Созданные ответы форума
-
Сообщения
-
Пока всё работает прекрасно! И я доволен! Огромное спасибо, очень помог ваш сайт и ваш форум!
Использовал Flash_Disinfector. Потом Combofix с вашим скриптом.
ComboFix 09-01-06.01 — SuMKiN 2009-01-08 11:43:42.3 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.1279.926 [GMT 6:00]
Running from: c:documents and settingsSuMKiNРабочий столComboFix.exe
Command switches used :: c:documents and settingsSuMKiNРабочий столCFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090106-1] *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Recycle
c:recycleX-5-4-27-2345678318-4567890223-4234567884-2341Desktop.ini
c:recycleX-5-4-27-2345678318-4567890223-4234567884-2341RisinG.exe
C:SYSTEM.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.2009-01-07 21:16 . 2009-01-07 21:21 34,860 —a
c:documents and settingsSuMKiNsdddsd.exe
2009-01-07 14:55 . 2009-01-07 17:12 34,860 —a
c:documents and settingsSuMKiNsds2d201.exe
2009-01-06 01:54 . 2004-08-17 16:04 153,088 —a
c:windowssystem32irftp.exe
2009-01-06 01:54 . 2004-08-17 16:04 153,088 —a—c— c:windowssystem32dllcacheirftp.exe
2009-01-06 01:54 . 2004-08-17 16:04 27,136 —a
c:windowssystem32irmon.dll
2009-01-06 01:54 . 2004-08-17 16:04 27,136 —a—c— c:windowssystem32dllcacheirmon.dll
2009-01-06 01:54 . 2004-08-17 16:04 8,192 —a
c:windowssystem32wshirda.dll
2009-01-06 01:54 . 2004-08-17 16:04 8,192 —a—c— c:windowssystem32dllcachewshirda.dll
2009-01-04 22:13 . 2009-01-04 22:13d
c:program filesOffice Mouse Driver
2009-01-04 21:47 . 2004-08-18 18:00 13,463,552 —a—c— c:windowssystem32dllcachehwxjpn.dll
2009-01-04 21:46 . 2004-05-13 00:39 876,653 —a—c— c:windowssystem32dllcachefp4awel.dll
2009-01-04 21:45 . 2009-01-04 21:45 749 -rah
c:windowsWindowsShell.Manifest
2009-01-04 21:45 . 2009-01-04 21:45 749 -rah
c:windowssystem32wuaucpl.cpl.manifest
2009-01-04 21:45 . 2009-01-04 21:45 749 -rah
c:windowssystem32sapi.cpl.manifest
2009-01-04 21:45 . 2009-01-04 21:45 749 -rah
c:windowssystem32ncpa.cpl.manifest
2009-01-04 21:45 . 2009-01-04 21:45 488 -rah
c:windowssystem32logonui.exe.manifest
2009-01-04 21:16 . 2009-01-04 21:19d
c:program filestotalcmd
2008-12-29 14:40 . 2008-12-29 14:42 9 —a
c:windowsnfsc_patch.ini
2008-12-20 22:28 . 2008-12-20 22:28 410,984 —a
c:windowssystem32deploytk.dll
2008-12-16 20:47 . 2008-12-16 20:47d
c:documents and settingsAll UsersApplication DataInstallShield
2008-12-16 20:46 . 2008-12-16 20:47d
c:program filesCommon FilesJasc Software Inc
2008-12-16 20:45 . 2008-12-16 20:45d
c:program filesJasc Software Inc
2008-12-16 20:45 . 2008-12-16 20:45d
c:documents and settingsSuMKiNApplication DataJasc Software Inc
2008-12-16 20:43 . 2002-03-07 20:50 815,104 -ra
c:windowssystem32Flash.ocx
2008-12-14 17:06 . 2005-12-21 08:16 470,048 -ra
c:windowssystem32driversar5211.sys
2008-12-08 17:49 . 2008-12-08 17:49 131 —a
C:DelUS.bat.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 07:38
d
w c:program filesCommon FilesLogitech
2009-01-05 07:37
d—h—w c:program filesInstallShield Installation Information
2009-01-05 07:37
d
w c:program filesCommon FilesLogishrd
2009-01-05 07:35
d
w c:program filesLogitech
2009-01-05 07:20
d
w c:program filesOpera
2009-01-04 12:20
d
w c:program filesDownload Master
2008-12-30 16:40
d
w c:program filesPeers
2008-12-21 08:13
d
w c:program filesFieryAds
2008-12-20 18:34 827 —-a-w c:documents and settingsSuMKiNApplication Datafieryads.dat
2008-12-20 17:24
d
w c:documents and settingsSuMKiNApplication DataTeleca
2008-12-20 16:28
d
w c:program filesJava
2008-12-18 07:29 359,040 —-a-w c:windowssystem32driversTCPIP.SYS.ORIGINAL
2008-12-17 16:06 73,216 —-a-w c:windowsST6UNST.EXE
2008-12-17 16:06 286,720 —-a-w c:windowsSetup1.exe
2008-12-05 13:15
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2008-12-03 10:26 86,528 —-a-w c:windowsbnetunin.exe
2008-12-01 07:10
d
w c:program filesBookReader
2008-12-01 05:44
d
w c:documents and settingsSuMKiNApplication DataICQ
2008-11-30 10:18
d
w c:program filesICQ6
2008-11-30 09:34
d
w c:program filesICQ6Toolbar
2008-11-30 09:34
d
w c:documents and settingsAll UsersApplication DataICQ
2008-11-30 09:30
d
w c:documents and settingsSuMKiNApplication DataICQLite
2008-11-22 10:40
d
w c:program filesAlawar.ru
2008-11-20 12:30
d
w c:documents and settingsAll UsersApplication DataHipSoft
2008-11-17 11:47
d
w c:program filesGames.Mail.Ru
2008-11-11 01:27
d
w c:documents and settingsSuMKiNApplication DataGrym
2008-10-11 07:58 413,696 —-a-w c:windowssystem32wrap_oal.dll
2008-10-11 07:58 110,592 —-a-w c:windowssystem32OpenAL32.dll
2008-06-12 16:10 1 -c—a-w c:documents and settings!!!SI.bin
2008-01-28 10:03 17,696 -c—a-w c:documents and settings!!!Application DataGDIPFONTCACHEV1.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2003-05-29 790528]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-20 136600]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-26 81000]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«WireLessMouse»=»c:program filesOffice Mouse DriverStartAutorun.exe» [2005-11-30 94208]
«nwiz»=»nwiz.exe» [2007-12-05 c:windowssystem32nwiz.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2004-08-18 c:windowssystem32bthprops.cpl]
«CHotkey»=»mHotkey.exe» [2002-07-05 c:windowsmHotkey.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus Photo R800]
—a—c— 2005-01-13 10:00 98304 c:windowssystem32spooldriversw32x863E_FATI9YE.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
—a—c— 2005-06-24 14:16 278528 c:program filesiTunesiTunesHelper.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
-ra—c— 2007-06-13 07:16 528384 c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
—a—c— 2003-12-13 06:50 33792 c:program filesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Peers\Peers.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«d:\sdfsdfsdf\VLC\vlc.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«14131:TCP»= 14131:TCP:NortonAV
«16156:TCP»= 16156:TCP:NortonAVR1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-07-07 111184]
R4 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2008-07-07 20560]
R4 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [2008-11-30 222456]
S3 dump_wmimmc;dump_wmimmc;??d:games Lineage 2systemGameGuarddump_wmimmc.sys —> d:games Lineage 2systemGameGuarddump_wmimmc.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32driverss816bus.sys [2008-05-10 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32driverss816mdfl.sys [2008-05-25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32driverss816mdm.sys [2008-05-25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss816mgmt.sys [2008-05-25 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32driverss816nd5.sys [2008-05-25 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32driverss816obex.sys [2008-05-25 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32driverss816unic.sys [2008-05-25 97704]
.
.
Supplementary Scan
.
uStart Page = hxxp://start.icq.com/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 11:45:23
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINESystemControlSet001ControlMediaPropertiesPrivatePropertiesMidiPortsY%QNIQBN *NULL*OEEM@GM@^EMH *NULL* *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL* *NULL*[*NULL*-
.
Completion time: 2009-01-08 11:46:25
ComboFix-quarantined-files.txt 2009-01-08 05:46:23Pre-Run: 2 232 889 344 байт свободно
Post-Run: 2,220,138,496 байт свободно163 — E O F — 2008-07-28 11:24:54
