SPYWARE-RU.COM

Созданные ответы форума

Просмотр 2 сообщений - с 1 по 2 (из 2 всего)

Автор

Сообщения
17 октября, 2010 в 10:19 пп в ответ на: Как удалить вирус Win32Olmarik.ZC из системы #31644
KSU
Participant
- Темы:1
- Сообщений:3
после всего я опять запустила антивирус …… а он опять показал етих же 2 заражонных обекта (((((((((((
17 октября, 2010 в 10:13 пп в ответ на: Как удалить вирус Win32Olmarik.ZC из системы #31643
KSU
Participant
- Темы:1
- Сообщений:3
Сделала все как написали и вот что получилось :

ComboFix 10-10-16.04 — Ksena 18.10.2010 1:04.1.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3069.2176 [GMT 3:00]
Running from: c:usersKsenaDesktopComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Install.exe
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersKsenaAppDataRoamingMicrosoftWindowsCookiesLBREGSMT.dat
c:usersKsenaAppDataRoamingMicrosoftWindowsCookiesLBREGSTZ.dat

BITS: Possible infected sites

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 22:09 . 2010-10-17 22:09

d

w- c:usersKsenaAppDataLocaltemp
2010-10-17 22:09 . 2010-10-17 22:09

d

w- c:usersDefaultAppDataLocaltemp
2010-10-13 11:53 . 2010-10-17 21:50

d

w- c:program filestrend micro
2010-10-13 11:53 . 2010-10-13 11:53

d

w- C:rsit
2010-10-12 18:49 . 2010-10-12 18:49 1409 —-a-w- c:windowsQTFont.for
2010-10-12 15:26 . 2010-10-12 15:26

d

w- c:program filesRegcleaner
2010-10-12 10:46 . 2010-10-12 10:46

d

w- c:usersKsenaAppDataLocalYandex
2010-10-12 10:46 . 2010-10-12 13:07

d

w- c:usersKsenaAppDataRoamingYandex
2010-10-12 08:08 . 2010-10-12 08:08

d

w- c:usersKsenaAppDataRoamingwinxrar
2010-10-11 19:30 . 2010-10-11 19:30

d

w- c:usersKsenaAppDataLocalChemTable Software
2010-10-11 19:19 . 2010-10-11 19:19

d

w- c:usersKsenaAppDataRoamingChemTable Software
2010-10-11 19:18 . 2010-10-12 10:45

d

w- c:usersKsenaAppDataLocalAnVir
2010-10-08 11:24 . 2010-10-08 11:24

d

w- c:program filesPRO100 Demo
2010-10-07 08:55 . 1998-10-29 13:45 306688 —-a-w- c:windowsIsUninst.exe
2010-09-29 13:48 . 2010-01-22 11:25 101376 —-a-w- c:windowssystem32driversewusbdev.sys
2010-09-29 13:48 . 2009-12-08 17:19 113664 —-a-w- c:windowssystem32driversewusbnet.sys
2010-09-29 13:48 . 2009-12-07 16:53 103168 —-a-w- c:windowssystem32driversewusbmdm.sys
2010-09-29 13:48 . 2007-08-09 01:06 23424 —-a-w- c:windowssystem32driversewdcsc.sys
2010-09-29 13:47 . 2010-09-29 13:49

d

w- c:program filesMobile Partner
2010-09-28 13:47 . 2010-09-28 13:47

d

w- c:usersKsena{3abe8f57-cbb1-4b73-9eea-e48f78923f3a}
2010-09-28 12:06 . 2010-09-28 12:06

d

w- c:usersKsena{04185c93-7618-4f5a-bb97-81dfb9f28fef}
2010-09-28 11:57 . 2010-09-28 11:57

d

w- c:usersKsena{63b28d39-1be4-4809-bdb6-729cdac547f9}
2010-09-27 12:56 . 2010-09-28 13:55

d

w- c:usersKsenaAppDataRoamingZTEEVDO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-21 202240]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RtHDVCpl»=»RtHDVCpl.exe» [2008-01-29 4911104]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2007-12-06 1029416]
«NDSTray.exe»=»NDSTray.exe» [BU]
«CAP3ON»=»c:windowssystem32spooldriversw32x863CAP3ONN.EXE» [2002-07-29 22528]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2010-03-12 202256]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2010-04-07 2145000]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2010-10-7 113664]
Network Server.lnk — c:program filesWIBUKEYServerWkSvMgr.exe [2009-11-9 3768320]
ЋЄ® б®бв®пЁп Canon LASER SHOT LBP-1120.LNK — c:windowsSystem32spooldriversw32x863CAP3LAK.EXE [2009-5-6 30720]

c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk — c:program filesToshibaTRDCReminderTRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:windowspssBluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:windowspssMicrosoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg0TCrdMain]
2008-01-22 10:25 712704 —-a-w- c:program filesToshibaFlashCardsTCrdMain.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2008-01-11 19:16 39792 —-a-w- c:program filesAdobeReader 8.0Readerreader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCamera Assistant Software]
2007-10-25 13:41 413696 —-a-w- c:program filesCamera Assistant Software for Toshibatraybar.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHSON]
2007-10-31 19:01 54608 —-a-w- c:program filesToshibaTBSHSON.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregITSecMng]
2007-09-28 12:03 75136 —-a-w- c:program filesToshibaBluetooth Toshiba StackItSecMng.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
2006-06-15 09:36 229376 —-a-w- c:program filesNokiaNokia PC Suite 6LaunchApplication.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPWRISOVM.EXE]
2008-03-14 23:50 233472 —-a-w- c:program filesPowerISOPWRISOVM.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2007-10-19 18:16 286720 —-a-w- c:program filesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSmoothView]
2008-01-25 07:22 509816 —-a-w- c:program filesToshibaSmoothViewSmoothView.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
2006-11-10 08:35 90112 —-a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2007-09-24 21:11 132496 —-a-w- c:program filesJavajre1.6.0_03binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtoolbar_eula_launcher]
2008-02-20 16:55 21504 —ha-w- c:tb_eulaEULALauncher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtopi]
2007-07-10 05:24 581632 —-a-w- c:program filesToshibaToshiba Online Product InformationTOPI.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToshiba Registration]
2007-05-04 10:05 571024 —-a-w- c:program filesToshibaRegistrationToshibaRegistration.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTPwrMain]
2008-01-17 12:27 431456 —-a-w- c:program filesToshibaPower SaverTPwrMain.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
2008-01-21 02:23 1008184 —-a-w- c:program filesWindows DefenderMSASCui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
2008-01-21 02:25 202240 —-a-w- c:program filesWindows Media Playerwmpnscfg.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
«DisableMonitoring»=dword:00000001

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:program filesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe [2008-03-09 65536]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:windowssystem32DRIVERSewusbdev.sys [2010-01-22 101376]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:windowssystem32driversIntcHdmi.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:windowssystem32DRIVERSCT_ZTEMT_U_USBSER.sys [x]
S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2010-04-07 114984]
S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2007-12-25 40960]
S2 eamonm;eamonm;c:windowssystem32DRIVERSeamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:program filesESETESET Smart Securityekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:windowssystem32DRIVERSepfwwfp.sys [2010-04-07 41312]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-03 126976]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:windowssystem32DRIVERSewusbnet.sys [2009-12-08 113664]
S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]

.
.

Supplementary Scan

.
uStart Page = hxxp://www.yandex.ru/?clid=46126
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} — c:program files4shared.comtb4sh1.dll
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} — c:program filesYandexYandexBarIEyndbar.dll
AddRemove-ArchShaders for V-Ray vol.1_is1 — c:program filesAutodesk3dsMax8archshadersuninstallunins000.exe
AddRemove-ArchShaders for V-Ray vol.2_is1 — c:3dsmax8archshadersuninstall2unins000.exe
AddRemove-V-Ray for 3dsmax 2009 for x86 — c:program filesChaos GroupV-Ray3dsmax 2009 for x86uninstallwininstaller.exe-uninstall=c:program filesChaos GroupV-Ray3dsmax 2009 for x86uninstallinstall.log

.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b5

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2010-10-18 01:10:54
ComboFix-quarantined-files.txt 2010-10-17 22:10

Pre-Run: 38 034 604 032 байт свободно
Post-Run: 38 354 198 528 байт свободно

— — End Of File — — 2E6F57C75A1D538A73E49E9977F1F670

ЖДУ ВАШЕГО ОТВЕТА …… СПАСИБО …
Автор

Сообщения