- This topic has 4 ответа, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Скажу сразу я просто пользователь :rolleyes: на компе стоит XPsp3 и NOD32. При включении компа NOD находит всегда разные файлы |0a0|.exe, |090|.exe и т.д. изолирует их в карантин и удаляет но не всегда. Через несколько минут NOD опять находит такиеже или слегка измененые в имени файлы и появилась папка RECYCLER может я ее не замечал. Я отключил восстановление Windows поставил заплатки с winupdate и решил поставить Outpost Firewall т.к. NOD не мог справиться с эти вирусом он даже немог его определить. ГовноПост обнаружил и заблокировал изменения в Explorere и в DNS есть множественные записи в кэше попытка связи каждые 5минут с n2.myip.org ip 213.175.194.102. Отключил сеть и все приложения, сделал полную диагностику NODом и Outpostом поставил критические обновления. После перезапуска вроде все нормально. Сегодня врубил компик без Outposta и NOD опять нашел этот файл |0a0|.exe и уже смог его индифицыровать как модифицированный Win/32IRCBot троян и вылечить не смог опять предложил отправить на анализ. Как избавиться от него подскажите??? А и еще попробывал combofix вот что он пишет:
ComboFix 09-01-21.04 — Max 2009-01-30 23:39:22.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.767.475 [GMT 5:00]
Running from: c:documents and settingsMaxРабочий столНовая папкаComboFix.exe
Command switches used :: c:documents and settingsMaxРабочий столНовая папкаWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
* Resident AV is active.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.2009-01-30 23:18 . 2009-01-30 23:18 669,713 —a
c:documents and settingsMaxl0140l.exe
2009-01-30 02:56 . 2009-01-30 03:21 512 —a
C:drmHeader.bin
2009-01-28 18:11 . 2009-01-28 18:11 0 —a
c:windowscfgedit.INI
2009-01-28 14:52 . 2009-01-28 14:52d
c:documents and settingsAll UsersApplication DataSandlot Games
2009-01-28 14:52 . 2009-01-28 14:52 4,096 —a
c:windowsd3dx.dat
2009-01-28 11:17 . 2009-01-28 11:17d
c:documents and settingsAll UsersApplication DataFriends Games
2009-01-27 12:33 . 2009-01-27 12:33d
c:documents and settingsMaxApplication DataApple Computer
2009-01-27 12:32 . 2009-01-27 12:32d
c:program filesQuickTime
2009-01-27 12:32 . 2009-01-27 12:38 54,156 —ah
c:windowsQTFont.qfn
2009-01-27 12:32 . 2009-01-27 12:38 1,409 —a
c:windowsQTFont.for
2009-01-27 12:31 . 2009-01-27 12:31d
c:program filesiTunes
2009-01-27 12:31 . 2009-01-27 12:31d
c:documents and settingsAll UsersApplication DataApple Computer
2009-01-27 12:30 . 2009-01-27 12:30d
c:program filesiPod
2009-01-27 12:30 . 2004-12-18 20:32 38,229
c:windowssystem32driversStMp3Rec.sys
2009-01-26 01:54 . 2009-01-26 02:00d
c:program filesMSECache
2009-01-26 01:32 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2009-01-26 01:28 . 2009-01-26 01:28d
c:program filesMicrosoft Works
2009-01-26 01:24 . 2009-01-26 01:24d
c:program filesMicrosoft.NET
2009-01-26 01:21 . 2009-01-26 01:21d
c:program filesMicrosoft Visual Studio 8
2009-01-26 01:21 . 2009-01-26 01:21d
C:IDE
2009-01-26 01:19 . 2009-01-26 01:26d
c:windowsSHELLNEW
2009-01-26 01:18 . 2009-01-27 01:34d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-26 01:17 . 2009-01-26 01:17dr-h
C:MSOCache
2009-01-24 19:33 . 2009-01-24 19:33d
c:program filesBethesda Softworks
2009-01-24 00:58 . 2009-01-24 00:58d
c:program filesCreative
2009-01-24 00:43 . 2009-01-24 01:10d
c:program filesMafia
2009-01-24 00:43 . 2003-04-16 17:49 233,472 -ra
c:windowssystem32MafiaSetup.exe
2009-01-23 20:31 . 2009-01-23 20:32d
C:Build-a-lot 3 — Passport to Europe
2009-01-23 19:43 . 2009-01-23 19:43 30,208 —a
c:windowssystem32borlndmm.dll
2009-01-23 19:43 . 2009-01-28 17:54 830 —a
c:documents and settingsMaxApplication Datafieryads.dat
2009-01-23 19:42 . 2009-01-23 19:43d
c:program filesFieryAds
2009-01-22 21:24 . 2009-01-22 21:24d—h
c:windowsPIF
2009-01-17 20:37 . 2009-01-23 00:04d
c:documents and settingsAll UsersApplication DataHipSoft
2009-01-17 20:00 . 2009-01-17 20:00d
c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2009-01-17 18:54 . 2009-01-28 18:31d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-01-17 18:53 . 2009-01-28 14:50d
c:program filesOberon Media
2009-01-17 18:53 . 2009-01-17 18:53d
c:program filesCommon FilesOberon Media
2009-01-16 18:33 . 2009-01-16 18:32 512,096 —a
c:windowssystem32driversamon.sys
2009-01-16 18:33 . 2009-01-16 18:32 298,104 —a
c:windowssystem32imon.dll
2009-01-16 18:33 . 2009-01-16 18:32 15,424 —a
c:windowssystem32driversnod32drv.sys
2009-01-16 17:44 . 2009-01-17 20:26d
c:program filesESET
2009-01-16 17:31 . 2008-12-01 17:10 98,168 —a
c:windowssystem32driversdwprot.sys
2009-01-16 17:27 . 2009-01-16 17:59d
c:program filesDrWeb
2009-01-16 17:27 . 2009-01-16 17:27d
c:program filesCommon FilesDoctor Web
2009-01-16 17:27 . 2009-01-16 17:27d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-01-16 12:00 . 2001-03-26 04:41 245,760 —a
c:windowssystem32mp4sds32.ax
2009-01-15 20:49 . 2009-01-15 20:49d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-14 23:45 . 2008-05-09 15:56 512,000
c— c:windowssystem32dllcachejscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 430,080
c— c:windowssystem32dllcachevbscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 180,224
c— c:windowssystem32dllcachescrobj.dll
2009-01-14 23:45 . 2008-05-09 15:56 172,032
c— c:windowssystem32dllcachescrrun.dll
2009-01-14 23:45 . 2008-05-08 16:24 155,648
c— c:windowssystem32dllcachewscript.exe
2009-01-14 23:45 . 2008-05-09 13:45 135,168
c— c:windowssystem32dllcachecscript.exe
2009-01-14 23:45 . 2008-05-09 15:56 90,112
c— c:windowssystem32dllcachewshext.dll
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesPRMT6
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesCommon FilesPROject MT
2009-01-14 15:13 . 2009-01-14 15:13d
c:documents and settingsAll UsersApplication DataPROject MT
2009-01-14 02:54 . 2009-01-14 02:54d
c:documents and settingsLocalServiceРабочий стол
2009-01-14 02:03 . 2008-09-10 06:15 1,307,648
c— c:windowssystem32dllcachemsxml6.dll
2009-01-14 02:03 . 2008-04-14 21:17 86,016
c— c:windowssystem32dllcachemsxml6r.dll
2009-01-14 01:53 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-01-14 01:53 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-01-14 01:51 . 2006-12-29 00:31 19,569 —a
c:windows005728_.tmp
2009-01-14 00:55 . 2009-01-16 18:35 49 —a
c:windowstransp.gif
2009-01-13 20:13 . 2008-04-14 21:40 10,752
c:windowssystem32smtpapi.dll
2009-01-13 20:13 . 2008-04-14 21:40 9,728
c:windowssystem32rwnh.dll
2009-01-13 20:12 . 2004-07-17 11:40 19,528 —a
c:windows000001_.tmp
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2009-01-30 23:39d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2009-01-30 23:39d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2009-01-13 16:23d—s—- c:documents and settingsАдминистраторApplication DataMicrosoft
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2009-01-13 16:23d
c:documents and settingsАдминистратор
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-13 15:09 . 2009-01-13 15:09d—s—- c:documents and settingsMaxUserData
2009-01-07 17:11 . 2009-01-16 17:25d
c:program filesBuka
2009-01-07 16:32 . 2008-10-07 13:33 201,157 —a
c:windowssystem32nvapps.nvb
2009-01-07 16:22 . 2009-01-30 23:07 195,534 —a
c:windowssystem32nvapps.xml
2009-01-07 16:21 . 2009-01-07 17:02d
c:windowsnview
2009-01-07 00:00 . 2009-01-07 00:00d
c:documents and settingsMaxShaders
2009-01-06 00:39 . 2009-01-06 00:55d
c:documents and settingsMaxApplication DataFTPInfo
2009-01-05 03:04 . 2009-01-05 03:04d
c:program filesFL
2009-01-04 14:58 . 2009-01-26 01:27d
c:program filesMSBuild
2009-01-04 14:54 . 2009-01-04 14:54d
c:windowssystem32XPSViewer
2009-01-04 14:53 . 2009-01-04 14:53d
c:program filesReference Assemblies
2009-01-04 14:52 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2009-01-04 14:09 . 2009-01-04 14:09d
c:documents and settingsMaxApplication DataSony Setup
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesNokia
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesPCSuite
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesNokia
2009-01-01 15:25 . 2008-09-15 07:29 1,112,288 —a
c:windowssystem32wdfcoinstaller01007.dll
2009-01-01 15:25 . 2008-09-15 07:56 659,968 —a
c:windowssystem32nmwcdcocls.dll
2009-01-01 15:25 . 2008-09-15 07:56 22,016 —a
c:windowssystem32driversccdcmbo.sys
2009-01-01 15:25 . 2008-09-15 07:56 17,664 —a
c:windowssystem32driversccdcmb.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerfltj.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerflt.sys
2009-01-01 14:40 . 2009-01-01 14:40d—hs—- c:documents and settingsMaxPhone Browser
2008-12-31 03:20 . 2004-08-17 16:04 221,184 —a
c:windowssystem32wmpns.dll
2008-12-31 03:11 . 2008-12-31 03:11d
c:program filesMSXML 4.0
2008-12-31 02:41 . 2008-06-14 22:35 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-31 02:41 . 2008-06-24 21:44 74,240
c— c:windowssystem32dllcachemscms.dll
2008-12-31 02:40 . 2008-12-11 15:57 333,952
c— c:windowssystem32dllcachesrv.sys
2008-12-31 02:39 . 2008-12-12 22:03 3,088,896
c— c:windowssystem32dllcachemshtml.dll
2008-12-31 02:39 . 2008-10-16 06:02 1,499,136
c— c:windowssystem32dllcacheshdocvw.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 13:11
d
w c:program filesArtMoney
2009-01-22 15:33
d—h—w c:program filesInstallShield Installation Information
2009-01-13 23:52
d
w c:program filesDAEMON Tools
2009-01-13 21:45 96,384 —-a-w c:windowssystem32driverssptd5181.sys
2009-01-04 21:09
d
w c:program filesSony
2009-01-04 09:08
d
w c:program filesSony Setup
2008-12-30 22:00
d
w c:program filesCommon FilesAdobe
2008-12-30 21:53
d
w c:documents and settingsMaxApplication DataAdobeUM
2008-12-11 10:57 333,952 —-a-w c:windowssystem32driverssrv.sys
2008-10-29 06:24 831,048 —-a-w c:windowssystem32WudfUpdate_01005.dll
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-16 09:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 09:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 09:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 09:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 09:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 09:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 09:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 09:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 01:02 666,624 —-a-w c:windowssystem32wininet.dll
2008-10-15 13:49 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-10-02 05:07 453,152 —-a-w c:windowssystem32NVUNINST.EXE
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«KabAuth»=»c:documents and settingsMaxРабочий столkabauth.exe» [2009-01-16 764928]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2003-05-29 790528]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-25 136600]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-16 949376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2006-02-23 278528]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-01-27 155648]
«nwiz»=»nwiz.exe» [2008-10-07 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2005-12-20 22:57 176128 c:progra~1StardockOBJECT~1WINDOW~1WbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Games\CS16\hl.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Documents and Settings\Max\Рабочий стол\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Program Files\Opera\opera.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [2009-01-16 98168]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2009-01-16 15424]
R3 NPF;WinPcap Packet Driver (NPF);c:windowssystem32driversnpf.sys [2007-11-07 34064]
R4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-10-17 869688]
S4 SandBox;Outpost Firewall Sandbox Driver;??c:program filesAgnitumOutpost FirewallkernelSandbox.SYS —> c:program filesAgnitumOutpost FirewallkernelSandbox.SYS [?]
S4 SPIDER;SpIDer Guard File System Monitor;??c:progra~1DrWebspider.sys —> c:progra~1DrWebspider.sys [?]
S4 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe —> c:progra~1DrWebspidernt.exe [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5317cb26-c482-11dd-ae49-000c6e7eab83}]
ShellAutoRuncommand — g:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe
Shellopencommand — g:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-01-30 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]2009-01-10 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-SpIDerAgent — c:program filesDrWebSpIDerAgent.exe
HKLM-Run-SpIDerMail — c:program filesDrWebspiderml.exe
HKLM-Run-SpIDerNT — c:progra~1DrWebspiderui.exe.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
LSP: c:windowssystem32imon.dll
TCP: {8714271C-2B56-4017-9FB9-6CFDF91A7EB0} = 87.224.213.1,87.224.197.1
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 23:40:06
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-73586283-879983540-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(896)
c:progra~1StardockOBJECT~1WINDOW~1wbsrv.dll— — — — — — — > ‘lsass.exe'(956)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-01-30 23:41:33
ComboFix-quarantined-files.txt 2009-01-30 18:41:30
ComboFix2.txt 2009-01-28 13:07:15Pre-Run: 16 346 570 752 байт свободно
Post-Run: 16,333,742,080 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
277 — E O F — 2009-01-26 20:35:14ComboFix 09-01-21.04 — Max 2009-01-30 23:39:22.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.767.475 [GMT 5:00]
Running from: c:documents and settingsMaxРабочий столНовая папкаComboFix.exe
Command switches used :: c:documents and settingsMaxРабочий столНовая папкаWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
* Resident AV is active.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.2009-01-30 23:18 . 2009-01-30 23:18 669,713 —a
c:documents and settingsMaxl0140l.exe
2009-01-30 02:56 . 2009-01-30 03:21 512 —a
C:drmHeader.bin
2009-01-28 18:11 . 2009-01-28 18:11 0 —a
c:windowscfgedit.INI
2009-01-28 14:52 . 2009-01-28 14:52d
c:documents and settingsAll UsersApplication DataSandlot Games
2009-01-28 14:52 . 2009-01-28 14:52 4,096 —a
c:windowsd3dx.dat
2009-01-28 11:17 . 2009-01-28 11:17d
c:documents and settingsAll UsersApplication DataFriends Games
2009-01-27 12:33 . 2009-01-27 12:33d
c:documents and settingsMaxApplication DataApple Computer
2009-01-27 12:32 . 2009-01-27 12:32d
c:program filesQuickTime
2009-01-27 12:32 . 2009-01-27 12:38 54,156 —ah
c:windowsQTFont.qfn
2009-01-27 12:32 . 2009-01-27 12:38 1,409 —a
c:windowsQTFont.for
2009-01-27 12:31 . 2009-01-27 12:31d
c:program filesiTunes
2009-01-27 12:31 . 2009-01-27 12:31d
c:documents and settingsAll UsersApplication DataApple Computer
2009-01-27 12:30 . 2009-01-27 12:30d
c:program filesiPod
2009-01-27 12:30 . 2004-12-18 20:32 38,229
c:windowssystem32driversStMp3Rec.sys
2009-01-26 01:54 . 2009-01-26 02:00d
c:program filesMSECache
2009-01-26 01:32 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2009-01-26 01:28 . 2009-01-26 01:28d
c:program filesMicrosoft Works
2009-01-26 01:24 . 2009-01-26 01:24d
c:program filesMicrosoft.NET
2009-01-26 01:21 . 2009-01-26 01:21d
c:program filesMicrosoft Visual Studio 8
2009-01-26 01:21 . 2009-01-26 01:21d
C:IDE
2009-01-26 01:19 . 2009-01-26 01:26d
c:windowsSHELLNEW
2009-01-26 01:18 . 2009-01-27 01:34d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-26 01:17 . 2009-01-26 01:17dr-h
C:MSOCache
2009-01-24 19:33 . 2009-01-24 19:33d
c:program filesBethesda Softworks
2009-01-24 00:58 . 2009-01-24 00:58d
c:program filesCreative
2009-01-24 00:43 . 2009-01-24 01:10d
c:program filesMafia
2009-01-24 00:43 . 2003-04-16 17:49 233,472 -ra
c:windowssystem32MafiaSetup.exe
2009-01-23 20:31 . 2009-01-23 20:32d
C:Build-a-lot 3 — Passport to Europe
2009-01-23 19:43 . 2009-01-23 19:43 30,208 —a
c:windowssystem32borlndmm.dll
2009-01-23 19:43 . 2009-01-28 17:54 830 —a
c:documents and settingsMaxApplication Datafieryads.dat
2009-01-23 19:42 . 2009-01-23 19:43d
c:program filesFieryAds
2009-01-22 21:24 . 2009-01-22 21:24d—h
c:windowsPIF
2009-01-17 20:37 . 2009-01-23 00:04d
c:documents and settingsAll UsersApplication DataHipSoft
2009-01-17 20:00 . 2009-01-17 20:00d
c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2009-01-17 18:54 . 2009-01-28 18:31d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-01-17 18:53 . 2009-01-28 14:50d
c:program filesOberon Media
2009-01-17 18:53 . 2009-01-17 18:53d
c:program filesCommon FilesOberon Media
2009-01-16 18:33 . 2009-01-16 18:32 512,096 —a
c:windowssystem32driversamon.sys
2009-01-16 18:33 . 2009-01-16 18:32 298,104 —a
c:windowssystem32imon.dll
2009-01-16 18:33 . 2009-01-16 18:32 15,424 —a
c:windowssystem32driversnod32drv.sys
2009-01-16 17:44 . 2009-01-17 20:26d
c:program filesESET
2009-01-16 17:31 . 2008-12-01 17:10 98,168 —a
c:windowssystem32driversdwprot.sys
2009-01-16 17:27 . 2009-01-16 17:59d
c:program filesDrWeb
2009-01-16 17:27 . 2009-01-16 17:27d
c:program filesCommon FilesDoctor Web
2009-01-16 17:27 . 2009-01-16 17:27d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-01-16 12:00 . 2001-03-26 04:41 245,760 —a
c:windowssystem32mp4sds32.ax
2009-01-15 20:49 . 2009-01-15 20:49d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-14 23:45 . 2008-05-09 15:56 512,000
c— c:windowssystem32dllcachejscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 430,080
c— c:windowssystem32dllcachevbscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 180,224
c— c:windowssystem32dllcachescrobj.dll
2009-01-14 23:45 . 2008-05-09 15:56 172,032
c— c:windowssystem32dllcachescrrun.dll
2009-01-14 23:45 . 2008-05-08 16:24 155,648
c— c:windowssystem32dllcachewscript.exe
2009-01-14 23:45 . 2008-05-09 13:45 135,168
c— c:windowssystem32dllcachecscript.exe
2009-01-14 23:45 . 2008-05-09 15:56 90,112
c— c:windowssystem32dllcachewshext.dll
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesPRMT6
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesCommon FilesPROject MT
2009-01-14 15:13 . 2009-01-14 15:13d
c:documents and settingsAll UsersApplication DataPROject MT
2009-01-14 02:54 . 2009-01-14 02:54d
c:documents and settingsLocalServiceРабочий стол
2009-01-14 02:03 . 2008-09-10 06:15 1,307,648
c— c:windowssystem32dllcachemsxml6.dll
2009-01-14 02:03 . 2008-04-14 21:17 86,016
c— c:windowssystem32dllcachemsxml6r.dll
2009-01-14 01:53 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-01-14 01:53 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-01-14 01:51 . 2006-12-29 00:31 19,569 —a
c:windows005728_.tmp
2009-01-14 00:55 . 2009-01-16 18:35 49 —a
c:windowstransp.gif
2009-01-13 20:13 . 2008-04-14 21:40 10,752
c:windowssystem32smtpapi.dll
2009-01-13 20:13 . 2008-04-14 21:40 9,728
c:windowssystem32rwnh.dll
2009-01-13 20:12 . 2004-07-17 11:40 19,528 —a
c:windows000001_.tmp
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2009-01-30 23:39d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2009-01-30 23:39d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2009-01-13 16:23d—s—- c:documents and settingsАдминистраторApplication DataMicrosoft
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2009-01-13 16:23d
c:documents and settingsАдминистратор
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-13 15:09 . 2009-01-13 15:09d—s—- c:documents and settingsMaxUserData
2009-01-07 17:11 . 2009-01-16 17:25d
c:program filesBuka
2009-01-07 16:32 . 2008-10-07 13:33 201,157 —a
c:windowssystem32nvapps.nvb
2009-01-07 16:22 . 2009-01-30 23:07 195,534 —a
c:windowssystem32nvapps.xml
2009-01-07 16:21 . 2009-01-07 17:02d
c:windowsnview
2009-01-07 00:00 . 2009-01-07 00:00d
c:documents and settingsMaxShaders
2009-01-06 00:39 . 2009-01-06 00:55d
c:documents and settingsMaxApplication DataFTPInfo
2009-01-05 03:04 . 2009-01-05 03:04d
c:program filesFL
2009-01-04 14:58 . 2009-01-26 01:27d
c:program filesMSBuild
2009-01-04 14:54 . 2009-01-04 14:54d
c:windowssystem32XPSViewer
2009-01-04 14:53 . 2009-01-04 14:53d
c:program filesReference Assemblies
2009-01-04 14:52 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2009-01-04 14:09 . 2009-01-04 14:09d
c:documents and settingsMaxApplication DataSony Setup
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesNokia
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesPCSuite
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesNokia
2009-01-01 15:25 . 2008-09-15 07:29 1,112,288 —a
c:windowssystem32wdfcoinstaller01007.dll
2009-01-01 15:25 . 2008-09-15 07:56 659,968 —a
c:windowssystem32nmwcdcocls.dll
2009-01-01 15:25 . 2008-09-15 07:56 22,016 —a
c:windowssystem32driversccdcmbo.sys
2009-01-01 15:25 . 2008-09-15 07:56 17,664 —a
c:windowssystem32driversccdcmb.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerfltj.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerflt.sys
2009-01-01 14:40 . 2009-01-01 14:40d—hs—- c:documents and settingsMaxPhone Browser
2008-12-31 03:20 . 2004-08-17 16:04 221,184 —a
c:windowssystem32wmpns.dll
2008-12-31 03:11 . 2008-12-31 03:11d
c:program filesMSXML 4.0
2008-12-31 02:41 . 2008-06-14 22:35 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-31 02:41 . 2008-06-24 21:44 74,240
c— c:windowssystem32dllcachemscms.dll
2008-12-31 02:40 . 2008-12-11 15:57 333,952
c— c:windowssystem32dllcachesrv.sys
2008-12-31 02:39 . 2008-12-12 22:03 3,088,896
c— c:windowssystem32dllcachemshtml.dll
2008-12-31 02:39 . 2008-10-16 06:02 1,499,136
c— c:windowssystem32dllcacheshdocvw.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 13:11
d
w c:program filesArtMoney
2009-01-22 15:33
d—h—w c:program filesInstallShield Installation Information
2009-01-13 23:52
d
w c:program filesDAEMON Tools
2009-01-13 21:45 96,384 —-a-w c:windowssystem32driverssptd5181.sys
2009-01-04 21:09
d
w c:program filesSony
2009-01-04 09:08
d
w c:program filesSony Setup
2008-12-30 22:00
d
w c:program filesCommon FilesAdobe
2008-12-30 21:53
d
w c:documents and settingsMaxApplication DataAdobeUM
2008-12-11 10:57 333,952 —-a-w c:windowssystem32driverssrv.sys
2008-10-29 06:24 831,048 —-a-w c:windowssystem32WudfUpdate_01005.dll
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-16 09:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 09:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 09:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 09:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 09:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 09:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 09:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 09:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 01:02 666,624 —-a-w c:windowssystem32wininet.dll
2008-10-15 13:49 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-10-02 05:07 453,152 —-a-w c:windowssystem32NVUNINST.EXE
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«KabAuth»=»c:documents and settingsMaxРабочий столkabauth.exe» [2009-01-16 764928]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2003-05-29 790528]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-25 136600]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-16 949376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2006-02-23 278528]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-01-27 155648]
«nwiz»=»nwiz.exe» [2008-10-07 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2005-12-20 22:57 176128 c:progra~1StardockOBJECT~1WINDOW~1WbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Games\CS16\hl.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Documents and Settings\Max\Рабочий стол\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Program Files\Opera\opera.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [2009-01-16 98168]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2009-01-16 15424]
R3 NPF;WinPcap Packet Driver (NPF);c:windowssystem32driversnpf.sys [2007-11-07 34064]
R4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-10-17 869688]
S4 SandBox;Outpost Firewall Sandbox Driver;??c:program filesAgnitumOutpost FirewallkernelSandbox.SYS —> c:program filesAgnitumOutpost FirewallkernelSandbox.SYS [?]
S4 SPIDER;SpIDer Guard File System Monitor;??c:progra~1DrWebspider.sys —> c:progra~1DrWebspider.sys [?]
S4 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe —> c:progra~1DrWebspidernt.exe [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5317cb26-c482-11dd-ae49-000c6e7eab83}]
ShellAutoRuncommand — g:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe
Shellopencommand — g:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013winde32.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-01-30 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]2009-01-10 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-SpIDerAgent — c:program filesDrWebSpIDerAgent.exe
HKLM-Run-SpIDerMail — c:program filesDrWebspiderml.exe
HKLM-Run-SpIDerNT — c:progra~1DrWebspiderui.exe.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
LSP: c:windowssystem32imon.dll
TCP: {8714271C-2B56-4017-9FB9-6CFDF91A7EB0} = 87.224.213.1,87.224.197.1
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 23:40:06
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-73586283-879983540-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(896)
c:progra~1StardockOBJECT~1WINDOW~1wbsrv.dll— — — — — — — > ‘lsass.exe'(956)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-01-30 23:41:33
ComboFix-quarantined-files.txt 2009-01-30 18:41:30
ComboFix2.txt 2009-01-28 13:07:15Pre-Run: 16 346 570 752 байт свободно
Post-Run: 16,333,742,080 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
277 — E O F — 2009-01-26 20:35:14Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логу ваш компьютер заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5317cb26-c482-11dd-ae49-000c6e7eab83}]
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{28ABC5C0-4FCB-11CF-AAX5-81CX1C735612}]
Folder::
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.все сделал
ComboFix 09-01-21.04 — Max 2009-02-01 21:44:32.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.767.471 [GMT 5:00]
Running from: c:documents and settingsMaxРабочий столComboFix.exe
Command switches used :: c:documents and settingsMaxРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
* Resident AV is active.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.2009-01-30 02:56 . 2009-01-30 03:21 512 —a
C:drmHeader.bin
2009-01-28 18:11 . 2009-01-28 18:11 0 —a
c:windowscfgedit.INI
2009-01-28 14:52 . 2009-01-28 14:52d
c:documents and settingsAll UsersApplication DataSandlot Games
2009-01-28 14:52 . 2009-01-28 14:52 4,096 —a
c:windowsd3dx.dat
2009-01-28 11:17 . 2009-01-28 11:17d
c:documents and settingsAll UsersApplication DataFriends Games
2009-01-27 12:33 . 2009-01-27 12:33d
c:documents and settingsMaxApplication DataApple Computer
2009-01-27 12:32 . 2009-01-27 12:32d
c:program filesQuickTime
2009-01-27 12:32 . 2009-01-27 12:38 54,156 —ah
c:windowsQTFont.qfn
2009-01-27 12:32 . 2009-01-27 12:38 1,409 —a
c:windowsQTFont.for
2009-01-27 12:31 . 2009-01-27 12:31d
c:program filesiTunes
2009-01-27 12:31 . 2009-01-27 12:31d
c:documents and settingsAll UsersApplication DataApple Computer
2009-01-27 12:30 . 2009-01-27 12:30d
c:program filesiPod
2009-01-27 12:30 . 2004-12-18 20:32 38,229
c:windowssystem32driversStMp3Rec.sys
2009-01-26 01:54 . 2009-01-26 02:00d
c:program filesMSECache
2009-01-26 01:32 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2009-01-26 01:28 . 2009-01-26 01:28d
c:program filesMicrosoft Works
2009-01-26 01:24 . 2009-01-26 01:24d
c:program filesMicrosoft.NET
2009-01-26 01:21 . 2009-01-26 01:21d
c:program filesMicrosoft Visual Studio 8
2009-01-26 01:21 . 2009-01-26 01:21d
C:IDE
2009-01-26 01:19 . 2009-01-26 01:26d
c:windowsSHELLNEW
2009-01-26 01:18 . 2009-01-27 01:34d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-26 01:17 . 2009-01-26 01:17dr-h
C:MSOCache
2009-01-24 19:33 . 2009-01-24 19:33d
c:program filesBethesda Softworks
2009-01-24 00:58 . 2009-01-24 00:58d
c:program filesCreative
2009-01-24 00:43 . 2009-01-24 01:10d
c:program filesMafia
2009-01-24 00:43 . 2003-04-16 17:49 233,472 -ra
c:windowssystem32MafiaSetup.exe
2009-01-23 20:31 . 2009-01-23 20:32d
C:Build-a-lot 3 — Passport to Europe
2009-01-23 19:43 . 2009-01-23 19:43 30,208 —a
c:windowssystem32borlndmm.dll
2009-01-23 19:43 . 2009-01-28 17:54 830 —a
c:documents and settingsMaxApplication Datafieryads.dat
2009-01-23 19:42 . 2009-01-23 19:43d
c:program filesFieryAds
2009-01-22 21:24 . 2009-01-22 21:24d—h
c:windowsPIF
2009-01-17 20:37 . 2009-01-23 00:04d
c:documents and settingsAll UsersApplication DataHipSoft
2009-01-17 20:00 . 2009-01-17 20:00d
c:documents and settingsAll UsersApplication DataPlayrix Entertainment
2009-01-17 18:54 . 2009-01-28 18:31d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-01-17 18:53 . 2009-01-28 14:50d
c:program filesOberon Media
2009-01-17 18:53 . 2009-01-17 18:53d
c:program filesCommon FilesOberon Media
2009-01-16 18:33 . 2009-01-16 18:32 512,096 —a
c:windowssystem32driversamon.sys
2009-01-16 18:33 . 2009-01-16 18:32 298,104 —a
c:windowssystem32imon.dll
2009-01-16 18:33 . 2009-01-16 18:32 15,424 —a
c:windowssystem32driversnod32drv.sys
2009-01-16 17:44 . 2009-01-17 20:26d
c:program filesESET
2009-01-16 17:31 . 2008-12-01 17:10 98,168 —a
c:windowssystem32driversdwprot.sys
2009-01-16 17:27 . 2009-01-16 17:59d
c:program filesDrWeb
2009-01-16 17:27 . 2009-01-16 17:27d
c:program filesCommon FilesDoctor Web
2009-01-16 17:27 . 2009-01-16 17:27d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-01-16 12:00 . 2001-03-26 04:41 245,760 —a
c:windowssystem32mp4sds32.ax
2009-01-15 20:49 . 2009-01-15 20:49d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-14 23:45 . 2008-05-09 15:56 512,000
c— c:windowssystem32dllcachejscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 430,080
c— c:windowssystem32dllcachevbscript.dll
2009-01-14 23:45 . 2008-05-09 15:56 180,224
c— c:windowssystem32dllcachescrobj.dll
2009-01-14 23:45 . 2008-05-09 15:56 172,032
c— c:windowssystem32dllcachescrrun.dll
2009-01-14 23:45 . 2008-05-08 16:24 155,648
c— c:windowssystem32dllcachewscript.exe
2009-01-14 23:45 . 2008-05-09 13:45 135,168
c— c:windowssystem32dllcachecscript.exe
2009-01-14 23:45 . 2008-05-09 15:56 90,112
c— c:windowssystem32dllcachewshext.dll
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesPRMT6
2009-01-14 15:13 . 2009-01-14 15:13d
c:program filesCommon FilesPROject MT
2009-01-14 15:13 . 2009-01-14 15:13d
c:documents and settingsAll UsersApplication DataPROject MT
2009-01-14 02:54 . 2009-01-14 02:54d
c:documents and settingsLocalServiceРабочий стол
2009-01-14 02:03 . 2008-09-10 06:15 1,307,648
c— c:windowssystem32dllcachemsxml6.dll
2009-01-14 02:03 . 2008-04-14 21:17 86,016
c— c:windowssystem32dllcachemsxml6r.dll
2009-01-14 01:53 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-01-14 01:53 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-01-14 01:51 . 2006-12-29 00:31 19,569 —a
c:windows005728_.tmp
2009-01-14 00:55 . 2009-01-16 18:35 49 —a
c:windowstransp.gif
2009-01-13 20:13 . 2008-04-14 21:40 10,752
c:windowssystem32smtpapi.dll
2009-01-13 20:13 . 2008-04-14 21:40 9,728
c:windowssystem32rwnh.dll
2009-01-13 20:12 . 2004-07-17 11:40 19,528 —a
c:windows000001_.tmp
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2008-09-17 14:50dr-h
c:documents and settingsАдминистраторSendTo
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторRecent
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторPrintHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторNetHood
2009-01-13 16:23 . 2009-02-01 21:44d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2009-02-01 21:44d—h
c:documents and settingsАдминистраторLocal Settings
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2008-09-17 14:51d—s—- c:documents and settingsАдминистраторCookies
2009-01-13 16:23 . 2009-01-13 16:23d—s—- c:documents and settingsАдминистраторApplication DataMicrosoft
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59dr-h
c:documents and settingsАдминистраторApplication Data
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d—h
c:documents and settingsАдминистраторШаблоны
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторРабочий стол
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторМои документы
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59dr
c:documents and settingsАдминистраторГлавное меню
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2002-01-02 18:59d
c:documents and settingsАдминистраторИзбранное
2009-01-13 16:23 . 2009-01-13 16:23d
c:documents and settingsАдминистратор
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-13 16:23 . 2009-01-16 20:52 524,288 —ah
c:documents and settingsАдминистраторNTUSER.DAT
2009-01-07 17:11 . 2009-01-16 17:25d
c:program filesBuka
2009-01-07 16:32 . 2008-10-07 13:33 201,157 —a
c:windowssystem32nvapps.nvb
2009-01-07 16:22 . 2009-02-01 21:41 195,534 —a
c:windowssystem32nvapps.xml
2009-01-07 16:21 . 2009-01-07 17:02d
c:windowsnview
2009-01-07 00:00 . 2009-01-07 00:00d
c:documents and settingsMaxShaders
2009-01-06 00:39 . 2009-01-06 00:55d
c:documents and settingsMaxApplication DataFTPInfo
2009-01-05 03:04 . 2009-01-05 03:04d
c:program filesFL
2009-01-04 14:58 . 2009-01-26 01:27d
c:program filesMSBuild
2009-01-04 14:54 . 2009-01-04 14:54d
c:windowssystem32XPSViewer
2009-01-04 14:53 . 2009-01-04 14:53d
c:program filesReference Assemblies
2009-01-04 14:52 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2009-01-04 14:09 . 2009-01-04 14:09d
c:documents and settingsMaxApplication DataSony Setup
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesNokia
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesPCSuite
2009-01-01 15:25 . 2009-01-01 15:25d
c:program filesCommon FilesNokia
2009-01-01 15:25 . 2008-09-15 07:29 1,112,288 —a
c:windowssystem32wdfcoinstaller01007.dll
2009-01-01 15:25 . 2008-09-15 07:56 659,968 —a
c:windowssystem32nmwcdcocls.dll
2009-01-01 15:25 . 2008-09-15 07:56 22,016 —a
c:windowssystem32driversccdcmbo.sys
2009-01-01 15:25 . 2008-09-15 07:56 17,664 —a
c:windowssystem32driversccdcmb.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerfltj.sys
2009-01-01 15:25 . 2008-09-15 07:56 8,064 —a
c:windowssystem32driversusbser_lowerflt.sys
2009-01-01 14:40 . 2009-01-01 14:40d—hs—- c:documents and settingsMaxPhone Browser .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 16:28
d
w c:program filesArtMoney
2009-01-22 15:33
d—h—w c:program filesInstallShield Installation Information
2009-01-13 23:52
d
w c:program filesDAEMON Tools
2009-01-13 21:45 96,384 —-a-w c:windowssystem32driverssptd5181.sys
2009-01-05 18:56
d
w c:documents and settingsMaxApplication DataICQ
2009-01-04 21:09
d
w c:program filesSony
2009-01-04 09:08
d
w c:program filesSony Setup
2009-01-01 10:36
d
w c:documents and settingsMaxApplication DataPC Suite
2009-01-01 10:24
d
w c:documents and settingsAll UsersApplication DataInstallations
2009-01-01 09:43
d
w c:documents and settingsMaxApplication DataNokia
2008-12-30 22:11
d
w c:program filesMSXML 4.0
2008-12-30 22:00
d
w c:program filesCommon FilesAdobe
2008-12-30 21:53
d
w c:documents and settingsMaxApplication DataAdobeUM
2008-12-30 20:40 0 —ha-w c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-30 20:40 0 —ha-w c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2008-12-30 20:40
d
w c:documents and settingsAll UsersApplication DataPC Suite
2008-12-30 20:32
d
w c:program filesPC Connectivity Solution
2008-12-30 20:32
d
w c:program filesDIFX
2008-12-30 20:18
d
w c:documents and settingsAll UsersApplication DataNokia
2008-12-30 20:14
d
w c:program filesMSXML 6.0
2008-12-30 15:48
d
w c:documents and settingsMaxApplication Datakabauth
2008-12-25 10:48
d
w c:program filesSun
2008-12-25 10:47 410,984 —-a-w c:windowssystem32deploytk.dll
2008-12-25 10:47
d
w c:program filesJava
2008-12-24 14:35
d
w c:documents and settingsMaxApplication DataFLVPlayer4Free
2008-12-24 09:50
d
w c:program filesRegCure
2008-12-23 07:25
d
w c:program filesOblivion
2008-12-19 19:07 413,696 —-a-w c:windowssystem32wrap_oal.dll
2008-12-19 19:07 110,592 —-a-w c:windowssystem32OpenAL32.dll
2008-12-19 19:07
d
w c:program filesOpenAL
2008-12-19 17:53
d
w c:program filesOpera
2008-12-18 09:55
d
w c:program filesICQ6.5
2008-12-18 09:53
d
w c:program filesICQ6Toolbar
2008-12-18 09:53
d
w c:documents and settingsAll UsersApplication DataICQ
2008-12-18 09:13
d
w c:program filesWinPcap
2008-12-11 10:57 333,952 —-a-w c:windowssystem32driverssrv.sys
2008-11-17 16:34 323,072
w c:windowsMSVCRT.DLL
.((((((((((((((((((((((((((((( snapshot@2009-01-30_23.40.44,15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-01 16:41:14 16,384 —-atw c:windowstempPerflib_Perfdata_344.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«KabAuth»=»c:documents and settingsMaxРабочий столkabauth.exe» [2009-01-16 764928]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2003-05-29 790528]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-25 136600]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [BU]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [BU]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [BU]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-16 949376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2006-02-23 278528]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-01-27 155648]
«nwiz»=»nwiz.exe» [2008-10-07 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2005-12-20 22:57 176128 c:progra~1StardockOBJECT~1WINDOW~1WbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Games\CS16\hl.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Documents and Settings\Max\Рабочий стол\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Program Files\Opera\opera.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [2009-01-16 98168]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2009-01-16 15424]
R3 NPF;WinPcap Packet Driver (NPF);c:windowssystem32driversnpf.sys [2007-11-07 34064]
R4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-10-17 869688]
S4 SandBox;Outpost Firewall Sandbox Driver;??c:program filesAgnitumOutpost FirewallkernelSandbox.SYS —> c:program filesAgnitumOutpost FirewallkernelSandbox.SYS [?]
S4 SPIDER;SpIDer Guard File System Monitor;??c:progra~1DrWebspider.sys —> c:progra~1DrWebspider.sys [?]
S4 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe —> c:progra~1DrWebspidernt.exe [?]
.
Contents of the ‘Scheduled Tasks’ folder2009-02-01 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]2009-01-10 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:55]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
LSP: c:windowssystem32imon.dll
TCP: {8714271C-2B56-4017-9FB9-6CFDF91A7EB0} = 87.224.213.1,87.224.197.1
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 21:45:06
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-73586283-879983540-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(900)
c:progra~1StardockOBJECT~1WINDOW~1wbsrv.dll— — — — — — — > ‘lsass.exe'(960)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-02-01 21:46:48
ComboFix-quarantined-files.txt 2009-02-01 16:46:45
ComboFix2.txt 2009-01-30 18:41:34
ComboFix3.txt 2009-01-28 13:07:15Pre-Run: 12 808 417 280 байт свободно
Post-Run: 12,797,435,904 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
275 — E O F — 2009-01-26 20:35:14еще такая проблема: у меня еще был заражен набук тем-же самым вирусом. Сейчас на обоих компах все нормально только набук стал очень долго грузится (стартовать) и когда я хочу сделать дефрагментацию он очень сильно подгружается и сделать дефраг не удаеться
Combofix лог выглядит нормально. С этим компьютером больше проблем нет ?
набук стал очень долго грузится (стартовать) и когда я хочу сделать дефрагментацию он очень сильно подгружается и сделать дефраг не удаеться
Создайте новую тему по этому вопросу, затем скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.
Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба RSIT лога в ваше сообщение.
- Для ответа в этой теме необходимо авторизоваться.
