- This topic has 1 ответ, 2 участника, and was last updated 16 years, 2 months назад by
.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
-
Сообщения
-
Эхх… Я думала, что мне удалось победить этот злобный вирус, но не тут-то было 🙁
Итак, у меня появились braviax.exe и Home Antivirus 2010.
Вот этот способ для braviax.exe не помог: http://www.spyware-ru.com/kak-udalit-braviax/.
Вот этот для Home Antivirus 2010 тоже не помог: http://www.spyware-ru.com/home-antivirus-2010/.Сообщения о том, что компьютер заражен и т.п. продолжают выскакивать.
Выкладываю логи:
log HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:34, on 16.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGoogleUpdate1.2.183.7GoogleCrashHandler.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32rundll32.exe
E:Javajre6binjusched.exe
E:iTunesiTunesHelper.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32RUNDLL32.EXE
E:Dirkey2Dirkey.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
E:Javajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
E:RaxcoPerfectDisk10PDAgent.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:WINDOWSsystem32WTabletWacom_TabletUser.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
E:Mozilla Firefoxfirefox.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32msiexec.exe
d:Trend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [SunJavaUpdateSched] "E:Javajre6binjusched.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "E:AdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "E:iTunesiTunesHelper.exe"
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Regedit32] C:WINDOWSsystem32regedit.exe
O4 - HKCU..Run: [Dirkey] e:Dirkey2Dirkey.exe
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashNPSWF32_FlashUtil.exe -p
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [braviax] (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:Program FilesCommon FilesWise Installation WizardWISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:Program FilesCommon FilesWise Installation WizardWISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="e:nvidiawinxp182.50englishPhysX_9.09.0203_SystemSoftware.exe" (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:Program FilesCommon FilesWise Installation WizardWISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:Program FilesCommon FilesWise Installation WizardWISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="e:nvidiawinxp182.50englishPhysX_9.09.0203_SystemSoftware.exe" (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Append to existing PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:MICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://E:ABBYY Lingvo 12Lingvo.exe/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:MICROS~2WEB2~1Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:SPYBOT~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:SPYBOT~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - E:QIPqip.exe (HKCU)
O11 - Options group: [searching] Search from the Address bar
O17 - HKLMSystemCCSServicesTcpip..{E9A694FE-DC18-4110-A8A1-8BCB10D13622}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Autodesk - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Служба Google Update (gupdate1c9cf0f7f0b7a4c) (gupdate1c9cf0f7f0b7a4c) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:Javajre6binjqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:Autodesk3ds Max 9mentalraysatelliteraysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:RaxcoPerfectDisk10PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:RaxcoPerfectDisk10PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:WINDOWSsystem32Wacom_Tablet.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 9251 bytes
log SDFix:
SDFix: Version 1.240
Run by Lussie on 16.08.2009 at 23:59
Microsoft Windows XP [Version 5.1.2600]
Running From: C:SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Resetting AppInit_DLLs value
Rebooting
Infected beep.sys Found!
beep.sys File Locations:
"C:WINDOWSsystem32dllcachebeep.sys" 29184 16.08.2009 23:43
"C:WINDOWSsystem32dllcachecachebeep.sys" 4224 07.08.2008 15:27
"C:WINDOWSsystem32driversbeep.sys" 29184 16.08.2009 23:43
Infected File Listed Below:
C:WINDOWSsystem32dllcachebeep.sys
C:WINDOWSsystem32driversbeep.sys
File copied to Backups Folder
Attempting to replace beep.sys with original version
Original beep.sys Restored
"C:WINDOWSsystem32dllcachebeep.sys" 4224 07.08.2008 15:27
"C:WINDOWSsystem32dllcachecachebeep.sys" 4224 07.08.2008 15:27
"C:WINDOWSsystem32driversbeep.sys" 4224 07.08.2008 15:27
Checking Files :
Trojan Files Found:
C:WINDOWSbraviax.exe - Deleted
C:WINDOWScru629.dat - Deleted
C:WINDOWSsystem32braviax.exe - Deleted
C:WINDOWSsystem32cru629.dat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 00:02:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBTHPORTParametersKeys�011b107a36b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverShares]
"374>�0444:�0404A4B4 ?i?X?B?T?.?c?o?m?"=str(7):"CSCFlags=0�MaxUses=4294967295�Path=C:Documents and SettingsLussieMy DocumentsMy MusiciTunesiTunes MusicPodcasts>4:0AB iXBT.com�Permissions=0�Remark=�Type=0�"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="e:DAEMON Tools Lite"
"h0"=dword:00000000
"khjeh"=hex:6c,2d,d8,f4,51,36,32,af,56,1b,64,29,9d,98,69,51,1e,f8,89,e5,d8,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001]
"a0"=hex:20,01,00,00,a3,54,4b,f8,e8,7b,25,5c,df,ef,8a,83,d5,46,03,02,05,..
"khjeh"=hex:2f,71,5a,6c,45,18,e3,74,fe,9a,75,9e,60,6a,57,f0,6b,e9,36,85,2f,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40]
"khjeh"=hex:5a,3f,29,e8,44,f3,10,31,5f,e3,3e,84,ee,30,f1,93,7d,1c,37,cf,64,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf41]
"khjeh"=hex:68,59,12,d4,c0,8f,f2,da,9a,9d,22,d9,6a,68,8b,7d,c4,3e,a9,c5,7d,..
[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="e:DAEMON Tools Lite"
"h0"=dword:00000000
"khjeh"=hex:6c,2d,d8,f4,51,36,32,af,56,1b,64,29,9d,98,69,51,1e,f8,89,e5,d8,..
[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001]
"a0"=hex:20,01,00,00,a3,54,4b,f8,e8,7b,25,5c,df,ef,8a,83,d5,46,03,02,05,..
"khjeh"=hex:2f,71,5a,6c,45,18,e3,74,fe,9a,75,9e,60,6a,57,f0,6b,e9,36,85,2f,..
[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40]
"khjeh"=hex:5a,3f,29,e8,44,f3,10,31,5f,e3,3e,84,ee,30,f1,93,7d,1c,37,cf,64,..
[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf41]
"khjeh"=hex:68,59,12,d4,c0,8f,f2,da,9a,9d,22,d9,6a,68,8b,7d,c4,3e,a9,c5,7d,..
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E965-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E967-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E969-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E96A-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E97B-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ControlClass{4D36E980-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicesBTHPORTParametersKeys�011b107a36b]
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServiceslanmanserverShares]
"374>�0444:�0404A4B4 ?i?X?B?T?.?c?o?m?"=str(7):"CSCFlags=0�MaxUses=4294967295�Path=C:Documents and SettingsLussieMy DocumentsMy MusiciTunesiTunes MusicPodcasts>4:0AB iXBT.com�Permissions=0�Remark=�Type=0�"
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicesMRxDAVEncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="e:DAEMON Tools Lite"
"h0"=dword:00000000
"khjeh"=hex:6c,2d,d8,f4,51,36,32,af,56,1b,64,29,9d,98,69,51,1e,f8,89,e5,d8,..
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001]
"a0"=hex:20,01,00,00,a3,54,4b,f8,e8,7b,25,5c,df,ef,8a,83,d5,46,03,02,05,..
"khjeh"=hex:2f,71,5a,6c,45,18,e3,74,fe,9a,75,9e,60,6a,57,f0,6b,e9,36,85,2f,..
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40]
"khjeh"=hex:5a,3f,29,e8,44,f3,10,31,5f,e3,3e,84,ee,30,f1,93,7d,1c,37,cf,64,..
[HKEY_LOCAL_MACHINESYSTEMcontrolset003ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf41]
"khjeh"=hex:68,59,12,d4,c0,8f,f2,da,9a,9d,22,d9,6a,68,8b,7d,c4,3e,a9,c5,7d,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Steam\SteamApps\lussie_only\team fortress 2\hl2.exe"="E:\Steam\SteamApps\lussie_only\team fortress 2\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\id Software\Enemy Territory - QUAKE Wars\etqwded.exe"="E:\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe"
"E:\id Software\Enemy Territory - QUAKE Wars\etqw.exe"="E:\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"E:\Autodesk\Backburner\monitor.exe"="E:\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"E:\Autodesk\Backburner\manager.exe"="E:\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"E:\Autodesk\Backburner\server.exe"="E:\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"E:\Autodesk\3ds Max 9\3dsmax.exe"="E:\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\uTorrent\uTorrent.exe"="E:\uTorrent\uTorrent.exe:*:Enabled:зTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Steam\SteamApps\common\left 4 dead\left4dead.exe"="E:\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"E:\iTunes\iTunes.exe"="E:\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
C:WINDOWSsystem32braviax.exe Found
File Backups: - C:SDFixbackupsbackups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:Program FilesMessengermsmsgs.exe"
Fri 2 May 2008 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:Program FilesAutodeskAutodesk Express ViewerSetup.exe"
Mon 11 Feb 2008 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp"
Finished!
log ComboFix:
ComboFix 09-08-10.06 - Lussie 17.08.2009 0:08.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.2047.1538 [GMT 4:00]
Running from: c:documents and settingsLussieDesktopComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsLocalServiceoashdihasidhasuidhiasdhiashdiuasdhasd
c:windowssystem32braviax.exe
c:windowssystem32dllcachefigaro.sys
c:windowssystem32wisdstr.exe
Infected copy of c:windowssystem32driversbeep.sys was found and disinfected
Restored copy from - c:system volume information_restore{A96B678B-C62A-4D38-9AF6-AAA01CE86A8C}RP1A0001769.sys
.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 19:43 . 2009-08-16 20:04 29184 -c--a-w- c:windowssystem32dllcachebeep.sys
2009-08-16 19:43 . 2004-08-04 01:07 4224 ----a-w- c:windowssystem32driversbeep.sys
2009-08-14 22:01 . 2009-08-14 22:01
d
w- c:documents and settingsLussieApplication DataMalwarebytes
2009-08-14 22:01 . 2009-08-03 09:36 38160 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-08-14 22:01 . 2009-08-14 22:01
d
w- c:program filesMalwarebytes' Anti-Malware
2009-08-14 22:01 . 2009-08-14 22:01
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-08-14 22:01 . 2009-08-03 09:36 19096 ----a-w- c:windowssystem32driversmbam.sys
2009-08-14 21:53 . 2009-08-14 21:53
d
w- c:program filestrend micro
2009-08-14 21:53 . 2009-08-14 21:53
d
w- C:rsit
2009-08-14 19:44 . 2009-08-14 19:44 19971 ----a-w- c:documents and settingsLussieLocal SettingsApplication Datalimi.com
2009-08-14 19:44 . 2009-08-14 19:44 17005 ----a-w- c:windowssystem32bymiqal.pif
2009-08-14 19:44 . 2009-08-14 19:44 15792 ----a-w- c:documents and settingsLussieApplication Datahide.dll
2009-08-14 19:44 . 2009-08-14 19:44 15598 ----a-w- c:windowsufywynavi.bat
2009-08-14 19:44 . 2009-08-14 19:44 13811 ----a-w- c:program filesCommon Filesebowuwol.dll
2009-08-14 19:44 . 2009-08-14 19:44 13696 ----a-w- c:windowsinasago.scr
2009-08-14 19:44 . 2009-08-14 19:44 12509 ----a-w- c:documents and settingsLussieLocal SettingsApplication Dataacytypebi.sys
2009-08-14 19:44 . 2009-08-14 19:44 11448 ----a-w- c:documents and settingsLussieLocal SettingsApplication Datafolox.reg
2009-08-14 19:44 . 2009-08-14 19:44 10236 ----a-w- c:program filesCommon Filesutizavowy.vbs
2009-08-14 19:23 . 2009-08-14 19:23
d
w- c:windowsERUNT
2009-08-14 19:22 . 2009-08-16 20:05
d
w- C:SDFix
2009-08-14 17:46 . 2009-08-14 17:46
d
w- c:documents and settingsLocalServiceApplication DataWTablet
2009-08-14 17:41 . 2004-08-04 01:07 92416 -c--a-w- c:windowssystem32dllcachemga.sys
2009-08-14 17:40 . 2004-08-04 01:07 829440 -c--a-w- c:windowssystem32dllcacheinetmgr.dll
2009-08-14 17:39 . 2004-08-04 01:07 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe
2009-08-14 17:11 . 2004-08-04 01:07 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2009-08-14 17:11 . 2004-08-04 01:07 24661 ----a-w- c:windowssystem32spxcoins.dll
2009-08-14 17:11 . 2004-08-04 01:07 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2009-08-14 17:11 . 2004-08-04 01:07 13312 ----a-w- c:windowssystem32irclass.dll
2009-08-14 01:12 . 2009-08-14 01:12 17528 ----a-w- c:windowssystem32ywulyp.pif
2009-08-14 01:12 . 2009-08-14 01:12 14857 ----a-w- c:windowsxifyfyhy.bat
2009-08-14 01:12 . 2009-08-14 01:12 13536 ----a-w- c:program filesCommon Fileskerimyrytu.bat
2009-08-14 01:12 . 2009-08-14 01:12 12926 ----a-w- c:windowsenuzoxug.reg
2009-07-23 08:44 . 2009-07-23 08:44
d
w- c:program filesiPod
2009-07-23 08:40 . 2009-07-23 08:40 75040 ----a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 8.2.1.6SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 20:12 . 2008-12-07 14:26
d
w- c:documents and settingsLussieApplication DataWTablet
2009-08-16 19:41 . 2009-05-07 12:28
d
w- c:documents and settingsAll UsersApplication DataGoogle Updater
2009-08-15 01:56 . 2008-01-18 09:17 57776 ----a-w- c:documents and settingsLussieLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-08-14 19:44 . 2009-08-14 19:44 19956 ----a-w- c:documents and settingsAll UsersApplication Datalumi.dat
2009-08-14 19:44 . 2009-08-14 19:44 14805 ----a-w- c:documents and settingsAll UsersApplication Dataajafyl.vbs
2009-08-14 19:44 . 2009-08-14 19:44 14561 ----a-w- c:program filesCommon Fileselulyte.ban
2009-08-14 19:44 . 2009-08-14 19:44 11640 ----a-w- c:program filesCommon Filesrikibip.lib
2009-08-14 17:48 . 2004-08-04 01:07 619200 ----a-w- c:windowssystem32driversntfs.sys
2009-08-14 17:38 . 2008-01-18 09:06 22720 ----a-w- c:windowssystem32emptyregdb.dat
2009-08-14 17:07 . 2009-08-14 17:07 0 ----a-w- c:windowsSETF3.tmp
2009-08-14 01:17 . 2008-03-12 22:48
d
w- c:documents and settingsLussieApplication DatauTorrent
2009-08-14 01:12 . 2009-08-14 01:12 18427 ----a-w- c:program filesCommon Filesqyzomiqow.lib
2009-08-14 01:12 . 2009-08-14 01:12 14887 ----a-w- c:program filesCommon Filesuwerekeky.db
2009-08-14 01:12 . 2009-08-14 01:12 12305 ----a-w- c:program filesCommon Filesxuguxyroka.dl
2009-08-12 19:49 . 2008-11-03 21:05
d
w- c:documents and settingsLussieApplication DataMumble
2009-07-24 06:20 . 2009-01-22 20:12 150768 ----a-w- c:documents and settingsLussieApplication DataMicrosoftInternet Explorerqipsearchbar.dll
2009-07-23 08:44 . 2008-01-20 01:30
d
w- c:program filesCommon FilesApple
2009-07-17 07:10 . 2009-07-17 07:10 232200 ----a-w- c:windowssystem32PDBoot.exe
2009-07-14 20:53 . 2008-11-09 02:44
d
w- c:documents and settingsAll UsersApplication DataAcrobatInstall
2009-07-13 17:15 . 2009-06-18 21:37 25440 ----a-w- c:documents and settingsAll UsersApplication DataLavasoftAd-AwareUpdatesavapibridge.dll
2009-07-13 17:15 . 2009-06-18 21:37 1630560 ----a-w- c:documents and settingsAll UsersApplication DataLavasoftAd-AwareUpdateResources.dll
2009-07-13 17:15 . 2009-06-18 21:37 2353480 ----a-w- c:documents and settingsAll UsersApplication DataLavasoftAd-AwareUpdateAd-Aware.exe
2009-06-18 21:09 . 2008-09-06 22:43
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-06-18 21:08 . 2009-06-18 21:08
d
w- c:program filesCommon FilesWindows Live
2009-06-18 21:07 . 2009-06-18 21:07
d
w- c:program filesMicrosoft
2009-06-11 00:03 . 2009-06-11 00:03 10134 ----a-r- c:documents and settingsLussieApplication DataMicrosoftInstaller{E3E71D07-CD27-46CB-8448-16D4FB29AA13}ARPPRODUCTICON.exe
2009-06-10 23:08 . 2008-02-25 02:21 138784 ----a-w- c:windowssystem32driversPnkBstrK.sys
2009-06-10 23:08 . 2008-02-25 02:20 111928 ----a-w- c:windowssystem32PnkBstrB.exe
2009-06-08 06:00 . 2009-06-08 06:00 71696 ----a-w- c:windowssystem32driversDefragFs.sys
2009-06-07 10:13 . 2008-08-07 22:20 447752 ----a-w- c:windowssystem32vp6vfw.dll
2009-06-01 16:51 . 2009-06-01 16:51 15688 ----a-w- c:documents and settingsAll UsersApplication DataLavasoftAd-AwareUpdatelsdelete.exe
2009-06-01 16:51 . 2009-05-19 02:40 15688 ----a-w- c:windowssystem32lsdelete.exe
.
Sigcheck
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:windows$hf_mig$KB930916SP2QFEntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:windowsSoftwareDistributionDownload65cb51275f131ad95a646f305f973e3antfs.sys
[-] 2009-08-14 17:48 619200 5D407322AA69AC6E7B17C81B48DEB327 c:windowssystem32dllcachentfs.sys
[-] 2009-08-14 17:48 619200 5D407322AA69AC6E7B17C81B48DEB327 c:windowssystem32driversntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_19.38.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 20:11 . 2009-08-16 20:11 16384 c:windowstempPerflib_Perfdata_4bc.dat
- 2008-01-18 09:16 . 2009-08-14 17:45 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2008-01-18 09:16 . 2009-08-16 18:04 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
- 2008-01-18 09:16 . 2009-08-14 17:45 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2008-01-18 09:16 . 2009-08-16 18:04 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
- 2008-01-18 09:16 . 2009-08-14 17:45 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2008-01-18 09:16 . 2009-08-16 18:04 16384 c:windowssystem32configsystemprofileCookiesindex.dat
- 2009-08-14 19:24 . 2009-08-14 19:24 409600 c:windowsERUNTSDFIXUsers�0000002UsrClass.dat
+ 2009-08-16 19:57 . 2009-08-16 19:57 409600 c:windowsERUNTSDFIXUsers�0000002UsrClass.dat
+ 2009-08-16 19:57 . 2008-08-07 11:27 163328 c:windowsERUNTSDFIXERDNT.EXE
- 2009-08-14 19:24 . 2008-08-07 11:27 163328 c:windowsERUNTSDFIXERDNT.EXE
+ 2009-08-16 19:57 . 2009-08-16 19:57 29917184 c:windowsERUNTSDFIXUsers�0000001ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Dirkey"="e:dirkey2Dirkey.exe" [2003-12-07 116736]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NeroFilterCheck"="c:windowssystem32NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2009-03-27 13684736]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe" [2008-09-03 111936]
"SunJavaUpdateSched"="e:javajre6binjusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="e:adobeReader 8.0ReaderReader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-05-26 413696]
"iTunesHelper"="e:itunesiTunesHelper.exe" [2009-07-13 292128]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2009-03-27 86016]
"nwiz"="nwiz.exe" - c:windowssystem32nwiz.exe [2009-03-27 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:windowsKHALMNPR.Exe [2007-11-28 55824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:windowssystem32bthprops.cpl [2004-08-04 110592]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"WiseStubReboot"="MSIEXEC" [X]
"tscuninstall"="c:windowssystem32tscupgrd.exe" [2004-08-03 44544]
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ PDBoot.exe�autocheck autochk *�lsdelete
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@="Service"
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutorunsDisabled^Adobe Acrobat Speed Launcher.lnk]
backup=c:windowspssAdobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutorunsDisabled^Adobe Acrobat Synchronizer.lnk]
backup=c:windowspssAdobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"UpdatesDisableNotify"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"e:\Steam\SteamApps\lussie_only\team fortress 2\hl2.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\PnkBstrA.exe"=
"c:\WINDOWS\system32\PnkBstrB.exe"=
"e:\id Software\Enemy Territory - QUAKE Wars\etqwded.exe"=
"e:\id Software\Enemy Territory - QUAKE Wars\etqw.exe"=
"e:\Autodesk\Backburner\monitor.exe"=
"e:\Autodesk\Backburner\manager.exe"=
"e:\Autodesk\Backburner\server.exe"=
"e:\Autodesk\3ds Max 9\3dsmax.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"e:\uTorrent\uTorrent.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"e:\Steam\SteamApps\common\left 4 dead\left4dead.exe"=
"e:\iTunes\iTunes.exe"=
R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [18.05.2009 20:49 64160]
R2 TabletServiceWacom;TabletServiceWacom;c:windowssystem32Wacom_Tablet.exe [07.12.2008 18:25 2749224]
S2 gupdate1c9cf0f7f0b7a4c;Служба Google Update (gupdate1c9cf0f7f0b7a4c);c:program filesGoogleUpdateGoogleUpdate.exe [07.05.2009 16:29 133104]
S3 LachesisFltr;Lachesis Mouse Driver;c:windowssystem32driversLachesis.sys [13.03.2009 22:14 12032]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [09.03.2009 23:06 1029456]
S3 wacmoumonitor;Wacom Mode Helper;c:windowssystem32driverswacmoumonitor.sys [07.12.2008 18:25 15656]
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:windowsTasksAd-Aware Update (Weekly).job
- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-03-09 16:50]
2009-08-11 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]
2009-08-16 c:windowsTasksGoogle Software Updater.job
- c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-07 12:28]
2009-08-16 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-07 12:29]
2009-08-15 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-07 12:29]
2008-11-22 c:windowsTasksGoogleUpdateTaskUser.job
- c:documents and settingsLussieLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-09-02 23:33]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Append to existing PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:adobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:micros~1OFFICE11EXCEL.EXE/3000
IE: Translate with ABBYY &Lingvo... - e:abbyy lingvo 12Lingvo.exe/3000
TCP: {E9A694FE-DC18-4110-A8A1-8BCB10D13622} = 192.168.1.1
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 00:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(2940)
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesGoogleUpdate1.2.183.7GoogleCrashHandler.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesCommon FilesAutodesk SharedServiceAdskScSrv.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32driversCDAC11BA.EXE
e:javajre6binjqs.exe
c:windowssystem32rundll32.exe
c:windowssystem32nvsvc32.exe
e:raxcoPerfectDisk10PDAgent.exe
c:windowssystem32rundll32.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32WTabletWacom_TabletUser.exe
c:program filesiPodbiniPodService.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-16 0:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 20:13
ComboFix2.txt 2009-08-16 19:20
ComboFix3.txt 2009-08-15 02:18
ComboFix4.txt 2009-08-15 00:56
ComboFix5.txt 2009-08-16 20:08
Pre-Run: 7 318 929 408 bytes free
Post-Run: 7 273 492 480 bytes free
252
log Malwarebytes:
Malwarebytes' Anti-Malware 1.40
Database version: 2636
Windows 5.1.2600 Service Pack 2
17.08.2009 0:24:23
mbam-log-2009-08-17 (00-24-23).txt
Scan type: Quick Scan
Objects scanned: 96364
Time elapsed: 2 minute(s), 25 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 4
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 20
Memory Processes Infected:
C:WINDOWSsystem32wisdstr.exe (Rogue.PC_Antispyware2010) -> Unloaded process successfully.
C:Program FilesPC_Antispyware2010PC_Antispyware2010.exe (Rogue.PC_Antispyware2010) -> Unloaded process successfully.
C:WINDOWSsystem32braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:WINDOWSsystem32_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:Program FilesPC_Antispyware2010AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:Program FilesPC_Antispyware2010htmlayout.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:Program FilesPC_Antispyware2010pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallPC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREPC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunpc antispyware 2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunbraviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunRegedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:Program FilesPC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
Files Infected:
C:WINDOWSsystem32wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:WINDOWSsystem32_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:WINDOWSsystem32driversbeep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5JY9Z7Y2XInstall[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010htmlayout.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010PC_Antispyware2010.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010datadaily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Microsoft.VC80.CRTMicrosoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Microsoft.VC80.CRTmsvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Microsoft.VC80.CRTmsvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:Program FilesPC_Antispyware2010Microsoft.VC80.CRTmsvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:WINDOWSsystem32braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllcachefigaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWStempBN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceoashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
- Для ответа в этой теме необходимо авторизоваться.
