Здравствуйте!Лог создал,вроде всё правильно сделал. 🙂 ComboFix 09-02-27.02 — Игорь 2009-02-28 10:14:28.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.640 [GMT 7:00]
Running from: d:installДля лечения через интернетComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesCommon FilesTarget Marketing Agency
c:program filesCommon FilesTarget Marketing AgencyTMAgentaupdate.exe
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensionchrome.manifest
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensionchrometmagent.jar
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioncomponentsfftma.dll
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioncomponentsnsIAdHandler.xpt
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioncomponentsnsISteadway.xpt
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioninstall.rdf
c:program filesCommon FilesTarget Marketing AgencyTMAgentlicense.txt
c:program filesCommon FilesTarget Marketing AgencyTMAgenttmasrv.exe
c:program filesCommon FilesTarget Marketing AgencyTMAgentUninstaller.exe
c:program filesMicrosoft Common
c:windowssystem32drivers156.exe
c:windowssystem32drivers203.exe
c:windowssystem32drivers562.exe
c:windowssystem32drivers750.exe
c:windowssystem32tmp12.tmp
c:windowssystem32tmp13.tmp
c:windowssystem32tmp23.tmp
c:windowssystem32tmp24.tmp
c:windowssystem32twain32
c:windowssystem32twain32local.ds
c:windowssystem32twain32user.ds
BITS: Possible infected sites
hxxp://tmaproject.ru
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-26 11:25 . 2009-02-28 10:03
c:documents and settingsИгорьRecent
2009-02-26 11:25 . 2009-02-28 10:03
c:documents and settingsИгорьRecent
2009-02-21 22:21 . 2006-12-07 15:01 20,480 —a
c:windowssystem32DreamSaver.scr
2009-02-20 13:05 . 2008-07-11 15:41 673,920 —a
c:windowssystem32driversSandBox.sys
2009-02-20 13:05 . 2008-06-30 17:16 234,640 —a
c:windowssystem32driversafwcore.sys
2009-02-20 13:05 . 2008-06-30 17:16 30,864 —a
c:windowssystem32driversafw.sys
2009-02-20 13:05 . 2007-10-25 19:17 49 —a
c:windowstransp.gif
2009-02-20 13:04 . 2009-02-28 09:50
c:windowssystem32Filt
2009-02-20 13:04 . 2009-02-20 13:04
c:program filesAgnitum
2009-02-20 13:04 . 2009-02-20 13:04
c:documents and settingsAll UsersApplication DataAgnitum
2009-02-18 15:39 . 2009-02-18 15:39
c:documents and settingsИгорьWINDOWS
2009-02-18 15:39 . 2009-02-18 15:39
c:documents and settingsИгорьWINDOWS
2009-02-17 11:20 . 2009-02-17 11:20
c:documents and settingsAll UsersApplication DataHagel Technologies
2009-02-16 14:12 . 2009-02-18 15:59 886,900,768 —ahs—- c:windowssystem32driversfidbox.dat
2009-02-16 14:12 . 2009-02-18 15:59 10,382,276 —ahs—- c:windowssystem32driversfidbox.idx
2009-02-13 17:44 . 2009-02-13 17:44
c:documents and settingsИгорьApplication DataThinstall
2009-02-13 17:13 . 2009-02-13 17:17 1,031 —a
c:windowsARPR.INI
2009-02-08 13:07 . 2009-02-23 10:40
c:documents and settingsинна.xmoto
2009-02-08 13:07 . 2009-02-23 10:40
c:documents and settingsинна.xmoto
2009-02-08 10:35 . 2009-02-08 10:35
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-02-07 20:17 . 2009-02-26 16:13
c:documents and settingsИгорь.xmoto
2009-02-07 20:17 . 2009-02-26 16:13
c:documents and settingsИгорь.xmoto
2009-02-07 20:08 . 2009-02-07 20:08
c:windowsPIF
2009-02-06 17:25 . 2008-01-09 03:00 799,424 -ra
c:windowssystem32tmp2D2.tmp
2009-02-06 17:25 . 2008-01-09 03:00 799,424 -ra
c:windowssystem32tmp2D1.tmp
2009-02-06 17:22 . 2009-02-06 17:29
c:documents and settingsИгорьApplication DataDesktopicon
2009-02-02 22:10 . 2009-02-02 22:24
c:documents and settingsИгорьApplication DataICQ
2009-02-02 22:09 . 2009-02-02 22:24
c:program filesICQ6.5
2009-02-02 19:38 . 2009-02-02 19:38
c:program filesConduit
2009-02-01 17:50 . 2009-02-01 17:50
c:documents and settingsИгорьApplication DataGoogle
2009-01-29 01:09 . 2009-01-29 01:09
c:documents and settingsИгорьApplication DataROALDevelopment
2009-01-28 00:28 . 2009-01-28 00:28
c:documents and settingsИгорьApplication DataMedia Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 03:18
d
w c:program filesDrWeb
2009-02-28 03:09
d
w c:documents and settingsИгорьApplication DataReGet Software
2009-02-14 14:00
d—h—w c:program filesInstallShield Installation Information
2009-02-13 17:27
d
w c:program filesOpera
2009-02-06 10:26 418,480 —-a-w c:windowssystem32wrap_oal.dll
2009-02-06 10:26 115,432 —-a-w c:windowssystem32OpenAL32.dll
2009-02-03 04:41
d
w c:documents and settingsadminApplication DataATI
2008-12-31 03:39
d
w c:documents and settingsиннаApplication DataEncyclopedia of Patience
2008-12-30 12:37
d
w c:documents and settingsиннаApplication DataATI
2008-12-30 11:47
d
w c:program filesATI Technologies
2008-12-30 06:10
d
w c:documents and settingsИгорьApplication DataATI
2008-12-02 03:36 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2008-11-30 09:01 22,328 —-a-w c:documents and settingsИгорьApplication DataPnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [2008-10-23 197896]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«ATICCC»=»c:program filesATI TechnologiesATI.ACECLIStart.exe» [2006-09-25 90112]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-15 1153352]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2008-07-15 435528]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«VIDC.MJPG»= mtkjpeg.dll
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\WINDOWS\system32\userinit.exe»=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-08-16 33792]
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-02-20 673920]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-02-20 1238344]
R2 SPIDER;SpIDer Guard File System Monitor;c:progra~1DrWebspider.sys [2008-09-16 268040]
R2 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [2008-09-16 197896]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-02-20 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-02-20 234640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:windowssystem32driversatl01_xp.sys [2008-09-16 35712]
S2 port135sik;port135sik;??c:windowssystem32driversport135sik.sys —> c:windowssystem32driversport135sik.sys [?]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-02-20 33408]
.
— — — — ORPHANS REMOVED — — — —
URLSearchHooks-{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — (no file)
BHO-{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — (no file)
Toolbar-{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — (no file)
WebBrowser-{DFBEB35B-444D-4F25-8D7D-EB2683C206EC} — (no file)
MSConfigStartUp-DU Meter — c:program filesDU MeterDUMeter.exe
.
Supplementary Scan
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392749
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {3E6E3103-A654-44B8-B626-F091545FB5D2} = 195.112.224.126,195.112.224.75
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 10:19:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1032)
c:windowssystem32Ati2evxx.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesAlcohol SoftAlcohol 120StarWindStarWindService.exe
c:program filesATI TechnologiesATI.ACECLI.exe
c:program filesATI TechnologiesATI.ACECLI.exe
.
**************************************************************************
.
Completion time: 2009-02-28 10:21:23 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 03:21:19
Pre-Run: 11 812 085 760 байт свободно
Post-Run: 11,749,445,632 байт свободно
176
