Получился вот такой лог 🙄
ComboFix 08-10-19.04 — ilya 2008-10-20 17:51:35.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1049.18.316 [GMT 4:00]
Running from: C:Documents and Settingsilya.SKLADРабочий столComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:WINDOWSsystem32appcert
.
((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.
2008-10-20 17:53 . 2008-10-20 17:53 53,248 —a
C:Tempcatchme.dll
2008-10-20 15:32 . 2008-10-20 15:32 13 —a
C:WINDOWSreset5.dt3
2008-10-20 15:32 . 2008-10-20 15:32 13 —a
C:WINDOWSreset5.dt1
2008-10-20 11:18 . 2008-10-20 11:18
C:Program FilesMyCentria
2008-10-20 10:55 . 2008-10-20 10:55
C:WINDOWSsystem32Kaspersky Lab
2008-10-20 10:55 . 2008-10-20 10:55
C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-10-20 10:41 . 2008-10-20 10:41
C:Program FilesTrend Micro
2008-10-16 15:57 . 2008-10-16 15:57
C:Program FilesAlwil Software
2008-10-16 15:57 . 2003-03-19 00:20 1,060,864 —a
C:WINDOWSsystem32MFC71.dll
2008-10-16 15:19 . 2001-10-20 18:00 97,280 —a
C:WINDOWSsystem32dskquotad.dll
2008-10-09 10:35 . 2008-10-09 10:35
C:WINDOWSsystem32Adobe
2008-10-09 10:35 . 2008-08-06 15:27 499,712 —a
C:WINDOWSsystem32msvcp71.dll
2008-10-09 10:35 . 2008-08-06 15:29 348,160 —a
C:WINDOWSsystem32msvcr71.dll
2008-09-22 16:08 . 2008-09-22 16:08
C:V77
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 08:15 16,368 —-a-w C:Documents and Settingsilya.SKLADApplication DataGDIPFONTCACHEV1.DAT
2008-09-22 12:08
d
w C:Program Files1Cv77
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~Browser Helper Objects{C2810CFB-B267-4C33-BB09-BC2B1DEE6372}]
2001-10-20 18:00 120832 —a
c:windowssystem32gfdffoq.dll
[HKEY_LOCAL_MACHINE~Browser Helper Objects{F5CFDEAF-8878-4AD1-8D9D-997F5E5F8867}]
2001-10-20 18:00 97280 —a
C:WINDOWSSystem32dskquotad.dll
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSSystem32CTFMON.EXE» [2002-09-24 13312]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifykpmhwxcz]
2001-10-20 18:00 120832 C:WINDOWSsystem32gfdffoq.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyreset5]
2002-09-10 00:30 17408 C:WINDOWSsystem32reset5.dll
R0 sqtydunx;sqtydunx;C:WINDOWSSystem32driverssqtydunx.sys [2001-10-20 23424]
R2 xxixagyk;AGP Bus lcab4 Controller;C:WINDOWSSystem32svchost.exe [2001-10-20 12800]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
xxixagyk
*Newly Created Service* — CATCHME
*Newly Created Service* — PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder
2008-10-20 C:WINDOWSTasksAt1.job
— C:WINDOWSSystem32rundll32.exe [2001-10-20 18:00]
.
— — — — ORPHANS REMOVED — — — —
Toolbar-ID — (no file)
.
Supplementary Scan
.
R0 -: HKCU-Main,Start Page = hxxp://ya.ru/
O8 -: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm —
O16 -: DirectAnimation Java Classes — file://C:WINDOWSJavaclassesdajava.cab
C:WINDOWSDownloaded Program FilesDirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java — file://C:WINDOWSJavaclassesxmldso.cab
C:WINDOWSDownloaded Program FilesMicrosoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 17:53:08
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
PROCESS: C:WINDOWSsystem32winlogon.exe
-> C:WINDOWSsystem32reset5.dll
.
Completion time: 2008-10-20 17:54:11
ComboFix-quarantined-files.txt 2008-10-20 13:54:07
Pre-Run: 3 047 256 064 байт свободно
Post-Run: 3,091,562,496 байт свободно
91
