- This topic has 2 ответа, 2 участника, and was last updated 13 years, 6 months назад by
.
Просмотр 3 сообщений - с 1 по 3 (из 3 всего)
-
Сообщения
-
прокомментируете лог, пожалуйста
ComboFix 11-03-27.01 — Герман 28.03.2011 11:39:32.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1644 [GMT 4:00]
Running from: c:installComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsГерманhdcd.exe
c:documents and settingsГерманhddd.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssystem32�2.exe
c:windowssystem32�4.exe
c:windowssystem32�5.exe
c:windowssystem32�7.exe
c:windowssystem32�8.exe
c:windowssystem3210.exe
c:windowssystem3211.exe
c:windowssystem3214.exe
c:windowssystem3223.exe
c:windowssystem3224.exe
c:windowssystem3226.exe
c:windowssystem3227.exe
c:windowssystem3228.exe
c:windowssystem3234.exe
c:windowssystem3235.exe
c:windowssystem3236.exe
c:windowssystem3238.exe
c:windowssystem3242.exe
c:windowssystem3244.exe
c:windowssystem3248.exe
c:windowssystem3250.exe
c:windowssystem3251.exe
c:windowssystem3252.exe
c:windowssystem3253.exe
c:windowssystem3258.exe
c:windowssystem3260.exe
c:windowssystem3268.exe
c:windowssystem3272.exe
c:windowssystem3273.exe
c:windowssystem3274.exe
c:windowssystem3282.exe
c:windowssystem3283.exe
c:windowssystem3284.exe
c:windowssystem3285.exe
c:windowssystem32Cache
.
BITS: Possible infected sites
.
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-15 20:33 . 2011-03-15 20:33
d
r- C:MSOCache
2011-03-15 19:39 . 2011-03-15 19:40
d
w- C:5cd84a49f3b8754faeaaf09403
2011-03-15 00:10 . 2011-03-27 18:45
d
w- C:фото
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 10:11 . 2008-08-24 11:42 1571840 —-a-w- c:windowssystem32SfcFiles.dll
2011-03-14 10:08 . 2008-04-15 12:00 219648 —-a-w- c:windowssystem32uxtheme.dll
2011-02-22 23:51 . 2011-02-22 23:51 4280320 —-a-w- c:windowssystem32GPhotos.scr
2011-02-08 01:16 . 2008-06-05 11:38 922112 —-a-w- c:windowssystem32imapi2fs.dll
2011-02-08 01:16 . 2008-06-05 11:38 426496 —-a-w- c:windowssystem32imapi2.dll
.
.
Sigcheck
.
[-] 2008-08-24 16:38 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . . . c:windowssystem32driversatapi.sys
.
[-] 2008-08-24 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202SP3QFEtcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202SP3GDRtcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202SP2GDRtcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202SP2QFEtcpip.sys
.
[-] 2008-04-15 12:00 . ECBD809FD1579762405AFDED5B772742 . 1321984 . . [2001.12.4414.700] . . c:windowssystem32comres.dll
[-] 2008-04-15 12:00 . ECBD809FD1579762405AFDED5B772742 . 1321984 . . [2001.12.4414.700] . . c:windowssystem32dllcachecomres.dll
.
[-] 2010-08-23 . FA8CB5E539AF94C9B85C4DECCD3CCB94 . 617472 . . [5.82] . . c:windowsSoftwareDistributionDownload7ae2b64051f73dba438181aafc755e39SP3QFEcomctl32.dll
[-] 2010-08-23 . EF8160D6C77FC7E07437C19A1F7E0E67 . 1054208 . . [6.0] . . c:windowsSoftwareDistributionDownload7ae2b64051f73dba438181aafc755e39asms60msftwindowscommoncontrolscomctl32.dll
[-] 2010-08-23 . EF8160D6C77FC7E07437C19A1F7E0E67 . 1054208 . . [6.0] . . c:windowsSoftwareDistributionDownload7ae2b64051f73dba438181aafc755e39SP3QFEasms60msftwindowscommoncontrolscomctl32.dll
[-] 2008-04-15 . C5B66D932FF44E936A2D67EA649229B3 . 652800 . . [5.82] . . c:windowssystem32comctl32.dll
[-] 2008-04-15 . C5B66D932FF44E936A2D67EA649229B3 . 652800 . . [5.82] . . c:windowssystem32dllcachecomctl32.dll
[7] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70acomctl32.dll
[7] 2008-04-15 . FF63BB56C05EA817124D4E18162FCE46 . 1054208 . . [6.0] . . c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83comctl32.dll
.
[-] 2010-12-21 . 1B7EA4F47874C45C6868E91272F5871B . 3606528 . . [7.00.6000.17095] . . c:windowsSoftwareDistributionDownloadef10d845ee82e9f8f9058f9eeda614baSP3GDRmshtml.dll
[-] 2010-12-20 . 599BD774E0B9A03070FEFC495790B619 . 3609088 . . [7.00.6000.21297] . . c:windowsSoftwareDistributionDownloadef10d845ee82e9f8f9058f9eeda614baSP3QFEmshtml.dll
[-] 2008-06-23 . C85B68C4E1961B6E8559BE369321D039 . 3598336 . . [7.00.6000.20861] . . c:windowssystem32mshtml.dll
[-] 2008-06-23 . C85B68C4E1961B6E8559BE369321D039 . 3598336 . . [7.00.6000.20861] . . c:windowssystem32dllcachemshtml.dll
.
[-] 2008-04-14 . AE53525497B4F876AEB7835D299237E1 . 584192 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[-] 2008-04-14 . AE53525497B4F876AEB7835D299237E1 . 584192 . . [5.1.2600.5512] . . c:windowssystem32dllcacheuser32.dll
.
[-] 2008-04-15 . C6067E9EA1988099E76EFCE7891861E4 . 998400 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2008-04-15 . C6067E9EA1988099E76EFCE7891861E4 . 998400 . . [6.00.2900.5512] . . c:windowssystem32dllcacheexplorer.exe
.
[-] 2011-03-14 . 5EBDFC5949404E5426592D565291037E . 1571840 . . [5.1.2600.5512] . . c:windowssystem32SfcFiles.dll
[-] 2011-03-14 . 5EBDFC5949404E5426592D565291037E . 1571840 . . [5.1.2600.5512] . . c:windowssystem32dllcacheSfcFiles.dll
.
[-] 2008-04-15 . A620C1F0BE509F9F6C73EABF78722BF6 . 17408 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
[-] 2008-04-15 . A620C1F0BE509F9F6C73EABF78722BF6 . 17408 . . [5.1.2600.5512] . . c:windowssystem32dllcachectfmon.exe
.
[-] 2010-12-09 . FD7D0FE16F720EFE5C9E347C3324F19D . 2071168 . . [5.1.2600.6055] . . c:windowsSoftwareDistributionDownload2a1f85aa4d6b560d8c87a8d2f346dcc2SP3QFEntkrnlpa.exe
[-] 2010-12-09 . 6E91091AFC1F405B0D9E04546EC6E9A0 . 2071168 . . [5.1.2600.6055] . . c:windowsSoftwareDistributionDownload2a1f85aa4d6b560d8c87a8d2f346dcc2SP3GDRntkrnlpa.exe
[-] 2009-02-10 . 32136AF697E44465D73FA014F459C037 . 2067840 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP3GDRntkrnlpa.exe
[-] 2009-02-09 . 591AE94857DB52ADEAC47B4DD1493C1C . 2059520 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP2GDRntkrnlpa.exe
[-] 2009-02-09 . B4EA0C0C7C93C0DC75263F962E3AE2D9 . 2064768 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP2QFEntkrnlpa.exe
[-] 2009-02-09 . F94532F9047E2D94B5CC2125487EBB8D . 2067968 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP3QFEntkrnlpa.exe
[-] 2008-08-24 . F7C0C16230B755256FD9192AD3D176B3 . 2165248 . . [5.1.2600.5512] . . c:windowssystem32ntkrnlpa.exe
.
[7] 2010-12-20 . 091D358EFC9D22901BD879EF37F0DAC4 . 634648 . . [7.00.6000.17095] . . c:windowsSoftwareDistributionDownloadef10d845ee82e9f8f9058f9eeda614baSP3GDRiexplore.exe
[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:windowsSoftwareDistributionDownloadef10d845ee82e9f8f9058f9eeda614baSP3QFEiexplore.exe
[-] 2008-08-24 . 26DE994B93F58AC1EED53FE508F2C210 . 631296 . . [7.00.6000.20861] . . c:windowssystem32dllcacheiexplore.exe
.
[-] 2010-12-09 . 54C6CC9C845A79A731DD47930D0C26D4 . 2194560 . . [5.1.2600.6055] . . c:windowsSoftwareDistributionDownload2a1f85aa4d6b560d8c87a8d2f346dcc2SP3QFEntoskrnl.exe
[-] 2010-12-09 . B3BCF71F706CF5F06727046CB3DB5DED . 2194560 . . [5.1.2600.6055] . . c:windowsSoftwareDistributionDownload2a1f85aa4d6b560d8c87a8d2f346dcc2SP3GDRntoskrnl.exe
[-] 2009-02-10 . 5BA788BE01A673A0A5176486CE432DF2 . 2190976 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP3QFEntoskrnl.exe
[-] 2009-02-09 . 13A34A1918FA051E48B1B04762EC9D7A . 2182272 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP2GDRntoskrnl.exe
[-] 2009-02-09 . EABDFA661A9EE8C96C79CC8452F20267 . 2187904 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP2QFEntoskrnl.exe
[-] 2009-02-09 . 71724D6DC686B1597DE3631F09B3E5C7 . 2190848 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload72b4accc3943a6593ebd29eec90ab68dSP3GDRntoskrnl.exe
[-] 2008-08-24 . 8BD6230762E7A0E71855A4457EA247C9 . 2286592 . . [5.1.2600.5512] . . c:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{00000000-6E41-4FD3-8538-502F5495E5FC}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOTclsid{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 19:44 1400712 —-a-w- c:program filesAsk.comGenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«RocketDock»=»c:program filesRocketDockRocketDock.exe» [2007-09-02 495616]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2011-01-26 15026056]
«SetDefaultMIDI»=»MIDIDef.exe» [2008-03-20 31232]
«Google Update»=»c:documents and settingsГерманLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2011-03-14 136176]
«MediaGet»=»c:program filesMediaGetmediaget.exe» [2011-03-03 4478976]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«nwiz»=»nwiz.exe» [2007-12-05 1626112]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 16861184]
«TaskSwitchXP»=»c:program filesTaskSwitchXPTaskSwitchXP.exe» [2007-03-09 62976]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-10 90112]
«H2O»=»c:program filesSyncroSoftPosH2Ocledx.exe» [2007-12-11 307200]
«adstopper»=»c:program filesAdStopperAdStopperTrayApp.exe» [2009-04-03 588800]
«CTHelper»=»CTHELPER.EXE» [2008-03-20 23040]
«CTxfiHlp»=»CTXFIHLP.EXE» [2008-03-20 23552]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2011-01-14 2219184]
«CanonMyPrinter»=»c:program filesCanonMyPrinterBJMyPrt.exe» [2010-03-25 2516296]
«CanonSolutionMenuEx»=»c:program filesCanonSolution Menu EXCNSEMAIN.EXE» [2010-04-02 1185112]
«RoxWatchTray»=»c:program filesCommon FilesRoxio Shared13.0SharedCOMRoxWatchTray13.exe» [2010-07-16 307184]
«Desktop Disc Tool»=»c:program filesRoxio 2011Roxio BurnRoxioBurnLauncher.exe» [2010-06-30 477680]
«CPMonitor»=»c:program filesRoxioCinePlayer5.0CPMonitor.exe» [2010-08-25 84464]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 17408]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«SetDefaultMIDI»=»MIDIDEF.EXE» [2008-03-20 31232]
«IE7_012″=»advpack.dll» [2008-08-24 124928]
«IE7_013″=»rebuild.exe» [2007-11-01 114280]
.
c:documents and settingsѓҐа¬ ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2011-3-16 2374456]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
.
R0 a347bus;a347bus;c:windowssystem32driversa347bus.sys [15.03.2011 23:12 160640]
R0 a347scsi;a347scsi;c:windowssystem32driversa347scsi.sys [15.03.2011 23:12 5248]
R0 SahdIa32;HDD Filter Driver;c:windowssystem32driversSahdIa32.sys [15.03.2011 23:52 21488]
R0 SaibIa32;Volume Filter Driver;c:windowssystem32driversSaibIa32.sys [15.03.2011 23:52 15856]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [14.03.2011 13:59 436792]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [21.12.2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [21.12.2010 14:47 94872]
R1 SaibVd32;Virtual Disk Driver;c:windowssystem32driversSaibVd32.sys [15.03.2011 23:52 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:program filesRoxioBackOnTrackAppSaibSVC.exe [02.06.2009 20:05 457200]
R2 BOT4Service;BOT4Service;c:program filesRoxioBackOnTrackAppBService.exe [31.08.2010 8:14 39408]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [14.01.2011 13:33 810144]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [14.03.2011 14:49 33792]
R3 cmipci;CMI8738/8768 Audio Driver;c:windowssystem32driverscmipci.sys [14.03.2011 16:36 37888]
R3 COMMONFX.SYS;COMMONFX.SYS;c:windowssystem32driversCOMMONFX.sys [20.03.2008 18:23 98328]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:program filesCommon FilesRoxio Shared13.0SharedCOMRoxWatch13.exe [16.07.2010 7:48 354288]
S2 Rubar Update Service;Rubar Update Service;»c:program filesmediabar ToolbarRubarUpdateService.exe» —> c:program filesmediabar ToolbarRubarUpdateService.exe [?]
S3 COMMONFX;COMMONFX;c:windowssystem32driversCOMMONFX.sys [20.03.2008 18:23 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:windowssystem32driversCT20XUT.sys [20.03.2008 18:36 171032]
S3 CT20XUT;CT20XUT;c:windowssystem32driversCT20XUT.sys [20.03.2008 18:36 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:windowssystem32driversCTAUDFX.sys [20.03.2008 18:23 528920]
S3 CTAUDFX;CTAUDFX;c:windowssystem32driversCTAUDFX.sys [20.03.2008 18:23 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 18:26 163352]
S3 CTEAPSFX;CTEAPSFX;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 18:26 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 18:32 259096]
S3 CTEDSPFX;CTEDSPFX;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 18:32 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 18:38 134168]
S3 CTEDSPIO;CTEDSPIO;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 18:38 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 18:37 309784]
S3 CTEDSPSY;CTEDSPSY;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 18:37 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:windowssystem32driversCTERFXFX.sys [20.03.2008 18:36 99352]
S3 CTERFXFX;CTERFXFX;c:windowssystem32driversCTERFXFX.sys [20.03.2008 18:36 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 18:40 1324056]
S3 CTEXFIFX;CTEXFIFX;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 18:40 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:windowssystem32driversCTHWIUT.sys [20.03.2008 18:37 72728]
S3 CTHWIUT;CTHWIUT;c:windowssystem32driversCTHWIUT.sys [20.03.2008 18:37 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:windowssystem32driversCTSBLFX.sys [20.03.2008 18:25 534040]
S3 CTSBLFX;CTSBLFX;c:windowssystem32driversCTSBLFX.sys [20.03.2008 18:25 534040]
S3 RoxMediaDB13;RoxMediaDB13;c:program filesCommon FilesRoxio Shared13.0SharedCOMRoxMediaDB13.exe [16.07.2010 7:48 1099248]
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-03-22 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]
.
2011-03-28 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2010-09-28 19:44]
.
.
Supplementary Scan
.
uStart Page = hxxp://yandex.ru/?clid=140365
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
TCP: {5AEDDE9E-A79A-4A89-85D2-0685AA594A69} = 81.211.40.2,81.211.38.1
Handler: rubar — {7A05BDCB-8F81-45C5-B9EC-3764E6FC1439} —
FF — ProfilePath — c:documents and settingsГерманApplication DataMozillaFirefoxProfiles3k2z9vk2.default
FF — prefs.js: browser.startup.homepage — hxxp://yandex.ru/?clid=140365
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?clid=128858&text=
FF — prefs.js: network.proxy.type — 2
FF — Ext: mediabar: {50a8cc05-f498-4a8a-9eea-bea804e3ed50} — c:program filesMozilla Firefoxextensions{50a8cc05-f498-4a8a-9eea-bea804e3ed50}
FF — Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} — c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF — Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} — %profile%extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF — Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} — %profile%extensions{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
.
— — — — ORPHANS REMOVED — — — —
.
Toolbar-{23DD83B5-BDDC-49CE-B77B-514819C6D551} — c:program filesmediabar Toolbarrubar.dll
Toolbar-ITBar7Position — (no file)
HKU-Default-RunOnce-tscuninstall — c:windowssystem32tscupgrd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
— — — — — — — > ‘winlogon.exe'(784)
c:windowssystem32cscui.dll
.
Completion time: 2011-03-28 11:48:23
ComboFix-quarantined-files.txt 2011-03-28 07:48
ComboFix2.txt 2010-08-21 12:56
ComboFix3.txt 2010-08-20 07:17
.
Pre-Run: 338 012 868 608 байт свободно
Post-Run: 338 334 076 928 байт свободно
.
— — End Of File — — B9A011D59EB69DC21093878489F4F084
Просмотр 3 сообщений - с 1 по 3 (из 3 всего)
- Тема ‘вирусные атаки’ закрыта для новых сообщений.
