- This topic has 5 ответов, 2 участника, and was last updated 15 years, 6 months назад by
.
-
Сообщения
-
Доброго дня!
У меня перестал загружаться рабочий стол, что я только не делал…смог вернуть его только AVZ 4 восстановлением системы, пришлось также поставить еще одну винду на комп. Проверял на вирусы и Dr.Web и AVZ и MalweBytes пару штук нашел, но рабочий стол также все не грузился, постоянно приходилось восстанавливать с помощью AVZ. Решил попробовать Combofix он что то нашел ПОСМОТРИТЕ ПОЖАЛУЙСТА ЛОГИ после его работыComboFix 10-01-21.08 — Администратор 25.01.2010 10:13:07.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.978.752 [GMT 8:00]
Running from: c:1ComboFix.exe
.
ADS — system32: deleted 12 bytes in 1 streams.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsАдминистраторApplication Dataintel64.exe
c:documents and settingsАдминистраторApplication Datantos.exe
c:documents and settingsАдминистраторApplication Dataoembios.exe
c:documents and settingsАдминистраторApplication Datasdra64.exe
c:documents and settingsАдминистраторApplication Datatwex.exe
c:documents and settingsАдминистраторApplication Datatwext.exe
c:documents and settingsАдминистраторApplication Datawsnpoema.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesWinPCap
c:program filesWinPCaprpcapd.exe
c:program filesWinPCapUninstall.exe
c:recyclerS-1-5-21-1454471165-1965331169-839522115-500
C:Thumbs.db
c:windowssystem32AutoRun.inf
c:windowssystem32driversnpf.sys
c:windowssystem32Packet.dll
c:windowssystem32pthreadVC.dll
c:windowssystem32Thumbs.db
c:windowssystem32WanPacket.dll
c:windowssystem32wpcap.dll
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.2010-01-21 08:49 . 2010-01-21 08:49 10240 —-a-w- c:windowssystem32DsrSleep.dll
2010-01-21 01:18 . 2010-01-21 01:20
d
w- c:windowssystem32Side 9 Screensaver dir
2010-01-21 01:18 . 2010-01-21 01:18 520192 —-a-w- c:windowssystem32Side 9 Screensaver.scr
2010-01-12 09:30 . 2010-01-25 01:24
d
w- C:1
2010-01-12 04:10 . 2010-01-18 07:12
d
w- C:Автодозвон
2010-01-11 01:42 . 2009-04-03 10:47 52752 —-a-w- c:windowssystem32driverstmactmon.sys
2010-01-11 01:42 . 2009-04-03 10:47 50192 —-a-w- c:windowssystem32driverstmevtmgr.sys
2010-01-11 01:42 . 2009-04-03 10:47 151568 —-a-w- c:windowssystem32driverstmcomm.sys
2010-01-11 01:42 . 2010-01-11 01:42
d
w- c:windowssystem32log
2010-01-11 01:09 . 2010-01-11 01:42 84086 —-a-w- c:windowssystem32prfc0419.dat
2010-01-11 01:09 . 2010-01-11 01:42 488902 —-a-w- c:windowssystem32prfh0419.dat
2009-12-29 01:22 . 2009-12-29 01:22
d
w- c:program filesAIMP2 Tools
2009-12-29 01:21 . 2009-12-29 01:21
d
w- c:program filesYandex.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 00:43 . 2009-05-03 23:59
d
w- c:program filesuTorrent Ulanovka Edition
2010-01-20 00:19 . 2009-11-23 23:55 11264 —-a-w- c:windowssystem32driversuzexnjq5.sys
2010-01-20 00:16 . 2009-11-30 06:22
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-01-12 07:15 . 2009-04-08 04:52
d
w- c:program filesQIP
2010-01-11 03:28 . 2009-10-08 05:49
d
w- c:program filesUfasoft
2010-01-11 01:40 . 2009-11-30 02:31
d
w- c:program filesMillioner
2010-01-11 00:04 . 2009-12-11 09:59
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-10 23:59 . 2008-05-28 07:22
d
w- c:program filesTrend Micro
2010-01-07 08:07 . 2009-11-30 06:22 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 08:07 . 2009-11-30 06:22 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-12-29 01:21 . 2009-11-26 00:39
d
w- c:program filesAIMP2
2009-12-26 07:48 . 2009-12-25 01:07
d
w- c:program filesTELESHELL
2009-12-26 00:07 . 2009-12-26 00:07
d
w- c:program filesAtmel
2009-12-26 00:06 . 2009-12-26 00:06
d
w- c:program filesJava
2009-12-26 00:06 . 2009-12-26 00:06
d
w- c:program filesCommon FilesJava
2009-12-25 09:52 . 2009-12-25 09:52 12528 —-a-w- c:documents and settingsАдминистратор.WORK-797787B3AFLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-22 02:48 . 2009-03-16 00:05
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-18 06:03 . 2009-07-14 02:29
d
w- c:program filesABBYY PDF Transformer 2.0
2009-12-17 00:33 . 2009-12-17 00:32 86339 —-a-w- c:windows.0pchealthhelpctrOfflineCacheindex.dat
2009-12-10 05:35 . 2008-11-26 08:11
d
w- c:program filesRestorator 2007
2009-12-10 05:16 . 2009-12-10 02:12
d
w- c:program filesavz4
2009-12-10 03:07 . 2009-06-17 06:09
d
w- c:program filesMail.Ru
2009-12-10 02:12 . 2009-12-10 02:12
d
w- c:program filesLavasoft
2009-12-02 05:53 . 2009-12-02 05:53
d
w- c:program filesGRETECH
2009-12-01 00:25 . 2009-12-01 00:25
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-01 00:24 . 2009-12-01 00:24
d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-01 00:24 . 2009-06-01 02:30
d
w- c:program filesVector
2009-11-30 06:22 . 2009-11-30 06:22
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-30 00:57 . 2009-10-16 07:01
d
w- c:program filesЗоркий Глаз
2009-11-27 03:53 . 2009-11-27 03:47
d
w- c:program filesABBYY FineReader 9.0
2009-11-27 03:50 . 2009-11-27 03:50
d
w- c:program filesCommon FilesABBYY
2009-11-21 16:03 . 2008-04-14 13:40 471552 —-a-w- c:windows.0AppPatchaclayers.dll
2009-06-01 14:23 . 2009-06-01 23:06 8396649 —-a-w- c:program filesPG5.0.0.6.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windows.0system32igfxtray.exe» [2008-11-12 141336]
«HotKeysCmds»=»c:windows.0system32hkcmd.exe» [2008-11-12 173592]
«Persistence»=»c:windows.0system32igfxpers.exe» [2008-11-12 141336]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 16861184][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windows.0system32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Program Neighborhood Agent.lnk — c:program filesCitrixICA Clientpnagent.exe [2006-11-8 233744][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«Start_NotifyNewApps»= 0 (0x0)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«Start_NotifyNewApps»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=R0 mv61xx;mv61xx;c:windows.0system32driversmv61xx.sys [02.03.2009 13:37 151592]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{89820200-ECBD-11cf-8B85-00AA005B4383}]
2009-01-14 18:03 172544 —-a-w- c:windows.0system32ie4uinit.exe
.
Contents of the ‘Scheduled Tasks’ folder2010-01-25 c:windows.0TasksUser_Feed_Synchronization-{C2E2E9B0-76B3-4308-BCE1-737405112CD7}.job
— c:windows.0system32msfeedssync.exe [2009-01-14 18:01]
.
.
Supplementary Scan
.
uStart Page = hxxp://pioner/
uLocal Page = c:windows.0system32blank.htm
mLocal Page = c:windows.0system32blank.htm
uInternet Settings,ProxyServer = proxy:3128
uInternet Settings,ProxyOverride = pioner;*.uucn.ru;*.burnet.ru;10.2.*;*.dsad.sibirtelecom.ru;*.ds.sibirtelecom.ru;ulanovka.ru;
TCP: {12250C39-AE45-4F5A-A41D-3D4203EBA5DC} = 10.2.64.200,10.2.64.64
TCP: {C45A708F-18FE-4FD9-B330-EFDEDE6D1839} = 87.103.161.61
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 10:19
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1659004503-492894223-1417001333-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,7e,82,52,20,4d,ba,4f,a5,24,5e,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,7e,82,52,20,4d,ba,4f,a5,24,5e,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(756)
c:windows.0system32odbcint.dll
c:windows.0system32xpsp2res.dll
.
Completion time: 2010-01-25 10:24:27
ComboFix-quarantined-files.txt 2010-01-25 02:24Pre-Run: 12 122 222 592 байт свободно
Post-Run: 12 124 872 704 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=alwaysoff /fastdetect— — End Of File — — 9E5839D01898E41E65784815FFE79D36
еще раз проверил вот логи
ComboFix 10-01-24.03 — Администратор 25.01.2010 13:36:03.2.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.978.606 [GMT 8:00]
Running from: c:1ComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Outdated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.2010-01-21 08:49 . 2010-01-21 08:49 10240 —-a-w- c:windowssystem32DsrSleep.dll
2010-01-21 08:49 . 2010-01-21 08:49
d
w- c:windowsdata
2010-01-21 01:18 . 2010-01-21 01:20
d
w- c:windowssystem32Side 9 Screensaver dir
2010-01-21 01:18 . 2010-01-21 01:18 520192 —-a-w- c:windowssystem32Side 9 Screensaver.scr
2010-01-12 09:30 . 2010-01-25 05:34
d
w- C:1
2010-01-12 04:10 . 2010-01-18 07:12
d
w- C:Автодозвон
2010-01-11 01:42 . 2010-01-11 01:42
d
w- c:windowssystem32log
2010-01-11 01:09 . 2010-01-25 03:33 80604 —-a-w- c:windowssystem32prfc0419.dat
2010-01-11 01:09 . 2010-01-25 03:33 477906 —-a-w- c:windowssystem32prfh0419.dat
2009-12-29 01:22 . 2009-12-29 01:22
d
w- c:program filesAIMP2 Tools
2009-12-29 01:21 . 2009-12-29 01:21
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataYandex
2009-12-29 01:21 . 2009-12-29 01:21
d
w- c:documents and settingsАдминистраторApplication DataYandex
2009-12-29 01:21 . 2009-12-29 01:21
d
w- c:program filesYandex.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 03:33 . 2008-05-28 07:22
d
w- c:program filesTrend Micro
2010-01-21 09:00 . 2009-12-16 09:27
d
w- c:documents and settingsАдминистраторApplication DataAIMP
2010-01-21 08:52 . 2009-04-03 05:45 27 —-a-w- c:windowspopcinfo.dat
2010-01-20 00:43 . 2009-05-03 23:59
d
w- c:program filesuTorrent Ulanovka Edition
2010-01-20 00:19 . 2009-11-23 23:55 11264 —-a-w- c:windowssystem32driversuzexnjq5.sys
2010-01-20 00:16 . 2009-11-30 06:22
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-01-12 07:15 . 2009-04-08 04:52
d
w- c:program filesQIP
2010-01-11 03:28 . 2009-10-08 05:49
d
w- c:program filesUfasoft
2010-01-11 01:40 . 2009-11-30 02:31
d
w- c:program filesMillioner
2010-01-11 00:04 . 2009-12-11 09:59
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-07 08:07 . 2009-11-30 06:22 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 08:07 . 2009-11-30 06:22 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-12-29 01:21 . 2009-11-26 00:39
d
w- c:program filesAIMP2
2009-12-26 07:48 . 2009-12-25 01:07
d
w- c:program filesTELESHELL
2009-12-26 00:07 . 2009-12-26 00:07
d
w- c:program filesAtmel
2009-12-26 00:06 . 2009-12-26 00:06
d
w- c:program filesJava
2009-12-26 00:06 . 2009-12-26 00:06
d
w- c:program filesCommon FilesJava
2009-12-25 09:52 . 2009-12-25 09:52 12528 —-a-w- c:documents and settingsАдминистратор.WORK-797787B3AFLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-22 02:48 . 2009-03-16 00:05
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-18 06:03 . 2009-07-14 02:29
d
w- c:program filesABBYY PDF Transformer 2.0
2009-12-10 10:52 . 2009-12-10 10:52
d
w- c:documents and settingsАдминистраторApplication DataLavasoft
2009-12-10 05:35 . 2008-11-26 08:11
d
w- c:program filesRestorator 2007
2009-12-10 05:16 . 2009-12-10 02:12
d
w- c:program filesavz4
2009-12-10 03:07 . 2009-06-17 06:09
d
w- c:program filesMail.Ru
2009-12-10 03:07 . 2009-12-10 03:07
d
w- c:documents and settingsАдминистраторApplication DataMra
2009-12-10 02:13 . 2009-12-10 02:13
d
w- c:documents and settingsАдминистраторApplication DataInstallShield
2009-12-10 02:12 . 2009-12-10 02:12 23552 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}Icon78CC3BAB2.exe
2009-12-10 02:12 . 2009-12-10 02:12 23552 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}Icon78CC3BAB.exe
2009-12-10 02:12 . 2009-12-10 02:12
d
w- c:program filesLavasoft
2009-12-02 05:55 . 2009-12-02 05:55
d
w- c:documents and settingsАдминистраторApplication DataGRETECH
2009-12-02 05:53 . 2009-12-02 05:53
d
w- c:program filesGRETECH
2009-12-01 00:26 . 2009-12-01 00:26
d
w- c:documents and settingsАдминистраторApplication DataTuneUp Software
2009-12-01 00:25 . 2009-12-01 00:25
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-01 00:24 . 2009-12-01 00:24
d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-01 00:24 . 2009-06-01 02:30
d
w- c:program filesVector
2009-11-30 06:22 . 2009-11-30 06:22
d
w- c:documents and settingsАдминистраторApplication DataMalwarebytes
2009-11-30 06:22 . 2009-11-30 06:22
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-30 00:57 . 2009-10-16 07:01
d
w- c:program filesЗоркий Глаз
2009-11-27 03:53 . 2009-11-27 03:47
d
w- c:program filesABBYY FineReader 9.0
2009-11-27 03:50 . 2009-11-27 03:50
d
w- c:program filesCommon FilesABBYY
2009-11-21 16:03 . 2006-03-01 20:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-06-01 14:23 . 2009-06-01 23:06 8396649 —-a-w- c:program filesPG5.0.0.6.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Handy Backup»=»c:program filesNovosoftHandy Backuphbagent.exe» [2009-05-12 3157592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«XLWinLock»=»c:program filesXLWinLockxllockauto.exe» [2002-10-01 190464]
«RTHDCPL»=»RTHDCPL.EXE» [2009-08-24 18702336]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-01-30 98304]
«OSSelectorReinstall»=»c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe» [2007-03-26 2227256]
«FlashAntivir»=»c:program filesЗоркий ГлазAntivirь.exe» [2009-09-29 515072]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2009-06-17 55824]
«SunJavaUpdateSched»=»c:program filesJavajre1.5.0_11binjusched.exe» [2006-12-14 75520][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Purrint.lnk — c:program filesPurrintPurrint.exe [2005-3-31 116224]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Purrint.lnk — c:program filesPurrintPurrint.exe [2005-3-31 116224]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Program Neighborhood Agent.lnk — c:program filesCitrixICA Clientpnagent.exe [2006-11-8 233744][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoRecentDocsNetHood»= 1 (0x1)[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\uTorrent Ulanovka Edition\utorrent.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 mv61xx;mv61xx;c:windowssystem32driversmv61xx.sys [14.10.2009 8:49 155688]
R1 uzexnjq5;AVZ-RK Kernel Driver;c:windowssystem32driversuzexnjq5.sys [24.11.2009 7:55 11264]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [06.12.2007 21:03 660768]
R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;c:program filesNovosoftHandy BackupBackupNetworkCoordinator.exe [12.05.2009 11:26 32856]
R2 SIQBOS;SIQBOS;c:program filesSIQSIQBOS.exe [28.10.2004 10:48 167936]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [09.02.2009 11:20 721904]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance;c:program filesFirebirdFirebird_1_5binfbguard.exe -s —> c:program filesFirebirdFirebird_1_5binfbguard.exe -s [?]
S2 SIQAuth;SIQAuth; [x]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [14.10.2009 8:46 1684736]
S3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance;c:program filesFirebirdFirebird_1_5binfbserver.exe -s —> c:program filesFirebirdFirebird_1_5binfbserver.exe -s [?]
S3 jesqijqk;jesqijqk; [x]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:windowssystem32driversk510bus.sys [03.12.2008 9:26 58288]
S3 mirrorv3;mirrorv3;c:windowssystem32driversrminiv3.sys [01.11.2006 4:01 3328]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:program filesUfasoftSnifferusft_sn4.sys [11.01.2010 11:28 35200]
.
.
Supplementary Scan
.
uStart Page = hxxp://10.2.64.234/
uInternet Settings,ProxyServer = 10.2.64.13:3128
uInternet Settings,ProxyOverride = *.sibirtelecom.ru;10.2.64.234;
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {0548537C-455C-4FA1-99FD-236DD66ADDBD} = 87.103.161.61
TCP: {98D760A0-A493-40C0-B92F-DEE82E5ACDA9} = 10.2.64.200,10.2.64.64
.
— — — — ORPHANS REMOVED — — — —URLSearchHooks-{83821C2B-32A8-4DD7-B6D4-44309A78E668} — c:program filesMail.RuAgentMradllnewmrasearch.dll
**************************************************************************
scanning hidden processes …scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(140)
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Completion time: 2010-01-25 13:42:21
ComboFix-quarantined-files.txt 2010-01-25 05:42
ComboFix2.txt 2010-01-25 02:24Pre-Run: 14 454 812 672 байт свободно
Post-Run: 14 412 144 640 байт свободноCurrent=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,4,5,6
— — End Of File — — DDFEC4158A0E38C4B89945768E32600Fсколько у тя тут вирусов…
я вижу например эти:
intel64.exe
oembios.exe
twext.exe
wsnpoema.exe
ntos.exeпробовал удалить эти файлы вручную??
у меня были два вируса из того списка…я удалил сначала этой прогой Malwarebytes’ Anti-Malware1.44
если есть возможность установи её, проверь — Быстрой проверка
и отпишись. P.S. этот вирус — sdra64.exe опасен) ворует также коды и ключИ!
- Для ответа в этой теме необходимо авторизоваться.
