- This topic has 1 ответ, 2 участника, and was last updated 16 years, 5 months назад by
.
-
Сообщения
-
Подхватил опять не весть что ???!!!!
Хелп !!!!Лог от Combofix
ComboFix 09-01-21.04 — СерЁня 2009-01-25 16:52:42.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.1.1049.18.2814.1890 [GMT 3:00]
Running from: c:usersСерЁняDownloadsComboFix.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:usersСерЁняAppDataLocalMicrosoftWindowsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.2009-01-25 13:16 . 2009-01-25 13:16
d
c:usersСерЁняAppDataRoamingMozilla
2009-01-25 13:16 . 2009-01-25 13:16 0 —a
c:windowsnsreg.dat
2009-01-25 12:55 . 2009-01-25 15:15d
c:usersAll UsersSpybot — Search & Destroy
2009-01-25 12:55 . 2009-01-25 15:15d
c:programdataSpybot — Search & Destroy
2009-01-25 12:55 . 2009-01-25 15:14d
c:program filesSpybot — Search & Destroy
2009-01-23 13:10 . 2009-01-23 13:10 321,536 —a
c:usersAll Userspbklib.dll
2009-01-23 13:10 . 2009-01-23 13:10 321,536 —a
c:programdatapbklib.dll
2009-01-17 13:15 . 2009-01-17 13:15d
c:program filesMicrosoft CAPICOM 2.1.0.2
2009-01-17 11:52 . 2008-12-16 05:42 288,768 —a
c:windowsSystem32driverssrv.sys
2009-01-13 20:19 . 2009-01-13 20:19 5,120 —a
c:windowsSystem32DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-27 23:46 . 2008-12-27 12:35d
c:program filesCommon FilesToshiba Shared
2008-12-27 23:43 . 2008-12-27 23:43d
c:windowsOPTIONS
2008-12-27 23:43 . 2008-12-27 23:43d
c:program filesREALTEK RTL8187B Wireless LAN Driver
2008-12-27 23:43 . 2008-03-18 19:02 292,864 —a
c:windowsSystem32driversrtl8187B.sys
2008-12-27 23:43 . 2008-03-18 19:02 292,864 —a
c:windowssystemrtl8187B.sys
2008-12-27 23:42 . 2008-12-27 23:42 0 -rahs—- c:windowsSystem32driversTOSHIBA_Satellite A300D_06820-RU_PSAK8E-00400.MRK
2008-12-27 23:39 . 2008-12-27 23:39d
c:program filesCamera Assistant Software for Toshiba
2008-12-27 23:39 . 2007-12-17 11:45 18,432 —a
c:windowsSystem32driversUVCFTR_S.SYS
2008-12-27 23:38 . 2008-12-27 23:38d
c:program filesApoint2K
2008-12-27 23:38 . 2008-12-27 23:38 0 —ah
c:windowsSystem32driversMsft_Kernel_Apfiltr_01005.Wdf
2008-12-27 23:36 . 2008-12-27 23:37d
c:program filesATI Technologies
2008-12-27 23:36 . 2008-12-27 23:36d
c:program filesATI
2008-12-27 23:36 . 2008-12-27 23:36 0 —a
c:windowsativpsrm.bin
2008-12-27 23:33 . 2008-12-27 23:33 17,408 —a
c:windowsSystem32rpcnetp.dll
2008-12-27 23:31 . 2008-12-27 23:31 17,408 —a
c:windowsSystem32rpcnetp.exe
2008-12-27 19:40 . 2008-12-27 19:40d
c:usersAll UsersFLEXnet
2008-12-27 19:40 . 2008-12-27 19:40d
c:programdataFLEXnet
2008-12-27 19:36 . 2008-12-27 19:36d
c:program filesBonjour
2008-12-27 19:29 . 2008-12-27 19:29d
c:program filesCommon FilesMacrovision Shared
2008-12-27 17:49 . 2009-01-25 16:46 69 —a
c:windowsNeroDigital.ini
2008-12-27 15:23 . 2008-12-27 15:23d
c:program filesBuka
2008-12-27 15:18 . 2008-12-27 15:18d
c:usersСерЁняAppDataRoamingWinRAR
2008-12-27 15:17 . 2008-12-27 15:17d
c:program filesDROPCLOCK
2008-12-27 15:17 . 2008-03-28 21:40 28,672 —a
c:windowsSystem32DROPCLOCK.scr
2008-12-27 15:13 . 2008-12-27 15:13d
c:usersAll UsersNero
2008-12-27 15:13 . 2008-12-27 15:13d
c:programdataNero
2008-12-27 15:13 . 2008-12-27 15:14d
c:program filesNero
2008-12-27 15:13 . 2008-12-27 15:13d
c:program filesCommon FilesNero
2008-12-27 15:13 . 2006-03-17 11:45 1,757,184 —a
c:windowsSystem32imagX7.dll
2008-12-27 15:13 . 2006-03-17 11:45 802,816 —a
c:windowsSystem32imagXRA7.dll
2008-12-27 15:13 . 2006-03-17 11:45 497,296 —a
c:windowsSystem32imagXpr7.dll
2008-12-27 15:13 . 2006-03-17 14:49 368,640 —a
c:windowsSystem32TwnLib4.dll
2008-12-27 15:13 . 2006-03-17 11:45 258,048 —a
c:windowsSystem32imagXR7.dll
2008-12-27 15:11 . 2008-12-27 15:11d
c:usersСерЁняAppDataRoamingCyberLink
2008-12-27 15:10 . 2008-12-27 15:10d
c:usersAll UsersCyberLink
2008-12-27 15:10 . 2008-12-27 15:10d
c:programdataCyberLink
2008-12-27 15:10 . 2001-03-08 18:30 24,064
c:windowsSystem32msxml3a.dll
2008-12-27 15:09 . 2008-12-27 15:10d
c:program filesCyberLink
2008-12-27 14:54 . 2008-12-27 15:05d
c:program filesQuintessential Media Player
2008-12-27 14:52 . 2006-10-26 19:58 30,512 —a
c:windowsSystem32mdimon.dll
2008-12-27 14:50 . 2008-12-27 14:50d
c:windowsPCHEALTH
2008-12-27 14:50 . 2008-12-27 14:50d
c:program filesMicrosoft.NET
2008-12-27 14:47 . 2008-12-27 14:47d
c:program filesMicrosoft Visual Studio 8
2008-12-27 14:46 . 2008-12-27 14:46dr-h
C:MSOCache
2008-12-27 14:42 . 2008-12-27 14:42d
c:program filesDAEMON Tools
2008-12-27 14:40 . 2008-12-27 14:40 611,064 —a
c:windowsSystem32driverssptd.sys
2008-12-27 14:40 . 2008-12-27 14:40 142,904 —a
c:windowsSystem32driverssptddrv1.sys
2008-12-27 14:35 . 2008-12-27 14:35d
c:usersAll UsersGRETECH
2008-12-27 14:35 . 2008-12-27 14:35d
c:usersСерЁняAppDataRoamingGRETECH
2008-12-27 14:35 . 2008-12-27 14:35d
c:programdataGRETECH
2008-12-27 14:34 . 2009-01-13 20:16d
c:usersСерЁняAppDataRoamingAdobe
2008-12-27 14:34 . 2008-12-27 14:34d
c:program filesGRETECH
2008-12-27 14:25 . 2008-12-27 14:25d
c:usersСерЁняAppDataRoamingMacromedia
2008-12-27 14:18 . 2003-03-18 23:20 1,060,864 —a
c:windowsSystem32MFC71.dll
2008-12-27 14:18 . 2003-03-18 22:14 499,712 —a
c:windowsSystem32MSVCP71.dll
2008-12-27 14:18 . 2003-02-21 06:42 348,160 —a
c:windowsSystem32MSVCR71.dll
2008-12-27 14:18 . 2008-11-26 20:17 51,792 —a
c:windowsSystem32driversaswMonFlt.sys
2008-12-27 14:17 . 2008-12-27 14:17d
c:program filesAlwil Software
2008-12-27 14:17 . 2008-12-27 14:17 0 —ah
c:windowsSystem32driversMsft_User_WpdFs_01_00_00.Wdf
2008-12-27 13:56 . 2008-10-02 04:32 1,383,424 —a
c:windowsSystem32mshtml.tlb
2008-12-27 13:51 . 2008-10-22 04:22 2,048 —a
c:windowsSystem32tzres.dll
2008-12-27 13:35 . 2008-08-05 12:49 428,544 —a
c:windowsSystem32EncDec.dll
2008-12-27 13:35 . 2008-08-05 12:49 293,376 —a
c:windowsSystem32psisdecd.dll
2008-12-27 13:35 . 2008-08-05 12:48 217,088 —a
c:windowsSystem32psisrndr.ax
2008-12-27 13:35 . 2008-08-05 12:48 177,664 —a
c:windowsSystem32mpg2splt.ax
2008-12-27 13:35 . 2008-08-05 12:48 80,896 —a
c:windowsSystem32MSNP.ax
2008-12-27 13:35 . 2008-04-23 07:41 57,856 —a
c:windowsSystem32MSDvbNP.ax
2008-12-27 13:25 . 2008-06-26 04:45 12,240,896 —a
c:windowsSystem32NlsLexicons0007.dll
2008-12-27 13:25 . 2008-06-26 04:45 2,644,480 —a
c:windowsSystem32NlsLexicons0009.dll
2008-12-27 13:25 . 2008-06-26 06:29 801,280 —a
c:windowsSystem32NaturalLanguage6.dll
2008-12-27 13:15 . 2008-10-16 07:47 827,392 —a
c:windowsSystem32wininet.dll
2008-12-27 13:11 . 2008-11-01 04:21 4,240,384 —a
c:windowsSystem32GameUXLegacyGDFs.dll
2008-12-27 13:11 . 2008-03-08 07:21 1,695,744 —a
c:windowsSystem32gameux.dll
2008-12-27 13:11 . 2008-11-01 06:44 28,672 —a
c:windowsSystem32Apphlpdm.dll
2008-12-27 13:04 . 2008-09-18 08:09 3,601,464 —a
c:windowsSystem32ntkrnlpa.exe
2008-12-27 13:04 . 2008-09-18 08:09 3,549,240 —a
c:windowsSystem32ntoskrnl.exe
2008-12-27 13:02 . 2008-04-26 11:26 891,448 —a
c:windowsSystem32driverstcpip.sys
2008-12-27 13:02 . 2008-04-12 06:32 784,896 —a
c:windowsSystem32rpcrt4.dll
2008-12-27 13:02 . 2008-04-05 04:21 72,192 —a
c:windowsSystem32driverspacer.sys
2008-12-27 13:02 . 2008-04-05 06:34 15,360 —a
c:windowsSystem32pacerprf.dll
2008-12-27 13:01 . 2008-10-29 09:29 2,927,104 —a
c:windowsexplorer.exe
2008-12-27 13:01 . 2008-06-19 06:31 361,984 —a
c:windowsSystem32IPSECSVC.DLL
2008-12-27 13:01 . 2008-06-26 06:29 303,616 —a
c:windowsSystem32wmpeffects.dll
2008-12-27 13:00 . 2008-09-18 05:16 2,032,640 —a
c:windowsSystem32win32k.sys
2008-12-27 13:00 . 2008-09-05 08:14 1,191,936 —a
c:windowsSystem32msxml3.dll
2008-12-27 13:00 . 2008-08-28 06:40 712,704 —a
c:windowsSystem32WindowsCodecs.dll
2008-12-27 13:00 . 2008-08-28 06:40 425,472 —a
c:windowsSystem32PhotoMetadataHandler.dll
2008-12-27 13:00 . 2008-08-28 06:40 347,136 —a
c:windowsSystem32WindowsCodecsExt.dll
2008-12-27 13:00 . 2008-10-21 08:25 296,960 —a
c:windowsSystem32gdi32.dll
2008-12-27 13:00 . 2008-10-22 06:57 241,152 —a
c:windowsSystem32PortableDeviceApi.dll
2008-12-27 12:59 . 2008-08-27 04:05 212,480 —a
c:windowsSystem32driversmrxsmb10.sys
2008-12-27 12:58 . 2008-09-10 06:40 1,334,272 —a
c:windowsSystem32msxml6.dll
2008-12-27 12:58 . 2008-04-26 11:08 1,314,816 —a
c:windowsSystem32quartz.dll
2008-12-27 12:58 . 2008-08-12 06:39 443,392 —a
c:windowsSystem32win32spl.dll
2008-12-27 12:58 . 2008-04-18 08:48 269,312 —a
c:windowsSystem32es.dll
2008-12-27 12:58 . 2008-05-10 04:33 113,664 —a
c:windowsSystem32driversrmcast.sys
2008-12-27 12:43 . 2008-12-27 12:43d
c:usersСерЁняAppDataRoamingToshiba
2008-12-27 12:38 . 2008-12-27 12:38d
c:usersAll UsersIsolatedStorage
2008-12-27 12:38 . 2008-12-27 12:38d
c:programdataIsolatedStorage
2008-12-27 12:36 . 2008-10-17 00:13 1,809,944 —a
c:windowsSystem32wuaueng.dll
2008-12-27 12:36 . 2008-10-16 23:56 1,524,736 —a
c:windowsSystem32wucltux.dll
2008-12-27 12:36 . 2008-10-17 00:12 561,688 —a
c:windowsSystem32wuapi.dll
2008-12-27 12:36 . 2008-10-16 14:08 162,064 —a
c:windowsSystem32wuwebv.dll
2008-12-27 12:36 . 2008-10-16 23:55 83,456 —a
c:windowsSystem32wudriver.dll
2008-12-27 12:36 . 2008-10-17 00:09 51,224 —a
c:windowsSystem32wuauclt.exe
2008-12-27 12:36 . 2008-10-17 00:09 43,544 —a
c:windowsSystem32wups2.dll
2008-12-27 12:36 . 2008-10-17 00:08 34,328 —a
c:windowsSystem32wups.dll
2008-12-27 12:36 . 2008-10-16 13:56 31,232 —a
c:windowsSystem32wuapp.exe
2008-12-27 01:13 . 2008-12-27 01:13d
c:usersСерЁняAppDataRoamingGoogle
2008-12-27 00:58 . 2008-12-27 00:58d
c:usersAll UsersATI
2008-12-27 00:58 . 2008-12-27 00:58dr
c:usersСерЁняSearches
2008-12-27 00:58 . 2008-12-27 00:58dr
c:usersСерЁняSearches
2008-12-27 00:58 . 2008-12-27 00:58d
c:usersСерЁняAppDataRoamingIdentities
2008-12-27 00:58 . 2008-12-27 00:58d
c:usersСерЁняAppDataRoamingATI
2008-12-27 00:58 . 2008-12-27 00:58d
c:programdataATI.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 13:55 1,310,720 —sha-w c:usersСерЁняNTUSER.DAT
2009-01-25 13:55 1,310,720 —sha-w c:usersСерЁняNTUSER.DAT
2009-01-25 10:16
d
w c:usersСерЁняAppDataRoamingMozilla
2009-01-18 14:05
d
w c:program filesWindows Mail
2009-01-17 10:16
d
w c:programdataMicrosoft Help
2009-01-13 17:16
d
w c:usersСерЁняAppDataRoamingAdobe
2009-01-12 18:35
d-s—w c:usersСерЁняAppDataRoamingMicrosoft
2008-12-27 20:33
d
w c:program filesCONEXANT
2008-12-27 16:36
d
w c:program filesCommon FilesAdobe
2008-12-27 12:18
d
w c:usersСерЁняAppDataRoamingWinRAR
2008-12-27 12:11
d
w c:usersСерЁняAppDataRoamingCyberLink
2008-12-27 12:09
d—h—w c:program filesInstallShield Installation Information
2008-12-27 11:51
d
w c:program filesMicrosoft Works
2008-12-27 11:50
d
w c:program filesMSBuild
2008-12-27 11:35
d
w c:usersСерЁняAppDataRoamingGRETECH
2008-12-27 11:25
d
w c:usersСерЁняAppDataRoamingMacromedia
2008-12-27 11:03
d
w c:program filesToshiba
2008-12-27 09:43
d
w c:usersСерЁняAppDataRoamingToshiba
2008-12-26 22:32
d
w c:programdataMcAfee
2008-12-26 22:32
d
w c:program filesGoogle
2008-12-26 22:13
d
w c:usersСерЁняAppDataRoamingGoogle
2008-12-26 21:58
d
w c:usersСерЁняAppDataRoamingIdentities
2008-12-26 21:58
d
w c:usersСерЁняAppDataRoamingATI
2008-12-26 21:56
d
w c:programdataToshiba
2008-12-26 21:52
d
w c:usersСерЁняAppDataRoamingInstallShield
2008-12-26 21:51
d-sh—w c:programdataШаблоны
2008-12-26 21:51
d-sh—w c:programdataРабочий стол
2008-12-26 21:51
d-sh—w c:programdataГлавное меню
2008-12-26 21:51
d-sh—w c:programdataИзбранное
2008-12-26 21:51
d-sh—w c:programdataДокументы
2008-11-01 03:44 541,696 —-a-w c:windowsAppPatchAcLayers.dll
2008-11-01 03:44 52,736 —-a-w c:windowsAppPatchiebrshim.dll
2008-11-01 03:44 460,288 —-a-w c:windowsAppPatchAcSpecfc.dll
2008-11-01 03:44 2,154,496 —-a-w c:windowsAppPatchAcGenral.dll
2008-11-01 03:44 173,056 —-a-w c:windowsAppPatchAcXtrnal.dll
2008-01-21 02:43 174 —sha-w c:program filesdesktop.ini
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{830E0FD7-8EAC-4475-A43F-62944E036DEA}]
2009-01-23 13:10 321536 —a
c:programdatapbklib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-21 1233920]
«TOSCDSPD»=»c:program filesTOSHIBATOSCDSPDTOSCDSPD.exe» [2008-01-29 430080]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre1.6.0_06binjusched.exe» [2008-03-25 144784]
«ITSecMng»=»c:program filesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 75136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 40048]
«Picasa Media Detector»=»c:program filesPicasa2PicasaMediaDetector.exe» [2006-12-06 366400]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-12-15 184320]
«Camera Assistant Software»=»c:program filesCamera Assistant Software for Toshibatraybar.exe» [2008-03-25 417792]
«TPwrMain»=»c:program filesTOSHIBAPower SaverTPwrMain.EXE» [2008-01-17 431456]
«HSON»=»c:program filesTOSHIBATBSHSON.exe» [2007-10-31 54608]
«SmoothView»=»c:program filesToshibaSmoothViewSmoothView.exe» [2008-01-25 509816]
«00TCrdMain»=»c:program filesTOSHIBAFlashCardsTCrdMain.exe» [2008-03-19 716800]
«HDMICtrlMan»=»c:program filesTOSHIBAHDMICtrlManHDMICtrlMan.exe» [2008-04-02 716800]
«Toshiba Registration»=»c:program filesToshibaRegistrationToshibaRegistration.exe» [2008-01-11 574864]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-26 81000]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2006-09-14 157592]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«NDSTray.exe»=»NDSTray.exe» [BU][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.dvacm»= c:progra~1COMMON~1ULEADS~1viodvacm.acm
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{B1C0F5E6-A900-4AD3-94EB-4BCF99C0E8AF}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office OutlookR1 aswSP;avast! Self Protection;c:windowsSystem32driversaswSP.sys [2008-12-27 111184]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:windowsSystem32driversRtlProt.sys [2008-12-27 25896]
R3 O2MDRDR;O2MDRDR;c:windowsSystem32driverso2media.sys [2008-04-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:windowsSystem32driversQIOMem.sys [2007-04-09 8192]
R3 RTL8187B;Сетевой адаптер Realtek RTL8187B Wireless 802.11b/g 54 Мбит/с USB 2.0;c:windowsSystem32driversrtl8187B.sys [2008-12-27 292864]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-24 73728]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:program filesCyberLinkPowerDVD000.fcl [2008-12-27 15:09:33 13560]
R4 aswFsBlk;aswFsBlk;c:windowsSystem32driversaswFsBlk.sys [2008-12-27 20560]
R4 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [2008-12-27 51792]
R4 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [2008-04-16 40960]
R4 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot — Search & DestroySDWinSec.exe [2009-01-25 809296]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [2007-12-03 126976]— Other Services/Drivers In Memory —
*Deregistered* — sptd
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ru
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?RU
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} — http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
TCP: {487A704D-166B-48A9-B9EB-1AAE011FC27F} = 192.168.1.1
FF — ProfilePath — c:usersСерЁняAppDataRoamingMozillaFirefoxProfiles3qrxalea.default
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 16:55:06
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
TOSCDSPD = c:program filesTOSHIBATOSCDSPDTOSCDSPD.exe?/i??????K?=????X?:???:???:???:?scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-01-25 16:57:26
ComboFix-quarantined-files.txt 2009-01-25 13:57:20Pre-Run: 90 250 735 616 байт свободно
Post-Run: 90,225,844,224 байт свободно274 — E O F — 2009-01-22 11:41:02
Здравствуйте.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{830E0FD7-8EAC-4475-A43F-62944E036DEA}]
File::
c:usersAll Userspbklib.dll
c:programdatapbklib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.
- Для ответа в этой теме необходимо авторизоваться.
