Night_Raven Публикувано Януари 16, 2009 Report Share Публикувано Януари 16, 2009 Не мисля, че е необходимо да сканираш с други програми. Проблемът не е бързото сканиране. То дори е за предпочитане пред пълното. Проблемът беше, че не беше задал на програмата да премахне това, което е открила. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Аз пък ще поискам лог от Combofix за да проверя/им за остатъци: 1. Спри System Restore: Десен бутон на My Computer => Properties => System Restore => слагаш отметка пред Turn Off System Restore Start => run => cleanmgr => More Options => System Restore => Clean UP 2. Спри защитата в реално време на антивирусната си програма. Изтегли Combofix: Запази го на десктопа. Веведи следната команда: http://img.photobucket.com/albums/v624/29wood/ka.png "%userprofile%\desktop\combofix.exe" /killall Копирай съдържанието на лог файла в следващия си пост. Цитирай Link to comment Сподели другаде More sharing options...
mavro Публикувано Януари 17, 2009 Author Report Share Публикувано Януари 17, 2009 Аз пък ще поискам лог от Combofix за да проверя/им за остатъци: Ето логфайла: ComboFix 09-01-16.03 - Administrator 2009-01-17 15:18:36.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.511.238 [GMT 2:00]Running from: c:\documents and settings\Administrator\desktop\combofix.exeCommand switches used :: /killallAV: avast! antivirus 4.8.1296 [VPS 090116-1] *On-access scanning disabled* (Updated)AV: ThreatFire *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))). 2009-01-17 13:54 . 2009-01-17 13:54 <DIR> d-------- c:\program files\Snap Clipboard2009-01-17 13:54 . 2009-01-17 13:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\snapclipboard2009-01-15 21:36 . 2009-01-15 21:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-15 21:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-01-15 21:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-01-15 21:34 . 2009-01-16 18:19 <DIR> d-------- c:\program files\SUPERAntiSpyware2009-01-15 21:34 . 2009-01-15 21:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2009-01-15 19:08 . 2009-01-15 19:25 <DIR> d-------- c:\program files\Folder Guide2009-01-15 19:04 . 2009-01-15 19:14 <DIR> d-------- c:\program files\ThreatFire2009-01-15 19:04 . 2009-01-17 15:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2009-01-15 19:04 . 2009-01-15 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools2009-01-15 19:04 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys2009-01-15 19:04 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys2009-01-15 19:04 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys2009-01-15 19:04 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys2009-01-14 18:00 . 2009-01-14 18:00 54,156 --ah----- c:\windows\QTFont.qfn2009-01-14 18:00 . 2009-01-14 18:00 1,409 --a------ c:\windows\QTFont.for2009-01-13 19:27 . 2009-01-13 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco2009-01-13 19:27 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys2009-01-13 19:26 . 2009-01-13 19:30 <DIR> d-------- c:\program files\Raxco2009-01-11 21:03 . 2009-01-11 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet2009-01-11 20:53 . 2009-01-11 20:53 <DIR> d-------- c:\program files\Bonjour2009-01-11 20:43 . 2009-01-11 20:43 <DIR> d-------- c:\program files\Common Files\Macrovision Shared2009-01-11 11:33 . 2009-01-11 11:33 <DIR> d---s---- c:\documents and settings\Administrator\UserData2009-01-10 14:36 . 2009-01-10 14:36 <DIR> d-------- c:\program files\Skype2009-01-10 14:36 . 2009-01-10 14:36 <DIR> d-------- c:\program files\Common Files\Skype2009-01-06 00:33 . 2009-01-06 00:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr2009-01-04 16:31 . 2009-01-04 16:32 <DIR> d-------- c:\program files\Microsoft Virtual PC2009-01-04 11:45 . 2009-01-04 11:45 <DIR> d-------- c:\program files\K-Lite Codec Pack2009-01-04 11:45 . 2008-09-19 23:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll2009-01-04 11:45 . 2008-09-24 20:41 839,680 --a------ c:\windows\system32\lameACM.acm2009-01-04 11:45 . 2008-12-07 20:08 795,648 --a------ c:\windows\system32\xvidcore.dll2009-01-04 11:45 . 2008-10-29 00:35 684,032 --a------ c:\windows\system32\divx.dll2009-01-04 11:45 . 2004-01-25 18:18 217,088 --a------ c:\windows\system32\yv12vfw.dll2009-01-04 11:45 . 2008-09-16 21:23 168,448 --a------ c:\windows\system32\unrar.dll2009-01-04 11:45 . 2008-12-07 20:08 130,048 --a------ c:\windows\system32\xvidvfw.dll2009-01-04 11:45 . 2007-09-21 02:52 118,784 --a------ c:\windows\system32\ac3acm.acm2009-01-04 11:45 . 2008-09-25 10:03 81,920 --a------ c:\windows\system32\dpl100.dll2009-01-04 11:45 . 2008-12-08 13:53 57,344 --a------ c:\windows\system32\ff_vfw.dll2009-01-04 11:45 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest2009-01-04 11:45 . 2008-10-03 14:30 414 --a------ c:\windows\system32\lame_acm.xml2009-01-03 13:26 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software2009-01-03 13:26 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TuneUp Software2009-01-03 13:26 . 2009-01-03 13:26 603,904 --a------ c:\windows\system32\TUProgSt.exe2009-01-03 13:25 . 2009-01-10 14:42 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}2009-01-03 12:07 . 2009-01-04 20:46 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser2009-01-03 12:06 . 2009-01-03 12:06 1,126 --a------ c:\windows\mozver.dat2009-01-03 12:01 . 2009-01-17 10:59 <DIR> d-------- c:\program files\LogMeIn2009-01-03 12:01 . 2009-01-03 12:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn2009-01-03 12:01 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll2009-01-03 12:01 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll2009-01-03 12:01 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys2009-01-03 12:01 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll2008-12-31 16:46 . 2008-12-31 16:46 <DIR> d-------- c:\windows\solcache2008-12-31 16:35 . 1999-06-17 10:49 1,204,224 --a------ c:\windows\system32\SierraNW.DLL2008-12-31 16:35 . 1999-06-17 10:49 233,472 --a------ c:\windows\system32\SNWValid.dll2008-12-31 16:35 . 1995-08-09 23:07 149,504 --a------ c:\windows\system32\MFCANS32.DLL2008-12-31 16:35 . 1995-01-13 14:10 108,032 --a------ c:\windows\system32\MFCUIA32.DLL2008-12-31 16:35 . 1999-06-15 15:05 44,544 --a------ c:\windows\system32\gif89.dll2008-12-31 16:35 . 2008-12-31 17:12 683 --a------ c:\windows\SIERRA.INI2008-12-31 16:23 . 2008-12-31 16:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro2008-12-31 16:23 . 2008-12-31 16:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools2008-12-31 16:22 . 2008-12-31 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite2008-12-31 16:21 . 2008-12-31 16:22 <DIR> d-------- c:\program files\DAEMON Tools Lite2008-12-31 16:10 . 2008-12-31 16:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite2008-12-31 16:10 . 2008-12-31 16:10 717,296 --a------ c:\windows\system32\drivers\sptd.sys2008-12-31 15:09 . 2008-12-31 15:11 <DIR> d-------- c:\program files\The KMPlayer2008-12-31 15:03 . 2008-12-31 15:05 5,423 --a------ c:\windows\BricoPackFoldersDelete.cmd2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR2008-12-31 13:12 . 2008-12-31 13:12 230,664 --a------ c:\windows\system32\PDBoot.exe2008-12-31 12:29 . 2008-12-31 12:29 <DIR> d-------- c:\program files\Toshiba2008-12-31 12:29 . 2008-12-31 12:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TOSHIBA2008-12-31 11:59 . 2008-12-31 11:59 <DIR> d-------- c:\windows\system32\Backup2008-12-31 11:59 . 2008-12-31 11:59 60,357 --a------ c:\windows\system32\uninstWMPbg.exe2008-12-31 11:59 . 2008-12-31 11:59 49 --a------ c:\windows\system32\Български интерфейс за Windows Media Player.url2008-12-31 10:58 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe2008-12-31 10:58 . 2008-12-31 10:58 658 --a------ c:\windows\AutumnLeaves.HLP.lnk2008-12-30 19:51 . 2008-12-30 19:51 <DIR> d-------- c:\documents and settings\Administrator\.dvdcss2008-12-30 14:54 . 2008-12-30 14:54 <DIR> d--h----- c:\windows\PIF2008-12-29 17:46 . 2008-12-31 12:29 <DIR> d----c--- c:\windows\system32\DRVSTORE2008-12-29 17:46 . 2008-12-29 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd2008-12-29 10:48 . 2009-01-17 15:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype2008-12-28 21:48 . 2007-10-12 03:57 195,096 --a------ c:\windows\system32\lvci1150.dll2008-12-28 21:47 . 2008-12-28 21:47 <DIR> d-------- c:\program files\Logitech2008-12-28 21:47 . 2008-12-29 17:46 <DIR> d-------- c:\program files\Common Files\LogiShrd2008-12-28 19:13 . 2008-12-28 19:18 8,192 --a------ c:\windows\system32\edb.chk2008-12-28 17:27 . 2008-12-28 17:33 <DIR> d-------- c:\windows\system32\NtmsData2008-12-28 14:26 . 2008-12-28 14:26 <DIR> d-------- c:\program files\Opera 10 Preview2008-12-28 12:25 . 2008-12-28 12:25 <DIR> d-------- c:\program files\Yamicsoft2008-12-28 12:13 . 2008-12-28 12:13 <DIR> d-------- c:\program files\UseNeXT2008-12-28 12:13 . 2009-01-14 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT2008-12-27 13:13 . 2008-12-27 13:23 <DIR> d-------- c:\program files\uTorrent2008-12-27 13:13 . 2009-01-17 15:05 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent2008-12-27 12:01 . 2008-12-31 15:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Software Informer2008-12-25 19:13 . 2008-12-25 19:13 13,416,432 --a------ c:\windows\system32\xa11737843.exe2008-12-25 19:13 . 2008-12-25 19:13 13,416,432 --a------ c:\windows\system32\xa11737359.exe2008-12-25 13:15 . 2008-12-25 13:15 0 --a------ c:\windows\system32\_r_a_p_.tmp2008-12-24 16:38 . 2009-01-11 20:53 <DIR> d-------- c:\program files\Common Files\Adobe2008-12-24 11:44 . 2008-12-24 11:45 <DIR> d-------- c:\program files\Winamp2008-12-24 11:44 . 2008-12-24 11:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp2008-12-22 18:26 . 2008-12-22 18:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\JLC's Software2008-12-21 19:23 . 2008-12-21 19:23 16,332 --ah----- c:\windows\system32\mlfcache.dat2008-12-21 15:07 . 2008-12-21 15:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UpdateStar2008-12-21 14:05 . 2008-12-21 14:18 <DIR> d-------- c:\program files\Microsoft Bootvis2008-12-20 17:45 . 2009-01-05 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\HDD Thermometer2008-12-20 17:45 . 2009-01-05 18:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\HDD Thermometer2008-12-19 20:42 . 2008-12-19 20:42 <DIR> d-------- c:\program files\TVUPlayer2008-12-19 20:41 . 2008-12-19 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks2008-12-19 20:41 . 2008-12-19 20:41 <DIR> d-------- c:\documents and settings\Administrator\LocalLow2008-12-18 20:32 . 2009-01-10 14:41 1,908 --a------ c:\windows\diagwrn.xml2008-12-18 20:32 . 2009-01-10 14:41 1,908 --a------ c:\windows\diagerr.xml2008-12-17 21:13 . 2008-12-25 13:14 <DIR> d-------- c:\windows\Downloaded Installations2008-12-17 21:11 . 1996-05-21 18:13 374,784 --a------ c:\windows\3dg32.dll2008-12-17 21:05 . 2008-12-17 21:05 <DIR> d--hs---- c:\windows\ftpcache2008-12-17 21:02 . 2008-12-17 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Protexis2008-12-17 21:00 . 2008-12-17 21:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\OpenOffice.org2008-12-17 20:58 . 2008-12-17 20:58 <DIR> d-------- c:\program files\OpenOffice.org 3 .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-17 08:59 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM2009-01-15 20:37 --------- d-----w c:\program files\Alwil Software2009-01-15 17:22 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-11 11:57 --------- d-----w c:\program files\Unlocker2009-01-10 12:36 --------- d-----w c:\documents and settings\All Users\Application Data\Skype2009-01-04 14:28 --------- d-----w c:\program files\Gadwin Systems2009-01-04 09:43 --------- d-----w c:\program files\DivX2008-12-31 17:39 --------- d-----w c:\documents and settings\Administrator\Application Data\LGAAS2008-12-31 17:37 --------- d-----w c:\program files\LG PC Suite II2008-12-31 13:05 71,502 ----a-w c:\windows\BricoPackUninst.cmd2008-12-31 11:14 --------- d-----w c:\program files\Notepad++2008-12-29 15:46 --------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2008-12-29 15:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Desktopicon2008-12-28 19:59 --------- d-----w c:\program files\Common Files\Logitech2008-12-28 18:59 141 --sh--w c:\program files\desktop.ini2008-12-28 17:31 --------- d-----w c:\program files\Windows Media Connect 22008-12-26 17:19 --------- d-----w c:\program files\Common Files\ACD Systems2008-12-26 09:03 --------- d-----w c:\program files\Google2008-12-24 18:24 --------- d-----w c:\program files\IObit2008-12-15 16:37 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems2008-12-14 17:54 --------- d-----w c:\program files\EasyBiorhythmCalculator2008-12-14 17:53 --------- d-----w c:\program files\Natural Biorhythms2008-12-14 16:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Notepad++2008-12-14 16:41 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit2008-12-12 16:24 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime2008-12-11 17:25 410,984 ----a-w c:\windows\system32\deploytk.dll2008-12-11 17:25 --------- d-----w c:\program files\Java2008-12-11 16:30 --------- d-----w c:\documents and settings\Administrator\Application Data\ooVoo Details2008-12-11 16:29 --------- d-----w c:\program files\ooVoo2008-12-11 16:26 --------- d-----w c:\program files\Paint.NET2008-12-10 19:29 --------- d-----w c:\program files\Sweet Home 3D2008-12-09 17:05 --------- d-----w c:\documents and settings\Administrator\Application Data\eTeks2008-12-07 18:54 --------- d-----w c:\program files\ProgDVB2008-12-07 18:04 --------- d-----w c:\documents and settings\Administrator\Application Data\ImgBurn2008-12-07 17:17 --------- d-----w c:\program files\ImgBurn2008-12-07 12:32 --------- d-----w c:\program files\Polyglot72008-12-07 10:49 --------- d-----w c:\program files\SMPlayer2008-12-06 06:35 218,624 ----a-w c:\windows\system32\uxtheme.dll2008-12-05 08:36 --------- d-----w c:\program files\filehippo.com2008-12-05 03:57 --------- d-----w c:\program files\Lavalys2008-12-05 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes2008-12-05 03:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes2008-12-05 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2008-12-04 07:31 --------- d-----w c:\documents and settings\Administrator\Application Data\LG Electronics2008-12-04 05:50 --------- d-----w c:\program files\LG Electronics2008-12-04 05:50 --------- d-----w c:\documents and settings\Administrator\Application Data\VSRevoGroup2008-12-03 05:37 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX2008-12-03 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\OLYMPUS2008-12-03 05:32 --------- d-----w c:\program files\OLYMPUS2008-12-03 04:05 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech2008-12-03 03:53 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield2008-12-02 08:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Ashampoo2008-12-02 08:46 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo2008-12-02 05:49 --------- d-----w c:\program files\GRETECH2008-12-02 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH2008-12-02 05:49 --------- d-----w c:\documents and settings\Administrator\Application Data\GRETECH2008-12-01 11:56 --------- d-----w c:\program files\Realtek2008-12-01 11:48 --------- d-----w c:\program files\VIA2008-12-01 11:47 --------- d-----w c:\program files\Common Files\InstallShield2008-12-01 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\ATI2008-12-01 11:41 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI2008-12-01 11:39 --------- d-----w c:\program files\ATI Technologies2008-12-01 10:38 --------- d-----w c:\program files\microsoft frontpage2008-12-01 08:20 --------- d-----w c:\program files\MLocator2008-12-01 07:47 --------- d-----w c:\program files\VS Revo Group2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll2008-10-28 19:05 593,920 ------w c:\windows\system32\ati2sgag.exe2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe2007-08-06 10:07 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll2007-07-18 12:54 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll2008-12-17 22:17 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-12-17 22:17 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-12-17 22:17 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-12-17 22:17 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-12-17 22:17 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll. ------- Sigcheck ------- 2008-04-14 14:00 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll2008-04-14 14:00 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll 2008-04-14 14:00 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe2008-04-14 14:00 975872 561a50497324f378e30f55d09b4e1258 c:\windows\system32\dllcache\explorer.exe 2008-04-14 14:00 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\wuauclt.exe2008-04-14 14:00 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\dllcache\wuauclt.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]"Snap Clipboard"="c:\program files\Snap Clipboard\SnapClipboard.exe" [2009-01-15 264704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"MouseLocator"="c:\program files\MLocator\MLocator.exe" [2006-02-08 241152]"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2008-11-17 263456]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0autocheck OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\ooVoo\\ooVoo.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="c:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675 R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-15 51488]R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-15 39200]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-15 111184]R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-12-07 24786]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-15 33056]R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-15 20560]R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-03 47640]R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]R4 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]S3 aswArKrn;aswArKrn;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [?]S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-12-07 45534]S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv.Contents of the 'Scheduled Tasks' folder 2009-01-14 c:\windows\Tasks\AWC AutoCare.job- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2009-01-06 11:32] 2009-01-14 c:\windows\Tasks\AWC AutoCare.job- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-14 19:16] 2009-01-17 c:\windows\Tasks\AWC AutoSweep.job- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 11:32] 2009-01-16 c:\windows\Tasks\AWC Update.job- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37] 2009-01-16 c:\windows\Tasks\AWC Update.job- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-14 19:16].- - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) .------- Supplementary Scan -------.uStart Page = hxxp://www.daemon-search.com/startpageuInternet Settings,ProxyOverride = *.localIE: &SearchIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: {C18B9571-BD33-483A-8853-1C0694BC14FB} = 80.72.72.9. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-17 15:22:33Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Snap Clipboard = c:\program files\Snap Clipboard\SnapClipboard.exe???????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]"OODEFRAG11.00.00.01WORKSTATION"="5BBA0537D93D9687D6F8C9B02BD17300462E84D617C2103CA95546D8F1EEAB0803B94C2E437C2C095BD7CA3768D1589B22538EE31D8DD14BCC026371CD19F3CF57005131AF4273A40AD1AFE638EED3280E2477B0DB57ACCE5E0BF8029B5939E4755852AFEB50C7666108BD085D0B61D712B0327F24435541880EC6E8E433902DCC14F8C0D3AC3ABA3719310C2ACC2CC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA6171C11EC38DE3DF380745CF23F7557698506D066EA552473DC3D1507D6734B056EAC0ACCBAB8591EC19662CC54141818296C00218F70B1BC763ADA334AF7E1ACBFC47A4520263A1CB41185D54CB071D88D2C574F143A4B227645AE87C55686521D2062944C5C6056444D3265C491A7F86C371EBBB617DFF608FE50E4CA31F16CC32C1ACE1EDCEF09DBA1FAE51F34E61903F33EC67AA0C261D97B25BF9B5FBF4673499E1FBBDBEBC1EBDE95D400C9BC2D13BD476324242BDA1E41B3203E6CF0FEEDCC11428CBDBFE5E945DBC550B51A7EE2E46D19BEA4B5B00B4EA8A200956A89FBFE3789BCA0B7AD4D8CCBDCBD90D72ABB2B050397D5DF845C11D3766D4DF2AA6A1FF7D83C530624145D0757B927AFA06AC70ACF42220ECDD0EEA860DB3B38FE87DBE02C3FD93F29BE555380787A3F2742669C4494288854A93EBFB962394BF4265BA48E3EEADC70D0879B3CF33F895517A57DB5A737F8B62FCCD4EDDA559FCF9F3795A2F5F13C82537A6C00685CF419431995115A5670E5AB5AC67DE4D30CA54EFAAE9CE40F9F3A54A6795758704B33A5C5EDD34EBE61A96B1A9A7BE32950E013280BC64F952B47E1FA965F884ABC389EA83793EADDA299C4347891FD808AC151356DFC3F8D692D93D9BECA81EE599013B0C375D855F0A40CC42BFBA039BE59EF09B9B17F31C7C57F9810DF109718F96EC00937077AEA8C1D5CA38AF865570FDB02F8E920F196BA4481CC79463055831D2FA4A5285794E6D57D74227ACA9F9D03F0D63F76F18C8D81D2D80579D8CC131347532431A8541E19A257B9DC64C7945A9926DE1A8841105B3E4084C1E72261C1C8F8AB5D5F766ECCB527DF9B6164D559B75B09E5C2346AFB69300F7DE35C7B26E49B46A9A3A96ADC18E3B274A3ED187BF50F15FADEC41A8FEFF9CECD896541BDC46715594C0278B61D30E6EA42C0673FF5FEE93ECFBAECC55E9482954B8A6989032AC871E876D14E0D56C548879E212A4D8A86D63FBD8854B6197B014B7FF90D2ED72A3DB863059A24412A95F029F8C304B67B3107DBE2F26FC59F7B63DAD1D5C80613CA3386F114918005A1326AF41698AD6DFDB605C85FF27C6B372096216F4A7075EB8204D03AF948DB80B1CFEFB2FA3C97301390".--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\Ati2evxx.dllc:\windows\system32\LMIinit.dllc:\windows\system32\LMIRfsClientNP.dllc:\program files\ThreatFire\TFWAH.dllc:\program files\ThreatFire\TFNI.dll - - - - - - - > 'lsass.exe'(916)c:\program files\ThreatFire\TFWAH.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LogMeIn\x86\ramaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exec:\program files\ThreatFire\TFService.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe.**************************************************************************.Completion time: 2009-01-17 15:25:02 - machine was rebootedComboFix-quarantined-files.txt 2009-01-17 13:24:58 Pre-Run: 44 887 310 336 bytes freePost-Run: 44,855,484,416 bytes free 380 Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Упорита гадинка. Изтегли The Avenger и я стартирай.Копирай следния текст (Ctrl+C и го пейстни в полето на The Avenger - Ctrl+V):Files to delete: C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\SYSTEM32\TDSSixgp.dll C:\WINDOWS\SYSTEM32\TDSSproc.log C:\WINDOWS\SYSTEM32\TDSSwkod.log C:\Documents and Settings\Chelsea\Local Settings\Temp\TDSSe8db.tmp c:\windows\system32\drivers\msqpdxserv.sys C:\resycled D:\resycled e:\resycled f:\resycled g:\resycled c:\windows\system32\TDSSweat.dat C:\WINDOWS\system32\drivers\TDSSmqlt.sys C:\windows\system32\drivers\tdssserv.sys C:\WINDOWS\system32\drivers\TDSSmact.sys C:\WINDOWS\system32\TDSSfpmp.dll C:\WINDOWS\system32\TDSSwpyd.dat C:\WINDOWS\system32\TDSStkdv.log C:\WINDOWS\system32\TDSSotxb.dll C:\WINDOWS\system32\TDSScrrn.dll C:\WINDOWS\system32\TDSSbvqh.dll C:\WINDOWS\system32\TDSSjnmx.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSkkbi.log c:\windows\system32\TDSSlrvd.dat c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSoiqt.dll c:\windows\system32\TDSSrhyp.log c:\windows\system32\TDSSrtqp.dll c:\windows\system32\TDSSsihc.dll c:\windows\system32\TDSSxfum.dll c:\windows\system32\TDSSmtve.dat c:\windows\system32\TDSSnirj.dat Drivers to delete: tdss tdssserv TDSSserv.SYS Service_TDSSSERV.SYS Legacy_TDSSSERV.SYS msqpdxserv.sys msqpdxserv Registry keys to delete: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata HKEY_LOCAL_MACHINE\SOFTWARE\tdss HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERVКликни бутон Execute и потвърди с Yes на всички въпроси.Ако системата забие на син екран след рестарта, това е нормално в случая. Просто я рестартирай, ако тя не се рестартира автоматично. След като Windows зареди. Обнови дефинициите на SUPERAntiSpyware и Malwarebytes' Anti-Malware и сканирай още веднъж, като после пусни логовете. Цитирай Link to comment Сподели другаде More sharing options...
mavro Публикувано Януари 17, 2009 Author Report Share Публикувано Януари 17, 2009 Това нормално ли е ? Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully.Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active.No rootkits found! Error: file "C:\WINDOWS\system32\brsvc01a.exe" not found!Deletion of file "C:\WINDOWS\system32\brsvc01a.exe" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\brss01a.exe" not found!Deletion of file "C:\WINDOWS\system32\brss01a.exe" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" not found!Deletion of file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSproc.log" not found!Deletion of file "C:\WINDOWS\SYSTEM32\TDSSproc.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" not found!Deletion of file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "C:\Documents and Settings\Chelsea\Local Settings\Temp\TDSSe8db.tmp"Deletion of file "C:\Documents and Settings\Chelsea\Local Settings\Temp\TDSSe8db.tmp" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "c:\windows\system32\drivers\msqpdxserv.sys" not found!Deletion of file "c:\windows\system32\drivers\msqpdxserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\resycled" not found!Deletion of file "C:\resycled" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "D:\resycled" not found!Deletion of file "D:\resycled" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "e:\resycled"Deletion of file "e:\resycled" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "f:\resycled"Deletion of file "f:\resycled" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "g:\resycled"Deletion of file "g:\resycled" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "c:\windows\system32\TDSSweat.dat" not found!Deletion of file "c:\windows\system32\TDSSweat.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found!Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found!Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found!Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found!Deletion of file "c:\windows\system32\TDSShrxr.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found!Deletion of file "c:\windows\system32\TDSSkkbi.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found!Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found!Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found!Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found!Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found!Deletion of file "c:\windows\system32\TDSSrhyp.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found!Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found!Deletion of file "c:\windows\system32\TDSSsihc.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found!Deletion of file "c:\windows\system32\TDSSxfum.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSmtve.dat" not found!Deletion of file "c:\windows\system32\TDSSmtve.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnirj.dat" not found!Deletion of file "c:\windows\system32\TDSSnirj.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdss" not found!Deletion of driver "tdss" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!Deletion of driver "tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TDSSserv.SYS" not found!Deletion of driver "TDSSserv.SYS" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Service_TDSSSERV.SYS" not found!Deletion of driver "Service_TDSSSERV.SYS" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Legacy_TDSSSERV.SYS" not found!Deletion of driver "Legacy_TDSSSERV.SYS" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv.sys" not found!Deletion of driver "msqpdxserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv" not found!Deletion of driver "msqpdxserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Да скрипта на Night_Raven не беше лош за прочистване на TDSS/SENEKA rootkit (и аз имам една подобна заготовка взета назаем от форма на MBAM) Отвори Notepad и въведи:Killall:: File:: c:\windows\QTFont.qfn c:\windows\QTFont.for c:\windows\system32\xa11737843.exe c:\windows\system32\xa11737359.exe c:\windows\system32\_r_a_p_.tmp c:\windows\system32\mlfcache.dat c:\windows\3dg32.dll C:\WINDOWS\system32\drivers\mchInjDrv.sys Driver:: mchInjDrv Dirlook:: c:\windows\Downloaded Installations sysrst:: Запази файла с име CFScript.txt и го провлачи с мишката в иконата на Combofix: http://img522.imageshack.us/img522/482/cfscriptyr1.gif Копирай лога в следващия си пост. Между другото Combo е свършил доста добра работа: ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Това нормално ли е ?Да, всичко е в реда на нещата. Цитирай Link to comment Сподели другаде More sharing options...
mavro Публикувано Януари 17, 2009 Author Report Share Публикувано Януари 17, 2009 Да скрипта на Night_Raven не беше лош за прочистване на TDSS/SENEKA rootkit (и аз имам една подобна заготовка взета назаем от форма на MBAM) Отвори Notepad и въведи:Killall:: File:: c:\windows\QTFont.qfn c:\windows\QTFont.for c:\windows\system32\xa11737843.exe c:\windows\system32\xa11737359.exe c:\windows\system32\_r_a_p_.tmp c:\windows\system32\mlfcache.dat c:\windows\3dg32.dll C:\WINDOWS\system32\drivers\mchInjDrv.sys Driver:: mchInjDrv Dirlook:: c:\windows\Downloaded Installations sysrst:: Запази файла с име CFScript.txt и го провлачи с мишката в иконата на Combofix: http://img522.imageshack.us/img522/482/cfscriptyr1.gif Копирай лога в следващия си пост. Между другото Combo е свършил доста добра работа: ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) ComboFix 09-01-16.04 - Administrator 2009-01-17 18:38:21.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.511.103 [GMT 2:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txtAV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning disabled* (Updated)AV: ThreatFire *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE ::c:\windows\3dg32.dllc:\windows\QTFont.forc:\windows\QTFont.qfnc:\windows\system32\_r_a_p_.tmpc:\windows\system32\drivers\mchInjDrv.sysc:\windows\system32\mlfcache.datc:\windows\system32\xa11737359.exec:\windows\system32\xa11737843.exe. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). c:\windows\3dg32.dllc:\windows\QTFont.forc:\windows\QTFont.qfnc:\windows\system32\_r_a_p_.tmpc:\windows\system32\mlfcache.datc:\windows\system32\xa11737359.exec:\windows\system32\xa11737843.exe .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_MCHINJDRV ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))). 2009-01-17 13:54 . 2009-01-17 13:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\snapclipboard2009-01-15 21:36 . 2009-01-15 21:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-15 21:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-01-15 21:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-01-15 21:34 . 2009-01-16 18:19 <DIR> d-------- c:\program files\SUPERAntiSpyware2009-01-15 21:34 . 2009-01-15 21:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2009-01-15 19:08 . 2009-01-15 19:25 <DIR> d-------- c:\program files\Folder Guide2009-01-15 19:04 . 2009-01-15 19:14 <DIR> d-------- c:\program files\ThreatFire2009-01-15 19:04 . 2009-01-17 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2009-01-15 19:04 . 2009-01-15 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools2009-01-15 19:04 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys2009-01-15 19:04 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys2009-01-15 19:04 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys2009-01-15 19:04 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys2009-01-13 19:27 . 2009-01-13 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco2009-01-13 19:27 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys2009-01-13 19:26 . 2009-01-13 19:30 <DIR> d-------- c:\program files\Raxco2009-01-11 21:03 . 2009-01-11 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet2009-01-11 20:53 . 2009-01-11 20:53 <DIR> d-------- c:\program files\Bonjour2009-01-11 20:43 . 2009-01-11 20:43 <DIR> d-------- c:\program files\Common Files\Macrovision Shared2009-01-11 11:33 . 2009-01-11 11:33 <DIR> d---s---- c:\documents and settings\Administrator\UserData2009-01-10 14:36 . 2009-01-10 14:36 <DIR> d-------- c:\program files\Skype2009-01-10 14:36 . 2009-01-10 14:36 <DIR> d-------- c:\program files\Common Files\Skype2009-01-06 00:33 . 2009-01-06 00:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr2009-01-04 16:31 . 2009-01-04 16:32 <DIR> d-------- c:\program files\Microsoft Virtual PC2009-01-04 11:45 . 2009-01-04 11:45 <DIR> d-------- c:\program files\K-Lite Codec Pack2009-01-04 11:45 . 2008-09-19 23:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll2009-01-04 11:45 . 2008-09-24 20:41 839,680 --a------ c:\windows\system32\lameACM.acm2009-01-04 11:45 . 2008-12-07 20:08 795,648 --a------ c:\windows\system32\xvidcore.dll2009-01-04 11:45 . 2008-10-29 00:35 684,032 --a------ c:\windows\system32\divx.dll2009-01-04 11:45 . 2004-01-25 18:18 217,088 --a------ c:\windows\system32\yv12vfw.dll2009-01-04 11:45 . 2008-09-16 21:23 168,448 --a------ c:\windows\system32\unrar.dll2009-01-04 11:45 . 2008-12-07 20:08 130,048 --a------ c:\windows\system32\xvidvfw.dll2009-01-04 11:45 . 2007-09-21 02:52 118,784 --a------ c:\windows\system32\ac3acm.acm2009-01-04 11:45 . 2008-09-25 10:03 81,920 --a------ c:\windows\system32\dpl100.dll2009-01-04 11:45 . 2008-12-08 13:53 57,344 --a------ c:\windows\system32\ff_vfw.dll2009-01-04 11:45 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest2009-01-04 11:45 . 2008-10-03 14:30 414 --a------ c:\windows\system32\lame_acm.xml2009-01-03 13:26 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software2009-01-03 13:26 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TuneUp Software2009-01-03 13:26 . 2009-01-03 13:26 603,904 --a------ c:\windows\system32\TUProgSt.exe2009-01-03 13:25 . 2009-01-10 14:42 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}2009-01-03 12:07 . 2009-01-04 20:46 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser2009-01-03 12:06 . 2009-01-03 12:06 1,126 --a------ c:\windows\mozver.dat2009-01-03 12:01 . 2009-01-17 10:59 <DIR> d-------- c:\program files\LogMeIn2009-01-03 12:01 . 2009-01-03 12:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn2009-01-03 12:01 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll2009-01-03 12:01 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll2009-01-03 12:01 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys2009-01-03 12:01 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll2008-12-31 16:46 . 2008-12-31 16:46 <DIR> d-------- c:\windows\solcache2008-12-31 16:35 . 1999-06-17 10:49 1,204,224 --a------ c:\windows\system32\SierraNW.DLL2008-12-31 16:35 . 1999-06-17 10:49 233,472 --a------ c:\windows\system32\SNWValid.dll2008-12-31 16:35 . 1995-08-09 23:07 149,504 --a------ c:\windows\system32\MFCANS32.DLL2008-12-31 16:35 . 1995-01-13 14:10 108,032 --a------ c:\windows\system32\MFCUIA32.DLL2008-12-31 16:35 . 1999-06-15 15:05 44,544 --a------ c:\windows\system32\gif89.dll2008-12-31 16:35 . 2008-12-31 17:12 683 --a------ c:\windows\SIERRA.INI2008-12-31 16:23 . 2008-12-31 16:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro2008-12-31 16:23 . 2008-12-31 16:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools2008-12-31 16:22 . 2008-12-31 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite2008-12-31 16:21 . 2008-12-31 16:22 <DIR> d-------- c:\program files\DAEMON Tools Lite2008-12-31 16:10 . 2008-12-31 16:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite2008-12-31 16:10 . 2008-12-31 16:10 717,296 --a------ c:\windows\system32\drivers\sptd.sys2008-12-31 15:09 . 2008-12-31 15:11 <DIR> d-------- c:\program files\The KMPlayer2008-12-31 15:03 . 2008-12-31 15:05 5,423 --a------ c:\windows\BricoPackFoldersDelete.cmd2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR2008-12-31 13:12 . 2008-12-31 13:12 230,664 --a------ c:\windows\system32\PDBoot.exe2008-12-31 12:29 . 2008-12-31 12:29 <DIR> d-------- c:\program files\Toshiba2008-12-31 12:29 . 2008-12-31 12:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TOSHIBA2008-12-31 11:59 . 2008-12-31 11:59 <DIR> d-------- c:\windows\system32\Backup2008-12-31 11:59 . 2008-12-31 11:59 60,357 --a------ c:\windows\system32\uninstWMPbg.exe2008-12-31 11:59 . 2008-12-31 11:59 49 --a------ c:\windows\system32\Български интерфейс за Windows Media Player.url2008-12-31 10:58 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe2008-12-31 10:58 . 2008-12-31 10:58 658 --a------ c:\windows\AutumnLeaves.HLP.lnk2008-12-30 19:51 . 2008-12-30 19:51 <DIR> d-------- c:\documents and settings\Administrator\.dvdcss2008-12-30 14:54 . 2008-12-30 14:54 <DIR> d--h----- c:\windows\PIF2008-12-29 17:46 . 2008-12-31 12:29 <DIR> d----c--- c:\windows\system32\DRVSTORE2008-12-29 17:46 . 2008-12-29 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd2008-12-29 10:48 . 2009-01-17 18:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype2008-12-28 21:48 . 2007-10-12 03:57 195,096 --a------ c:\windows\system32\lvci1150.dll2008-12-28 21:47 . 2008-12-28 21:47 <DIR> d-------- c:\program files\Logitech2008-12-28 21:47 . 2008-12-29 17:46 <DIR> d-------- c:\program files\Common Files\LogiShrd2008-12-28 19:13 . 2008-12-28 19:18 8,192 --a------ c:\windows\system32\edb.chk2008-12-28 17:27 . 2008-12-28 17:33 <DIR> d-------- c:\windows\system32\NtmsData2008-12-28 14:26 . 2008-12-28 14:26 <DIR> d-------- c:\program files\Opera 10 Preview2008-12-28 12:25 . 2008-12-28 12:25 <DIR> d-------- c:\program files\Yamicsoft2008-12-28 12:13 . 2008-12-28 12:13 <DIR> d-------- c:\program files\UseNeXT2008-12-28 12:13 . 2009-01-14 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT2008-12-27 13:13 . 2008-12-27 13:23 <DIR> d-------- c:\program files\uTorrent2008-12-27 13:13 . 2009-01-17 17:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent2008-12-27 12:01 . 2008-12-31 15:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Software Informer2008-12-24 16:38 . 2009-01-11 20:53 <DIR> d-------- c:\program files\Common Files\Adobe2008-12-24 11:44 . 2008-12-24 11:45 <DIR> d-------- c:\program files\Winamp2008-12-24 11:44 . 2008-12-24 11:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp2008-12-22 18:26 . 2008-12-22 18:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\JLC's Software2008-12-21 15:07 . 2008-12-21 15:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UpdateStar2008-12-21 14:05 . 2008-12-21 14:18 <DIR> d-------- c:\program files\Microsoft Bootvis2008-12-20 17:45 . 2009-01-05 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\HDD Thermometer2008-12-20 17:45 . 2009-01-05 18:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\HDD Thermometer2008-12-19 20:42 . 2008-12-19 20:42 <DIR> d-------- c:\program files\TVUPlayer2008-12-19 20:41 . 2008-12-19 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks2008-12-19 20:41 . 2008-12-19 20:41 <DIR> d-------- c:\documents and settings\Administrator\LocalLow2008-12-18 20:32 . 2009-01-10 14:41 1,908 --a------ c:\windows\diagwrn.xml2008-12-18 20:32 . 2009-01-10 14:41 1,908 --a------ c:\windows\diagerr.xml2008-12-17 21:13 . 2008-12-25 13:14 <DIR> d-------- c:\windows\Downloaded Installations2008-12-17 21:05 . 2008-12-17 21:05 <DIR> d--hs---- c:\windows\ftpcache2008-12-17 21:02 . 2008-12-17 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Protexis2008-12-17 21:00 . 2008-12-17 21:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\OpenOffice.org2008-12-17 20:58 . 2008-12-17 20:58 <DIR> d-------- c:\program files\OpenOffice.org 3 .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-17 16:42 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM2009-01-15 20:37 --------- d-----w c:\program files\Alwil Software2009-01-15 17:22 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-11 11:57 --------- d-----w c:\program files\Unlocker2009-01-10 12:36 --------- d-----w c:\documents and settings\All Users\Application Data\Skype2009-01-04 14:28 --------- d-----w c:\program files\Gadwin Systems2009-01-04 09:43 --------- d-----w c:\program files\DivX2008-12-31 17:39 --------- d-----w c:\documents and settings\Administrator\Application Data\LGAAS2008-12-31 17:37 --------- d-----w c:\program files\LG PC Suite II2008-12-31 13:05 71,502 ----a-w c:\windows\BricoPackUninst.cmd2008-12-31 11:14 --------- d-----w c:\program files\Notepad++2008-12-29 15:46 --------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2008-12-29 15:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Desktopicon2008-12-28 19:59 --------- d-----w c:\program files\Common Files\Logitech2008-12-28 18:59 141 --sh--w c:\program files\desktop.ini2008-12-28 17:31 --------- d-----w c:\program files\Windows Media Connect 22008-12-26 17:19 --------- d-----w c:\program files\Common Files\ACD Systems2008-12-26 09:03 --------- d-----w c:\program files\Google2008-12-24 18:24 --------- d-----w c:\program files\IObit2008-12-15 16:37 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems2008-12-14 17:54 --------- d-----w c:\program files\EasyBiorhythmCalculator2008-12-14 17:53 --------- d-----w c:\program files\Natural Biorhythms2008-12-14 16:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Notepad++2008-12-14 16:41 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit2008-12-12 16:24 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime2008-12-11 17:25 --------- d-----w c:\program files\Java2008-12-11 16:30 --------- d-----w c:\documents and settings\Administrator\Application Data\ooVoo Details2008-12-11 16:29 --------- d-----w c:\program files\ooVoo2008-12-11 16:26 --------- d-----w c:\program files\Paint.NET2008-12-10 19:29 --------- d-----w c:\program files\Sweet Home 3D2008-12-09 17:05 --------- d-----w c:\documents and settings\Administrator\Application Data\eTeks2008-12-07 18:54 --------- d-----w c:\program files\ProgDVB2008-12-07 18:04 --------- d-----w c:\documents and settings\Administrator\Application Data\ImgBurn2008-12-07 17:17 --------- d-----w c:\program files\ImgBurn2008-12-07 12:32 --------- d-----w c:\program files\Polyglot72008-12-07 10:49 --------- d-----w c:\program files\SMPlayer2008-12-05 08:36 --------- d-----w c:\program files\filehippo.com2008-12-05 03:57 --------- d-----w c:\program files\Lavalys2008-12-05 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes2008-12-05 03:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes2008-12-05 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2008-12-04 07:31 --------- d-----w c:\documents and settings\Administrator\Application Data\LG Electronics2008-12-04 05:50 --------- d-----w c:\program files\LG Electronics2008-12-04 05:50 --------- d-----w c:\documents and settings\Administrator\Application Data\VSRevoGroup2008-12-03 05:37 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX2008-12-03 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\OLYMPUS2008-12-03 05:32 --------- d-----w c:\program files\OLYMPUS2008-12-03 04:05 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech2008-12-03 03:53 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield2008-12-02 08:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Ashampoo2008-12-02 08:46 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo2008-12-02 05:49 --------- d-----w c:\program files\GRETECH2008-12-02 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH2008-12-02 05:49 --------- d-----w c:\documents and settings\Administrator\Application Data\GRETECH2008-12-01 11:56 --------- d-----w c:\program files\Realtek2008-12-01 11:48 --------- d-----w c:\program files\VIA2008-12-01 11:47 --------- d-----w c:\program files\Common Files\InstallShield2008-12-01 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\ATI2008-12-01 11:41 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI2008-12-01 11:39 --------- d-----w c:\program files\ATI Technologies2008-12-01 10:38 --------- d-----w c:\program files\microsoft frontpage2008-12-01 08:20 --------- d-----w c:\program files\MLocator2008-12-01 07:47 --------- d-----w c:\program files\VS Revo Group2007-08-06 10:07 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll2007-07-18 12:54 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll2008-12-17 22:17 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-12-17 22:17 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-12-17 22:17 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-12-17 22:17 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-12-17 22:17 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll. (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))). ---- Directory of c:\windows\Downloaded Installations ---- 2008-12-25 13:14 168326656 --a------ c:\windows\Downloaded Installations\{8C5C9D7E-5AAD-4331-8E77-F2D1045D7E33}\3D Home Architect Home Design Deluxe 6.msi 2008-12-25 13:13 4632 --a------ c:\windows\Downloaded Installations\{8C5C9D7E-5AAD-4331-8E77-F2D1045D7E33}\0x0409.ini 2008-12-17 21:13 44240896 --a------ c:\windows\Downloaded Installations\{8D6A43AB-D538-494F-92C3-B9DB7AEF7BB5}\2D Floor Plan Software.msi ------- Sigcheck ------- 2008-04-14 14:00 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll2008-04-14 14:00 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll 2008-04-14 14:00 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe2008-04-14 14:00 975872 561a50497324f378e30f55d09b4e1258 c:\windows\system32\dllcache\explorer.exe 2008-04-14 14:00 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\wuauclt.exe2008-04-14 14:00 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\dllcache\wuauclt.exe.((((((((((((((((((((((((((((( snapshot@2009-01-17_15.23.47.81 ))))))))))))))))))))))))))))))))))))))))).+ 2009-01-17 16:41:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_458.dat+ 2009-01-17 16:41:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat.((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))). 2009-01-17 18:41 245800 c:\program files\Alwil Software\Avast4\DATA\aswar0.dll2009-01-17 15:06 245800 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP2\A0000015.dll2009-01-17 18:34 245800 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000202.dll 2009-01-17 18:41 391216 c:\program files\Alwil Software\Avast4\DATA\clnr0.dll2009-01-17 15:06 391216 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP2\A0000013.dll2009-01-17 18:34 391216 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000200.dll 2009-01-17 18:41 9080 c:\program files\Alwil Software\Avast4\DATA\exts0.dll2009-01-17 15:06 9080 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP2\A0000014.dll2009-01-17 18:34 9080 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000201.dll c:\program files\Snap Clipboard\Hooks.dll2009-01-15 18:09 42496 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP3\A0000084.dll c:\program files\Snap Clipboard\lang\lang_Russian.dll2009-01-15 18:10 42496 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP3\A0000083.dll c:\program files\Snap Clipboard\SnapClipboard.exe2009-01-15 18:10 264704 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP3\A0000085.exe c:\program files\Snap Clipboard\unins000.exe2009-01-17 13:54 696240 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP3\A0000087.exe c:\windows\3dg32.dll1996-05-21 18:13 374784 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000185.dll 2008-11-26 19:15 97480 c:\windows\system32\AvastSS.scr2008-11-26 19:15 97480 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP2\A0000022.scr2008-11-26 19:15 97480 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000210.scr c:\windows\system32\xa11737359.exe2008-12-25 19:13 13416432 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000186.exe c:\windows\system32\xa11737843.exe2008-12-25 19:13 13416432 {7B3C5C0B-DFEE-45D9-BA28-132F71DCC219}\RP4\A0000187.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"MouseLocator"="c:\program files\MLocator\MLocator.exe" [2006-02-08 241152]"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2008-11-17 263456]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0autocheck OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\ooVoo\\ooVoo.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="c:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675 R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-15 51488]R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-15 39200]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-15 111184]R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-12-07 24786]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-15 33056]R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-15 20560]R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-03 47640]R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]R4 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]S3 aswArKrn;aswArKrn;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [?]S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-12-07 45534]S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - MCHINJDRV*Deregistered* - mchInjDrv.Contents of the 'Scheduled Tasks' folder 2009-01-14 c:\windows\Tasks\AWC AutoCare.job- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2009-01-06 11:32] 2009-01-14 c:\windows\Tasks\AWC AutoCare.job- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-14 19:16] 2009-01-17 c:\windows\Tasks\AWC AutoSweep.job- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 11:32] 2009-01-16 c:\windows\Tasks\AWC Update.job- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37] 2009-01-16 c:\windows\Tasks\AWC Update.job- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-14 19:16].- - - - ORPHANS REMOVED - - - - HKCU-Run-Snap Clipboard - c:\program files\Snap Clipboard\SnapClipboard.exe .------- Supplementary Scan -------.uStart Page = hxxp://www.daemon-search.com/startpageuInternet Settings,ProxyOverride = *.localIE: &SearchIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: {C18B9571-BD33-483A-8853-1C0694BC14FB} = 80.72.72.9. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-17 18:42:24Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]"OODEFRAG11.00.00.01WORKSTATION"="5BBA0537D93D9687D6F8C9B02BD17300462E84D617C2103CA95546D8F1EEAB0803B94C2E437C2C095BD7CA3768D1589B22538EE31D8DD14BCC026371CD19F3CF57005131AF4273A40AD1AFE638EED3280E2477B0DB57ACCE5E0BF8029B5939E4755852AFEB50C7666108BD085D0B61D712B0327F24435541880EC6E8E433902DCC14F8C0D3AC3ABA3719310C2ACC2CC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA6171C11EC38DE3DF380745CF23F7557698506D066EA552473DC3D1507D6734B056EAC0ACCBAB8591EC19662CC54141818296C00218F70B1BC763ADA334AF7E1ACBFC47A4520263A1CB41185D54CB071D88D2C574F143A4B227645AE87C55686521D2062944C5C6056444D3265C491A7F86C371EBBB617DFF608FE50E4CA31F16CC32C1ACE1EDCEF09DBA1FAE51F34E61903F33EC67AA0C261D97B25BF9B5FBF4673499E1FBBDBEBC1EBDE95D400C9BC2D13BD476324242BDA1E41B3203E6CF0FEEDCC11428CBDBFE5E945DBC550B51A7EE2E46D19BEA4B5B00B4EA8A200956A89FBFE3789BCA0B7AD4D8CCBDCBD90D72ABB2B050397D5DF845C11D3766D4DF2AA6A1FF7D83C530624145D0757B927AFA06AC70ACF42220ECDD0EEA860DB3B38FE87DBE02C3FD93F29BE555380787A3F2742669C4494288854A93EBFB962394BF4265BA48E3EEADC70D0879B3CF33F895517A57DB5A737F8B62FCCD4EDDA559FCF9F3795A2F5F13C82537A6C00685CF419431995115A5670E5AB5AC67DE4D30CA54EFAAE9CE40F9F3A54A6795758704B33A5C5EDD34EBE61A96B1A9A7BE32950E013280BC64F952B47E1FA965F884ABC389EA83793EADDA299C4347891FD808AC151356DFC3F8D692D93D9BECA81EE599013B0C375D855F0A40CC42BFBA039BE59EF09B9B17F31C7C57F9810DF109718F96EC00937077AEA8C1D5CA38AF865570FDB02F8E920F196BA4481CC79463055831D2FA4A5285794E6D57D74227ACA9F9D03F0D63F76F18C8D81D2D80579D8CC131347532431A8541E19A257B9DC64C7945A9926DE1A8841105B3E4084C1E72261C1C8F8AB5D5F766ECCB527DF9B6164D559B75B09E5C2346AFB69300F7DE35C7B26E49B46A9A3A96ADC18E3B274A3ED187BF50F15FADEC41A8FEFF9CECD896541BDC46715594C0278B61D30E6EA42C0673FF5FEE93ECFBAECC55E9482954B8A6989032AC871E876D14E0D56C548879E212A4D8A86D63FBD8854B6197B014B7FF90D2ED72A3DB863059A24412A95F029F8C304B67B3107DBE2F26FC59F7B63DAD1D5C80613CA3386F114918005A1326AF41698AD6DFDB605C85FF27C6B372096216F4A7075EB8204D03AF948DB80B1CFEFB2FA3C97301390".--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\Ati2evxx.dllc:\windows\system32\LMIinit.dllc:\windows\system32\LMIRfsClientNP.dllc:\program files\ThreatFire\TFWAH.dllc:\program files\ThreatFire\TFNI.dll - - - - - - - > 'lsass.exe'(916)c:\program files\ThreatFire\TFWAH.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LogMeIn\x86\ramaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exec:\program files\ThreatFire\TFService.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe.**************************************************************************.Completion time: 2009-01-17 18:44:48 - machine was rebooted [Administrator]ComboFix-quarantined-files.txt 2009-01-17 16:44:44ComboFix2.txt 2009-01-17 13:25:04 Pre-Run: 44,812,300,288 bytes freePost-Run: 44,772,950,016 bytes free 404 Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Изтегли и стартирай GMER. Изчакай мъничко, за да приключи с началното си сканиране. НЕ кликай Scan, а кликни Copy и после пейстни съдържанието във форума. Цитирай Link to comment Сподели другаде More sharing options...
mavro Публикувано Януари 17, 2009 Author Report Share Публикувано Януари 17, 2009 Изтегли и стартирай GMER. Изчакай мъничко, за да приключи с началното си сканиране. НЕ кликай Scan, а кликни Copy и после пейстни съдържанието във форума. GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2009-01-17 19:26:16Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spcf.sys ZwEnumerateKey [0xF84F5CA2]SSDT spcf.sys ZwEnumerateValueKey [0xF84F6030] ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 82FDB1F8 AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.14 ---- Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Няма следи от рууткити. Поне според GMER. Както вече споменах, можеш да направиш последни сканирания със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware, като не забравяш да им обновиш дефинициите. После можеш да метнеш тук логовете от сканиранията им. Като за финал можеш да свалиш ATF Cleaner (50KB), да поставиш отметки на Windows Temp, Current User Temp, All User Temp, Temporary Internet Files и Recycle Bin и да кликнеш Empty Selected. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 PS: За финал деинсталирай Combofix с командата: Start => Run => combofix /u http://i86.photobucket.com/albums/k86/alba123_2006/virus%20tool%20pics/combofix20u-1.jpg За да почистим и малките тулчета с които сме работили изтегли OtcleanIt и натисни CleanUp.След процедурата по почистването, самия файл Otcleanit.exe трябва да се самоизтрие. Ако ли не го изтрий ръчно. Цитирай Link to comment Сподели другаде More sharing options...
mavro Публикувано Януари 17, 2009 Author Report Share Публикувано Януари 17, 2009 Благодаря много и на двамата( Night_Raven и B-boy/StyLe/ ) за оказаната помощ ! Ето и поговете от двете програми: Malwarebytes' Anti-Malware 1.33Версия на базата от данни: 1661Windows 5.1.2600 Service Pack 3 2009-01-17 18:10:54mbam-log-2009-01-17 (18-10-54).txt Тип сканиране: Бързо сканиранеСканирани обекти: 50192Изминало време: 3 minute(s), 29 second(s) Заразени процеси в паметта: 0Заразени модули в паметта: 0Заразени ключове в регистратурата: 0Заразени стойности в регистратурата: 0Заразени информационни обекти в регистратурата: 0Заразени папки: 0Заразени файлове: 0 Заразени процеси в паметта:(Нямаше открити заплахи) Заразени модули в паметта:(Нямаше открити заплахи) Заразени ключове в регистратурата:(Нямаше открити заплахи) Заразени стойности в регистратурата:(Нямаше открити заплахи) Заразени информационни обекти в регистратурата:(Нямаше открити заплахи) Заразени папки:(Нямаше открити заплахи) Заразени файлове:(Нямаше открити заплахи) SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/17/2009 at 06:18 PM Application Version : 4.24.1004 Core Rules Database Version : 3714Trace Rules Database Version: 1689 Scan type : Quick ScanTotal Scan Time : 00:05:57 Memory items scanned : 439Memory threats detected : 0Registry items scanned : 338Registry threats detected : 0File items scanned : 4627File threats detected : 26 Adware.Tracking Cookie counter.search.bg [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .content.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .acronis.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b4pjj4np.default\cookies.txt ] Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 17, 2009 Report Share Публикувано Януари 17, 2009 Логовете са на практика чисти. Не броя следящите бисквитки, защото те са дреболии. Цитирай Link to comment Сподели другаде More sharing options...
liver Публикувано Януари 25, 2009 Report Share Публикувано Януари 25, 2009 Здрасти.След ъпдейт на superantispyware до версия....4.25.1012 сега при всеки старт на програмата,EVENT VIEWER\SISTEM винаги ми изкарва тази грешка.Програмата си работи,но това не ми харесва.При други подобни проблеми,грешки има ли?http://store.picbg.net/thumb/C1/CE/cda54190ef6bc1ce.JPG Също бих искал да попитам,след дейнсталиране на програмата остават остатъци от нея в регистрите.Безопасно ли е да ги изтрия през:run\regedit \find superantispyware?Благодаря ви предварително Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.