- This topic has 1 ответ, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Вот мой лог файл сделанный Combofix, посмотрите что тут не так и что мне надо сделать чтобы все было ОК.
Заранее спасибо….ComboFix 09-03-28.04 — Admin 2009-03-29 8:47:17.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2046.1555 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersДокументыМоя музыкаDesktop_.ini
c:documents and settingsAll UsersДокументыМоя музыкаPlaylistsDesktop_.ini
c:documents and settingsAll UsersДокументыМоя музыкаSample Playlists000B5E76Desktop_.ini
c:documents and settingsAll UsersДокументыМоя музыкаSample PlaylistsDesktop_.ini
c:documents and settingsAll UsersДокументыМоя музыкаSync Playlists55DF6Desktop_.ini
c:documents and settingsAll UsersДокументыМоя музыкаSync PlaylistsDesktop_.ini
c:documents and settingsAll UsersДокументыМои рисункиDesktop_.ini
c:documents and settingsAll UsersДокументыМои видеозаписиDesktop_.ini
c:documents and settingsAll UsersДокументыmicrosoftDesktop_.ini
c:documents and settingsAll UsersДокументыmicrosoftIdentityCRLDesktop_.ini
c:documents and settingsAll UsersДокументыmicrosoftIdentityCRLproductionDesktop_.ini
c:windowsDelete.bat
c:windowssystem32uninstall.exe.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.2009-03-29 08:30 . 2009-03-29 08:31
d
c:program filesAutorunRemover
2009-03-28 14:01 . 2009-03-28 14:01d
c:program filesAnswerWorks 4.0
2009-03-28 13:59 . 2009-03-28 14:01d
c:program filesAutoCAD 2007
2009-03-28 13:59 . 2009-03-28 13:59d
c:documents and settingsAll UsersApplication DataAutodesk
2009-03-28 13:59 . 2009-03-28 13:59d
c:documents and settingsAdminApplication DataAutodesk
2009-03-28 13:56 . 2009-03-28 14:01d
c:program filesCommon FilesAutodesk Shared
2009-03-28 13:56 . 2009-03-28 13:56d
c:program filesAutodesk
2009-03-24 20:35 . 2009-03-24 21:21d
c:windowsSxsCaPendDel
2009-03-24 20:27 . 2009-03-24 20:27d
c:windowssystem32AGEIA
2009-03-24 20:27 . 2009-03-24 20:27d
c:program filesAGEIA Technologies
2009-03-24 13:44 . 2009-03-24 13:44d
c:documents and settingsAll UsersApplication DataFLEXnet
2009-03-23 22:42 . 2009-03-23 22:42d
c:program filesPRMT8
2009-03-23 22:33 . 2009-03-23 22:33d
c:documents and settingsAll UsersApplication DataPROject MT
2009-03-23 22:31 . 2009-03-23 22:43d
c:windowsspeech
2009-03-23 22:29 . 2009-03-24 11:45d
c:windowsLhsp
2009-03-18 22:05 . 2009-03-18 22:05d
c:documents and settingsAdminApplication Data2K Sports
2009-03-18 21:58 . 2009-03-18 21:58 0 -rahs—- C:kht
2009-03-17 20:53 . 2009-03-20 18:53d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-03-17 20:52 . 2009-03-29 08:30d
c:program filesTrojan Remover
2009-03-17 20:50 . 2009-03-17 20:51d
c:program filesUSB Disk Security
2009-03-17 20:42 . 2009-03-17 20:44d
c:program filesBases-09
2009-03-16 22:49 . 2009-03-16 22:49d
c:program filesMicrosoft Silverlight
2009-03-11 23:49 . 2009-03-11 23:49d
C:capture
2009-03-11 14:59 . 2009-03-11 14:59d
c:documents and settingsAll UsersApplication DataElectronic Arts
2009-03-09 13:06 . 2009-03-09 13:12d
c:program filesGoogle
2009-03-09 13:06 . 2009-03-28 23:25d
c:documents and settingsAll UsersApplication DataGoogle Updater
2009-03-08 23:58 . 2009-03-08 23:58d
c:program filesAlwil Software
2009-03-08 23:23 . 2009-03-08 23:23d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-08 21:24 . 2009-03-08 21:24d
c:program filesElectronic Arts
2009-03-08 21:23 . 2009-03-23 22:32d
C:ProgramData
2009-03-08 21:22 . 2009-03-08 21:22d
c:documents and settingsAdminApplication DataLeadertech
2009-03-08 21:22 . 2009-03-08 21:22 2,678 —a
c:windowssystem32ealregsnapshot1.reg
2009-03-08 11:56 . 2009-03-08 11:56 1,142 -rahs—- c:windowssystem32autorun.i
2009-03-08 11:56 . 2009-03-08 11:56 565 -rahs—- c:windowssystem32autorun.in
2009-03-01 20:16 . 2009-03-01 20:16 9,406 —a
c:windowsEPISME00.SWB.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 04:45
d
w c:program filesBeholdTV
2009-03-29 04:26 16,608 —-a-w c:windowsgdrv.sys
2009-03-27 14:31
d
w c:program filesFoxit Reader
2009-03-24 16:27
d
w c:program filesCommon FilesWise Installation Wizard
2009-03-21 01:44
d
w c:documents and settingsAdminApplication DatauTorrent
2009-03-20 16:46 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-03-20 16:46 103,736 —-a-w c:windowssystem32PnkBstrB.exe
2009-03-17 16:40
d—h—w c:program filesInstallShield Installation Information
2009-03-16 18:31
d
w c:program filesOpera
2009-03-08 21:11
d
w c:program filesChicken Invaders 3
2009-03-08 20:27 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2009-03-07 08:09
d
w c:documents and settingsAdminApplication DataWinamp
2009-03-04 16:51
d
w c:program filesMicrosoft Games for Windows — LIVE
2009-03-01 08:12
d
w c:program filesChickenInvadersROTYXmas
2009-02-26 18:57
d
w c:program filesFoxit Software
2009-02-25 20:11
d
w c:program filesRivaTuner v2.20
2009-02-25 18:41
d
w c:program filesRockstar Games
2009-02-23 09:27
d
w c:program filesChicken Invaders 3 Xmas
2009-02-23 09:17
d
w c:documents and settingsAll UsersApplication DataTrymedia
2009-02-20 17:59
d
w c:documents and settingsAdminApplication DataAIMP
2009-02-20 17:56
d
w c:program filesAIMP2
2009-02-20 11:48
d
w c:documents and settingsAdminApplication DataPRMT
2009-02-18 19:43
d
w c:program filesHide Folders XP 2
2009-02-18 19:06
d
w c:program filesCheMaxRus
2009-02-18 18:57
d
w c:program filesArtMoney
2009-02-18 06:09
d
w c:program filesReflexiveArcade
2009-02-18 06:09
d
w c:documents and settingsAll UsersApplication DataInterAction studios
2009-02-15 15:33
d
w c:program filesHomesoft program
2009-02-14 12:49
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-14 08:32
d
w c:documents and settingsAll UsersApplication DataABBYY
2009-02-14 08:30
d
w c:documents and settingsAdminApplication DataABBYY
2009-02-13 17:23
d
w c:program filesABBYY FineReader 9.0
2009-02-09 18:30 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2009-02-08 18:27
d
w c:program filesESET
2009-02-08 18:27
d
w c:documents and settingsAll UsersApplication DataESET
2009-02-08 17:32
d
w c:documents and settingsAll UsersApplication DataPRMT
2009-02-08 17:29
d
w c:program filesABBYY Lingvo 12
2009-02-08 17:25
d—h—r c:documents and settingsAdminApplication DataSecuROM
2009-02-08 17:20
d
w c:program filesCommon FilesAdobe
2009-02-08 06:25
d
w c:program filesMSBuild
2009-02-08 06:23
d
w c:program filesReference Assemblies
2009-02-08 06:20
d
w c:program filesAlcohol Soft
2009-02-08 06:00
d
w c:program filesK-Lite Codec Pack
2009-02-08 05:49
d
w c:program filesLight Alloy
2009-02-08 05:08
d
w c:documents and settingsAdminApplication DataDownload Master
2009-02-08 04:50
d
w c:program filesDownload Master
2009-02-07 20:36
d
w c:program filesStrongDC
2009-02-07 18:18
d
w c:program filesCommon FilesInstallShield
2009-02-07 18:14
d
w c:documents and settingsAll UsersApplication DataUDL
2009-02-07 18:12
d
w c:program filesepson
2009-02-07 17:59
d
w c:program filesRealtek
2009-02-07 17:59
d
w c:documents and settingsAdminApplication DataInstallShield
2009-02-07 17:55 315,392 —-a-w c:windowsHideWin.exe
2009-02-07 17:52
d
w c:documents and settingsAll UsersApplication DataATI
2009-02-07 17:52
d
w c:documents and settingsAdminApplication DataATI
2009-02-07 17:50
d
w c:program filesIntel
2009-02-07 17:49
d
w c:program filesGigabyte
2009-02-07 17:49
d
w c:program filesBrowser Configuration Utility
2009-02-07 17:45
d
w c:program filesATI Technologies
2009-02-07 17:45
d
w c:documents and settingsAdminApplication DataQIP
2009-02-07 17:42
d
w c:program filesCommon FilesATI Technologies
2009-02-07 17:34
d
w c:program filesUltraISO
2009-02-07 17:34
d
w c:program filesDaemon Tools Lite
2009-02-07 17:34
d
w c:program filesCommon FilesEZB Systems
2009-02-07 17:34
d
w c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-02-07 17:34
d
w c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-02-07 17:33
d
w c:program filesTeamViewer 4
2009-02-07 17:33
d
w c:program filesSun xVM VirtualBox
2009-02-07 17:33
d
w c:program filesCommon FilesAhead
2009-02-07 17:33
d
w c:program filesAhead
2009-02-07 17:32
d
w c:program filesWinamp
2009-02-07 17:32
d
w c:program filesuTorrent
2009-02-07 17:32
d
w c:program filesUnlocker
2009-02-07 17:32
d
w c:program filesTotal Commander
2009-02-07 17:32
d
w c:program filesThe KMPlayer
2009-02-07 17:32
d
w c:program filesSmart Install Maker
2009-02-07 17:32
d
w c:program filesMozBackup
2009-02-07 17:32
d
w c:program filesEverest
2009-02-07 17:31
d
w c:program filesVDSoft
2009-02-07 17:31
d
w c:program filesUninstall Tool
2009-02-07 17:31
d
w c:program filesThe Bat!
2009-02-07 17:31
d
w c:program filesRegshot
2009-02-07 17:31
d
w c:program filesQIP Infium
2009-02-07 17:31
d
w c:program filesFastStone
2009-02-07 17:31
d
w c:program filesCCleaner
2009-02-07 17:31
d
w c:documents and settingsAdminApplication DataFastStone
2009-02-07 17:25
d
w c:program filesCommon FilesMacrovision Shared
2009-02-07 17:23
d
w c:program filesTechSmith
2009-02-07 17:23
d
w c:documents and settingsAll UsersApplication DataTechSmith
2009-02-07 17:22
d
w c:program filesMacromedia
2009-02-07 17:22
d
w c:program filesCommon FilesMacromedia
2009-02-07 17:14
d
w c:program filesMicrosoft Works
2009-02-07 17:13
d
w c:program filesMicrosoft.NET
2009-02-07 17:11
d—a-w c:documents and settingsAdminApplication DataYandex
2009-02-07 17:11
d
w c:program filesPunto Switcher
2009-02-07 17:06 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-02-07 17:06
d—a-w c:program filesPaint.NET
2009-02-07 17:06
d
w c:program filesVistaDriveIcon
2009-02-07 17:05 410,984 —-a-w c:windowssystem32deploytk.dll
2009-02-07 17:05
d
w c:program filesJava
.
Sigcheck
2008-12-25 23:00 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-12-25 23:00 952832 b3f3c4c16539f0ac20306e2a56df6aa6 c:windowssystem32wininet.dll
2008-12-25 22:58 361600 6a104ba98d99d53ab0c91825ce659fc6 c:windowssystem32driverstcpip.sys
2008-12-25 22:59 1721344 5d1804d43d799f7040ac1c2df3ee137a c:windowsexplorer.exe
2008-12-25 22:59 30208 e5eb62a6443a8720f7ec4941c42fae67 c:windowssystem32ctfmon.exe
2008-12-25 23:00 78360 a16b512841d703a84f773bd0dcc732dc c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-30 734504]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-02-06 3769856]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-12-25 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«EPSON Stylus CX3700 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIACP.EXE» [2005-02-08 98304]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-14 258048]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-06 81000]
«USB Antivirus»=»c:program filesUSB Disk SecurityUSBGuard.exe» [2008-12-11 798720]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.20RivaTuner.exe» [2008-11-19 2727936]
«RTHDCPL»=»RTHDCPL.EXE» [2008-02-13 c:windowsRTHDCPL.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2007-11-27 11000][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Synchronizer.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Reader Synchronizer.lnk
backup=c:windowspssAdobe Reader Synchronizer.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGEST]
= [X][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a
2006-01-12 15:40 155648 c:windowssystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRGSC]
—a
2009-03-02 21:25 306088 c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Chicken Invaders 3 Xmas\CI3Xmas.exe»=
«c:\Program Files\ChickenInvadersROTYXmas\CI3Xmas.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Electronic Arts\EADM\Core.exe»=
«d:\Games\GTA IV\Grand Theft Auto IV\GTAIV.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«2877:UDP»= 2877:UDP:Windows Media Format SDK (winamp.exe)
«2876:UDP»= 2876:UDP:Windows Media Format SDK (winamp.exe)R0 HFXP2;HFXP2;c:windowssystem32drivershfxp2.sys [2009-02-12 17264]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-03-08 114768]
R1 VBoxDrv;VirtualBox Service;c:windowssystem32driversVBoxDrv.sys [2009-02-07 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32driversVBoxUSBMon.sys [2009-02-07 41680]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [2007-11-02 566560]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-03-08 20560]
R2 ES lite Service;ES lite Service for program management.;c:program filesGigabyteEasySaveressvr.exe [2009-02-07 80392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:windowssystem32driversAtiHdmi.sys [2009-02-07 93696]
R3 SAA713x;Behold TV WDM Capture (SAA713x);c:windowssystem32driverssaa713x.sys [2009-02-07 217352]
S2 gupdate1c9a096bb02fda6;Служба Google Update (gupdate1c9a096bb02fda6);c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-09 133104]
S3 VBoxNetFlt;VBoxNetFlt Service;c:windowssystem32driversVBoxNetFlt.sys [2009-02-07 81360]— Other Services/Drivers In Memory —
*NewlyCreated* — SRSERVICE
.
Contents of the ‘Scheduled Tasks’ folder2009-03-29 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-20 23:27]2009-03-29 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-09 13:09]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.zvercd.com
uInternet Connection Wizard,ShellNext = hxxp://download.gigabyte.com.tw/
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1Office12EXCEL.EXE/3000
IE: Online-словари — c:program filesPRMT8PRMTIEoda.htm
IE: Автоматически определить шаблон тематики — c:program filesPRMT8PRMTIEaot.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Настроить параметры перевода — c:program filesPRMT8PRMTIEoptions.htm
IE: Незнакомые слова — c:program filesPRMT8PRMTIEinfopanel.htm
IE: Перевести — c:program filesPRMT8PRMTIEtranslat.htm
IE: Перевести страницу — c:program filesPRMT8PRMTIEpage.htm
IE: Поиск в Интернете — c:program filesPRMT8PRMTIEsearch.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {B9950497-CD61-4B4F-AA3D-7E28EE163948} = 80.76.176.34 80.76.176.34
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 08:49:21
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(800)
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll
.
Completion time: 2009-03-29 8:50:45
ComboFix-quarantined-files.txt 2009-03-29 04:50:39Pre-Run: 8 585 474 048 байт свободно
Post-Run: 9,308,905,472 байт свободно301
- Для ответа в этой теме необходимо авторизоваться.
