Новости
Видео
Microsoft
Windows 10
Железо
Программы
Форум
Имя пользователя:
Пароль:
 

Название темы: Принесли на флешь Win32/Pacex.Gen вирус
Показать сообщение отдельно

Новый участник


Сообщения: 14
Благодарности: 1

Профиль | Отправить PM | Цитировать

Вложения
Тип файла: rar hijackthis.rar
(2.1 Kb, 21 просмотров)

Почему то только один файл main.txt появился , а файла extra.txt нет
текст из main.txt :

Deckard's System Scanner v20071014.68
Run by Vebr on 2008-07-20 17:34:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Vebr.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:52, on 20.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\usbdevice\explolrer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vebr\Рабочий стол\вредоносные коды\dss.exe
C:\DOCUME~1\Vebr\РАБОЧИ~1\ВРЕДОН~1\HIJACK~1\Vebr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrafficCompressor] C:\Program Files\TrafficCompressor\TCompres.exe /Autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Beeline GPRS Explorer] "C:\Program Files\Beeline\GPRS Explorer\gprsexpl.exe"
O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\usbdevice\explolrer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O23 - Service: Apple Mobile Device - Unknown owner - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 5854 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-19 22:22:16 0 d-a------ C:\WINDOWS\MFPTBULK
2008-07-19 22:22:06 0 d-------- C:\Program Files\MFPT
2008-07-19 18:19:10 0 d-------- C:\WINDOWS\usbdevice
2008-07-13 11:33:36 0 d-------- C:\flashnul
2008-07-13 11:13:13 53248 -ra------ C:\WINDOWS\system32\IoctlSvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
2008-07-13 00:11:05 0 d-------- C:\Program Files\Sony Corporation
2008-07-13 00:10:36 0 d-------- C:\Program Files\Sony
2008-07-04 23:16:35 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys <Not Verified; Beyond Logic http://www.beyondlogic.org; PortTalk Driver V2.0>
2008-07-01 23:32:04 10588 --a------ C:\WINDOWS\system32\drivers\mpfilt.sys
2008-07-01 20:37:55 0 d-------- C:\DriveKey
2008-06-30 22:59:07 0 d-------- C:\Program Files\QIP Infium
2008-06-30 22:59:07 0 d-------- C:\Program Files\Foxit Software
2008-06-29 19:17:29 9699328 --a------ C:\Documents and Settings\Vebr\NTUSER.DAT
2008-06-25 00:47:45 0 d-------- C:\Program Files\7tools
2008-06-23 02:49:19 0 d-------- C:\Program Files\AusLogics Disk Defrag
2008-06-22 21:44:22 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-22 10:59:12 4608 --a------ C:\WINDOWS\system32\R5CoInst.dll
2008-06-22 10:59:12 12800 --a------ C:\WINDOWS\system32\drivers\smccard.sys <Not Verified; OEM; usbic2k>
2008-06-22 10:59:12 21888 --a------ C:\WINDOWS\system32\drivers\eps2kt1.sys <Not Verified; ; USB Smart Card Driver>
2008-06-22 10:59:11 0 d-------- C:\Program Files\backupdrivers
2008-06-22 10:58:46 0 d-------- C:\Program Files\Software Installation Information
2008-06-22 10:54:00 0 d-------- C:\Program Files\ODEON
2008-06-20 22:43:00 45056 -ra------ C:\WINDOWS\system32\HotFixQ0306270.exe <Not Verified; Prolific Technology Inc.; USB Flash Disk>
2008-06-20 22:43:00 7424 -ra------ C:\WINDOWS\system32\drivers\plff.sys <Not Verified; Prolific Technology Inc.; Prolific Flash Disk>
2008-06-20 22:43:00 6528 --a------ C:\WINDOWS\system32\drivers\PL2515.sys <Not Verified; ; USB 2.0 SECURITY DEVICE>
2008-06-20 22:43:00 0 d-------- C:\Program Files\Prolific
2008-06-20 21:48:41 0 d-------- C:\Program Files\CardRecovery
2008-06-20 00:45:29 0 d-------- C:\Program Files\R-STUDIO NE


-- Find3M Report ---------------------------------------------------------------

2008-06-22 10:59:12 23312 --a------ C:\WINDOWS\system32\_shfoldr.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-13 23:16:42 0 d-------- C:\Program Files\ATI Technologies
2008-06-07 20:31:12 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-07 20:31:12 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-07 20:31:12 0 d-------- C:\Program Files\OpenAL
2008-06-07 01:19:46 0 d-------- C:\Program Files\Magic Gooddy
2008-06-07 01:03:58 349224 --a------ C:\WINDOWS\system32\perfh019.dat
2008-06-07 01:03:58 50206 --a------ C:\WINDOWS\system32\perfc019.dat
2008-06-07 00:24:38 0 d-------- C:\Documents and Settings\Vebr\Application Data\LGSync
2008-05-29 12:18:38 0 d-------- C:\Program Files\Axalto
2008-05-24 12:21:18 0 d-------- C:\Documents and Settings\Vebr\Application Data\Google
2008-05-23 00:52:54 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-22 23:06:22 0 d-------- C:\Program Files\Wray's Vector
2008-05-20 23:22:12 0 d-------- C:\Program Files\DirectCOM
2008-05-12 22:06:56 45056 --a------ C:\WINDOWS\system32\UTSCSI.EXE <Not Verified; ; UTSCSI Application>
2008-05-12 22:06:40 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [15.04.2005 06:01 C:\WINDOWS\SOUNDMAN.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [06.01.2008 21:51]
"TrafficCompressor"="C:\Program Files\TrafficCompressor\TCompres.exe" [22.10.2006 22:35]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02.11.2004 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"Prolific_PLUtil"="C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe" [12.04.2005 14:12]
"PLFFAP"="C:\WINDOWS\system32\HotfixQ0306270.exe" [05.08.2003 10:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 12:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [28.10.2005 16:25]
"Beeline GPRS Explorer"="C:\Program Files\Beeline\GPRS Explorer\gprsexpl.exe" [25.07.2006 19:17]
"Explorer"="C:\WINDOWS\usbdevice\explolrer.exe" [23.09.2007 01:21]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{223e2c8e-fd04-11dc-a43b-0015f23f85bf}]
AutoRun\command- H:\8.bat
explore\Command- H:\8.bat
open\Command- H:\8.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{862f2f3e-0ec9-11dd-a48a-0015f23f85bf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \Zuma-III-deluxe\Zuma3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f588cae-420c-11dd-a55c-0015f23f85bf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \Zuma-III-deluxe\Zuma3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d93e22d8-da89-11dc-a40d-0015f23f85bf}]
AutoRun\command- H:\8.bat
explore\Command- H:\8.bat
open\Command- H:\8.bat




-- End of Deckard's System Scanner: finished at 2008-07-20 17:35:08 ------------

Отправлено: 18:20, 20-07-2008 | #4

Название темы: Принесли на флешь Win32/Pacex.Gen вирус