Имя пользователя:
Пароль:
 

Показать сообщение отдельно

Новый участник


Сообщения: 48
Благодарности: 0

Профиль | Отправить PM | Цитировать


Вложения
Тип файла: txt info.txt
(7.9 Kb, 12 просмотров)
Тип файла: txt log.txt
(46.9 Kb, 13 просмотров)

ЭТО ЛОГ ПО COMBO FIX !!!

Код: Выделить весь код
--------------------------------------------------------------------------------------------------------------
ComboFix 09-12-22.07 - Администратор 23.12.2009  16:34:31.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.3583.3306 [GMT 3:00]
Running from: d:\installs\Программы для Windows\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\keylog.txt
c:\program files\IEToolbar404\find404.com search engine\tbHElper.dll
c:\recycler\S-1-5-21-3504091190-7587853305-832207285-0224
c:\recycler\S-1-5-21-7951533974-4057461734-013824168-3203
c:\recycler\S-1-5-21-8019161374-7979388734-412460543-7387
c:\windows\logfile32.txt
c:\windows\system32\57.exe
c:\windows\system32\77.exe
c:\windows\system32\78.exe
c:\windows\system32\i
c:\windows\system32\vbrun100.dll
C:\x5p2a1x8j5w6.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


(((((((((((((((((((((((((   Files Created from 2009-11-23 to 2009-12-23  )))))))))))))))))))))))))))))))
.

2009-12-23 13:17 . 2009-12-23 13:17	--------	d-----w-	c:\documents and settings\Администратор\Local Settings\Application Data\ApplicationHistory
2009-12-23 13:17 . 2009-12-23 13:17	136	----a-w-	c:\documents and settings\Администратор\Local Settings\Application Data\fusioncache.dat
2009-12-23 13:16 . 2009-12-23 13:16	38912	----a-w-	c:\windows\system32\15.scr
2009-12-22 19:07 . 2009-12-22 19:07	38912	----a-w-	c:\windows\system32\26.scr
2009-12-22 18:32 . 2004-06-14 11:56	427864	----a-w-	c:\windows\system32\XceedZip.dll
2009-12-22 18:32 . 2009-12-22 18:32	--------	d-----w-	c:\program files\Driver-Soft
2009-12-22 18:13 . 2009-12-22 18:13	38912	----a-w-	c:\windows\system32\74.scr
2009-12-22 17:36 . 2009-12-22 17:36	--------	d-----w-	c:\documents and settings\Администратор\Local Settings\Application Data\Identities
2009-12-22 17:31 . 2009-12-22 19:08	135168	----a-w-	c:\windows\system32\mini.exe
2009-12-22 17:31 . 2009-12-22 19:08	147456	----a-w-	c:\windows\system32\Ms16.exe
2009-12-22 17:31 . 2009-12-22 17:31	38912	----a-w-	c:\windows\system32\44.scr
2009-12-22 17:23 . 2009-12-22 17:23	--------	d-----w-	c:\documents and settings\Администратор\Local Settings\Application Data\ESET
2009-12-22 17:20 . 2009-12-22 17:20	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-12-22 17:07 . 2009-12-22 17:07	--------	d-----w-	c:\documents and settings\Администратор\Application Data\ESET
2009-12-22 17:06 . 2009-12-22 17:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2009-12-22 16:00 . 2009-12-22 16:04	11264	----a-w-	c:\windows\system32\drivers\uze5otcy.sys
2009-12-22 13:45 . 2009-12-22 13:45	--------	d-----w-	c:\documents and settings\Администратор\Application Data\Malwarebytes
2009-12-22 13:45 . 2009-12-03 13:14	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 13:45 . 2009-12-22 13:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-12-22 13:45 . 2009-12-22 13:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 13:45 . 2009-12-03 13:13	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-12-22 10:42 . 2009-12-22 13:22	0	----a-w-	c:\windows\system32\drivers\vieqvowm.sys
2009-12-22 10:42 . 2009-12-22 10:42	--------	d-----w-	c:\program files\IEToolbar404
2009-12-22 10:42 . 2009-12-22 10:42	--------	d-----w-	c:\windows\Sun
2009-12-21 21:11 . 2009-12-23 03:58	67584	----a-w-	c:\windows\system32\ccda_v8.exe
2009-12-21 20:25 . 2009-12-21 20:25	388096	----a-r-	c:\documents and settings\Администратор\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 20:25 . 2009-12-21 20:25	--------	d-----w-	c:\program files\TrendMicro
2009-12-21 20:08 . 2009-12-21 20:08	--------	d-----w-	c:\documents and settings\Администратор\DoctorWeb
2009-12-21 19:55 . 2005-01-03 06:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2009-12-21 19:55 . 2009-12-21 19:55	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-12-21 19:55 . 2009-12-21 19:55	33824	----a-w-	c:\windows\system32\drivers\oreans32.sys
2009-12-21 18:58 . 2009-12-21 18:58	0	----a-w-	c:\windows\nsreg.dat
2009-12-21 18:58 . 2009-12-21 18:58	--------	d-----w-	c:\documents and settings\Администратор\Local Settings\Application Data\Mozilla
2009-12-21 18:37 . 2009-12-21 18:37	--------	d-----w-	c:\program files\FlylinkDC++

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 13:00 . 2009-12-21 14:38	--------	d-----w-	c:\program files\AIMP2
2009-12-22 18:36 . 2009-12-22 18:35	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-12-22 18:35 . 2009-12-22 18:35	--------	d-----w-	c:\documents and settings\Администратор\Application Data\Media Player Classic
2009-12-21 17:01 . 2009-12-21 14:47	--------	d-----w-	c:\program files\ACAD2000
2009-12-21 15:51 . 2009-12-21 14:07	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-21 15:38 . 2009-12-21 14:07	--------	d-----w-	c:\program files\Realtek
2009-12-21 14:50 . 2009-12-21 14:35	72224	----a-w-	c:\documents and settings\Администратор\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 14:47 . 2009-12-21 14:47	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2009-12-21 14:39 . 2009-12-21 14:34	--------	d-----w-	c:\program files\Total Commander
2009-12-21 14:37 . 2009-12-21 14:37	--------	d-----w-	c:\program files\Magic Gooddy
2009-12-21 14:35 . 2009-12-21 14:35	--------	d-----w-	c:\program files\RocketDock
2009-12-21 14:34 . 2009-12-21 14:34	--------	d-----w-	c:\program files\Opera
2009-12-21 14:34 . 2009-12-21 14:34	--------	d-----w-	c:\documents and settings\Администратор\Application Data\Nokia
2009-12-21 14:34 . 2009-12-21 14:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite
2009-12-21 14:34 . 2009-12-21 14:34	--------	d-----w-	c:\documents and settings\Администратор\Application Data\PC Suite
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\program files\Common Files\PCSuite
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\program files\Common Files\Nokia
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\program files\Nokia
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\program files\DIFX
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-12-21 14:30 . 2009-12-21 14:30	95232	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-21 14:30 . 2009-12-21 14:30	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-21 14:30 . 2009-12-21 14:30	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-21 14:30 . 2009-12-21 14:30	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-21 14:30 . 2009-12-21 14:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations
2009-12-21 14:29 . 2009-12-21 14:29	--------	d-----w-	c:\program files\VKLife
2009-12-21 14:28 . 2009-12-21 14:28	--------	d-----w-	c:\program files\Microsoft.NET
2009-12-21 14:22 . 2008-04-15 12:00	64760	----a-w-	c:\windows\system32\perfc019.dat
2009-12-21 14:22 . 2008-04-15 12:00	421150	----a-w-	c:\windows\system32\perfh019.dat
2009-12-21 14:07 . 2009-12-21 14:07	--------	d-----w-	c:\program files\AMD
2009-12-21 14:02 . 2009-12-21 14:02	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-12-21 14:02 . 2009-12-21 14:02	--------	d-----w-	c:\program files\Yahoo!
2009-12-21 13:54 . 2009-12-21 13:54	--------	d-----w-	c:\program files\microsoft frontpage
2009-12-21 13:54 . 2009-12-21 13:54	--------	d-----w-	c:\program files\VistaDriveIcon
2009-12-21 13:54 . 2009-12-21 13:54	717296	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-12-21 13:54 . 2009-12-21 13:53	--------	d-----w-	c:\program files\Java
2009-12-21 13:53 . 2009-12-21 13:53	--------	d-----w-	c:\program files\Common Files\Java
2009-12-21 13:51 . 2009-12-21 13:51	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 13:48 . 2009-12-21 13:48	22564	----a-w-	c:\windows\system32\emptyregdb.dat
2009-12-21 13:47 . 2009-12-21 13:47	--------	d-----w-	c:\program files\System
2009-12-21 13:47 . 2009-12-21 13:47	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-12-11 18:00 . 2009-12-22 18:35	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-11-25 08:19 . 2009-12-21 14:45	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-10-06 15:54 . 2009-12-21 16:38	5922816	----a-w-	c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 13:34 . 2009-12-21 16:38	18750976	----a-w-	c:\windows\RTHDCPL.EXE
2009-09-29 15:38 . 2009-12-21 15:38	352256	----a-w-	c:\windows\vncutil.exe
.

------- Sigcheck -------

[-] 2008-04-15 . EAEC6EA32BDABD7622371C10B8D68A17 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-07-16 . EC5B872AC2BF6DEA91D1DE3E8B8289BF . 76632 . . [7.1.6001.65] . . c:\windows\system32\wuauclt.exe

[-] 2008-07-16 . 4378CDCD0EDB9BA360B44591B09A50E7 . 691200 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-07-16 . 047953A8B30891F5F8F0BF68ABFEA339 . 2286592 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-07-16 . 371C41F777924F3EA3BFAD18C6A04502 . 584192 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-07-16 . FD5DD7FC4240E3DFFB0BBD40DBABF4B1 . 948224 . . [7.00.6000.20815] . . c:\windows\system32\wininet.dll

[-] 2008-07-16 . 5116FC3994DF129F40B9DDBCCC394195 . 1597952 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-07-16 . A20D3430A2FF4E619FE9FAA1D2FD2970 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-07-16 . 17A73D46CA1D681CEE05658A2F4419DA . 17408 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-07-16 . 9C8B91FF9F5CC6C6C17A1593255F46D3 . 2165248 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 16:54 717296]
R1 uze5otcy;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze5otcy.sys [22.12.2009 19:00 11264]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.12.2009 18:38 1684736]
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TCP: {5209C0EB-BC4A-4044-AE76-FCB63B2B6F2F} = 109.86.2.2,109.86.2.21
FF - ProfilePath - c:\documents and settings\Администратор\Application Data\Mozilla\Firefox\Profiles\4sxg4a6k.default\
FF - prefs.js: browser.search.selectedEngine - Google
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 16:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnz.sys >>UNKNOWN [0x8A472938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66aa
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66aa
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xbaf12bb0
 PacketIndicateHandler -> NDIS.sys @ 0xbaf01a0d
 SendHandler -> NDIS.sys @ 0xbaf15b40
user & kernel MBR OK 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(640)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_rus.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Opera\opera.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-12-23  16:40:53 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-23 13:40

Pre-Run: 12*106*149*888 байт свободно
Post-Run: 12*130*439*168 байт свободно

- - End Of File - - AD441557829FA26D59A76A89AEB4F41C

Последний раз редактировалось Drongo, 23-12-2009 в 19:44. Причина: Скрываем текст...


Отправлено: 18:11, 23-12-2009 | #27