Созданные ответы форума
-
Сообщения
-
спасибо (:
ComboFix 09-07-04.09 — train 09.07.2009 14:41.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1279.753 [GMT 4:00]
Running from: c:documents and settingstrainРабочий столComboFix.exe
Command switches used :: c:documents and settingstrainРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingstrainApplication DataAdSubscribe
c:documents and settingstrainApplication DataAdSubscribeAdSubscribe.dat
c:documents and settingstrainApplication DataAdSubscribeAdSubscribe.dll
c:documents and settingstrainApplication DataAdSubscribeFeed.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed1.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed10.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed11.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed12.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed13.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed14.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed15.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed2.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed3.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed4.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed5.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed6.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed7.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed8.jpg
c:documents and settingstrainApplication DataAdSubscribeFeed9.jpg
c:documents and settingstrainApplication DataAdSubscribeFeedfeed.xml
c:documents and settingstrainApplication DataAdSubscribeUninstall.exe.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.2009-07-06 07:26 . 2009-07-06 09:52
d
w- c:documents and settingstrainApplication DataZoomBrowser EX
2009-07-05 18:57 . 2009-07-09 10:42
d
w- c:program filesAdware Agent
2009-07-05 18:54 . 2002-12-26 22:31 65536 —-a-w- c:windowssystem32bpssc1.1.dll
2009-07-05 18:54 . 2000-07-14 19:00 101888 —-a-w- c:windowssystem32VB6STKIT.DLL
2009-07-05 18:31 . 2005-09-23 03:29 626688 —-a-w- c:windowssystem32msvcr80.dll
2009-07-05 18:00 . 2009-07-05 18:00
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataOpera
2009-07-05 17:48 . 2009-07-05 17:48
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataSymantec
2009-07-05 17:48 . 2009-07-05 17:48
d
w- c:documents and settingsАдминистраторApplication DataAdSubscribe
2009-07-05 10:49 . 2009-07-05 10:49
d
w- c:program filesLavasoft
2009-06-25 23:14 . 2009-06-25 23:14
d
w- c:program filesCreative
2009-06-25 23:14 . 2002-06-06 10:38 139264 —-a-w- c:windowssystem32eax.dll
2009-06-25 23:14 . 1998-10-29 12:45 306688 —-a-w- c:windowsIsUninst.exe
2009-06-25 23:05 . 2003-04-09 09:28 233472 —-a-r- c:windowssystem32MafiaSetup.exe
2009-06-12 11:49 . 2009-06-12 11:49
d
w- c:program filesAVI MPEG ASF WMV Splitter.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 10:40 . 2009-02-09 17:42
d
w- c:program filesSymantec AntiVirus
2009-07-09 02:00 . 2009-02-09 17:11
d
w- c:documents and settingstrainApplication DatauTorrent
2009-07-06 09:51 . 2009-04-08 16:43
d
w- c:documents and settingsAll UsersApplication DataZoomBrowser
2009-07-05 18:33 . 2008-04-15 12:00 70336 —-a-w- c:windowssystem32perfc019.dat
2009-07-05 18:33 . 2008-04-15 12:00 432796 —-a-w- c:windowssystem32perfh019.dat
2009-07-05 18:30 . 2009-03-17 05:32 87787 —-a-w- c:documents and settingstrainApplication Datafieryads.dat
2009-07-03 06:30 . 2009-03-17 05:22
d
w- c:program filesFieryAds
2009-06-12 12:25 . 2009-02-09 17:08
d
w- c:program filesDownload Master
2009-05-29 19:40 . 2009-05-29 19:36
d
w- c:program filesBoxCloud
2009-05-29 19:37 . 2009-05-29 19:37
d
w- c:documents and settingstrainApplication DataBoxCloud
.((((((((((((((((((((((((((((( SnapShot@2009-07-05_19.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 09:13 . 2009-07-09 09:13 16384 c:windowsTempPerflib_Perfdata_38c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-20 124560]
«Adware Agent»=»c:program filesAdware AgentAdware Agent.exe» [2005-02-05 681984][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-12-20 124928][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32acaptuser32.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:*:Disabled:Adobe CSI CS4R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:windowssystem32driversSI3112r.sys [11.02.2009 14:53 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedeengineEraserUtilRebootDrv.sys [27.02.2009 21:01 101936]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:windowssystem32driversipfnd51.sys [26.03.2009 18:31 26752]
S3 SavRoam;SAVRoam;c:program filesSymantec AntiVirusSavRoam.exe [20.09.2006 14:52 118928]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Append Link Target to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {7AAD3F20-F1ED-4692-AC37-61BC9F24580B} = 172.16.1.240,62.117.85.76
TCP: {AB6577A9-2292-49BC-9812-981275082D1A} = 172.16.1.240,62.117.85.76
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 14:46
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(808)
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
.
Completion time: 2009-07-09 14:49
ComboFix-quarantined-files.txt 2009-07-09 10:48
ComboFix2.txt 2009-07-05 19:38Pre-Run: 15 028 801 536 байт свободно
Post-Run: 15 019 487 232 байт свободно138 — E O F — 2009-03-14 13:01
