Проанализируйте лог пожалуйста!

[vikaSH]

Спасибо ComboFix помог, баннер удалился. Вкладываю Лог для того чтобы удостоверится что ничего не осталось
Contents of the ‘Scheduled Tasks’ folder

2009-11-19 h:windowsTasksSystemCheck.job
— h:windowssystem32syschk32.exe [2008-02-20 20:49]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru?clid=44093
IE: &Перевести с помощью ABBYY Lingvo… — h:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — h:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — h:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — h:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — h:program filesDownload Masterdmaster.exe
FF — ProfilePath — h:documents and settingsAdminApplication DataMozillaFirefoxProfilesrj6fwapc.default
FF — prefs.js: browser.search.selectedEngine — DAEMON Search
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/
FF — plugin: h:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: h:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: h:program filesMozilla Firefoxpluginsnpdm.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — h:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl3.rsa_seed_sha», true);
.
— — — — ORPHANS REMOVED — — — —

BHO-{E1890ED5-E02A-4B74-9AE4-299248B0CEB4} — %APPDATA%msmedia.dll
HKCU-Run-RGSC — h:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe
HKLM-Run-zzGBK — I:setup.exe
AddRemove-Need for Speed SHIFT_is1 — h:geymsNeed for Speed SHIFTunins000.exe
AddRemove-Star Wars The Clone Wars — Republic Heroes_is1 — h:geymsRepublic Heroesunins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: KERNEL1.EXE catchme.sys CLASSPNP.SYS disk.sys atapi.sys spgk.sys hal.dll >>UNKNOWN [0x89BC1938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf763bf28
DriverACPI -> ACPI.sys @ 0xf7496cb8
Driveratapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
DeviceHarddisk0DR0 -> DeleteProcedure -> KERNEL1.EXE @ 0x805e6686
ParseProcedure -> KERNEL1.EXE @ 0x8057b6b1
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47a21
SendHandler -> NDIS.sys @ 0xf7b2587b
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

Driveratapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys
Driveratapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys
Driveratapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys
Driveratapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7978B40 atapi.sys
Driveratapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys
Driveratapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys
Driveratapi IRP hooks detected !

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINESystemControlSet001EnumHIDVid_046d&Pid_c0466&1efab9a&0&0000LogConf]
@DACL=(02 0000)
.
Completion time: 2009-11-19 13:32
ComboFix-quarantined-files.txt 2009-11-19 11:32

Pre-Run: 186 848 350 208 байт свободно
Post-Run: 192 244 785 152 байт свободно

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
h:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU (bootscreen)» /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)CWINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Professional RU» /execute /fastdetect

— — End Of File — — 2506EC5124B728AB2CF7F90AA69516B3

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Вы вставили не полный лог. Запустите программу ещё раз и получившийся лог вставьте в ваше ответ.

[Автор]

Сообщения