- This topic has 0 ответов, 1 участник, and was last updated 12 years, 5 months назад by
.
Просмотр 1 сообщения - с 1 по 1 (всего 1)
-
Сообщения
-
Добрый день, вот лог
после Combofix
Что-нибудь мне надо далее деалть?Анна
ComboFix 13-02-15.01 — Анна 16.02.2013 15:26:19.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.495.208 [GMT 4:00]
Running from: c:combofixComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:program filesMail.RuAgentMradllMousePhone.dll
c:windowsmsmqinst.log
c:windowssystem32System32MASetupCleaner.exe
c:windowssystem32System32muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-16 to 2013-02-16 )))))))))))))))))))))))))))))))
.
.
2013-02-16 11:42 . 2013-02-16 11:42 29904 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{07A5F172-3C6D-4E21-93FD-79A8A5206C0B}MpKsl36f4937e.sys
2013-02-16 10:55 . 2013-01-08 04:57 6991832 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{07A5F172-3C6D-4E21-93FD-79A8A5206C0B}mpengine.dll
2013-02-16 08:30 . 2013-01-08 04:57 6991832 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll
2013-01-30 20:29 . 2013-02-03 19:13
d
w- c:documents and settingsАннаApplication Datavlc
2013-01-30 20:28 . 2013-01-30 20:28
d
w- c:program filesVideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-11-04 05:23 232336
w- c:windowssystem32MpSigStub.exe
2013-01-26 03:55 . 2004-08-18 12:00 552448 —-a-w- c:windowssystem32oleaut32.dll
2013-01-07 07:26 . 2004-08-18 12:00 2150912 —-a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 15:58 2029568 —-a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 10:10 . 2004-08-18 12:00 1867392 —-a-w- c:windowssystem32win32k.sys
2013-01-02 06:49 . 2004-08-18 12:00 1293824 —-a-w- c:windowssystem32quartz.dll
2013-01-02 06:49 . 2004-08-18 12:00 148992 —-a-w- c:windowssystem32mpg2splt.ax
2012-12-26 20:19 . 2004-08-18 12:00 916480 —-a-w- c:windowssystem32wininet.dll
2012-12-26 20:19 . 2004-08-18 12:00 43520
w- c:windowssystem32licmgr10.dll
2012-12-26 20:19 . 2004-08-18 12:00 1469440
w- c:windowssystem32inetcpl.cpl
2012-12-24 06:42 . 2004-08-18 12:00 385024
w- c:windowssystem32html.iec
2012-12-16 12:23 . 2004-08-18 12:00 290560 —-a-w- c:windowssystem32atmfd.dll
2012-11-28 05:17 . 2012-01-31 14:15 45320 —-a-w- c:windowssystem32MAMACExtract.dll
2012-08-19 18:16 . 2012-08-19 18:16 3226768 -c—a-w- c:program filesbadoo.desktop.installer-1.6.55.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«KiesPDLR»=»c:program filesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe» [2012-12-03 843704]
«AlterGeoUpdater»=»c:documents and settingsAll UsersApplication DataAlterGeoUpdate for Html5 geolocation providerhtml5locsvc.exe» [2013-01-28 29696]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2005-10-11 1961984]
«KiesAirMessage»=»c:program filesSamsungKiesKiesAirMessage.exe» [2012-11-28 577536]
«KiesPreload»=»c:program filesSamsungKiesKies.exe» [2012-12-03 967608]
«KiesHelper»=»c:program filesSamsungKiesKiesHelper.exe» [2012-12-03 967608]
««=»c:program filesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe» [2012-12-03 843704]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2003-04-07 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2003-04-07 114688]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2005-12-07 30208]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-04-13 49152]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2012-04-22 22400064]
«Samsung PanelMgr»=»c:windowsSamsungPanelMgrssmmgr.exe» [2006-08-16 503808]
«KiesTrayAgent»=»c:program filesSamsungKiesKiesTrayAgent.exe» [2012-12-03 309688]
«AlterGeoUpdater»=»c:program filesAlterGeoHtml5 geolocation providerhtml5locsvc.exe» [2012-02-06 27680]
«MSC»=»c:program filesMicrosoft Security Clientmsseces.exe» [2012-09-12 947176]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2012-12-03 946352]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2011-07-27 434080]
«AlterGeoUpdater»=»c:documents and settingsAll UsersApplication DataAlterGeoUpdate for Html5 geolocation providerhtml5locsvc.exe» [2013-01-28 29696]
.
c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузка
McAfee Security Scan Plus.lnk — c:program filesMcAfee Security Scan3.0.318SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@=»Service»
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\WINDOWS\system32\muzapp.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
.
R1 MpKsl36f4937e;MpKsl36f4937e;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{07A5F172-3C6D-4E21-93FD-79A8A5206C0B}MpKsl36f4937e.sys [16.02.2013 15:42 29904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:progra~1mcafeeSITEAD~1mcsacore.exe [15.11.2011 23:53 95232]
R3 LVHybrid;LVHybrid service;c:windowssystem32driversLVHybrid.sys [04.11.2011 15:37 892032]
S0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys —> c:windowssystem32driversdwprot.sys [?]
S2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [13.07.2012 14:14 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:windowssystem32driversssudbus.sys [29.06.2012 0:18 80824]
S3 dgderdrv;dgderdrv;c:windowssystem32driversdgderdrv.sys [27.02.2012 22:46 20032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan3.0.318McCHSvc.exe [05.02.2013 19:48 235216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:windowssystem32driversssudmdm.sys [29.06.2012 0:18 181432]
.
— Other Services/Drivers In Memory —
.
*NewlyCreated* — MPKSL36F4937E
*NewlyCreated* — WS2IFSL
.
Contents of the ‘Scheduled Tasks’ folder
.
2013-02-16 c:windowsTasksAlterGeoUpdaterS-1-5-18.job
— c:program filesAlterGeoHtml5 geolocation providerhtml5locsvc.exe [2012-02-06 09:35]
.
.
Supplementary Scan
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF — ProfilePath — c:documents and settingsАннаApplication DataMozillaFirefoxProfilesqzyjf546.default
FF — prefs.js: browser.search.defaulturl — hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40795
FF — prefs.js: keyword.URL — hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
.
— — — — ORPHANS REMOVED — — — —
.
HKCU-Run-MediaGet2 — c:documents and settingsАннаLocal SettingsApplication DataMediaGet2mediaget.exe
HKCU-Run-Badoo Desktop — c:documents and settingsAll UsersApplication DataBadooBadoo Desktop1.6.55.1183Badoo.Desktop.exe
HKLM-Run-WinampAgent — c:program filesWinampwinampa.exe
AddRemove-01_Simmental — c:program filesSamsungUSB Drivers�1_SimmentalUninstall.exe
AddRemove-02_Siberian — c:program filesSamsungUSB Drivers�2_SiberianUninstall.exe
AddRemove-03_Swallowtail — c:program filesSamsungUSB Drivers�3_SwallowtailUninstall.exe
AddRemove-04_semseyite — c:program filesSamsungUSB Drivers�4_semseyiteUninstall.exe
AddRemove-05_Sloan — c:program filesSamsungUSB Drivers�5_SloanUninstall.exe
AddRemove-06_Spencer — c:program filesSamsungUSB Drivers�6_SpencerUninstall.exe
AddRemove-07_Schorl — c:program filesSamsungUSB Drivers�7_SchorlUninstall.exe
AddRemove-08_EMPChipset — c:program filesSamsungUSB Drivers�8_EMPChipsetUninstall.exe
AddRemove-09_Hsp — c:program filesSamsungUSB Drivers�9_HspUninstall.exe
AddRemove-11_HSP_Plus_Default — c:program filesSamsungUSB Drivers11_HSP_Plus_DefaultUninstall.exe
AddRemove-16_Shrewsbury — c:program filesSamsungUSB Drivers16_ShrewsburyUninstall.exe
AddRemove-17_EMP_Chipset2 — c:program filesSamsungUSB Drivers17_EMP_Chipset2Uninstall.exe
AddRemove-18_Zinia_Serial_Driver — c:program filesSamsungUSB Drivers18_Zinia_Serial_DriverUninstall.exe
AddRemove-19_VIA_driver — c:program filesSamsungUSB Drivers19_VIA_driverUninstall.exe
AddRemove-20_NXP_Driver — c:program filesSamsungUSB Drivers20_NXP_DriverUninstall.exe
AddRemove-21_Searsburg — c:program filesSamsungUSB Drivers21_SearsburgUninstall.exe
AddRemove-22_WiBro_WiMAX — c:program filesSamsungUSB Drivers22_WiBro_WiMAXUninstall.exe
AddRemove-24_flashusbdriver — c:program filesSamsungUSB Drivers24_flashusbdriverUninstall.exe
AddRemove-25_escape — c:program filesSamsungUSB Drivers25_escapeUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-16 15:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
DLLs Loaded Under Running Processes
.
— — — — — — — > ‘explorer.exe'(2152)
c:windowssystem32WININET.dll
c:progra~1mcafeeSITEAD~1saHook.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesMicrosoft Security ClientMsMpEng.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32rundll32.exe
c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe
c:program filesMicrosoft Security ClientMpCmdRun.exe
.
**************************************************************************
.
Completion time: 2013-02-16 15:47:22 — machine was rebooted
ComboFix-quarantined-files.txt 2013-02-16 11:47
.
Pre-Run: 2 957 180 928 байт свободно
Post-Run: 6 851 796 992 байт свободно
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect
.
— — End Of File — — 2D22B52302373E013051748B2F55BFF7
Просмотр 1 сообщения - с 1 по 1 (всего 1)
- Тема ‘Лог после Combofix’ закрыта для новых сообщений.
