- This topic has 7 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Собственно сразу оговорюсь, в IE 7.0 внизу страницы порнобанер с кодом для отправки смс, что еще сделать, чтобы его удалить? Спасибо за помощь.
ComboFix 08-12-26.03 — StreletsCom 2008-12-28 11:37:47.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.758.399 [GMT 3:00]
Running from: c:documents and settingsStreletsComРабочий столComboFix.exe
Command switches used :: c:documents and settingsStreletsComРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-RUS.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:documents and settingsAll UsersApplication DataZangoSA
c:documents and settingsAll UsersApplication DataZangoSAZangoSA.dat
c:documents and settingsAll UsersApplication DataZangoSAZangoSA_kyf_update.dat
c:documents and settingsAll UsersApplication DataZangoSAZangoSAAbout.mht
c:documents and settingsAll UsersApplication DataZangoSAZangoSAau.dat
c:documents and settingsAll UsersApplication DataZangoSAZangoSAEula.mht
c:documents and settingsStreletsComApplication Dataerrorsafefreeinstall_ru[1].exe
c:documents and settingsStreletsComApplication DataZango
c:documents and settingsStreletsComApplication DataZangov3.0Zangodynamic1476391.sdf
c:documents and settingsStreletsComApplication DataZangov3.0Zangodynamicdomains.txt
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML16173
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML16182
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML63169
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML69625
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML69626
c:documents and settingsStreletsComApplication DataZangov3.0ZangodynamicTooltipXML79977
c:documents and settingsStreletsComApplication DataZangov3.0Zangodynamicustat3627.dat
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1btntrans.idx
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1btntrans1.dat
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1buttondir.txt
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1components.cdf
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1cursors.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_1000.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_2000.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_3000.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_bar.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_bbar1.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_logos.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_buttons_other.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1d_icons_weather.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1default.cdf
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_511745-514279.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_bidzC_ZT_IE-ca.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_bidzC_ZT_IE-us.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_categorize.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_comparison.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_explorer-Mails.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_explorer-people.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_favorites.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_Games.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_Hide.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_hotbarcom.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_Hotmail.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_hsskin.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_jemster.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_jemsterie.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_jemsteruk.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_jobsearch.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_Mails.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_MobileSidewalk.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_new.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_premium.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_reun.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_ringtones.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_SearchBoxTrapper.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_searchfor.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_searchgo.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_weather.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Default_yellowpages.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1email-def-511724-548964.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1email-def-511724-9595.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1email-t1-bg.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1icons2.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1ie_games_icon.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1ie_video.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1keywords.idx
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1keywords1.dat
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1layout.cdf
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1linkpathlegal.txt
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1progress.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1s_icons_buttons.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1sales_buttons.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1t2_bg.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1theweb.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1top7.cdf
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1Top7_theweb.mnu
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1tsd_bg.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1zango_btn.res
c:documents and settingsStreletsComApplication DataZangov3.0Zangostatic1zango_ie_menu.res
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadBtnTrans.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadBtnTrans1.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadbuttondir.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadcursors.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_1000.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_2000.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_3000.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_bar.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_bbar1.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_logos.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_buttons_other.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadd_icons_weather.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoaddefault.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoademail-t1-bg.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadicons2.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadie_games_icon.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadie_video.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadkeywords.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadkeywords1.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadlayout.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadlinkpathlegal.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadprogress.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoads_icons_buttons.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadsales_buttons.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadsamplegroups2.txt
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadsamplegroups2.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadt2_bg.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadtop7.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadtsd_bg.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadzango_btn.xip
c:documents and settingsStreletsComApplication DataZangov3.0ZangostaticDownLoadzango_ie_menu.xip
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files071DF48FA255.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files176308ED93A5.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files1CB3643AF9A0.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2587A57961E3.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2757D4C18CC1.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files28260DD487DD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2B79D15BD947.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files4FE36C7CDD9F.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5471C7278A14.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5F2E2DE42E91.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesAA90BF414B9B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesBA6BE092A64A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC7AA4524D721.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC86C6CA84F93.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:program filesINSTALL.LOG
c:program filesMozilla Firefoxpluginsnpclntax.dll
c:program filesMozilla Firefoxpluginsnpclntax_ZangoSA.dll.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.2008-12-17 21:59 . 2008-12-17 21:59
d
c:program filesLizardTech.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 08:44
d
w c:documents and settingsStreletsComApplication DataSkype
2008-12-28 07:59
d—h—w c:program filesInstallShield Installation Information
2008-12-28 07:59
d
w c:documents and settingsStreletsComApplication Datablaxxun interactive
2008-12-28 07:54
d
w c:documents and settingsStreletsComApplication DataskypePM
2008-11-21 19:22
d
w c:program filesLenovo
2008-11-21 19:22
d
w c:program filesCommon FilesLenovo
2008-09-14 08:21 18,312 —-a-w c:documents and settingsStreletsComApplication DataGDIPFONTCACHEV1.DAT
2007-05-06 20:04 92,064 —-a-w c:documents and settingsStreletsCommqdmmdm.sys
2007-05-06 20:04 9,232 —-a-w c:documents and settingsStreletsCommqdmmdfl.sys
2007-05-06 20:04 79,328 —-a-w c:documents and settingsStreletsCommqdmserd.sys
2007-05-06 20:04 66,656 —-a-w c:documents and settingsStreletsCommqdmbus.sys
2007-05-06 20:04 6,208 —-a-w c:documents and settingsStreletsCommqdmcmnt.sys
2007-05-06 20:04 5,936 —-a-w c:documents and settingsStreletsCommqdmwhnt.sys
2007-05-06 20:04 4,048 —-a-w c:documents and settingsStreletsCommqdmcr.sys
2007-05-06 20:04 25,600 —-a-w c:documents and settingsStreletsComusbsermptxp.sys
2007-05-06 20:04 22,768 —-a-w c:documents and settingsStreletsComusbsermpt.sys
2006-04-08 09:37 2,828 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{DA12E469-0694-4A98-859A-723964A5BECD}]
2008-11-11 21:59 328704 —a
c:windowssystem32lvelib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Beeline GPRS Explorer»=»c:program filesBeelineGPRS Explorergprsexpl.exe» [2006-07-25 753512]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TrackPointSrv»=»c:program filesLenovoTrackPointtp4serv.exe» [2008-03-04 92960]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2004-07-30 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2004-07-30 118784]
«TPKMAPHELPER»=»c:program filesThinkPadUtilitiesTpKmapAp.exe» [2007-01-09 868352]
«EZEJMNAP»=»c:progra~1ThinkPadUTILIT~1EzEjMnAp.Exe» [2008-06-05 242976]
«IBMPRC»=»c:ibmtoolsUTILSibmprc.exe» [2004-03-19 90112]
«BMMGAG»=»c:progra~1ThinkPadUTILIT~1pwrmonit.dll» [2004-07-29 110592]
«BMMLREF»=»c:program filesThinkPadUtilitiesBMMLREF.EXE» [2004-07-29 20480]
«BMMMONWND»=»c:progra~1ThinkPadUTILIT~1BatInfEx.dll» [2004-07-29 395776]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«LingvoTraining»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» [2004-10-09 1159168]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2004-06-16 110592]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2004-06-16 512000]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2005-10-06 122940]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«ACWLIcon»=»c:program filesThinkPadConnectUtilitiesACWLIcon.exe» [2008-08-15 143360]
«TPHOTKEY»=»c:progra~1LenovoPkgMgrHOTKEYTPHKMGR.exe» [2006-10-02 94208]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-08-02 266497]
«LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [2008-08-14 565008]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-08-14 2407184]
«TVT Scheduler Proxy»=»c:program filesCommon FilesLenovoSchedulerscheduler_proxy.exe» [2008-03-04 487424]
«S3TRAY2″=»S3Tray2.exe» [2001-10-12 c:windowssystem32S3Tray2.exe]
«TP4EX»=»tp4ex.exe» [2005-10-17 c:windowssystem32TP4EX.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 581693]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-02-28 45056][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
2008-08-15 20:37 32768 c:program filesThinkPadConnectUtilitiesACNotify.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytpfnf2]
2005-07-05 23:45 28672 c:windowssystem32notifyf2.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
2005-11-30 20:16 24576 c:windowssystem32tphklock.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.imc»= imc32.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli pwdmon ACGina[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%ProgramFiles%\IBM\Updater\jre\bin\java.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\ICQ\Icq.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\wuauclt1.exe»=
«c:\WINDOWS\system32\wupdmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Motorola\Software Update\msu.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Games\WORMS2\START.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\StarDC++\StarDC++.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 ANC;ANC;c:windowssystem32driversANC.SYS [2007-12-03 11520]
R1 IBMTPCHK;IBMTPCHK;??c:windowssystem32DriversIBMBLDID.sys [2007-12-03 4224]
R1 TPPWR;TPPWR;c:windowssystem32driversTppwr.sys [2005-07-05 16384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2007-11-12 20:50:40 13560]
R2 ibmfilter;ibmfilter;??c:windowssystem32driversibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:windowssystem32DRIVERStp4track.sys [1980-01-01 22568]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2007-09-01 17920]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2007-09-01 7680]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32DRIVERSmotodrv.sys [2007-09-01 42112]
S3 WSIMD;wsimd Service;c:windowssystem32DRIVERSwsimd.sys [2007-02-27 54432][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{13335ce0-7483-11da-b064-000ae4344e64}]
ShellAutoRuncommand — E:
.
Contents of the ‘Scheduled Tasks’ folder2006-05-04 c:windowsTasksBMMTask.job
— c:progra~1ThinkPadUTILIT~1BMMTASK.EXE [2004-07-29 12:37]2005-11-24 c:windowsTasksНапоминание о регистрации 1.job
— c:windowssystem32OOBEoobebaln.exe [2008-04-14 19:11]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-CLHomeMediaServer — c:program filesCyberLinkCyberLink Live2CLHomeMediaServer.exe
HKCU-Run-IBM RecordNow! — (no file)
HKU-Default-Run-Nokia.PCSync — c:program filesNokiaNokia PC Suite 6PcSync2.exe.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
FF — ProfilePath — c:documents and settingsStreletsComApplication DataMozillaFirefoxProfilesqe61flcd.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpclntax.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpclntax_ZangoSA.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 11:42:35
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:program filesThinkPadConnectUtilitiesACNotify.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:windowssystem32tphklock.dll— — — — — — — > ‘lsass.exe'(868)
c:program filesThinkPadConnectUtilitiesACGina.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACON.dll
c:program filesThinkPadConnectUtilitiesAcPrfMgr.dll
c:program filesThinkPadConnectUtilitiesAcCryptHlpr.dll
c:program filesThinkPadConnectUtilitiesACTurinSupport.dll
c:program filesThinkPadConnectUtilitiesAcSmBiosHelper.dll
c:program filesThinkPadConnectUtilitiesAcAdaptersInfo.dll
.
Other Running Processes
.
c:windowssystem32ibmpmsvc.exe
c:windowssystem32S24EvMon.exe
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
c:windowssystem32acs.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:program filesWIDCOMMc:program filesIntelWirelessBinEvtEng.exe
c:program filesIBMIBM Rapid Restore Ultrarrpcsb.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:windowssystem32RegSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
c:windowssystem32TpKmpSvc.exe
c:program filesCommon FilesLenovoSchedulertvtsched.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:windowssystem32searchindexer.exe
c:program filesThinkPadConnectUtilitiesAcSvc.exe
c:program filesLenovoSystem UpdateSUService.exe
c:program filesCommon FilesSymantec SharedSecurity Centersymwsc.exe
c:program filesThinkPadUtilitiesEZEJMNAP.EXE
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesLenovoPkgMgrHOTKEYTPHKMGR.exe
c:program filesLenovoPkgMgrHOTKEY_1TpScrex.exe
c:program filesLenovoPkgMgrHOTKEYTPONSCR.exe
c:program filesThinkPadConnectUtilitiesSvcGuiHlpr.exe
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesWIDCOMMc:program filesDigital Line DetectDLG.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-28 11:47:17 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 08:47:13Pre-Run: 885 882 880 байт свободно
Post-Run: 1,082,621,952 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Windows XP Home Edition» /fastdetect386 — E O F — 2008-12-22 20:21:29
Здравствуйте, добро пожаловать на Spyware-ru форум.
Подчеркну ещё раз, использовать Combofix до того, как об этом попросят специалисты сайта может быть опасным.
Откройте блокнот и вставьте в него следующий текст:Registry::
[HKEY_LOCAL_MACHINE~Browser Helper Objects{DA12E469-0694-4A98-859A-723964A5BECD}]
File::
c:windowssystem32lvelib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.Спасибо за ответ. Сделал как описали выше, но баннер на месте.. вот лог:
ComboFix 08-12-28.04 — StreletsCom 2008-12-29 21:47:27.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.758.403 [GMT 3:00]
Running from: c:documents and settingsStreletsComРабочий столУдаление всплывающих окон, системные файлыComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsStreletsComLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.2008-12-17 21:59 . 2008-12-17 21:59
d
c:program filesLizardTech.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 18:56
d
w c:documents and settingsStreletsComApplication DataSkype
2008-12-29 18:37
d
w c:documents and settingsStreletsComApplication DataskypePM
2008-12-28 07:59
d—h—w c:program filesInstallShield Installation Information
2008-12-28 07:59
d
w c:documents and settingsStreletsComApplication Datablaxxun interactive
2008-12-13 06:39 3,593,216 —-a-w c:windowssystem32dllcachemshtml.dll
2008-11-21 19:22
d
w c:program filesLenovo
2008-11-21 19:22
d
w c:program filesCommon FilesLenovo
2008-11-11 18:59 328,704 —-a-w c:windowssystem32lvelib.dll
2008-10-24 11:21 455,296
w c:windowssystem32dllcachemrxsmb.sys
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-23 12:42 286,720
w c:windowssystem32dllcachegdi32.dll
2008-10-16 13:16 70,656
w c:windowssystem32dllcacheie4uinit.exe
2008-10-16 13:11 13,824
w c:windowssystem32dllcacheieudinit.exe
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 202,776 —-a-w c:windowssystem32dllcachewuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32dllcachewuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32dllcachewuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32dllcachewucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32dllcachecdm.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 51,224 —-a-w c:windowssystem32dllcachewuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32dllcachewups.dll
2008-10-15 16:37 337,408
w c:windowssystem32dllcachenetapi32.dll
2008-10-15 07:06 633,632
w c:windowssystem32dllcacheiexplore.exe
2008-10-15 07:04 161,792
w c:windowssystem32dllcacheieakui.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-10-03 10:04 247,326
w c:windowssystem32dllcachestrmdll.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-14 08:21 18,312 —-a-w c:documents and settingsStreletsComApplication DataGDIPFONTCACHEV1.DAT
2007-05-06 20:04 92,064 —-a-w c:documents and settingsStreletsCommqdmmdm.sys
2007-05-06 20:04 9,232 —-a-w c:documents and settingsStreletsCommqdmmdfl.sys
2007-05-06 20:04 79,328 —-a-w c:documents and settingsStreletsCommqdmserd.sys
2007-05-06 20:04 66,656 —-a-w c:documents and settingsStreletsCommqdmbus.sys
2007-05-06 20:04 6,208 —-a-w c:documents and settingsStreletsCommqdmcmnt.sys
2007-05-06 20:04 5,936 —-a-w c:documents and settingsStreletsCommqdmwhnt.sys
2007-05-06 20:04 4,048 —-a-w c:documents and settingsStreletsCommqdmcr.sys
2007-05-06 20:04 25,600 —-a-w c:documents and settingsStreletsComusbsermptxp.sys
2007-05-06 20:04 22,768 —-a-w c:documents and settingsStreletsComusbsermpt.sys
2006-04-08 09:37 2,828 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{DA12E469-0694-4A98-859A-723964A5BECD}]
2008-11-11 21:59 328704 —a
c:windowssystem32lvelib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Beeline GPRS Explorer»=»c:program filesBeelineGPRS Explorergprsexpl.exe» [2006-07-25 753512]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TrackPointSrv»=»c:program filesLenovoTrackPointtp4serv.exe» [2008-03-04 92960]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2004-07-30 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2004-07-30 118784]
«TPKMAPHELPER»=»c:program filesThinkPadUtilitiesTpKmapAp.exe» [2007-01-09 868352]
«EZEJMNAP»=»c:progra~1ThinkPadUTILIT~1EzEjMnAp.Exe» [2008-06-05 242976]
«IBMPRC»=»c:ibmtoolsUTILSibmprc.exe» [2004-03-19 90112]
«BMMGAG»=»c:progra~1ThinkPadUTILIT~1pwrmonit.dll» [2004-07-29 110592]
«BMMLREF»=»c:program filesThinkPadUtilitiesBMMLREF.EXE» [2004-07-29 20480]
«BMMMONWND»=»c:progra~1ThinkPadUTILIT~1BatInfEx.dll» [2004-07-29 395776]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«LingvoTraining»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» [2004-10-09 1159168]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2004-06-16 110592]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2004-06-16 512000]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2005-10-06 122940]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«ACWLIcon»=»c:program filesThinkPadConnectUtilitiesACWLIcon.exe» [2008-08-15 143360]
«TPHOTKEY»=»c:progra~1LenovoPkgMgrHOTKEYTPHKMGR.exe» [2006-10-02 94208]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-08-02 266497]
«LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [2008-08-14 565008]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-08-14 2407184]
«TVT Scheduler Proxy»=»c:program filesCommon FilesLenovoSchedulerscheduler_proxy.exe» [2008-03-04 487424]
«S3TRAY2″=»S3Tray2.exe» [2001-10-12 c:windowssystem32S3Tray2.exe]
«TP4EX»=»tp4ex.exe» [2005-10-17 c:windowssystem32TP4EX.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 581693]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-02-28 45056][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
2008-08-15 20:37 32768 c:program filesThinkPadConnectUtilitiesACNotify.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytpfnf2]
2005-07-05 23:45 28672 c:windowssystem32notifyf2.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
2005-11-30 20:16 24576 c:windowssystem32tphklock.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.imc»= imc32.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli pwdmon ACGina[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%ProgramFiles%\IBM\Updater\jre\bin\java.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\ICQ\Icq.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\wuauclt1.exe»=
«c:\WINDOWS\system32\wupdmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Motorola\Software Update\msu.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Games\WORMS2\START.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\StarDC++\StarDC++.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 ANC;ANC;c:windowssystem32driversANC.SYS [2007-12-03 11520]
R1 IBMTPCHK;IBMTPCHK;??c:windowssystem32DriversIBMBLDID.sys [2007-12-03 4224]
R1 TPPWR;TPPWR;c:windowssystem32driversTppwr.sys [2005-07-05 16384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2007-11-12 20:50:40 13560]
R2 ibmfilter;ibmfilter;??c:windowssystem32driversibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:windowssystem32DRIVERStp4track.sys [1980-01-01 22568]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2007-09-01 17920]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2007-09-01 7680]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32DRIVERSmotodrv.sys [2007-09-01 42112]
S3 WSIMD;wsimd Service;c:windowssystem32DRIVERSwsimd.sys [2007-02-27 54432][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{13335ce0-7483-11da-b064-000ae4344e64}]
ShellAutoRuncommand — E:
.
Contents of the ‘Scheduled Tasks’ folder2006-05-04 c:windowsTasksBMMTask.job
— c:progra~1ThinkPadUTILIT~1BMMTASK.EXE [2004-07-29 12:37]2005-11-24 c:windowsTasksНапоминание о регистрации 1.job
— c:windowssystem32OOBEoobebaln.exe [2008-04-14 19:11]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
FF — ProfilePath — c:documents and settingsStreletsComApplication DataMozillaFirefoxProfilesqe61flcd.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 21:53:57
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:program filesThinkPadConnectUtilitiesACNotify.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:windowssystem32tphklock.dll— — — — — — — > ‘lsass.exe'(868)
c:program filesThinkPadConnectUtilitiesACGina.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACON.dll
c:program filesThinkPadConnectUtilitiesAcPrfMgr.dll
c:program filesThinkPadConnectUtilitiesAcCryptHlpr.dll
c:program filesThinkPadConnectUtilitiesACTurinSupport.dll
c:program filesThinkPadConnectUtilitiesAcSmBiosHelper.dll
c:program filesThinkPadConnectUtilitiesAcAdaptersInfo.dll
.
Other Running Processes
.
c:windowssystem32ibmpmsvc.exe
c:windowssystem32S24EvMon.exe
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
c:windowssystem32acs.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:program filesWIDCOMMc:program filesIntelWirelessBinEvtEng.exe
c:program filesIBMIBM Rapid Restore Ultrarrpcsb.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:windowssystem32RegSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
c:windowssystem32TpKmpSvc.exe
c:program filesCommon FilesLenovoSchedulertvtsched.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:windowssystem32searchindexer.exe
c:program filesThinkPadConnectUtilitiesAcSvc.exe
c:program filesLenovoSystem UpdateSUService.exe
c:program filesCommon FilesSymantec SharedSecurity Centersymwsc.exe
c:program filesThinkPadUtilitiesEZEJMNAP.EXE
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesLenovoPkgMgrHOTKEYTPHKMGR.exe
c:program filesLenovoPkgMgrHOTKEY_1TpScrex.exe
c:program filesLenovoPkgMgrHOTKEYTPONSCR.exe
c:program filesWIDCOMMc:program filesDigital Line DetectDLG.exe
c:program filesThinkPadConnectUtilitiesSvcGuiHlpr.exe
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-29 21:58:44 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 18:58:39
ComboFix2.txt 2008-12-28 08:47:20Pre-Run: 1 108 475 904 байт свободно
Post-Run: 1,047,359,488 байт свободно273 — E O F — 2008-12-22 20:21:29
кстати еще один момент, если запускать IE без надстроект, то это баннера нет.. может как-то поможет.
Что то сделали неправильно.
Combofix не выполнил созданный скрипт.Перенесите программу Combofix из папки на Рабочий стол, туда же сохраните CFScript.
Затем попробуйте снова перетащить и бросить на Combofix скрипт файл.Результирующий лог вставьте в ваш ответ.
помогло, баннера нет, спасибо, надо ли что-то еще сделать?
ComboFix 08-12-28.04 — StreletsCom 2008-12-30 22:16:34.3 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.758.402 [GMT 3:00]
Running from: c:documents and settingsStreletsComРабочий столComboFix.exe
Command switches used :: c:documents and settingsStreletsComРабочий столCFScript
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
* Created a new restore pointFILE ::
c:windowssystem32lvelib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsStreletsComLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowssystem32lvelib.dll.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.2008-12-17 21:59 . 2008-12-17 21:59
d
c:program filesLizardTech
2008-11-21 22:22 . 2008-11-21 22:22d
c:program filesCommon FilesLenovo
2008-11-14 20:43 . 2008-09-04 20:17 1,106,944
c:windowssystem32dllcachemsxml3.dll
2008-11-14 20:37 . 2008-10-24 14:21 455,296
c:windowssystem32dllcachemrxsmb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 19:24
d
w c:documents and settingsStreletsComApplication DataSkype
2008-12-30 17:24
d
w c:documents and settingsStreletsComApplication DataskypePM
2008-12-29 19:28
d
w c:program filesWinamp
2008-12-29 19:12
d
w c:program filesQIP
2008-12-28 07:59
d—h—w c:program filesInstallShield Installation Information
2008-12-28 07:59
d
w c:documents and settingsStreletsComApplication Datablaxxun interactive
2008-11-21 19:22
d
w c:program filesLenovo
2008-09-14 08:21 18,312 —-a-w c:documents and settingsStreletsComApplication DataGDIPFONTCACHEV1.DAT
2007-05-06 20:04 92,064 —-a-w c:documents and settingsStreletsCommqdmmdm.sys
2007-05-06 20:04 9,232 —-a-w c:documents and settingsStreletsCommqdmmdfl.sys
2007-05-06 20:04 79,328 —-a-w c:documents and settingsStreletsCommqdmserd.sys
2007-05-06 20:04 66,656 —-a-w c:documents and settingsStreletsCommqdmbus.sys
2007-05-06 20:04 6,208 —-a-w c:documents and settingsStreletsCommqdmcmnt.sys
2007-05-06 20:04 5,936 —-a-w c:documents and settingsStreletsCommqdmwhnt.sys
2007-05-06 20:04 4,048 —-a-w c:documents and settingsStreletsCommqdmcr.sys
2007-05-06 20:04 25,600 —-a-w c:documents and settingsStreletsComusbsermptxp.sys
2007-05-06 20:04 22,768 —-a-w c:documents and settingsStreletsComusbsermpt.sys
2006-04-08 09:37 2,828 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((( snapshot@2008-12-28_11.46.36.91 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-03-31 13:10:04 23,720 —-a-w c:windowssystem32driversibmpmdrv.sys
+ 2008-08-08 12:36:26 23,720 —-a-w c:windowssystem32driversibmpmdrv.sys
— 2008-03-31 13:10:40 36,640 —-a-w c:windowssystem32ibmpmsvc.exe
+ 2008-08-08 12:37:04 41,248 —-a-w c:windowssystem32ibmpmsvc.exe
+ 2008-03-31 13:10:04 23,720 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86ibmpmdrv.sys
+ 2008-03-31 13:10:40 36,640 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86ibmpmsvc.exe
+ 2008-03-31 13:10:46 35,104 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86tpinspm.dll
— 2008-03-31 13:10:46 35,104 —-a-w c:windowssystem32tpinspm.dll
+ 2008-08-08 12:37:08 35,104 —-a-w c:windowssystem32tpinspm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Beeline GPRS Explorer»=»c:program filesBeelineGPRS Explorergprsexpl.exe» [2006-07-25 753512]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TrackPointSrv»=»c:program filesLenovoTrackPointtp4serv.exe» [2008-03-04 92960]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2004-07-30 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2004-07-30 118784]
«TPKMAPHELPER»=»c:program filesThinkPadUtilitiesTpKmapAp.exe» [2007-01-09 868352]
«EZEJMNAP»=»c:progra~1ThinkPadUTILIT~1EzEjMnAp.Exe» [2008-06-05 242976]
«IBMPRC»=»c:ibmtoolsUTILSibmprc.exe» [2004-03-19 90112]
«BMMGAG»=»c:progra~1ThinkPadUTILIT~1pwrmonit.dll» [2004-07-29 110592]
«BMMLREF»=»c:program filesThinkPadUtilitiesBMMLREF.EXE» [2004-07-29 20480]
«BMMMONWND»=»c:progra~1ThinkPadUTILIT~1BatInfEx.dll» [2004-07-29 395776]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«LingvoTraining»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» [2004-10-09 1159168]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2004-06-16 110592]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2004-06-16 512000]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2005-10-06 122940]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«ACWLIcon»=»c:program filesThinkPadConnectUtilitiesACWLIcon.exe» [2008-08-15 143360]
«TPHOTKEY»=»c:progra~1LenovoPkgMgrHOTKEYTPHKMGR.exe» [2006-10-02 94208]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-08-02 266497]
«LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [2008-08-14 565008]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-08-14 2407184]
«TVT Scheduler Proxy»=»c:program filesCommon FilesLenovoSchedulerscheduler_proxy.exe» [2008-03-04 487424]
«S3TRAY2″=»S3Tray2.exe» [2001-10-12 c:windowssystem32S3Tray2.exe]
«TP4EX»=»tp4ex.exe» [2005-10-17 c:windowssystem32TP4EX.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 581693]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-02-28 45056][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
2008-08-15 20:37 32768 c:program filesThinkPadConnectUtilitiesACNotify.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytpfnf2]
2005-07-05 23:45 28672 c:windowssystem32notifyf2.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
2005-11-30 20:16 24576 c:windowssystem32tphklock.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.imc»= imc32.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli pwdmon ACGina[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%ProgramFiles%\IBM\Updater\jre\bin\java.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\ICQ\Icq.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\wuauclt1.exe»=
«c:\WINDOWS\system32\wupdmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Motorola\Software Update\msu.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Games\WORMS2\START.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\StarDC++\StarDC++.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 ANC;ANC;c:windowssystem32driversANC.SYS [2007-12-03 11520]
R1 IBMTPCHK;IBMTPCHK;??c:windowssystem32DriversIBMBLDID.sys [2007-12-03 4224]
R1 TPPWR;TPPWR;c:windowssystem32driversTppwr.sys [2005-07-05 16384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2007-11-12 20:50:40 13560]
R2 ibmfilter;ibmfilter;??c:windowssystem32driversibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:windowssystem32DRIVERStp4track.sys [1980-01-01 22568]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2007-09-01 17920]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2007-09-01 7680]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32DRIVERSmotodrv.sys [2007-09-01 42112]
S3 WSIMD;wsimd Service;c:windowssystem32DRIVERSwsimd.sys [2007-02-27 54432][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{13335ce0-7483-11da-b064-000ae4344e64}]
ShellAutoRuncommand — E:
.
Contents of the ‘Scheduled Tasks’ folder2006-05-04 c:windowsTasksBMMTask.job
— c:progra~1ThinkPadUTILIT~1BMMTASK.EXE [2004-07-29 12:37]2005-11-24 c:windowsTasksНапоминание о регистрации 1.job
— c:windowssystem32OOBEoobebaln.exe [2008-04-14 19:11]
.
— — — — ORPHANS REMOVED — — — —BHO-{DA12E469-0694-4A98-859A-723964A5BECD} — c:windowssystem32lvelib.dll
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
FF — ProfilePath — c:documents and settingsStreletsComApplication DataMozillaFirefoxProfilesqe61flcd.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:22:48
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:program filesThinkPadConnectUtilitiesACNotify.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:windowssystem32tphklock.dll— — — — — — — > ‘lsass.exe'(868)
c:program filesThinkPadConnectUtilitiesACGina.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACON.dll
c:program filesThinkPadConnectUtilitiesAcPrfMgr.dll
c:program filesThinkPadConnectUtilitiesAcCryptHlpr.dll
c:program filesThinkPadConnectUtilitiesACTurinSupport.dll
c:program filesThinkPadConnectUtilitiesAcSmBiosHelper.dll
c:program filesThinkPadConnectUtilitiesAcAdaptersInfo.dll
.
Other Running Processes
.
c:windowssystem32ibmpmsvc.exe
c:windowssystem32S24EvMon.exe
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
c:windowssystem32acs.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:program filesWIDCOMMc:program filesIntelWirelessBinEvtEng.exe
c:program filesIBMIBM Rapid Restore Ultrarrpcsb.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:windowssystem32RegSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
c:windowssystem32TpKmpSvc.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLenovoSchedulertvtsched.exe
c:windowssystem32searchindexer.exe
c:program filesThinkPadUtilitiesEZEJMNAP.EXE
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesThinkPadConnectUtilitiesAcSvc.exe
c:program filesLenovoPkgMgrHOTKEYTPHKMGR.exe
c:program filesLenovoPkgMgrHOTKEY_1TpScrex.exe
c:program filesLenovoPkgMgrHOTKEYTPONSCR.exe
c:program filesLenovoSystem UpdateSUService.exe
c:program filesWIDCOMMc:program filesCommon FilesSymantec SharedSecurity Centersymwsc.exe
c:program filesThinkPadConnectUtilitiesSvcGuiHlpr.exe
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-30 22:26:59 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 19:26:55
ComboFix2.txt 2008-12-29 18:58:46
ComboFix3.txt 2008-12-28 08:47:20Pre-Run: 17 575 825 408 байт свободно
Post-Run: 17,513,930,752 байт свободно265 — E O F — 2008-12-22 20:21:29
Всё чисто 🙂
Несколько завершающих действий.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
