Выключила свой Outpost,но снова забыла указать в его настройках, чтобы антивирусник автоматически не включался после загрузки компьютера
Лог ComboFix
ComboFix 09-03-19.01 — Administrator 2009-03-20 17:32:10.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1634 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-15 22:05 . 2009-03-15 22:05 d
c:windowssystem32Kaspersky Lab
2009-03-15 22:05 . 2009-03-15 22:05 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-14 15:05 . 2009-03-20 13:41 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 —a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2009-03-09 19:42 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 —a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 —a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 —a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 —a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 —a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 —a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 —a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 —a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 —a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 —a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 —a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 —a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 —a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 —a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 —a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 —a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 —a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 18:01 . 2009-02-21 18:01 d-a
c:program filesCoolReader 3.0.8
2009-02-21 17:56 . 2009-02-21 17:57 d
c:documents and settingsAdministratorApplication Datacr3
2009-02-20 20:07 . 2001-10-19 20:33 12,160 —a
c:windowssystem32driversmouhid.sys
2009-02-20 20:07 . 2001-10-19 20:33 12,160 —a—c— c:windowssystem32dllcachemouhid.sys
2009-02-20 20:06 . 2008-04-14 00:15 10,368 —a
c:windowssystem32drivershidusb.sys
2009-02-20 20:06 . 2008-04-14 00:15 10,368 —a—c— c:windowssystem32dllcachehidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 11:33
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-20 11:21
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-24 16:54
d
w c:program filesMicrosoft.NET
2009-01-24 16:46 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-01-18 12:04 632 —-a-w C:settings.dat
2008-12-23 15:58 453,152 —-a-w c:windowssystem32NVUNINST.EXE
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2009-03-02 1225032]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
.
Contents of the ‘Scheduled Tasks’ folder
2009-03-19 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 17:36:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B675C0C6-8153-8E1B-81BF-FF020DD1E204}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
«maapkpfojkmlacbjjmdjndaacf»=hex:6b,61,64,6b,67,6e,67,63,66,61,70,67,6a,68,70,
63,6a,61,65,6f,69,70,00,00
«maapkpfojkmlacmienmmdlofco»=hex:65,61,6a,6a,61,63,68,6c,61,67,00,67
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-20 17:38:09 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 11:38:06
Pre-Run: 33 278 009 344 байт свободно
Post-Run: 33,286,086,656 байт свободно
192 — E O F — 2009-03-14 08:20:38
После загрузки компьютера мой Outpost, как обычно после работы ComboFix’a, указал на обнаружение «опасных файлов».
Нужно ли мне их удалять? Или эти файлы создаются ComoboFix’ом, ошибочно принимаемые антивирусником как опасные?
При удалении Combofix’a они исчезнут?
