сделала так как вы написали в другой теме:
Откройте блокнот и вставьте в него следующий текст:
Код: Выделить всё
File::
C:WINDOWSsystem32mfmlib.dll
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{E5F76779-DE98-4045-AE76-1B5F8CB6B98D}]
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
По окончанию работы Combofix будет создан новый лог файл, пожалуйста вставьте его в ваше ответное сообщение.
это новый лог:
ComboFix 08-10-05.10 — 1 2008-10-06 22:12:54.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.428 [GMT 6:00]
Running from: C:Documents and Settings1??????? ????ComboFix.exe
Command switches used :: C:Documents and Settings1??????? ????CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-06 16:05 . 2008-10-06 16:05
C:Program FilesTrend Micro
2008-10-06 15:16 . 2008-10-06 15:18
C:Program FilesMalwarebytes’ Anti-Malware
2008-10-06 15:16 . 2008-10-06 15:16
C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-06 15:16 . 2008-10-06 15:16
C:Documents and Settings1Application DataMalwarebytes
2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a
C:WINDOWSsystem32driversmbamswissarmy.sys
2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a
C:WINDOWSsystem32driversmbam.sys
2008-10-06 14:13 . 2008-10-06 14:13
C:Program FilesESET
2008-10-06 14:13 . 2008-10-06 14:13
C:Documents and SettingsAll UsersApplication DataESET
2008-10-06 13:14 . 2008-10-06 13:14
C:Program FilesCommon FilesParetoLogic
2008-10-06 13:09 . 2008-10-06 13:09
C:Program FilesParetoLogic
2008-10-06 13:09 . 2008-10-06 13:09
C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
2008-10-06 12:12 . 2008-10-06 13:35
C:Program FilesXoftSpySE
2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
2008-10-06 11:07 . 2008-10-06 16:35
C:Program FilesTS2009
2008-10-06 10:57 . 2008-10-06 10:57
C:Games
2008-10-01 18:13 . 2008-10-01 18:13
C:Program FilesHiro-Media
2008-10-01 18:13 . 2008-10-01 18:13
C:Documents and SettingsAll UsersApplication DataHiro-Media
2008-10-01 15:13 . 2008-10-01 15:13 792 —a
C:WINDOWSlines98.sav
2008-10-01 14:04 . 2008-10-01 14:04 120 —a
C:WINDOWSd4s.hst
2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a
C:WINDOWSsystem32ptpusd.dll
2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a
C:WINDOWSsystem32ptpusb.dll
2008-09-11 15:24 . 2008-09-11 16:09
C:Documents and Settings1Application DataVKLife
2008-09-11 15:22 . 2008-09-17 10:14
C:Program FilesAgent Vkontakte
2008-09-11 15:22 . 2008-09-11 15:38
C:Documents and Settings1Application DataVKontakte
2008-09-10 21:51 . 2008-09-10 21:51
C:Program FilesEA GAMES
2008-09-08 22:29 . 2008-09-08 22:29
C:WINDOWSSun
2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a
C:WINDOWSsystem32javacpl.cpl
2008-09-08 22:27 . 2008-09-08 22:28
C:Program FilesJava
2008-09-08 22:20 . 2008-09-08 22:20
C:Program FilesCommon FilesJava
2008-09-08 11:48 . 2008-08-28 11:50
C:Program FilesMovie Maker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 16:13 750,624 —sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-10-06 16:13 46,056,224 —sha-w C:WINDOWSsystem32driversfidbox.dat
2008-10-06 15:55
d
w C:Documents and Settings1Application DataSkype
2008-10-06 15:51 70,916 —sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-10-06 15:51 616,292 —sha-w C:WINDOWSsystem32driversfidbox.idx
2008-10-06 15:35
d
w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-10-06 14:45
d
w C:Program FilesQUIK КИТ Финанс
2008-10-06 10:20
d
w C:Documents and Settings1Application DataskypePM
2008-10-06 09:49
d
w C:Program FilesICQToolbar
2008-10-06 09:48
d
w C:Documents and Settings1Application DataOrbit
2008-10-06 09:03
d
w C:Program FilesOpera
2008-09-24 03:51
d
w C:Program FilesICQ6
2008-09-20 19:40
d
w C:Documents and Settings1Application DatauTorrent
2008-09-20 12:24
d
w C:Documents and Settings1Application DataMra
2008-09-17 12:49
d
w C:Program FilesuTorrent
2008-09-17 08:55
d
w C:Documents and Settings1Application DataICQ
2008-09-10 15:51
d—h—w C:Program FilesInstallShield Installation Information
2008-09-08 05:48
d
w C:Program FilesНовая папка
2008-08-29 18:44
d
w C:Program FilesRambler Assistant
2008-08-28 13:31
d
w C:Program FilesWindows Media Connect 2
2008-08-28 13:10
d
w C:Documents and Settings1Application DataDataLayer
2008-08-28 13:07
d
w C:Program FilesShasoft eBook 3.0
2008-08-28 05:29
d
w C:Documents and Settings1Application DataDownload Master
2008-08-27 17:58
d
w C:Program FilesDivX
2008-08-26 05:20
d
w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2008-08-24 13:59
d
w C:Documents and Settings1Application DataNokia
2008-08-24 09:29
d
w C:Program FilesMSXML 4.0
2008-08-23 11:57
d
w C:Documents and SettingsAll UsersApplication DataHP
2008-08-23 11:57
d
w C:Documents and Settings1Application DataHP
2008-08-23 11:50
d
w C:Documents and SettingsAll UsersApplication DataWEBREG
2008-08-23 11:48
d
w C:Program FilesHP
2008-08-23 11:48
d
w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
2008-08-23 11:48
d
w C:Documents and Settings1Application DataHPAppData
2008-08-23 11:47
d
w C:Program FilesCommon FilesHP
2008-08-23 11:47
d
w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
2008-08-23 11:46
d
w C:Program FilesHewlett-Packard
2008-08-23 11:46
d
w C:Program FilesCommon FilesHewlett-Packard
2008-08-23 11:45
d
w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
2008-08-21 10:48
d
w C:Documents and Settings1Application Datarambler.ru
2008-08-21 05:07
d
w C:Documents and Settings1Application DataU3
2008-08-19 13:12
d
w C:Program FilesOrbitdownloader
2008-08-18 14:56
d
w C:Program FilesAlcohol Soft
2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
2008-08-15 09:24
d
w C:Program FilesJavaSoft
2008-08-14 14:13
d
w C:Program FilesGames.Rambler.ru
2008-08-14 14:13
d
w C:Documents and SettingsAll UsersApplication DataPlayFirst
2008-08-14 14:13
d
w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-08-14 14:13
d
w C:Documents and Settings1Application DataPlayFirst
2008-08-13 14:57
d
w C:Program FilesGames.Mail.Ru
2008-08-13 11:27
d
w C:Program FilesDIFX
2008-08-13 11:27
d
w C:Documents and SettingsAll UsersApplication DataPC Suite
2008-08-13 11:26
d
w C:Program FilesNokia
2008-08-13 11:26
d
w C:Program FilesCommon FilesPCSuite
2008-08-13 11:26
d
w C:Program FilesCommon FilesNokia
2008-08-13 11:26
d
w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2008-08-13 11:26
d
w C:Documents and Settings1Application DataPC Suite
2008-08-13 10:58
d
w C:Documents and SettingsAll UsersApplication DataEgoset
2008-08-13 07:13
d
w C:Program FilesDownload Master
2008-08-13 06:15
d
w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
2008-08-13 05:33
d
w C:Documents and Settings1Application DataMedia Player Classic
2008-08-08 05:10
d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
2008-08-06 17:01 96,976 —-a-w C:WINDOWSsystem32driversklin.dat
2008-08-06 13:52
d
w C:Documents and SettingsAll UsersApplication DataCyberLink
2008-08-06 13:52
d
w C:Documents and Settings1Application DataCyberLink
2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
2008-07-07 20:29 253,952
w C:WINDOWSsystem32dllcachees.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
«Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
«PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
«AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
«ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
«IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
«SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
«AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
«IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
«PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
«RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
«LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
«Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
«ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
«Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
«eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
«eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
«LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
«IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
«HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
«Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
«HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
«RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.YV12″= yv12vfw.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
«C:\Program Files\ICQ6\ICQ.exe»=
«C:\Program Files\Mail.Ru\Agent\magent.exe»=
«C:\Program Files\BitTornado\btdownloadgui.exe»=
«C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
«C:\Program Files\Orbitdownloader\orbitnet.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Opera\opera.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«45533:TCP»= 45533:TCP:utorrent
«45533:UDP»= 45533:UDP:ut
«55555:TCP»= 55555:TCP:1
«55555:UDP»= 55555:UDP:12
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
ShellAutoRuncommand — G:LaunchU3.exe -a
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85c-68ec-11dd-88e6-001d721a7948}]
ShellAutoRuncommand — evkq381.com
ShellexploreCommand — evkq381.com
ShellopenCommand — evkq381.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{942ffed1-90fd-11dd-894b-001d721a7948}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\scdrnru.dll,InstallM
.
Contents of the ‘Scheduled Tasks’ folder
2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
— C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]
2008-10-06 C:WINDOWSTasksParetoLogic Update.job
— C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]
2008-10-05 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
— C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
.
— — — — ORPHANS REMOVED — — — —
URLSearchHooks-{83821C2B-32A8-4DD7-B6D4-44309A78E668} — (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 22:13:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
Completion time: 2008-10-06 22:16:04
ComboFix-quarantined-files.txt 2008-10-06 16:16:02
ComboFix2.txt 2008-10-06 16:01:19
Pre-Run: 2 570 588 160 ???? ????????
Post-Run: 2,541,649,920 ???? ????????
242 — E O F — 2008-09-10 14:48:49
