Старожил
Сообщения: 150
Благодарности: 3
|
Профиль
|
Отправить PM
| Цитировать
ComboFix 10-11-15.06 - 1 16.11.2010 18:53:55.1.4 - x86
Microsoft Windows 7 Профессиональная 6.1.7600.0.1251.7.1049.18.3579.2688 [GMT 3:00]
Running from: c:\users\1\Desktop\ComboFix.exe
.
The following files were disabled during the run:
c:\windows\system32\vksaver.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\VKSaver
c:\program files\VKSaver\Readme.txt
c:\program files\VKSaver\uninstall.exe
c:\program files\VKSaver\VKSaverUI.exe
c:\program files\VKSaver\VKSaverUpdater.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Readme.txt.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\VKSaver.lnk
c:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\xxx_34~1\SOLUTI~1\PROGRA~1\RISING~2\RISIng~1.exe
----- BITS: Possible infected sites -----
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.
2010-11-16 14:43 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2C977C9-A597-4B4B-A0FD-D8503EB33B62}\mpengine.dll
2010-11-16 00:00 . 2009-09-04 14:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-16 00:00 . 2009-09-04 14:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-16 00:00 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-11-15 18:38 . 2010-11-15 18:55 -------- d-----w- C:\rsit
2010-11-15 18:38 . 2010-11-15 18:55 -------- d-----w- c:\program files\trend micro
2010-11-14 13:09 . 2010-11-15 04:09 -------- d-----w- c:\users\1\DoctorWeb
2010-11-13 19:05 . 2010-11-13 19:05 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-13 19:05 . 2010-11-13 19:05 -------- d-----w- c:\windows\system32\AGEIA
2010-11-13 19:05 . 2010-11-13 19:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-13 18:45 . 2010-11-13 19:05 -------- d-----w- c:\program files\Common Files\BioWare
2010-10-31 07:55 . 2010-10-31 07:55 -------- d-----w- c:\programdata\Estsoft
2010-10-31 07:55 . 2010-10-31 16:33 -------- d-----w- c:\users\1\AppData\Roaming\ESTsoft
2010-10-27 12:13 . 2010-10-27 12:14 -------- d-----w- c:\users\1\AppData\Roaming\SPORE
2010-10-27 05:08 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 05:08 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 05:08 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 05:08 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 05:08 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 17:51 . 2010-10-26 17:51 -------- d-----w- c:\program files\Buka
2010-10-26 17:35 . 2005-02-23 14:29 544768 ----a-w- c:\windows\system32\MSVCR71D.dll
2010-10-24 18:51 . 2010-10-24 18:50 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-10-22 14:52 . 2010-10-22 14:54 -------- d-----w- c:\users\1\AppData\Local\FalloutNV
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-08-12 11:12 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-13 22:36 . 2010-10-13 22:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-13 22:36 . 2010-10-13 22:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-07 23:21 . 2010-08-24 11:06 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-25 16:52 . 2010-09-25 16:52 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-25 16:45 . 2010-09-25 16:33 445936 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-08 04:30 . 2010-10-12 18:38 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-12 18:38 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-12 18:38 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-12 18:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-03 14:18 . 2010-10-06 15:34 395776 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-03 12:16 . 2010-10-06 15:34 3185640 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-09-03 12:16 . 2010-10-06 15:34 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-09-03 12:16 . 2010-10-06 15:34 1841768 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-09-03 12:16 . 2010-10-06 15:34 66664 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-09-03 12:15 . 2010-10-06 15:34 408168 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-09-03 12:15 . 2010-10-06 15:34 3605096 ----a-w- c:\windows\system32\RtkAPO.dll
2010-09-01 04:23 . 2010-10-12 18:37 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-12 18:37 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 12:28 . 2010-10-06 15:34 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-08-31 04:32 . 2010-10-12 18:38 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-12 18:38 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-12 18:37 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-12 18:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-12 18:37 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-12 18:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-12 18:37 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36 . 2010-10-12 18:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36 . 2010-10-12 18:37 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33 . 2010-10-12 18:37 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32 . 2010-09-15 05:29 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 11:22 . 2010-10-06 15:34 305568 ----a-w- c:\windows\system32\FMAPO.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Download Master"="c:\program files\Download Master\dmaster.exe" [2010-07-27 3803968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="d:\xxx[34rus]\games\buka\counter strike source\steam.exe" [2010-10-14 13:21 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2010-09-26 973168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . ђҐЈЁбва*жЁп Џа®¤гЄв*.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);c:\windows\system32\pr2ajtsc.exe svc [x]
R3 jatmlano;jatmlano;c:\users\1\AppData\Local\Temp\jatmlano.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1343400]
S0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);c:\windows\system32\drivers\pe3ajtsc.sys [2008-03-07 64640]
S0 ps7ajtsc;Stalker (Pro) Synchronization Driver (ps7ajtsc);c:\windows\system32\drivers\ps7ajtsc.sys [2008-03-07 68744]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-25 445936]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-08-12 2712176]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 172032]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [2010-09-26 973168]
S2 LoviOtvetUpService;LoviOtvet Service;c:\program files\LoviOtvet\LoviOtvetService.exe [2010-08-13 602624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 5320192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 150016]
S3 RTL8167;Драйвер Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=135293
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master - c:\program files\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files\Download Master\remdown.htm
TCP: {68971D0A-A6A0-452E-928B-E103FB604DB0} = 83.239.131.6 83.239.131.7
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-VKSaverUpdater - c:\program files\VKSaver\VKSaverUpdater.exe
AddRemove-Lost World Condemned_is1 - d:\xxx[34rus]\Games\S.T.A.L.K.E.R\gamedata\unins000.exe
AddRemove-VKSaver - c:\program files\VKSaver\uninstall.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Smith Micro\StuffIt 12.0.1\ArcNameService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\xxx[34rus]\Games\Buka\Counter Strike Source\Steam.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-11-16 19:00:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-16 16:00
Pre-Run: 40*575*086*592 байт свободно
Post-Run: 69*072*830*464 байт свободно
- - End Of File - - D9C68BAB99B0B9B3CB07D71DE0636C21
Это от ComboFix`a!
Вопрос - после проверки этой прогой на диске С появилось несколько новых папок типа resycle и прочего. Что это? Это так и должно быть?
И главный вопрос - что дальше?
|
|
-------
И да поможет Вам F1, да сохранит Вас F2. Во имя Control`a, Alt`a и святого Delet`a. Enter.
Отправлено: 19:40, 16-11-2010
| #16
|
