-13 19:31 . 2008-08-13 19:32d
C:Documents and SettingsAdminApplication DataMra
2008-08-13 19:31 . 2008-08-13 19:31d
C:Documents and SettingsAdminApplication DataMail.Ru
2008-08-13 19:30 . 2008-08-13 19:30d
C:Temp
2008-08-13 19:29 . 2008-08-13 19:34d
C:Program FilesICQLite
2008-08-13 19:29 . 2008-08-13 19:29d
C:Documents and SettingsAdminApplication DataICQLite
2008-08-13 10:33 . 2008-08-13 10:33d
C:Documents and SettingsAdminApplication DataGracebyte Software
2008-08-13 10:27 . 2008-08-13 10:27d
C:Documents and SettingsAll UsersApplication DatanView_Profiles
2008-08-12 19:53 . 2008-08-12 19:53d
C:Program FilesMSN Messenger
2008-08-12 19:51 . 2008-08-12 19:51d
C:Program FilesWindows Live
2008-08-12 19:51 . 2008-08-12 19:51d—hsc— C:Program FilesCommon FilesWindowsLiveInstaller
2008-08-12 19:51 . 2008-08-12 19:51d
C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-08-12 19:50 . 2008-08-12 19:50d
C:Program FilesSkype
2008-08-12 19:50 . 2008-08-12 19:50d
C:Program FilesCommon FilesSkype
2008-08-12 19:50 . 2008-08-12 19:50d
C:Documents and SettingsAll UsersApplication DataSkype
2008-08-12 19:50 . 2008-09-30 14:43d
C:Documents and SettingsAdminApplication DataSkype
2008-08-12 19:47 . 2005-12-09 05:03 71,168 —a
C:WINDOWSsystem32E_FLBBEP.DLL
2008-08-12 19:47 . 2005-04-11 05:01 62,976 —a
C:WINDOWSsystem32E_FD4BBEP.DLL
2008-08-12 19:47 . 2004-09-11 00:12 49,152 —a
C:WINDOWSsystem32E_DCINST.DLL
2008-08-12 19:46 . 2008-08-12 19:46d
C:Program FilesuTorrent
2008-08-12 19:45 . 2008-09-21 09:18d
C:Documents and SettingsAdminApplication DatauTorrent
2008-08-12 10:36 . 2008-08-12 19:47d
C:Program Filesepson
2008-08-12 10:35 . 2008-08-12 10:35 25 —a
C:WINDOWSCDE CX3900ERUK.ini
2008-08-12 10:34 . 2008-05-20 19:42 25,856 —a
C:WINDOWSsystem32driversusbprint.sys
2008-08-12 10:34 . 2008-05-20 19:42 25,856 —a—c— C:WINDOWSsystem32dllcacheusbprint.sys
2008-08-12 10:33 . 2005-02-25 00:00 46,080 —a
C:WINDOWSsystem32escimgd.dll
2008-08-12 10:33 . 2005-02-25 00:00 29,696 —a
C:WINDOWSsystem32escwiad.dll
2008-08-12 10:33 . 2005-02-25 00:00 22,016 —a
C:WINDOWSsystem32esccmd.dll
2008-08-12 10:33 . 2008-05-20 19:42 15,104 —a
C:WINDOWSsystem32driversusbscan.sys
2008-08-12 10:33 . 2008-05-20 19:42 15,104 —a—c— C:WINDOWSsystem32dllcacheusbscan.sys
2008-08-12 10:25 . 2008-09-25 17:32d
C:Program FilesCommon FilesLogitech
2008-08-12 10:24 . 1998-10-29 17:45 306,688 —a
C:WINDOWSIsUninst.exe
2008-08-12 10:24 . 2008-09-25 17:31 520 —a
C:WINDOWS_delis32.ini
2008-08-12 10:20 . 2008-05-20 19:42 60,032 —a
C:WINDOWSsystem32driversUSBAUDIO.sys
2008-08-12 10:20 . 2008-05-20 19:42 60,032 —a—c— C:WINDOWSsystem32dllcacheusbaudio.sys
2008-08-11 21:06 . 2008-08-11 21:06d
C:Documents and SettingsAdminApplication DataMedia Player Classic
2008-08-11 20:38 . 2008-09-22 21:25d
C:Downloads
2008-08-11 20:20 . 2008-08-11 20:20dr
C:Documents and SettingsLocalServiceИзбранное
2008-08-11 20:17 . 2008-05-20 19:42 91,648 —a
C:WINDOWSsystem32kswdmcap.ax
2008-08-11 20:09 . 2008-08-11 20:09d
C:Program FilesA4Tech
2008-08-11 20:07 . 2001-10-19 20:33 12,160 —a
C:WINDOWSsystem32driversmouhid.sys
2008-08-11 20:07 . 2001-10-19 20:33 12,160 —a—c— C:WINDOWSsystem32dllcachemouhid.sys
2008-08-11 20:05 . 2008-05-20 19:42 10,368 —a
C:WINDOWSsystem32drivershidusb.sys
2008-08-11 20:05 . 2008-05-20 19:42 10,368 —a—c— C:WINDOWSsystem32dllcachehidusb.sys
2008-08-11 12:14 . 2008-08-11 12:14d
C:WINDOWSsystem32LogFiles
2008-08-11 12:13 . 2008-08-11 12:13d
C:Program FilesKaspersky Lab
2008-08-11 12:13 . 2008-09-30 14:23d
C:Documents and SettingsAll UsersApplication DataKaspersky Lab.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 15:34
d
w C:Program FilesJava
2008-08-21 23:08 878,592 —-a-w C:WINDOWSsystem32wininet.dll
2008-08-21 23:08 43,008 —-a-w C:WINDOWSsystem32licmgr10.dll
2008-08-21 23:07 18,944 —-a-w C:WINDOWSsystem32corpol.dll
2008-08-21 23:06 72,704 —-a-w C:WINDOWSsystem32admparse.dll
2008-08-21 23:06 71,680 —-a-w C:WINDOWSsystem32iesetup.dll
2008-08-21 23:06 434,176 —-a-w C:WINDOWSsystem32vbscript.dll
2008-08-21 23:05 48,128 —-a-w C:WINDOWSsystem32mshtmler.dll
2008-08-21 23:05 35,840 —-a-w C:WINDOWSsystem32imgutil.dll
2008-08-21 23:04 45,568 —-a-w C:WINDOWSsystem32mshta.exe
2008-08-21 22:57 156,160 —-a-w C:WINDOWSsystem32msls31.dll
2008-08-11 08:55 112,144 —-a-w C:WINDOWSsystem32driverskl1.sys
2008-08-09 11:04
d
w C:Program FilesMicrosoft Works
2008-08-09 11:04
d
w C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-08-09 10:28
d
w C:Program FilesMicrosoft.NET
2008-08-09 10:26
d
w C:Program FilesPunto Switcher
2008-08-09 10:26
d
w C:Program FilesFoxit Reader
2008-08-09 10:21 717,296 —-a-w C:WINDOWSsystem32driverssptd.sys
2008-08-09 10:21
d
w C:Program FilesVistaDriveIcon
2008-08-09 10:21
d
w C:Program Filesmicrosoft frontpage
2008-08-09 10:21
d
w C:Program FilesCommon FilesJava
2008-08-09 10:19
d—a-w C:Program FilesAmlMaple
2008-08-09 10:16
d
w C:Program FilesWindows Media Connect 2
2008-08-09 10:16
d
w C:Program FilesPaint.NET
2008-06-12 07:27 26,112 —-a-w C:WINDOWSsystem32idndl.dll
2008-06-12 07:27 24,576 —-a-w C:WINDOWSsystem32nlsdl.dll
2008-06-12 07:27 23,552 —-a-w C:WINDOWSsystem32normaliz.dll
2006-06-24 06:48 32,768 —-a-r C:WINDOWSinfUpdateUSB.exe
.
Sigcheck
2008-05-20 19:54 579072 23b7d3f3f5ec8feea75ec381c71cbd5e C:WINDOWSsystem32user32.dll2008-05-20 19:52 361344 030dc4d48cc2b894fee2f390d8e66ad5 C:WINDOWSsystem32driverstcpip.sys
2008-05-20 19:53 1721344 dc5d73a9809b66026231a9d49de6987f C:WINDOWSexplorer.exe
2008-05-20 19:53 30208 ae0db25ee10900c73d923ad5880564cf C:WINDOWSsystem32ctfmon.exe
2008-05-20 19:55 80216 5f38b1b965527c6f5c30dedab0ab0550 C:WINDOWSsystem32wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-30_14.42.29.46 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-09-30 10:41:55 31,085,856 —sha-w C:WINDOWSsystem32driversfidbox.dat
+ 2008-09-30 10:44:51 31,116,320 —sha-w C:WINDOWSsystem32driversfidbox.dat
— 2008-09-30 10:42:06 635,424 —sha-w C:WINDOWSsystem32driversfidbox2.dat
+ 2008-09-30 10:44:54 637,472 —sha-w C:WINDOWSsystem32driversfidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 23:56 1987544 —a
C:PROGRA~1OOVOOT~1OOVOOT~1.DLL[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{A057A204-BACC-4D26-8087-36EE87E26986}»= «C:PROGRA~1OOVOOT~1OOVOOT~1.DLL» [2008-07-29 1987544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{A057A204-BACC-4D26-8087-36EE87E26986}»= «C:PROGRA~1OOVOOT~1OOVOOT~1.DLL» [2008-07-29 1987544][HKEY_CLASSES_ROOTclsid{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOToovooToolbar.OOVOOTOOLBAR][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»C:Program FilesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»C:Program FilesPunto Switcherps.exe» [2007-11-14 201728]
«ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe» [2008-05-20 30208]
«Google Update»=»C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-09-21 133104][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2007-12-05 8523776]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2007-12-05 81920]
«AmlMaple»=»C:Program FilesAmlMapleAmlMaple.exe» [2008-04-25 91648]
«Six Engine»=»C:Program FilesASUSEPU-6 EngineSixEngine.exe» [2008-06-03 5964800]
«WheelMouse»=»C:Program FilesA4TechMouseAmoumain.exe» [2006-12-26 196608]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2007-06-29 286720]
«BMISR»=»C:Program FilesKYEWebMateBM.exe» [2008-02-19 229376]
«PAC207_Monitor»=»C:WINDOWSPixArtPAC207Monitor.exe» [2006-11-03 319488]
«Monitor»=»C:WINDOWSPixArtPAC207Monitor.exe» [2006-11-03 319488]
«nwiz»=»nwiz.exe» [2007-12-05 C:WINDOWSsystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 C:WINDOWSRTHDCPL.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»C:Program FilesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-08-22 C:WINDOWSsystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-08-22 C:WINDOWSsystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.YV12″= yv12vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\MSN Messenger\msnmsgr.exe»=
«C:\Program Files\MSN Messenger\livecall.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«443:TCP»= 443:TCP:*:Disabled:ooVoo TCP порт443
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675R0 mv61xx;mv61xx;C:WINDOWSsystem32DRIVERSmv61xx.sys [2008-06-10 150568]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:WINDOWSsystem32DRIVERSl1e51x86.sys [2008-02-02 36864]
R3 PAC207;e-Messenger 112;C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-10-25 616064]
.
Contents of the ‘Scheduled Tasks’ folder
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 14:44:59
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-09-30 14:45:27
ComboFix-quarantined-files.txt 2008-09-30 10:45:20
ComboFix2.txt 2008-09-30 10:42:51
ComboFix3.txt 2008-09-26 17:42:08Pre-Run: 28 602 806 272 байт свободно
Post-Run: 28,591,665,152 байт свободно272
Рад помочь 🙂
Несколько завершающих штрихов.
1. Удалите Combofix с вашего компьютера. Прочитайте следующую инструкцию: Как правильно удалить combofix с компьютера.2. Запустите ваш антивирус и включите автозащиту (самозащиту).
3. Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить чистую конфигурацию Windows и быстро излечиться от спайваре/вируса.
Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы.
В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.4. Не забывайте своевременно обновлять Windows и антивирусные/антиспайварные программы.
- Для ответа в этой теме необходимо авторизоваться.
