Re: Re: помогите проанализировать лог HijackThis [TotalSecure2009]

7 октября, 2008 в 9:15 дп #19289

Participant

Темы:1
Сообщений:7

☆

новый лог

ComboFix 08-10-06.05 — 1 2008-10-07 15:07:55.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.230 [GMT 6:00]
Running from: C:Documents and Settings1??????? ????ComboFix.exe
Command switches used :: C:Documents and Settings1??????? ????CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-07 10:08 . 2008-10-07 15:12 54,156 —ah

C:WINDOWSQTFont.qfn
2008-10-07 10:08 . 2008-10-07 15:12 1,409 —a

C:WINDOWSQTFont.for
2008-10-06 16:05 . 2008-10-06 16:05 d

C:Program FilesTrend Micro
2008-10-06 15:16 . 2008-10-06 15:18 d

C:Program FilesMalwarebytes’ Anti-Malware
2008-10-06 15:16 . 2008-10-06 15:16 d

C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-06 15:16 . 2008-10-06 15:16 d

C:Documents and Settings1Application DataMalwarebytes
2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a

C:WINDOWSsystem32driversmbamswissarmy.sys
2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a

C:WINDOWSsystem32driversmbam.sys
2008-10-06 14:13 . 2008-10-06 14:13 d

C:Program FilesESET
2008-10-06 14:13 . 2008-10-06 14:13 d

C:Documents and SettingsAll UsersApplication DataESET
2008-10-06 13:14 . 2008-10-06 13:14 d

C:Program FilesCommon FilesParetoLogic
2008-10-06 13:09 . 2008-10-06 13:09 d

C:Program FilesParetoLogic
2008-10-06 13:09 . 2008-10-06 13:09 d

C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
2008-10-06 12:12 . 2008-10-06 13:35 d

C:Program FilesXoftSpySE
2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
2008-10-06 11:07 . 2008-10-06 16:35 d

C:Program FilesTS2009
2008-10-06 10:57 . 2008-10-06 10:57 d

C:Games
2008-10-01 18:13 . 2008-10-01 18:13 d

C:Program FilesHiro-Media
2008-10-01 18:13 . 2008-10-01 18:13 d

C:Documents and SettingsAll UsersApplication DataHiro-Media
2008-10-01 15:13 . 2008-10-01 15:13 792 —a

C:WINDOWSlines98.sav
2008-10-01 14:04 . 2008-10-01 14:04 120 —a

C:WINDOWSd4s.hst
2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a

C:WINDOWSsystem32ptpusd.dll
2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a

C:WINDOWSsystem32ptpusb.dll
2008-09-11 15:24 . 2008-09-11 16:09 d

C:Documents and Settings1Application DataVKLife
2008-09-11 15:22 . 2008-09-17 10:14 d

C:Program FilesAgent Vkontakte
2008-09-11 15:22 . 2008-09-11 15:38 d

C:Documents and Settings1Application DataVKontakte
2008-09-10 21:51 . 2008-09-10 21:51 d

C:Program FilesEA GAMES
2008-09-08 22:29 . 2008-09-08 22:29 d

C:WINDOWSSun
2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a

C:WINDOWSsystem32javacpl.cpl
2008-09-08 22:27 . 2008-09-08 22:28 d

C:Program FilesJava
2008-09-08 22:20 . 2008-09-08 22:20 d

C:Program FilesCommon FilesJava
2008-09-08 11:48 . 2008-08-28 11:50 d

C:Program FilesMovie Maker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 09:12 761,120 —sha-w C:WINDOWSsystem32driversfidbox2.dat
2008-10-07 09:12 46,323,232 —sha-w C:WINDOWSsystem32driversfidbox.dat
2008-10-07 09:02

w C:Documents and Settings1Application DataSkype
2008-10-07 09:01

w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-10-07 08:59 72,044 —sha-w C:WINDOWSsystem32driversfidbox2.idx
2008-10-07 08:59 620,132 —sha-w C:WINDOWSsystem32driversfidbox.idx
2008-10-07 08:58

w C:Program FilesQUIK КИТ Финанс
2008-10-07 04:10

w C:Documents and Settings1Application DataskypePM
2008-10-06 09:49

w C:Program FilesICQToolbar
2008-10-06 09:48

w C:Documents and Settings1Application DataOrbit
2008-10-06 09:03

w C:Program FilesOpera
2008-09-24 03:51

w C:Program FilesICQ6
2008-09-20 19:40

w C:Documents and Settings1Application DatauTorrent
2008-09-20 12:24

w C:Documents and Settings1Application DataMra
2008-09-17 12:49

w C:Program FilesuTorrent
2008-09-17 08:55

w C:Documents and Settings1Application DataICQ
2008-09-10 15:51

d—h—w C:Program FilesInstallShield Installation Information
2008-09-08 05:48

w C:Program FilesНовая папка
2008-08-29 18:44

w C:Program FilesRambler Assistant
2008-08-28 13:31

w C:Program FilesWindows Media Connect 2
2008-08-28 13:10

w C:Documents and Settings1Application DataDataLayer
2008-08-28 13:07

w C:Program FilesShasoft eBook 3.0
2008-08-28 05:29

w C:Documents and Settings1Application DataDownload Master
2008-08-27 17:58

w C:Program FilesDivX
2008-08-26 05:20

w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2008-08-24 13:59

w C:Documents and Settings1Application DataNokia
2008-08-24 09:29

w C:Program FilesMSXML 4.0
2008-08-23 11:57

w C:Documents and SettingsAll UsersApplication DataHP
2008-08-23 11:57

w C:Documents and Settings1Application DataHP
2008-08-23 11:50

w C:Documents and SettingsAll UsersApplication DataWEBREG
2008-08-23 11:48

w C:Program FilesHP
2008-08-23 11:48

w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
2008-08-23 11:48

w C:Documents and Settings1Application DataHPAppData
2008-08-23 11:47

w C:Program FilesCommon FilesHP
2008-08-23 11:47

w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
2008-08-23 11:46

w C:Program FilesHewlett-Packard
2008-08-23 11:46

w C:Program FilesCommon FilesHewlett-Packard
2008-08-23 11:45

w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
2008-08-21 10:48

w C:Documents and Settings1Application Datarambler.ru
2008-08-21 05:07

w C:Documents and Settings1Application DataU3
2008-08-19 13:12

w C:Program FilesOrbitdownloader
2008-08-18 14:56

w C:Program FilesAlcohol Soft
2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
2008-08-15 09:24

w C:Program FilesJavaSoft
2008-08-14 14:13

w C:Program FilesGames.Rambler.ru
2008-08-14 14:13

w C:Documents and SettingsAll UsersApplication DataPlayFirst
2008-08-14 14:13

w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-08-14 14:13

w C:Documents and Settings1Application DataPlayFirst
2008-08-13 14:57

w C:Program FilesGames.Mail.Ru
2008-08-13 11:27

w C:Program FilesDIFX
2008-08-13 11:27

w C:Documents and SettingsAll UsersApplication DataPC Suite
2008-08-13 11:26

w C:Program FilesNokia
2008-08-13 11:26

w C:Program FilesCommon FilesPCSuite
2008-08-13 11:26

w C:Program FilesCommon FilesNokia
2008-08-13 11:26

w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2008-08-13 11:26

w C:Documents and Settings1Application DataPC Suite
2008-08-13 10:58

w C:Documents and SettingsAll UsersApplication DataEgoset
2008-08-13 07:13

w C:Program FilesDownload Master
2008-08-13 06:15

w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
2008-08-13 05:33

w C:Documents and Settings1Application DataMedia Player Classic
2008-08-08 05:10

d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
2008-07-07 20:29 253,952

w C:WINDOWSsystem32dllcachees.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
«Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
«PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
«AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
«ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
«IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
«SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
«AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
«IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
«PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
«RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
«LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
«Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
«ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
«Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
«eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
«eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
«LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
«IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
«HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
«Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
«HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
«RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.YV12″= yv12vfw.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
«C:\Program Files\ICQ6\ICQ.exe»=
«C:\Program Files\Mail.Ru\Agent\magent.exe»=
«C:\Program Files\BitTornado\btdownloadgui.exe»=
«C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
«C:\Program Files\Orbitdownloader\orbitnet.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Opera\opera.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«45533:TCP»= 45533:TCP:utorrent
«45533:UDP»= 45533:UDP:ut
«55555:TCP»= 55555:TCP:1
«55555:UDP»= 55555:UDP:12

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
ShellAutoRuncommand — G:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85c-68ec-11dd-88e6-001d721a7948}]
ShellAutoRuncommand — evkq381.com
ShellexploreCommand — evkq381.com
ShellopenCommand — evkq381.com

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{942ffed1-90fd-11dd-894b-001d721a7948}]
ShellAutoRuncommand — H:
ShellopenCommand — rundll32.exe .\scdrnru.dll,InstallM
.
Contents of the ‘Scheduled Tasks’ folder

2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
— C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]

2008-10-06 C:WINDOWSTasksParetoLogic Update.job
— C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]

2008-10-07 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
— C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 15:12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-07 15:14:05
ComboFix-quarantined-files.txt 2008-10-07 09:14:00
ComboFix2.txt 2008-10-06 16:16:07

Pre-Run: 3 180 777 472 ???? ????????
Post-Run: 3,156,447,232 ???? ????????

239 — E O F — 2008-09-10 14:48:49

Re: Re: помогите проанализировать лог HijackThis [TotalSecure2009]

Добро пожаловать

Поиск

Важные инструкции

Как запустить компьютер в безопасном режиме (Safe Mode)

Какой лучший антивирус ? Как выбрать антивирус ?

Нет доступа в интернет после удаления вируса — Как восстановить

Как удалить вредоносные программы, лучшие утилиты

Как удалить вирус с телефона Андроид (Инструкция)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки