Созданные ответы форума
-
Сообщения
-
Полный порядок, никаких сбоев, спасибо! Можно удалять ComboFix и старые контрольные точки восстановления?
Выполнил, вот новый лог:
====================================================================================================================================
ComboFix 09-01-08.01 — Muromets 2009-01-08 21:54:15.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.323 [GMT 3:00]
Running from: d:documents and settingsMurometsРабочий столComboFix.exe
Command switches used :: d:documents and settingsMurometsРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.51 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeFILE ::
d:windowssystem32driversfips32cup.sys
d:windowssystem32driversnicsk32.sys
d:windowssystem32driverssecurentm.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:windowssystem32twex.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_fips32cup
Service_nicsk32
Service_securentm((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.2009-01-05 19:58 . 2009-01-05 19:58
d
D:rsit
2009-01-05 19:58 . 2009-01-05 19:58d
d:program filestrend micro
2009-01-05 19:35 . 2009-01-05 19:35d—s—- d:documents and settingsMurometsUserData
2009-01-05 17:36 . 2009-01-05 17:36d
d:documents and settingsMurometsApplication DataLavasoft
2009-01-05 17:35 . 2009-01-05 17:35d
d:program filesLavasoft
2009-01-05 16:05 . 2009-01-05 16:05d—hs—- D:FOUND.001
2008-12-20 12:08 . 2008-12-20 12:08d—h
d:windowsPIF
2008-12-20 12:08 . 2008-12-20 12:08d
d:program filesCommon FilesBlizzard Entertainment
2008-12-16 19:23 . 2008-12-16 19:23 45,056 —a
d:windowsNCUNINST.EXE
2008-12-16 19:21 . 2008-12-16 19:21d
d:program filesCommon FilesSWF Studio
2008-12-16 16:30 . 2008-12-16 16:30d
d:program filesICQLite
2008-12-16 16:30 . 2008-12-16 16:30d
d:program filesCommon FilesICQ
2008-12-16 16:30 . 2008-12-16 16:30d
d:documents and settingsMurometsApplication DataICQ.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 19:31
d
w d:program filesCommon FilesWise Installation Wizard
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32ctfmon.exe» [2004-08-18 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»NvQTwk» [X]
«nod32kui»=»d:program filesEsetnod32kui.exe» [2008-09-19 921600]
«Adobe Reader Speed Launcher»=»d:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«nwiz»=»nwiz.exe» [2002-07-30 d:windowssystem32nwiz.exe]
«SoundMan»=»SOUNDMAN.EXE» [2002-08-02 d:windowsSOUNDMAN.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Orbitdownloader\orbitdm.exe»=
«d:\Program Files\Orbitdownloader\orbitnet.exe»=
«d:\Program Files\ICQLite\ICQ.exe»=
«d:\WINDOWS\system32\userinit.exe»=.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
IE: &Download by Orbit — d:program filesOrbitdownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — d:program filesOrbitdownloaderorbitmxt.dll/204
IE: Do&wnload selected by Orbit — d:program filesOrbitdownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — d:program filesOrbitdownloaderorbitmxt.dll/202
LSP: d:windowssystem32imon.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 21:56:14
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-299502267-884357618-839522115-1003SoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(572)
d:windowssystem32imon.dll
d:program filesEsetpr_imon.dll
.
Other Running Processes
.
d:program filesESETNOD32KRN.EXE
d:windowsSYSTEM32NVSVC32.EXE
.
**************************************************************************
.
Completion time: 2009-01-08 21:56:52 — machine was rebooted [Muromets]
ComboFix2.txt 2009-01-05 15:57:52
ComboFix-quarantined-files.txt 2009-01-08 18:56:52Pre-Run: 9 478 471 680 байт свободно
Post-Run: 9,643,065,344 байт свободно122
