- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Здравствуйте Valeri, спс что ответили!!!
Все как вы сказали сделал, вот лог.
ComboFix 08-10-18.03 — SAV 2008-10-19 15:38:46.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.589 [GMT 4:00]
Running from: C:Documents and SettingsSAVРабочий столComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-18 23:07 . 2008-10-18 23:07
C:Program FilesTrend Micro
2008-10-18 20:38 . 2008-10-18 21:10
C:Program FilesAd Muncher
2008-10-18 20:38 . 2008-10-18 20:39
C:Documents and SettingsAll Users.WINDOWSApplication DataAd Muncher
2008-10-18 20:03 . 2008-10-18 20:07 2,964 —a
C:WINDOWSsystem32tmp.reg
2008-10-18 07:18 . 2008-10-18 07:18
C:Program FilesMalwarebytes’ Anti-Malware
2008-10-18 07:18 . 2008-10-18 07:18
C:Documents and SettingsSAVApplication DataMalwarebytes
2008-10-18 07:18 . 2008-10-18 07:18
C:Documents and SettingsAll Users.WINDOWSApplication DataMalwarebytes
2008-10-18 07:18 . 2008-10-16 20:25 38,496 —a
C:WINDOWSsystem32driversmbamswissarmy.sys
2008-10-18 07:18 . 2008-10-16 20:25 15,504 —a
C:WINDOWSsystem32driversmbam.sys
2008-10-18 06:23 . 2008-10-18 06:42
C:Documents and SettingsAll Users.WINDOWSApplication DataPrevxCSI
2008-10-18 05:56 . 2008-10-18 05:56
C:Program FilesCommon FilesDownload Manager
2008-10-18 05:56 . 2008-10-18 05:56 1,152 —a
C:WINDOWSsystem32windrv.sys
2008-10-17 20:15 . 2008-10-17 20:15
C:Documents and SettingsAll Users.WINDOWSApplication DataBlizzard
2008-10-17 02:13 . 2008-10-17 02:14
C:Documents and SettingsSAVApplication DataMra
2008-10-17 02:12 . 2008-10-18 21:50
C:Program FilesMail.Ru
2008-10-03 19:15 . 2008-10-03 19:15
C:Program FilesiTunes
2008-10-03 19:15 . 2008-10-03 19:15
C:Program FilesiPod
2008-10-03 19:15 . 2008-10-03 19:15
C:Documents and SettingsAll Users.WINDOWSApplication Data{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 11:32
d
w C:Program FilesSymantec AntiVirus
2008-10-19 11:32
d
w C:Documents and SettingsSAVApplication DataOrbit
2008-10-18 17:51
d
w C:Program FilesGoogle
2008-10-18 14:32
d
w C:Program FilesOrbitdownloader
2008-10-18 03:38
d
w C:Program FilesFreeSpacer
2008-10-17 17:25
d
w C:Program FilesCommon FilesBlizzard Entertainment
2008-10-10 04:58 82,944 —-a-w C:WINDOWSsystem32o4Patch.exe
2008-10-10 04:58 82,944 —-a-w C:WINDOWSsystem32IEDFix.C.exe
2008-10-08 17:08
d
w C:Program FilesCyberLink
2008-10-08 17:03
d—h—w C:Program FilesInstallShield Installation Information
2008-10-01 11:51 87,552 —-a-w C:WINDOWSsystem32VACFix.exe
2008-09-15 15:40 1,846,144 —-a-w C:WINDOWSsystem32win32k.sys
2008-09-12 17:13 2,829 —-a-w C:WINDOWSWar3Unin.pif
2008-09-12 17:13 139,264 —-a-w C:WINDOWSWar3Unin.exe
2008-09-12 14:40
d
w C:Program FilesApple Software Update
2008-09-12 14:16
d
w C:Program FilesBonjour
2008-09-12 14:15
d
w C:Program FilesQuickTime
2008-09-12 14:15
d
w C:Program FilesCommon FilesApple
2008-09-09 12:09
d
w C:Documents and SettingsSAVApplication DataGrabPro
2008-09-08 19:38 88,576 —-a-w C:WINDOWSsystem32AntiXPVSTFix.exe
2008-09-06 14:12
d
w C:Program FilesVentSrv
2008-09-06 14:12
d
w C:Program FilesTeamspeak2_RC2
2008-09-06 14:12
d
w C:Program FilesPC Check-up
2008-09-06 14:12
d
w C:Program FilesMMetro
2008-09-06 14:12
d
w C:Program FilesBitComet
2008-09-06 14:12
d
w C:Documents and SettingsSAVApplication DataVentrilo
2008-09-06 12:55
d
w C:Documents and SettingsAll Users.WINDOWSApplication DataEgoset
2008-09-06 12:54
d
w C:Program FilesAlawar.ru
2008-09-01 14:01
d
w C:Program FilesOpera
2008-08-29 06:18 87,336 —-a-w C:WINDOWSsystem32dns-sd.exe
2008-08-29 05:53 61,440 —-a-w C:WINDOWSsystem32dnssd.dll
2008-08-28 10:04 333,056 —-a-w C:WINDOWSsystem32driverssrv.sys
2008-08-21 23:16 637,984
w C:WINDOWSsystem32dllcacheiexplore.exe
2008-08-21 23:10 11,985,408
w C:WINDOWSsystem32dllcacheieframe.dll
2008-08-21 23:09 5,699,584
w C:WINDOWSsystem32dllcachemshtml.dll
2008-08-21 23:08 878,592
w C:WINDOWSsystem32wininet.dll
2008-08-21 23:08 878,592
w C:WINDOWSsystem32dllcachewininet.dll
2008-08-21 23:08 43,008
w C:WINDOWSsystem32licmgr10.dll
2008-08-21 23:08 43,008
w C:WINDOWSsystem32dllcachelicmgr10.dll
2008-08-21 23:08 236,544
w C:WINDOWSsystem32dllcachewebcheck.dll
2008-08-21 23:08 1,206,784
w C:WINDOWSsystem32dllcacheurlmon.dll
2008-08-21 23:07 755,200
w C:WINDOWSsystem32dllcacheVGX.dll
2008-08-21 23:07 193,536
w C:WINDOWSsystem32dllcachemsrating.dll
2008-08-21 23:07 18,944
w C:WINDOWSsystem32dllcachecorpol.dll
2008-08-21 23:07 18,944
w C:WINDOWSsystem32corpol.dll
2008-08-21 23:07 116,224
w C:WINDOWSsystem32dllcacheoccache.dll
2008-08-21 23:07 105,984
w C:WINDOWSsystem32dllcacheurl.dll
2008-08-21 23:05 70,656
w C:WINDOWSsystem32dllcachemshtmled.dll
2008-08-21 23:05 630,272
w C:WINDOWSsystem32dllcachemstime.dll
2008-08-21 23:05 61,952
w C:WINDOWSsystem32dllcacheicardie.dll
2008-08-21 23:05 580,608
w C:WINDOWSsystem32dllcachemsfeeds.dll
2008-08-21 23:05 53,760
w C:WINDOWSsystem32dllcachemsfeedsbs.dll
2008-08-21 23:05 48,128
w C:WINDOWSsystem32mshtmler.dll
2008-08-21 23:05 48,128
w C:WINDOWSsystem32dllcachemshtmler.dll
2008-08-21 23:05 45,056
w C:WINDOWSsystem32dllcachepngfilt.dll
2008-08-21 23:05 35,840
w C:WINDOWSsystem32imgutil.dll
2008-08-21 23:05 35,840
w C:WINDOWSsystem32dllcacheimgutil.dll
2008-08-21 23:05 346,624
w C:WINDOWSsystem32dllcachedxtmsft.dll
2008-08-21 23:05 217,088
w C:WINDOWSsystem32dllcachedxtrans.dll
2008-08-21 23:05 186,880
w C:WINDOWSsystem32dllcacheiepeers.dll
2008-08-21 23:04 45,568
w C:WINDOWSsystem32mshta.exe
2008-08-21 23:04 45,568
w C:WINDOWSsystem32dllcachemshta.exe
2008-08-21 23:00 68,608
w C:WINDOWSsystem32dllcachehmmapi.dll
2008-08-21 22:57 156,160
w C:WINDOWSsystem32msls31.dll
2008-08-21 22:57 156,160
w C:WINDOWSsystem32dllcachemsls31.dll
2008-08-21 22:42 443,392
w C:WINDOWSsystem32dllcacheieapfltr.dll
2008-08-18 08:19 82,432 —-a-w C:WINDOWSsystem32404Fix.exe
2008-08-14 13:47 2,182,144 —-a-w C:WINDOWSsystem32ntoskrnl.exe
2008-08-14 13:47 2,059,520 —-a-w C:WINDOWSsystem32ntkrnlpa.exe
2008-08-05 13:55 265,720 —-a-w C:WINDOWSsystem32msdbg2.dll
.
Sigcheck
2007-08-22 16:57 666112 beadcdb4123263e75edf3595c1102828 C:WINDOWS$hf_mig$KB939653SP2QFEwininet.dll
2007-08-20 13:51 825344 4e51a6b505e629b891c635f040b55c0e C:WINDOWS$hf_mig$KB939653-IE7SP2QFEwininet.dll
2007-10-11 03:23 825344 d5c6df6ce43757bbdf7437742795ee17 C:WINDOWS$hf_mig$KB942615-IE7SP2QFEwininet.dll
2007-12-07 05:43 825344 72cb53167f0c022dc21448b73f46ed82 C:WINDOWS$hf_mig$KB944533-IE7SP2QFEwininet.dll
2003-08-18 04:00 656896 a95c0e0d308f1df32add47e89c12d6b7 C:WINDOWS$NtUninstallKB939653$wininet.dll
2007-08-22 17:14 659456 0a30b5bec262cecc8fcc1da7768f581b C:WINDOWSie7wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:WINDOWSie7updatesKB939653-IE7wininet.dll
2007-08-20 14:01 824832 5e7499e1763346fa6660e326c3a563e2 C:WINDOWSie7updatesKB942615-IE7wininet.dll
2007-10-11 03:53 824832 fbdab5dcaff512b0047109ce4c1438d4 C:WINDOWSie7updatesKB944533-IE7wininet.dll
2007-08-20 14:01 824832 5e7499e1763346fa6660e326c3a563e2 C:WINDOWSSoftwareDistributionDownload8fa3e5c6f07d7e0840f891a002656e4aSP2GDRwininet.dll
2007-08-20 13:51 825344 4e51a6b505e629b891c635f040b55c0e C:WINDOWSSoftwareDistributionDownload8fa3e5c6f07d7e0840f891a002656e4aSP2QFEwininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 C:WINDOWSsystem32wininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 C:WINDOWSsystem32dllcachewininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe» [2006-08-22 94208]
«BitComet»=»C:Program FilesBitCometBitComet.exe» [2008-02-01 2194744]
«DAEMON Tools Lite»=»C:Program FilesDAEMON Tools Litedaemon.exe» [2008-07-04 486856]
«ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe» [2003-08-18 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»C:Program FilesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«ATICCC»=»C:Program FilesATI TechnologiesATI.ACECLIStart.exe» [2006-09-25 90112]
«ccApp»=»C:Program FilesCommon FilesSymantec SharedccApp.exe» [2004-04-15 66656]
«vptray»=»C:PROGRA~1SYMANT~1VPTray.exe» [2004-04-15 124128]
«NeroFilterCheck»=»C:Program FilesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«QuickTime Task»=»C:Program FilesQuickTimeQTTask.exe» [2008-09-06 413696]
«iTunesHelper»=»C:Program FilesiTunesiTunesHelper.exe» [2008-10-01 289576]
«AppleSyncNotifier»=»C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe» [2008-10-01 111936]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-10-17 4417016]
«High Definition Audio Property Page Shortcut»=»HDAShCut.exe» [2004-10-27 C:WINDOWSsystem32HdAShCut.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2003-08-18 15360]
C:Documents and SettingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Orbit.lnk — C:Program FilesOrbitdownloaderorbitdm.exe [2008-09-09 1707208]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\BitComet\BitComet.exe»=
«D:\Игры\cstrike klbs\hl.exe»=
«C:\Program Files\Orbitdownloader\orbitdm.exe»=
«C:\Program Files\Orbitdownloader\orbitnet.exe»=
«C:\Program Files\Bonjour\mDNSResponder.exe»=
«C:\Program Files\iTunes\iTunes.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«22894:TCP»= 22894:TCP:BitComet 22894 TCP
«22894:UDP»= 22894:UDP:BitComet 22894 UDP
.
Contents of the ‘Scheduled Tasks’ folder
2008-10-17 C:WINDOWSTasksAppleSoftwareUpdate.job
— C:Program FilesApple Software UpdateSoftwareUpdate.exe [2008-07-30 12:34]
.
.
Supplementary Scan
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Download by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/201
O8 -: &Grab video by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/204
O8 -: &З&агрузить &с помощью BitComet — C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 -: &З&агрузить все видео файлы с помощью BitComet — C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 -: &З&агрузить все с помощью BitComet — C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 -: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 -: Do&wnload selected by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/203
O8 -: Down&load all by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/202
O8 -: Отправить в ‘Ссылки Интернета’ — C:WINDOWSsystemsendurl.htm
O9 -: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 -: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe —
O17 -: HKLMCCSInterface{CA59D9A0-E0A4-41CD-8D9F-D10D320B7822}: NameServer = 213.234.192.7 85.21.192.5
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 15:40:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-19 15:40:53
ComboFix-quarantined-files.txt 2008-10-19 11:40:44
Pre-Run: 12,545,318,912 байт свободно
Post-Run: 12,546,600,960 байт свободно
192 — E O F — 2008-10-17 00:19:31
