ДА, Флешка — это диск F.
Лог Combofix:
ComboFix 08-10-23.05 — Admin 2008-10-24 9:39:18.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.115 [GMT 4:00]
Running from: C:Documents and SettingsAdminРабочий столComboFix.exe
Command switches used :: C:Documents and SettingsAdminРабочий столCFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.
2008-10-21 16:29 . 2008-10-21 16:29 108,144 —a
C:WINDOWSsystem32CmdLineExt.dll
2008-10-21 16:14 . 2008-10-21 16:14
C:Program FilesAlcohol Soft
2008-10-20 12:11 . 2008-10-20 12:11
C:Program FilesESET
2008-10-18 09:23 . 2008-10-18 09:23
C:Program FilesEidos Interactive
2008-10-18 09:16 . 2008-10-18 09:16
C:Documents and SettingsAdminWINDOWS
2008-10-18 09:16 . 1996-01-09 10:38 283,648 —a
C:WINDOWSuninst.exe
2008-10-17 11:09 . 2008-10-17 11:09
C:WINDOWSsystem32GroupPolicy
2008-10-16 12:53 . 2008-10-16 12:53
C:WINDOWSsystem32Kaspersky Lab
2008-10-16 12:53 . 2008-10-16 12:53
C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-10-15 22:24 . 2004-09-18 11:54 89,600 —a
C:WINDOWSsystem32hfshext.dll
2008-10-15 22:24 . 2006-08-01 20:20 13,824 —a
C:WINDOWSsystem32drivershfxp2.sys
2008-10-15 22:22 . 2008-10-15 22:24
C:Program FilesHide Folders XP 2
2008-10-15 17:43 . 2007-09-04 20:56 164,352 —a
C:WINDOWSsystem32unrar.dll
2008-10-15 17:43 . 2008-07-30 23:09 38 —a
C:WINDOWSavisplitter.ini
2008-10-15 17:41 . 2008-10-15 17:42
C:Program FilesK-Lite Codec Pack
2008-10-15 17:41 . 2008-07-25 12:34 683,520 —a
C:WINDOWSsystem32divx.dll
2008-10-15 17:41 . 2008-06-12 22:36 7,680 —a
C:WINDOWSsystem32ff_vfw.dll
2008-10-15 17:41 . 2007-07-10 20:10 547 —a
C:WINDOWSsystem32ff_vfw.dll.manifest
2008-10-14 15:03 . 2008-10-15 10:50
C:Documents and SettingsAdminApplication DataDownload Master
2008-10-14 13:20 . 2008-10-14 13:21
C:Program FilesCrawler
2008-10-14 11:33 . 2008-10-14 11:34
C:totalcmd
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSUC.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSRAR.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSPKZIP.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSPKUNZIP.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSNOCLOSE.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSLHA.PIF
2008-10-14 11:33 . 2006-02-16 06:54 545 —a
C:WINDOWSARJ.PIF
2008-10-14 11:33 . 2008-10-14 12:07 494 —a
C:WINDOWSwincmd.ini
2008-10-14 11:26 . 2002-04-23 22:25 228,352 —a
C:WINDOWSsystem32Vorb.dll
2008-10-14 11:26 . 2008-10-14 11:26 68,960 —a
C:WINDOWSsystem32driversPcatip.sys
2008-10-14 11:26 . 2008-10-14 11:26 35,936 —a
C:WINDOWSsystem32driversPcouffin.sys
2008-10-14 11:25 . 2004-10-08 14:46 909,312 —a
C:WINDOWSlibgfl220.dll
2008-10-14 11:25 . 2001-05-30 01:00 352,256 —a
C:WINDOWSijl15.dll
2008-10-14 11:25 . 2004-10-08 14:46 188,416 —a
C:WINDOWSlibgfle220.dll
2008-10-14 11:25 . 2002-12-03 22:47 172,032 —a
C:WINDOWSsystem32LAME_ENC.DLL
2008-10-14 11:25 . 2003-03-09 17:40 103,608 —a
C:WINDOWSsystem32bass.dll
2008-10-14 11:25 . 2002-04-05 21:53 73,728 —a
C:WINDOWSsystem32CDRip3.dll
2008-10-14 11:25 . 2003-03-03 01:02 46,384 —a
C:WINDOWSsystem32basswma.dll
2008-10-14 11:16 . 2008-10-14 11:33
C:Program FilesTotalCmd
2008-10-14 10:46 . 2008-10-14 10:47
C:WINDOWSsystem32NtmsData
2008-10-14 09:29 . 2008-10-14 09:29
C:Program FilesTrend Micro
2008-10-14 08:39 . 2008-10-14 10:01
C:Program FilesAutorunRemover
2008-10-11 17:16 . 2008-07-19 02:23 20,480 -r-hs—- C:WINDOWSisys32.exe
2008-10-08 23:26 . 2008-10-08 23:27
C:Program FilesQIP
2008-10-08 23:10 . 2008-10-08 23:10
C:gismeteotray
2008-10-08 23:09 . 2008-10-08 23:09
C:Documents and SettingsAdminApplication DataQIP
2008-10-08 22:11 . 2008-10-14 12:17
C:Program FilesStrongDC
2008-10-08 08:53 . 2008-10-08 08:53
C:Program FilesWinamp
2008-10-08 08:53 . 2008-10-08 08:53
C:Documents and SettingsAdminApplication DataWinamp
2008-10-06 01:40 . 1999-06-21 05:10 183,808 —a
C:WINDOWSsystem32BDEADMIN.CPL
2008-10-06 01:40 . 1999-06-25 10:55 149,504 —a
C:Program FilesUNWISE.EXE
2008-10-06 01:39 . 2008-10-06 01:39
C:Program FilesBorland Shared
2008-09-27 20:00 . 2008-09-27 20:00
C:Documents and SettingsAdminApplication DataMedia Player Classic
2008-09-27 20:00 . 2008-10-21 22:58 69 —a
C:WINDOWSNeroDigital.ini
2008-09-26 13:41 . 2008-10-15 00:23
C:Documents and SettingsAdminApplication DataAhead
2008-09-26 13:35 . 2008-09-26 13:35
C:Program FilesNero
2008-09-26 13:35 . 2008-09-26 13:44
C:Program FilesCommon FilesAhead
2008-09-25 13:04 . 2008-09-25 13:04
C:Documents and SettingsAll UsersApplication DatanView_Profiles
2008-09-25 12:56 . 2003-11-17 12:33 3,551,232 —a
C:WINDOWSsystem32nvoglnt.dll
2008-09-25 12:56 . 2003-11-17 12:33 3,022,848 —a
C:WINDOWSsystem32nvcpl.dll
2008-09-25 12:56 . 2003-11-17 12:33 1,474,633 —a
C:WINDOWSsystem32nvwdmcpl.dll
2008-09-25 12:56 . 2003-11-17 12:33 233,472 —a
C:WINDOWSsystem32nvnt4cpl.dll
2008-09-25 12:56 . 2003-11-17 12:33 131,072 —a
C:WINDOWSsystem32nvinstnt.dll
2008-09-25 12:56 . 2003-11-17 12:33 77,824 —a
C:WINDOWSsystem32nvsvc32.exe
2008-09-25 12:56 . 2003-11-17 12:33 49,152 —a
C:WINDOWSsystem32nvmctray.dll
2008-09-25 12:56 . 2003-11-17 12:33 35,840 —a
C:WINDOWSsystem32nvwddi.dll
2008-09-25 12:56 . 2003-11-17 12:33 30,720 —a
C:WINDOWSsystem32nvcodins.dll
2008-09-25 12:56 . 2003-11-17 12:33 30,720 —a
C:WINDOWSsystem32nvcod.dll
2008-09-24 22:19 . 2008-09-24 22:25
C:Program FilesLight Alloy
2008-09-24 21:47 . 2008-10-21 16:18
C:Program FilesInstallShield Installation Information
2008-09-24 21:38 . 2008-09-25 12:41
C:Program Files1000
2008-09-24 21:37 . 2008-09-24 21:59
C:Program FilessXe Injected
2008-09-24 21:18 . 2008-07-04 10:34 860,160 —a
C:WINDOWSsystem32lameACM.acm
2008-09-24 21:14 . 2008-09-24 21:16
C:Program FilesSMSDV
2008-09-24 21:03 . 2008-03-12 12:31 449,184 —a
C:WINDOWSsystem32driversSandBox.sys
2008-09-24 21:03 . 2007-10-25 19:17 49 —a
C:WINDOWStransp.gif
2008-09-24 21:02 . 2008-10-24 08:55
C:WINDOWSsystem32Filt
2008-09-24 21:02 . 2008-09-24 21:02
C:Program FilesAgnitum
2008-09-24 21:02 . 2008-02-27 18:28 206,352 —a
C:WINDOWSsystem32driversafw.sys
2008-09-24 21:01 . 2008-09-24 21:01
C:Documents and SettingsAll UsersApplication DataAgnitum
2008-09-24 20:55 . 2008-09-24 20:55
C:Program FilesuTorrent
2008-09-24 20:55 . 2008-10-23 00:56
C:Documents and SettingsAdminApplication DatauTorrent
2008-09-24 20:33 . 2008-09-24 20:33
C:Documents and SettingsAll UsersApplication DataESET
2008-09-24 20:20 . 2008-09-24 20:22
C:Documents and SettingsAdminApplication DataThe Bat!
2008-09-24 20:12 . 2008-09-24 20:12
C:Program FilesVista Games
2008-09-24 20:12 . 2008-09-24 20:12
C:Program FilesLouderIt
2008-09-24 20:12 . 2008-10-14 15:02
C:Program FilesDownload Master
2008-09-24 20:11 . 2008-09-24 20:11
C:Program FilesCommon FilesMacromedia
2008-09-24 20:09 . 2008-09-24 20:09
C:Program FilesMacromedia
2008-09-24 20:08 . 2008-09-25 12:57
C:Program FilesCommon FilesInstallShield
2008-09-24 19:58 . 2008-09-24 19:58
C:WINDOWSSHELLNEW
2008-09-24 19:52 . 2008-09-24 19:52
C:Program FilesMicrosoft Works
2008-09-24 19:51 . 2008-09-24 19:51
C:Program FilesMicrosoft.NET
2008-09-24 19:48 . 2008-09-24 20:08
C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-09-24 19:46 . 2008-09-24 19:46
C:Program FilesWinDjView
2008-09-24 19:36 . 2008-09-24 19:36
C:Program FilesPunto Switcher
2008-09-24 19:36 . 2008-09-24 19:36
C:Documents and SettingsAdminApplication DataYandex
2008-09-24 19:35 . 2008-09-24 19:35
C:Program FilesOpera
2008-09-24 19:33 . 2008-09-24 19:33 0 —a
C:WINDOWSnsreg.dat
2008-09-24 19:29 . 2008-09-24 19:30
C:Program FilesCommon FilesAdobe
2008-09-24 19:21 . 2008-08-20 00:15 172,416 —a
C:WINDOWSsystem32driverskmixer.sys
2008-09-24 19:21 . 2008-08-20 00:15 142,592 —a
C:WINDOWSsystem32driversaec.sys
2008-09-24 19:21 . 2008-08-20 00:15 83,072 —a
C:WINDOWSsystem32driverswdmaud.sys
2008-09-24 19:21 . 2008-08-20 00:15 60,800 —a
C:WINDOWSsystem32driverssysaudio.sys
2008-09-24 19:21 . 2008-08-20 00:15 56,576 —a
C:WINDOWSsystem32driversswmidi.sys
2008-09-24 19:21 . 2008-08-20 00:15 52,864 —a
C:WINDOWSsystem32driversDMusic.sys
2008-09-24 19:21 . 2008-08-20 00:15 7,552 —a
C:WINDOWSsystem32driversMSKSSRV.sys
2008-09-24 19:21 . 2008-08-20 00:15 6,272 —a
C:WINDOWSsystem32driverssplitter.sys
2008-09-24 19:21 . 2008-08-20 00:15 5,376 —a
C:WINDOWSsystem32driversMSPCLOCK.sys
2008-09-24 19:21 . 2008-08-20 00:15 4,992 —a
C:WINDOWSsystem32driversMSPQM.sys
2008-09-24 19:21 . 2008-08-20 00:15 2,944 —a
C:WINDOWSsystem32driversdrmkaud.sys
2008-09-24 19:20 . 2001-08-18 01:59 3,072 —a
C:WINDOWSsystem32driversaudstub.sys
2008-09-24 19:19 . 2003-11-17 12:33 4,323,968 —a
C:WINDOWSsystem32nv4_disp.dll
2008-09-24 19:19 . 2003-11-17 12:33 4,323,968 —a—c— C:WINDOWSsystem32dllcachenv4_disp.dll
2008-09-24 19:19 . 2003-11-17 12:33 1,618,939 —a
C:WINDOWSsystem32driversnv4_mini.sys
2008-09-24 19:19 . 2003-11-17 12:33 1,618,939 —a—c— C:WINDOWSsystem32dllcachenv4_mini.sys
2008-09-24 19:19 . 2008-08-20 00:15 58,368 —a
C:WINDOWSsystem32driversredbook.sys
2008-09-24 19:18 . 2008-08-19 20:15 146,048 —a
C:WINDOWSsystem32driversportcls.sys
2008-09-24 19:18 . 2008-08-19 20:15 146,048 —a—c— C:WINDOWSsystem32dllcacheportcls.sys
2008-09-24 19:18 . 2008-08-19 20:15 129,536 —a
C:WINDOWSsystem32ksproxy.ax
2008-09-24 19:18 . 2008-08-19 20:15 129,536 —a—c— C:WINDOWSsystem32dllcacheksproxy.ax
2008-09-24 19:18 . 2008-08-20 00:15 76,800 —a
C:WINDOWSsystem32usbui.dll
2008-09-24 19:18 . 2008-08-19 20:15 60,160 —a
C:WINDOWSsystem32driversdrmk.sys
2008-09-24 19:18 . 2008-08-19 20:15 60,160 —a—c— C:WINDOWSsystem32dllcachedrmk.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 14:29 717,296 —-a-w C:WINDOWSsystem32driverssptd.sys
2008-09-24 12:00
d
w C:Program FilesWindows Media Connect 2
2008-08-21 17:34 1,571,840 —-a-w C:WINDOWSsystem32sfcfiles.dll
2008-08-21 17:33 23,040 —-a-w C:WINDOWSsystem32setup.exe
2008-08-19 20:15 75,264 —-a-w C:WINDOWSsystem32storprop.dll
2008-08-19 20:15 23,552 —-a-w C:WINDOWSsystem32wdmaud.drv
2008-08-19 16:22 97,280 —-a-w C:WINDOWSsystem32mydocs.dll
2008-08-19 16:21 99,328 —-a-w C:WINDOWSsystem32cabview.dll
2008-08-19 16:18 991,744 —-a-w C:WINDOWSsystem32drmv2clt.dll
2008-08-19 16:17 71,680 —-a-w C:WINDOWSsystem32admparse.dll
2008-08-19 16:17 55,296 —-a-w C:WINDOWSsystem32iesetup.dll
2008-08-19 16:17 53,760 —-a-w C:WINDOWSsystem32dmutil.dll
2008-08-19 16:17 52,736 —-a-w C:WINDOWSsystem32wzcsapi.dll
2008-08-19 16:17 483,840 —-a-w C:WINDOWSsystem32wzcsvc.dll
2008-08-19 16:17 48,128 —-a-w C:WINDOWSsystem32cnbjmon.dll
2008-08-19 16:17 45,568 —-a-w C:WINDOWSsystem32mshta.exe
2008-08-19 16:17 40,960 —-a-w C:WINDOWSsystem32licmgr10.dll
2008-08-19 16:17 35,328 —-a-w C:WINDOWSsystem32pid.dll
2008-08-19 16:17 20,992 —-a-w C:WINDOWSsystem32hid.dll
2008-08-19 16:17 2,067,712 —-a-w C:WINDOWSsystem32ntkrnlpa.exe
2008-08-19 16:17 17,408 —-a-w C:WINDOWSsystem32corpol.dll
2008-08-19 16:17 15,360 —-a-w C:WINDOWSsystem32pjlmon.dll
2008-08-19 16:14 97,280 —-a-w C:WINDOWSsystem32psbase.dll
2008-08-17 05:51 9,488 —-a-r C:WINDOWSsystem32OEMINFO.CMD
2008-08-15 13:31 45,768 —-a-w C:WINDOWSsystem32wups2.dll
2008-07-31 06:41 68,616 —-a-w C:WINDOWSsystem32XAPOFX1_1.dll
2008-07-31 06:41 238,088 —-a-w C:WINDOWSsystem32xactengine3_2.dll
2008-07-31 06:40 509,448 —-a-w C:WINDOWSsystem32XAudio2_2.dll
2008-07-25 08:34 81,920 —-a-w C:WINDOWSsystem32dpl100.dll
2008-07-18 22:23 20,480 —sh—r C:WINDOWSisys32.exe
.
Sigcheck
2008-08-19 20:23 579072 23b7d3f3f5ec8feea75ec381c71cbd5e C:WINDOWSsystem32user32.dll
2008-08-19 20:23 952832 40b6ea7c0d015c1c7589d6c522e6788c C:WINDOWSsystem32wininet.dll
2008-08-19 20:20 361600 6a104ba98d99d53ab0c91825ce659fc6 C:WINDOWSsystem32driverstcpip.sys
2008-08-19 20:22 1721344 62ea07edf5e3f3ff34eff9bf7619bc64 C:WINDOWSexplorer.exe
2008-08-19 20:23 80584 12c93b7a07d53f41af31e3ae2276328d C:WINDOWSsystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»C:Program FilesPunto Switcherpunto.exe» [2008-09-09 13:20 775464]
«louderit.exe»=»C:Program FileslouderitLouderIt.exe» [2008-02-19 20:32 41472]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe» [2006-10-09 11:28 139264]
«Download Master»=»C:Program FilesDownload Masterdmaster.exe» [2008-09-17 09:45 3294720]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 22:16 39792]
«OutpostMonitor»=»C:PROGRA~1AgnitumOUTPOS~1op_mon.exe» [2008-04-23 10:43 1098568]
«OutpostFeedBack»=»C:Program FilesAgnitumOutpost Firewall Profeedback.exe» [2008-04-22 12:31 419144]
«sXe Injected»=»C:Program FilessXe InjectedsXe Injected.exe» [2008-09-01 07:28 929792]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2003-11-17 12:33 3022848]
«NeroFilterCheck»=»C:Program FilesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 16:40 155648]
«GismeteoTray»=»C:gismeteotraygismeteotray.exe» [2008-10-08 23:10 721408]
«egui»=»C:Program FilesESETESET NOD32 Antivirusegui.exe» [2007-12-21 08:21 1443072]
«nwiz»=»nwiz.exe» [2003-11-17 12:33 753664 C:WINDOWSsystem32nwiz.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-08-19 20:17 124928 C:WINDOWSsystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-08-19 20:17 124928 C:WINDOWSsystem32advpack.dll]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAutorunRemover.exe]
—a
2008-10-14 08:39 1257472 C:Program FilesAutorunRemoverAutorunRemover.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
—a
2008-01-16 02:54 37376 C:Program FilesWinampwinampa.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
R0 HFXP2;HFXP2;C:WINDOWSsystem32DRIVERSHFXP2.SYS [2006-08-01 20:20 13824]
R1 epfwtdir;epfwtdir;C:WINDOWSsystem32DRIVERSepfwtdir.sys [2007-12-21 08:21 33800]
R1 SandBox;SandBox;C:WINDOWSsystem32DRIVERSSandBox.sys [2008-03-12 12:31 449184]
R1 VD_FileDisk;VD_FileDisk;C:WINDOWSsystem32driversVD_FileDisk.sys [2005-04-16 14:48 15232]
R3 afw;Agnitum firewall driver;C:WINDOWSsystem32DRIVERSafw.sys [2008-02-27 18:28 206352]
R3 cmipci;CMI8738/8768 Audio Driver;C:WINDOWSsystem32driverscmipci.sys [2007-11-21 23:44 37888]
R3 SAA713x;Behold TV WDM Capture (SAA713x);C:WINDOWSsystem32DRIVERSsaa713x.sys [2007-12-25 16:32 217352]
S2 acssrv;Agnitum Client Security Service;C:PROGRA~1AgnitumOUTPOS~1acs.exe [2008-04-22 12:31 1181000]
S3 ASWFilt;ASWFilt;C:WINDOWSsystem32FiltASWFilt.dll [2008-03-12 12:32 33472]
.
Результат сканирования:
Файл isys32.exe получен 2008.08.29 23:23:34 (CET)
Текущий статус: закончено
Результат: 23/36 (63.89%)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.8.29.0 2008.08.29 Win-Trojan/Krunchy.20480.B
AntiVir 7.8.1.23 2008.08.29 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.08.29 —
Avast 4.8.1195.0 2008.08.29 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.08.29 BackDoor.Bifrose.AQM
BitDefender 7.2 2008.08.29 Packer.Krunchy.C
CAT-QuickHeal 9.50 2008.08.29 (Suspicious) — DNAScan
ClamAV 0.93.1 2008.08.29 —
DrWeb 4.44.0.09170 2008.08.29 Win32.HLLW.Autoruner.2597
eSafe 7.0.17.0 2008.08.28 —
eTrust-Vet 31.6.6057 2008.08.29 —
Ewido 4.0 2008.08.29 —
F-Prot 4.4.4.56 2008.08.29 —
F-Secure 7.60.13501.0 2008.08.29 Backdoor.Win32.IRCBot.ezq
Fortinet 3.14.0.0 2008.08.29 PossibleThreat
GData 19 2008.08.29 Backdoor.Win32.IRCBot.ezq
Ikarus T3.1.1.34.0 2008.08.29 Packer.Krunchy.C
K7AntiVirus 7.10.432 2008.08.29 Backdoor.Win32.IRCBot.ezq
Kaspersky 7.0.0.125 2008.08.29 Backdoor.Win32.IRCBot.ezq
McAfee 5373 2008.08.29 W32/Sdbot.worm
Microsoft 1.3807 2008.08.25 —
NOD32v2 3400 2008.08.29 —
Norman 5.80.02 2008.08.29 W32/Ircbot.AFNJ
Panda 9.0.0.4 2008.08.29 Generic Worm
PCTools 4.4.2.0 2008.08.29 —
Prevx1 V2 2008.08.29 System Back Door
Rising 20.59.41.00 2008.08.29 —
Sophos 4.33.0 2008.08.29 —
Sunbelt 3.1.1592.1 2008.08.29 Backdoor.IRCBot
Symantec 10 2008.08.29 W32.IRCbot
TheHacker 6.3.0.6.067 2008.08.29 Backdoor/IRCBot.ezq
TrendMicro 8.700.0.1004 2008.08.29 —
VBA32 3.12.8.4 2008.08.29 Backdoor.Win32.IRCBot.ezq
ViRobot 2008.8.29.1355 2008.08.29 Backdoor.Win32.IRCBot.20480.D
VirusBuster 4.5.11.0 2008.08.29 —
Webwasher-Gateway 6.6.2 2008.08.29 Trojan.Crypt.CFI.Gen
Дополнительная информация
File size: 20480 bytes
MD5…: d59da2fb145434fe60f2b23ef5ea911c
SHA1..: 7b41e06ab7598c5180128e108e6af7c67d7e3b33
SHA256: aa4868ea3f5e6b17f44d98ed338c217aab44cc4aba0bc4d107d7a112767c7797
SHA512: 08eeb4353433a45800ba5360f21662c97093cabfae6fea9c26912d1cda0c5edf
8e98c059e091a79fb8c10b2fb66bf61da9f0b8c0e802a62843485ad7f76c7380
PEiD..: —
TrID..: File type identification
‘farb-rausch’ Win32 Executable (91.9%)
Generic Win/DOS Executable (4.0%)
DOS Executable Generic (4.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3f3816
timedatestamp…..: 0x48811740 (Fri Jul 18 22:20:48 2008)
machinetype…….: 0x14c (I386)
( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
kkrunchy 0x1000 0xb85385 0x4000 7.47 1ca4f2e9464c7e7ac3029c21d6842255
( 1 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress
( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=d59da2fb145434fe60f2b23ef5ea911c
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=A953ED7700404D7C50C40065DC77DD005CA0AEE0
Я так понимаю, что анализ файла isys32.exe показал что это вирус? Значит его теперь надо удалить…
Да и еще, у меня почему то пропала языковая панель. Что мне теперь делать?
