- This topic has 1 ответ, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
Красная полоска внизу с free porno video достала просто!
ComboFix 08-12-02.02 — Кирилл 2008-12-04 15:43:38.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.1.1049.18.905 [GMT 3:00]
Running from: c:downloadsComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesFlashGet Network
c:program filesFlashGet Networkcd.ico
c:program filesFlashGet NetworkConfigBITS.ini
c:program filesFlashGet Networkdbghelp.dll
c:program filesFlashGet Networkdebugrpt.dll
c:program filesFlashGet Networkfgbhocfg.ini
c:program filesFlashGet NetworkFGBTCORE.dll
c:program filesFlashGet NetworkFGEMCORE.dll
c:program filesFlashGet Networkfgmgr.dll
c:program filesFlashGet NetworkFGMuleconfigcore.cfg
c:program filesFlashGet NetworkFGMuleconfigcore.ed2k.svr
c:program filesFlashGet NetworkFGMuleconfigFGEMCORE.cfg
c:program filesFlashGet NetworkFGMulelogstat.db
c:program filesFlashGet Networkfgres1.ini
c:program filesFlashGet Networkfgupdate.dll
c:program filesFlashGet NetworkFGUpdate1.ini
c:program filesFlashGet NetworkFGUpdate2.ini
c:program filesFlashGet NetworkFGUpdate3.ini
c:program filesFlashGet NetworkFlashGet universaldbtrans_verbose.log
c:program filesFlashGet NetworkFlashGet universalfgoption.ini
c:program filesFlashGet NetworkFlashGet universalP2PCfg.ini
c:program filesFlashGet NetworkFlashGet universalp2spmgr.ini
c:program filesFlashGet NetworkFlashGet universalp4spmgr.ini
c:program filesFlashGet NetworkFlashGet universalProfilesconfig.dat
c:program filesFlashGet NetworkFlashGet universalProfilestasks.dat
c:program filesFlashGet NetworkFlashGet universaltransaction.log
c:program filesFlashGet Networkflashget.exe
c:program filesFlashGet Networkflashget.exe.manifest
c:program filesFlashGet NetworkFlashGet_LOGO.gif
c:program filesFlashGet Networkgetflash.dll
c:program filesFlashGet Networkgt.exe
c:program filesFlashGet NetworkJC_ALL.HTM
c:program filesFlashGet NetworkJC_LINK.HTM
c:program filesFlashGet Networkjccatch.dll
c:program filesFlashGet NetworkLanguageJCBUL.INI
c:program filesFlashGet NetworkLanguageJCCAT.INI
c:program filesFlashGet NetworkLanguageJCCHS.INI
c:program filesFlashGet NetworkLanguageJCCHT.INI
c:program filesFlashGet NetworkLanguageJCCZE.ini
c:program filesFlashGet NetworkLanguageJCDAX.INI
c:program filesFlashGet NetworkLanguageJCDEU.INI
c:program filesFlashGet NetworkLanguageJCELL.INI
c:program filesFlashGet NetworkLanguageJCENG.INI
c:program filesFlashGet NetworkLanguagejcesp.ini
c:program filesFlashGet NetworkLanguageJCFIN.INI
c:program filesFlashGet NetworkLanguageJCFRA.INI
c:program filesFlashGet NetworkLanguageJCHEB.INI
c:program filesFlashGet NetworkLanguageJCITA.INI
c:program filesFlashGet NetworkLanguageJCJPN.INI
c:program filesFlashGet NetworkLanguageJCKOR.INI
c:program filesFlashGet NetworkLanguageJCLAT.INI
c:program filesFlashGet NetworkLanguageJCLTU.INI
c:program filesFlashGet NetworkLanguageJCNLD.INI
c:program filesFlashGet NetworkLanguageJCNOR.INI
c:program filesFlashGet NetworkLanguageJCPLS.INI
c:program filesFlashGet NetworkLanguageJCPOB.INI
c:program filesFlashGet NetworkLanguageJCPTP.INI
c:program filesFlashGet NetworkLanguageJCROM.INI
c:program filesFlashGet NetworkLanguageJCRUS.INI
c:program filesFlashGet NetworkLanguageJCSLO.INI
c:program filesFlashGet NetworkLanguageJCSRL.INI
c:program filesFlashGet NetworkLanguageJCSVK.INI
c:program filesFlashGet NetworkLanguageJCSWE.INI
c:program filesFlashGet NetworkLanguageJCTHI.INI
c:program filesFlashGet NetworkLanguageJCTUR.INI
c:program filesFlashGet NetworkLanguageJCUKR.INI
c:program filesFlashGet Networklicense.txt
c:program filesFlashGet NetworkNormal.jcs
c:program filesFlashGet NetworkReadme.txt
c:program filesFlashGet NetworkSkinLEFTBACK.JPG
c:program filesFlashGet NetworkSkinLOGO_BG.GIF
c:program filesFlashGet NetworkSkinNormal.ini
c:program filesFlashGet NetworkSOUNDSBenchmark.wav
c:program filesFlashGet NetworkSOUNDSDone.wav
c:program filesFlashGet NetworkTable.jcs
c:program filesFlashGet Networkuninst.exe
c:program filesFlashGet NetworkWHATSNEW.TXT
c:usersКириллAppDataRoamingBITS
c:usersКириллAppDataRoamingBITSBITS.ini
c:usersКириллAppDataRoamingBITSUPnP.ini
c:windowssystem32acovcnt.exe.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.2008-12-04 04:15 . 2008-12-04 04:15
d
c:usersКириллAppDataRoamingMalwarebytes
2008-12-04 04:15 . 2008-12-04 04:15d
c:programdataMalwarebytes
2008-12-04 04:15 . 2008-12-04 04:15d
c:program filesMalwarebytes’ Anti-Malware
2008-12-04 04:15 . 2008-10-22 16:10 38,496 —a
c:windowsSystem32driversmbamswissarmy.sys
2008-12-04 04:15 . 2008-10-22 16:10 15,504 —a
c:windowsSystem32driversmbam.sys
2008-12-04 03:08 . 2008-12-04 03:08d
c:programdataAd Muncher
2008-12-04 03:08 . 2008-12-04 03:08d
c:program filesAd Muncher
2008-12-03 20:48 . 2008-12-03 20:48 316,416 —a
c:windowsSystem32fdplib.dll
2008-12-03 19:33 . 2008-12-03 19:33d
c:program filesALO SOFT
2008-12-03 19:33 . 2000-05-22 06:00 647,872 —a
c:windowsSystem32Mscomct2.ocx
2008-12-03 19:33 . 2002-01-05 11:37 344,064 —a
c:windowsSystem32msvcr70.dll
2008-12-03 19:33 . 2003-08-07 15:01 237,568 —a
c:windowsSystem32lame_enc.dll
2008-12-03 19:33 . 2004-03-09 00:00 224,016 —a
c:windowsSystem32tabctl32.ocx
2008-12-03 19:33 . 1999-10-30 01:00 167,936 —a
c:windowsSystem32ccrpftv6.ocx
2008-12-03 19:33 . 2003-01-29 02:00 140,288 —a
c:windowsSystem32Comdlg32.ocx
2008-12-03 19:33 . 2005-06-21 17:48 1 —a
c:windowsacdddl.dlll
2008-12-03 19:25 . 2008-12-03 19:25d
c:usersКириллAppDataRoamingCanneverbe_Limited
2008-12-03 19:25 . 2008-12-03 19:25d
c:program filesCDBurnerXP
2008-11-26 14:03 . 2008-10-21 08:25 1,645,568 —a
c:windowsSystem32connect.dll
2008-11-26 14:03 . 2008-08-28 06:40 712,704 —a
c:windowsSystem32WindowsCodecs.dll
2008-11-26 14:03 . 2008-08-28 06:40 425,472 —a
c:windowsSystem32PhotoMetadataHandler.dll
2008-11-26 14:03 . 2008-08-28 06:40 347,136 —a
c:windowsSystem32WindowsCodecsExt.dll
2008-11-26 14:03 . 2008-10-22 06:57 241,152 —a
c:windowsSystem32PortableDeviceApi.dll
2008-11-26 00:18 . 2008-11-26 00:18d
c:program filesEidos
2008-11-25 02:02 . 2008-10-17 00:13 1,809,944 —a
c:windowsSystem32wuaueng.dll
2008-11-25 02:02 . 2008-10-16 23:56 1,524,736 —a
c:windowsSystem32wucltux.dll
2008-11-25 02:02 . 2008-10-17 00:12 561,688 —a
c:windowsSystem32wuapi.dll
2008-11-25 02:02 . 2008-10-16 14:08 162,064 —a
c:windowsSystem32wuwebv.dll
2008-11-25 02:02 . 2008-10-16 23:55 83,456 —a
c:windowsSystem32wudriver.dll
2008-11-25 02:02 . 2008-10-17 00:09 51,224 —a
c:windowsSystem32wuauclt.exe
2008-11-25 02:02 . 2008-10-17 00:09 43,544 —a
c:windowsSystem32wups2.dll
2008-11-25 02:02 . 2008-10-17 00:08 34,328 —a
c:windowsSystem32wups.dll
2008-11-25 02:02 . 2008-10-16 13:56 31,232 —a
c:windowsSystem32wuapp.exe
2008-11-24 02:37 . 2008-12-02 19:08d
c:program filesCommon FilesSteam
2008-11-24 02:31 . 2008-11-24 02:31d
c:usersКириллAppDataRoamingInstallShield
2008-11-12 12:58 . 2008-09-10 06:40 1,334,272 —a
c:windowsSystem32msxml6.dll
2008-11-12 12:58 . 2008-09-05 08:14 1,191,936 —a
c:windowsSystem32msxml3.dll
2008-11-12 12:58 . 2008-08-27 04:05 212,480 —a
c:windowsSystem32driversmrxsmb10.sys
2008-11-07 00:56 . 2008-11-07 00:56d
c:programdataWindowsSearch
2008-11-05 22:30 . 2008-11-24 02:31d
c:program filesНовый Диск
2008-11-05 19:34 . 2008-02-05 06:01 1,079,840 —a
c:windowsSystem32nvcpluir.dll
2008-11-05 19:34 . 2008-02-05 06:01 760,352 —a
c:windowsSystem32nvcplui.exe
2008-11-05 19:34 . 2008-02-05 06:01 420,384 —a
c:windowsSystem32nvcpl.cpl
2008-11-05 19:34 . 2008-02-05 06:01 313,888 —a
c:windowsSystem32nvexpbar.dll
2008-11-05 19:31 . 2008-02-04 18:07 360,448 —a
c:windowsSystem32NVUNINST.EXE
2008-11-05 19:02 . 2008-11-05 19:02d
c:program filesRealtek
2008-11-05 19:02 . 2007-12-12 16:50 4,710,400 —a
c:windowsRtHDVCpl.exe
2008-11-05 19:00 . 2007-11-14 15:18 553 —a
c:windowsUSetup.iss
2008-11-05 15:59 . 2008-11-05 15:59d
c:program filesSystemRequirementsLab
2008-11-05 01:40 . 2008-11-05 01:40 2,911,848 —a
c:windowsSystem32driversappdrv01.sys
2008-11-05 01:40 . 2008-11-05 01:40 304,528 —a
c:windowsSystem32appdrvrem01.exe
2008-11-05 01:12 . 2008-11-05 01:12d
c:programdataLightScribe
2008-11-05 01:04 . 2008-08-05 12:49 428,544 —a
c:windowsSystem32EncDec.dll
2008-11-05 01:04 . 2008-08-05 12:49 293,376 —a
c:windowsSystem32psisdecd.dll
2008-11-05 01:04 . 2008-08-05 12:48 217,088 —a
c:windowsSystem32psisrndr.ax
2008-11-05 01:04 . 2008-08-05 12:48 177,664 —a
c:windowsSystem32mpg2splt.ax
2008-11-05 01:04 . 2008-08-05 12:48 80,896 —a
c:windowsSystem32MSNP.ax
2008-11-05 00:45 . 2008-07-12 08:18 3,851,784 —a
c:windowsSystem32D3DX9_39.dll
2008-11-05 00:45 . 2008-07-12 08:18 1,493,528 —a
c:windowsSystem32D3DCompiler_39.dll
2008-11-05 00:45 . 2008-07-31 10:40 509,448 —a
c:windowsSystem32XAudio2_2.dll
2008-11-05 00:45 . 2008-07-12 08:18 467,984 —a
c:windowsSystem32d3dx10_39.dll
2008-11-05 00:45 . 2008-07-31 10:41 238,088 —a
c:windowsSystem32xactengine3_2.dll
2008-11-05 00:45 . 2008-07-31 10:41 68,616 —a
c:windowsSystem32XAPOFX1_1.dll
2008-11-05 00:44 . 2008-11-05 00:44d
c:program filesWMV9_VCM
2008-11-05 00:26 . 1998-10-29 15:45 306,688 —a
c:windowsIsUninst.exe
2008-11-04 22:09 . 2008-11-04 22:09 107,888 —a
c:windowsSystem32CmdLineExt.dll
2008-11-04 17:24 . 2008-11-26 00:19d
c:programdataMedia Center Programs
2008-11-04 17:24 . 2007-07-19 18:14 3,727,720 —a
c:windowsSystem32d3dx9_35.dll
2008-11-04 17:24 . 2007-05-16 16:45 3,497,832 —a
c:windowsSystem32d3dx9_34.dll
2008-11-04 17:24 . 2007-07-19 18:14 1,358,192 —a
c:windowsSystem32D3DCompiler_35.dll
2008-11-04 17:24 . 2007-05-16 16:45 1,124,720 —a
c:windowsSystem32D3DCompiler_34.dll
2008-11-04 17:24 . 2007-07-19 18:14 444,776 —a
c:windowsSystem32d3dx10_35.dll
2008-11-04 17:24 . 2007-05-16 16:45 443,752 —a
c:windowsSystem32d3dx10_34.dll
2008-11-04 17:24 . 2007-04-04 18:53 81,768 —a
c:windowsSystem32xinput1_3.dll
2008-11-04 17:06 . 2008-11-04 17:06d
c:program filesElectronic Arts.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 13:02 1,835,008 —sha-w c:usersКириллNTUSER.DAT
2008-12-04 13:02 1,835,008 —sha-w c:usersКириллNTUSER.DAT
2008-12-04 01:15
d
w c:usersКириллAppDataRoamingMalwarebytes
2008-12-03 23:03
d
w c:program filesASUS
2008-12-03 16:25
d
w c:usersКириллAppDataRoamingCanneverbe_Limited
2008-11-28 21:25 27,934 —-a-w c:usersКириллAppDataRoamingnvModes.dat
2008-11-25 00:01
d
w c:programdataMicrosoft Help
2008-11-23 23:31
d—h—w c:program filesInstallShield Installation Information
2008-11-23 23:31
d
w c:usersКириллAppDataRoamingInstallShield
2008-11-23 23:31
d
w c:program filesНовый Диск
2008-11-18 15:38
d
w c:program filesMyCentria
2008-11-05 16:36
d
w c:programdataNVIDIA
2008-11-05 16:02 319,456 —-a-w c:windowsDIFxAPI.dll
2008-11-04 14:25 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-11-04 14:25 22,328 —-a-w c:usersКириллAppDataRoamingPnkBstrK.sys
2008-10-24 08:14
d
w c:program filesWindows Mail
2008-09-20 12:31 796,672 —-a-w c:windowsGPInstall.exe
2008-01-21 02:43 174 —sha-w c:program filesdesktop.ini
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{20A75B43-8A4F-47EA-A8B5-69CE6E3CDD40}]
2008-12-03 20:48 316416 —a
c:windowssystem32fdplib.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersADSMOverlayIcon1]
@=»{A8D448F4-0431-45AC-9F5E-E1B434AB2249}»
[HKEY_CLASSES_ROOTCLSID{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 —a
c:program filesASUSASUS Data Security ManagerOverlayIconShlExt1.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-21 1233920]
«LightScribe Control Panel»=»c:program filesCommon FilesLightScribeLightScribeControlPanel.exe» [2008-03-17 2289664]
«ICQ»=»c:program filesICQ6ICQ.exe» [2008-09-01 173304]
«Steam»=»d:gamesSteam.exe» [2008-11-24 1410296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControlUser»=»c:program filesASUSATK HotkeyHControlUser.exe» [2008-01-11 98304]
«ATKOSD2″=»c:program filesATKOSD2ATKOSD2.exe» [2007-07-03 7708672]
«SMSERIAL»=»c:program filesMotorolaSMSERIALsm56hlpr.exe» [2007-08-28 655360]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2007-11-16 1029416]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-11-02 61440]
«PowerForPhone»=»c:program filesP4PP4P.exe» [2007-08-02 778240]
«DirectConsole2″=»c:program filesASUSDirect ConsoleDirect Console.exe» [2008-07-24 2701880]
«Copperhead»=»c:program filesRazerCopperheadrazerhid.exe» [2005-11-25 155648]
«ASUS Camera ScreenSaver»=»c:windowsASScrProlog.exe» [2008-08-01 39480]
«ASUS Screen Saver Protector»=»c:windowsASScrPro.exe» [2008-08-01 33136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2008-02-05 92704]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-02-05 8534560]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-02-05 88608]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2008-12-04 779776]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-12-12 c:windowsRtHDVCpl.exe][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3codecp»= l3codecp.acm
«msacm.clmp3enc»= c:progra~1CYBERL~1Power2GoCLMP3Enc.ACM
«msacm.avis»= ff_acm.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{7C59B012-29F4-4AA7-9D5D-96C288C43F71}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{5DD635C8-A959-41B8-B285-F15AF074B5DD}»= UDP:d:gamesS.T.A.L.K.E.RbinXR_3DA.exe:S.T.A.L.K.E.R. (CLI)
«{F4C40D31-CE21-4246-AA65-573CDCD51273}»= TCP:d:gamesS.T.A.L.K.E.RbinXR_3DA.exe:S.T.A.L.K.E.R. (CLI)
«{B2FB489B-3AA8-4A32-8ACD-D7F626CB9CB1}»= UDP:d:gamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe:S.T.A.L.K.E.R. (SRV)
«{185800F3-936F-4B19-86F2-BABECB5FE8BA}»= TCP:d:gamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe:S.T.A.L.K.E.R. (SRV)
«{A75535ED-D378-4B22-BB29-79DC3BF73CE6}»= UDP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{33BCE1C3-DA5E-4E8F-A5DC-BD69C84E7BD8}»= TCP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{A145D746-906B-408F-8DFE-B7D87288B2B2}»= UDP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{774DA7CF-D0F6-4C0D-9268-3F7F14151098}»= TCP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«TCP Query User{547A9331-5F10-4B41-ABC9-F0EB7C55FE64}c:\program files\flashget network\flashget.exe»= UDP:c:program filesflashget networkflashget.exe:FlashGet
«UDP Query User{D13BE9B7-8D08-4133-9A7E-046D306FB47C}c:\program files\flashget network\flashget.exe»= TCP:c:program filesflashget networkflashget.exe:FlashGet
«TCP Query User{27FE47E9-FD50-441E-9CD4-0813CEBECE3F}c:\transaq\transaq.exe»= UDP:c:transaqtransaq.exe:Transaq Trading Client
«UDP Query User{4EA511E1-1B6A-4B34-821C-87FD7DF11CA6}c:\transaq\transaq.exe»= TCP:c:transaqtransaq.exe:Transaq Trading Client
«{D80D4960-6994-456C-A771-FD35720FF9FD}»= UDP:c:program filesElectronic ArtsCrytekCrysisBin32Crysis.exe:Crysis_32
«{DAD8C97B-5FE5-402C-9328-96982B274C04}»= TCP:c:program filesElectronic ArtsCrytekCrysisBin32Crysis.exe:Crysis_32
«{A055F2B7-7C2E-42C0-A74F-5D1480974229}»= UDP:c:program filesElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe:CrysisDedicatedServer_32
«{45F4EF87-BD3E-425A-9EFD-16C506729C0C}»= TCP:c:program filesElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe:CrysisDedicatedServer_32
«TCP Query User{D341CBA6-0C52-4857-9E46-1DF88CCACF72}d:\games\white gold\xenus.exe»= UDP:d:gameswhite goldxenus.exe:Executable
«UDP Query User{058CD3BF-817D-415C-98CD-657EBFD0A52A}d:\games\white gold\xenus.exe»= TCP:d:gameswhite goldxenus.exe:Executable[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«c:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe»= c:program filesFlashGet NetworkFlashGet universalFlashGet.exe:*:Enabled:Flashget2
«c:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe»= c:program filesFlashGet NetworkFlashGet universalLiveUpdate.exe:*:Enabled:FGLiveUpdate
«c:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe»= c:program filesFlashGet NetworkFlashGet universalLiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
«c:\Program Files\FlashGetX\FlashGetX.exe»= c:program filesFlashGetXFlashGetX.exe:*:Enabled:Flashget2R1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2008-11-05 2911848]
R1 epfwtdir;epfwtdir;c:windowssystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;»c:program filesESETESET NOD32 Antivirusekrn.exe» [2008-07-01 468224]
R3 UsbFltr;Razer Copperhead Driver;c:windowssystem32driverscopperhd.sys [2008-08-01 11596]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc []
S3 Asushwio;Asushwio;??c:windowssystem32driversAsushwio.sys [2006-10-09 10288][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2abd212b-5f54-11dd-a6a4-806e6f6e6963}]
shellAutoRuncommand — G:SETUP.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
«c:program filesCommon FilesLightScribeLSRunOnce.exe»
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-FlashGet — c:program filesFlashGet NetworkFlashGet universalFlashGet.exe
HKLM-Run-Flashget — c:program filesFlashGet NetworkFlashGet.exe.
Supplementary Scan
.
FireFox -: Profile — c:usersКириллAppDataRoamingMozillaFirefoxProfiles4q39ulrd.default
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 16:02:05
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
C:ADSM_PData_0150
scan completed successfully
hidden files: 1**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(4080)
c:program filesAd MuncherAM30400.dll
c:program filesSetPointlgscroll.dll
c:program filesASUSASUS Data Security ManagerOverlayIconShlExt.dll
c:program filesASUSASUS Data Security ManagerOverlayIconShlExt1.dll
.
Other Running Processes
.
c:windowsSystem32audiodg.exe
c:program filesASUSASUS Data Security ManagerADSMSrv.exe
c:program filesASUSATK HotkeyAsLdrSrv.exe
c:program filesATKGFNEXGFNEXSrv.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesCDBurnerXPNMSAccessU.exe
c:windowsSystem32PnkBstrA.exe
c:program filesASUSNB ProbeSPMspmgr.exe
c:program filesASUSATK HotkeyMsgTranAgt.exe
c:program filesASUSATK HotkeyHControl.exe
c:program filesWireless Console 2wcourier.exe
c:program filesP4GBatteryLife.exe
c:program filesASUSSplendidACMON.exe
c:windowsSystem32ACEngSvr.exe
c:program filesASUSATK HotkeyATKOSD.exe
c:program filesASUSATK HotkeyKBFiltr.exe
c:program filesASUSATK HotkeyWDC.exe
c:windowsSystem32conime.exe
c:windowsSystem32wbemWmiApSrv.exe
c:program filesSynapticsSynTPSynAsus.exe
c:program filesRazerCopperheadrazertra.exe
c:windowsSystem32rundll32.exe
c:program filesRazerCopperheadrazerofa.exe
c:windowsSystem32rundll32.exe
c:program filesSetPointSetPoint.exe
c:program filesCommon FilesLogitechKhalSharedKHALMNPR.exe
c:program filesSynapticsSynTPSynTPHelper.exe
c:windowsSystem32dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-04 16:04:08 — machine was rebooted [Кирилл]
ComboFix-quarantined-files.txt 2008-12-04 13:03:57Pre-Run: 110 346 465 280 байт свободно
Post-Run: 111,237,775,360 байт свободно337 — E O F — 2008-12-02 08:25:50
Здравствуйте, добро пожаловать на Spyware-ru форум.
Откройте блокнот и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{20A75B43-8A4F-47EA-A8B5-69CE6E3CDD40}]
File::
c:windowssystem32fdplib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
- Для ответа в этой теме необходимо авторизоваться.
