Созданные ответы форума
-
Сообщения
-
Запустил ComboFix, по моему он ничего интересного не обнаружил.
Диск Е — флешка.Болячка сидит тихо и не проявляет себя, но я уверен что через пару часиков Аваст снова найдет руткит systems32 x
Вот отчет:
ComboFix 09-03-26.03 — Админ 2009-03-27 11:39:37.4 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.247.50 [GMT 2:00]
Running from: c:documents and settingsАдминРабочий столComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090205-1] *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.E:autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.2009-03-26 14:40 . 2009-03-26 14:40 52 —a
c:windowsSHARIKI9.INI
2009-03-16 11:42 . 2009-03-16 11:42 d
c:program filesMiranda IM
2009-03-16 11:42 . 2009-03-16 11:42 d
c:documents and settingsАдминApplication DataMiranda
2009-03-13 13:29 . 2009-03-13 13:30 d
c:program filesCommon FilesAdobe
2009-03-11 16:22 . 2004-08-03 23:01 25,856 —a
c:windowssystem32driversusbprint.sys
2009-03-11 16:22 . 2004-08-03 23:01 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-03-11 16:17 . 2009-03-10 09:37 254,920 —a
c:windowshplj1010.hi2
2009-03-11 16:17 . 2009-03-10 09:37 17,806 —a
c:windowshplj1010.bu2
2009-03-11 16:12 . 2009-03-11 16:14 67,753 —a
c:windowshplj1010.hi1
2009-03-11 16:12 . 2009-03-11 16:14 8,282 —a
c:windowshplj1010.bu1
2009-03-10 18:39 . 2009-03-10 18:39 d
c:documents and settingsAll UsersApplication Data2DBoy
2009-03-10 18:27 . 2009-03-10 18:27 d
c:windowsLogs
2009-03-10 18:27 . 2008-05-30 14:11 3,850,760 —a
c:windowssystem32D3DX9_38.dll
2009-03-10 18:27 . 2006-07-28 09:30 62,744 —a
c:windowssystem32xinput1_2.dll
2009-03-10 18:25 . 2009-03-10 18:25 d
c:program filesMario Forever Toolbar
2009-03-10 18:25 . 2009-03-10 18:25 407,129 —a
c:windowsMarioForever_Toolbar_Uninstaller_562.exe
2009-03-10 18:15 . 2004-08-03 23:08 26,496 —a—c— c:windowssystem32dllcacheusbstor.sys
2009-03-10 13:35 . 2009-03-27 08:31 d
c:documents and settingsАдминApplication DataOpenOffice.org2
2009-03-10 13:20 . 2009-03-10 13:20 d
c:documents and settingsАдминпрайсы разных фирм
2009-03-10 13:20 . 2009-03-10 13:20 d
c:documents and settingsАдминпрайсы разных фирм
2009-03-10 09:41 . 2008-04-28 09:59 180,224 -ra
c:windowssystem32igfxres.dll
2009-03-10 09:39 . 2009-03-10 09:39 d—h
c:program filesInstallShield Installation Information
2009-03-10 09:39 . 2009-03-10 09:39 d
c:program filesAttansic
2009-03-10 09:39 . 2009-03-11 16:14 45,056 —a
c:windowsNCUNINST.EXE
2009-03-10 09:35 . 2009-03-11 16:14 d
c:program filesHewlett-Packard
2009-03-10 09:33 . 2009-03-10 09:33 d
c:program filesCommon FilesSWF Studio
2009-03-10 09:33 . 2009-03-11 16:18 51,327 —a
c:windowshplj1010.his
2009-03-10 09:33 . 2009-03-11 16:18 6,104 —a
c:windowshplj1010.ini
2009-03-10 09:11 . 2009-03-10 09:11 d
c:documents and settingsТоргApplication DataInstallShield
2009-03-10 08:39 . 2009-03-09 15:37 d—h
c:documents and settingsАдминШаблоны
2009-03-10 08:39 . 2009-03-09 15:37 d—h
c:documents and settingsАдминШаблоны
2009-03-10 08:39 . 2009-03-27 11:38 d
c:documents and settingsАдминРабочий стол
2009-03-10 08:39 . 2009-03-27 11:38 d
c:documents and settingsАдминРабочий стол
2009-03-10 08:39 . 2009-03-13 13:41 dr
c:documents and settingsАдминМои документы
2009-03-10 08:39 . 2009-03-13 13:41 dr
c:documents and settingsАдминМои документы
2009-03-10 08:39 . 2009-03-10 13:34 dr
c:documents and settingsАдминГлавное меню
2009-03-10 08:39 . 2009-03-10 13:34 dr
c:documents and settingsАдминГлавное меню
2009-03-10 08:39 . 2009-03-10 08:40 dr
c:documents and settingsАдминИзбранное
2009-03-10 08:39 . 2009-03-10 08:40 dr
c:documents and settingsАдминИзбранное
2009-03-10 08:39 . 2009-03-22 15:54 d
c:documents and settingsАдмин
2009-03-10 08:35 . 2009-03-10 11:19 d
c:documents and settingsТоргApplication DataOpenOffice.org2
2009-03-10 08:30 . 2009-02-09 17:43 81,920 —a
C:возврат Delux.xls.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 14:04
d
w c:program filesCommon FilesInstallShield
2009-03-09 14:02
d
w c:program filesIntel
2009-03-09 13:59
d
w c:program filesAlwil Software
2009-03-09 13:52
d
w c:program filesOpenOffice.org 2.4
2009-03-09 13:50
d
w c:program files7-Zip
2009-03-09 13:40
d
w c:program filesmicrosoft frontpage
2004-08-18 12:00 166,440 —sha-r c:windowssystem32vfbyyxq.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2008-04-28 135168]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2008-04-28 159744]
«Persistence»=»c:windowssystem32igfxpers.exe» [2008-04-28 131072][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settings’®аЈѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
OpenOffice.org 2.4.lnk — c:program filesOpenOffice.org 2.4programquickstart.exe [2008-01-21 393216]c:documents and settingsЂ¤¬Ёѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
OpenOffice.org 2.4.lnk — c:program filesOpenOffice.org 2.4programquickstart.exe [2008-01-21 393216]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeReader 8.0Readerreader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk — c:program filesAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 734872][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«2570:TCP»= 2570:TCP:zcgtqR1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-03-09 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-03-09 20560]
S2 ydlfjrx;Support Server;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-03-09 38656]
S3 nsogq;nsogq;??c:windowssystem3201.tmp —> c:windowssystem3201.tmp [?]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ydlfjrx
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=0419&Ext=xls
uInternet Settings,ProxyOverride =
TCP: {40AC98A7-FBF6-4BA9-A8CC-D5F2765F0344} = 193.111.114.2,193.111.114.5
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 11:40:27
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesnsogq]
«ImagePath»=»??c:windowssystem3201.tmp»[HKEY_LOCAL_MACHINESystemControlSet001Servicesydlfjrx]
«ServiceDll»=»c:windowssystem32vfbyyxq.dll»
.
Completion time: 2009-03-27 11:41:33
ComboFix-quarantined-files.txt 2009-03-27 09:41:18Pre-Run: 18 568 142 848 байт свободно
Post-Run: 18,561,617,920 байт свободно127
