[mgtu2004]

Вот Лог после запуска ComboFix

ComboFix 10-10-27.09 — Admin 28.10.2010 17:39:19.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1919.1490 [GMT 4:00]
Running from: c:documents and settingsAdminМои документыComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAdminApplication DataAdSubscribe
c:documents and settingsAdminApplication DataAdSubscribeAdSubscribe.dat
c:documents and settingsAdminApplication DataAdSubscribeFeed.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed1.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed10.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed11.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed12.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed13.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed14.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed15.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed2.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed3.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed4.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed5.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed6.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed7.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed8.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeed9.jpg
c:documents and settingsAdminApplication DataAdSubscribeFeedfeed.xml
c:documents and settingsAdminApplication DataAdSubscribeFeedThumbs.db
c:documents and settingsAdminApplication DataAdSubscribeUninstall.exe
c:documents and settingsAdminApplication DataMicrosoftInternet ExplorerqsTAtsrv.dll
c:progra~1FieryAdsFiERyads.dll
c:program filesFieryAds
c:program filesFieryAdsCommLayer.dll
c:program filesFieryAdsFieryAds.dll
c:windowsdel.bat
c:windowssystem32Пузыри.scr
c:windowssystem32ssField Lines.scr
c:windowssystem32ssRibbons.scr
c:windowssystem32SYSINTERNALS_BLUESCREEN.SCR

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-27 14:39 . 2010-10-27 14:39

---

d

---

w- c:program filestrend micro
2010-10-27 14:39 . 2010-10-27 14:39

---

d

---

w- C:rsit
2010-10-27 13:17 . 2010-10-27 13:17

---

d

---

w- c:windowssystem32wbemRepository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 11:23 . 2008-07-05 13:26 67696 —-a-w- c:program filesmozilla firefoxcomponentsjar50.dll
2008-02-02 11:23 . 2008-07-05 13:26 54376 —-a-w- c:program filesmozilla firefoxcomponentsjsd3250.dll
2008-02-02 11:23 . 2008-07-05 13:26 34952 —-a-w- c:program filesmozilla firefoxcomponentsmyspell.dll
2008-02-02 11:23 . 2008-07-05 13:26 46720 —-a-w- c:program filesmozilla firefoxcomponentsspellchk.dll
2008-02-02 11:23 . 2008-07-05 13:26 172144 —-a-w- c:program filesmozilla firefoxcomponentsxpinstal.dll
.

---

Sigcheck

---

[-] 2008-03-15 . EDF9CAC3E377B61B2581E28CE810A7E0 . 360832 . . [5.1.2600.3244] . . c:windowssystem32driverstcpip.sys

[-] 2008-03-15 . 84C7654E3DE78F92A82BF7BA932752AA . 80216 . . [7.0.6000.381] . . c:windowssystem32wuauclt.exe

[-] 2008-03-15 . 196B409A7C1C39A5A0F7566C2741FAD1 . 578560 . . [5.1.2600.3099] . . c:windowssystem32user32.dll

[-] 2008-03-15 . C79D071054766FCC78077ABD022B287F . 1720832 . . [6.00.2900.3156] . . c:windowsexplorer.exe

[-] 2008-03-15 . 9E62E0CDEC5617D03A1598040E73A70B . 1548288 . . [5.1.2600.2180] . . c:windowssystem32sfcfiles.dll

[-] 2008-03-15 . 2A48AF162B14E978DA2373A2F693F4FD . 30208 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-07-24 266497]
«HP Software Update»=»c:program filesHpHP Software UpdateHPWuSchd2.exe» [2007-05-08 54840]
«hpWirelessAssistant»=»c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe» [2007-01-10 472776]
«Broadcom Wireless Manager UI»=»c:windowssystem32WLTRAY.exe» [2008-07-05 1871872]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-03-15 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-03-15 124928]
«IE7_012″=»advpack.dll» [2008-03-15 124928]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^BTTray.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаBTTray.lnk
backup=c:windowspssBTTray.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаУскоренный запуск Adobe Reader.lnk
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregioCentre]
2007-04-13 11:04 61440 —-a-w- c:geniusioCentregTaskBar.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2006-01-12 11:40 155648 —-a-w- c:windowssystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQIP Internet Guardian]
2010-06-09 14:35 187904 —-a-w- c:documents and settingsAdminApplication DataQipGuardQipGuard.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQIP2005]
2009-08-13 07:43 3276288 —-a-w- c:program filesQIPqip.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl.exe]
2008-02-26 04:36 177456 —-a-w- c:program filesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
2006-11-23 22:06 487424 —-a-r- c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
2006-07-13 03:12 729088 —-a-w- c:program filesAnalog DevicesSoundMAXSMax4.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
2007-01-05 12:36 872448 —-a-w- c:program filesAnalog DevicesCoresmax4pnp.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
2006-11-10 08:35 90112 —-a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
2008-01-18 07:04 1028096 —-a-w- c:program filesSynapticsSynTPSynTPEnh.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
2008-01-02 10:52 132096 —-a-w- c:program filesVistaDriveIconVistaDrv.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\Program Files\Total Commander\Totalcmd.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=

R2 SWIHPWMI;SWIHPWMI;c:program filesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe [04.12.2006 16:13 292384]
R3 gHidPnp;USB Device Enhanced Function Driver;c:windowssystem32driversgHidPnp.sys [05.07.2008 17:39 16384]
R3 gMouUsb;USB Mouse Device Drv;c:windowssystem32driversgMouUsb.sys [05.07.2008 17:39 9856]
S3 Com4QLBEx;Com4QLBEx;c:program filesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [05.07.2008 21:33 193840]
S3 HP24X;HP PC Card Smart Card Reader;c:windowssystem32driversHP24X.sys [05.07.2008 23:10 33024]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [05.07.2008 17:20 717296]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://dt-updates.com/activate?query=EqpK%2bwKD0EuXkdfqvoBWXL6AIaiZHGiVbs608DBzDJWVpNc%2bxcuH%2fMYUey5VOgbHMZMuWFskZSOD%2bv9I%2frJcNNk5e8SkuvtqpM2Gc0aw0m24V1LvyaIemo3hnMYnyAai4sQGtgm35jc5Q3rzYiCHOqpOIRNtZZwOvL8XXMmbIf9Hf%2fDolpv5QT8zK6DwWcuB2yTnyNHPMKiOr3y8jwGaTUkxT2b4%2bQjV3XMOC7ihdcXQ0r0L99wKU6ZkLvAlXtJ9qAZZd76%2f4a%2fdo%2fdz9YmPa4sytZE9KGEnJkyCIv2dL0c%3d
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfilesy7p0a65a.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://rambler.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:progra~1MOZILL~1extensionstalkback@mozilla.orgcomponentsqfaservices.dll
FF — component: c:program filesMozilla Firefoxcomponentsxpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 17:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(680)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowsSystem32BCMLogon.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(736)
c:windowssystem32setupapi.dll
.
Completion time: 2010-10-28 17:43:42
ComboFix-quarantined-files.txt 2010-10-28 13:43

Pre-Run: 34 470 608 896 байт свободно
Post-Run: 34 638 061 568 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /fastdetect /usepmtimer

— — End Of File — — 6E6A827F8212D89A88E203EA81DF7942

[mgtu2004]

Понял. Перешел по ссылке . Там описано 3 этапа запуска программы + установка Recovery console. Это тоже делать? или просто установить и запустить?

[Автор]

Сообщения