ComboFix 09-09-18.02 — Кристина 20.09.2009 16:55.2.2 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1023.394 [GMT 4:00]
Running from: c:documents and settingsКристинаРабочий столComboFix.exe
Command switches used :: c:documents and settingsКристинаРабочий столCFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090919-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
«c:windowssystem32driverszdqmyvdo.sys»
«c:windowssystem32gswinva6.exe»
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windowsALCMTR.EXE
c:windowssystem32gswinva6.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ZBLBGUM
Service_zblbgum
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.
2009-09-17 14:57 . 2009-09-17 14:57
d
w- c:program filestrend micro
2009-09-17 14:57 . 2009-09-17 14:57
d
w- C:rsit
2009-09-16 22:54 . 2009-08-17 16:04 51376 —-a-w- c:windowssystem32driversaswTdi.sys
2009-09-16 22:54 . 2009-08-17 16:04 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-09-16 22:54 . 2009-08-17 16:03 26944 —-a-w- c:windowssystem32driversaavmker4.sys
2009-09-16 22:54 . 2009-08-17 16:02 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-09-16 22:54 . 2009-08-17 16:05 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-09-16 22:54 . 2009-08-17 16:06 93392 —-a-w- c:windowssystem32driversaswmon.sys
2009-09-16 22:54 . 2009-08-17 16:06 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-09-16 22:54 . 2009-08-17 16:05 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-09-16 22:53 . 2009-08-17 16:10 1279456 —-a-w- c:windowssystem32aswBoot.exe
2009-09-16 22:53 . 2009-09-16 22:53
d
w- c:program filesAlwil Software
2009-09-16 21:26 . 2009-09-16 21:26
d
w- c:documents and settingsAll UsersApplication DataTEMP
2009-09-16 20:17 . 2009-09-16 20:17
d
w- c:documents and settingsКристинаApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-16 20:16 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-16 20:16 . 2009-09-16 20:16
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-11 16:00 . 2009-09-11 16:00
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2009-09-09 12:58 . 2009-06-21 21:48 153088
w- c:windowssystem32dllcachetriedit.dll
2009-09-08 18:17 . 2009-09-08 18:17
d-sh—w- c:documents and settingsКристинаPrivacIE
2009-09-08 18:00 . 2009-09-08 18:00
d-sh—w- c:documents and settingsКристинаIETldCache
2009-09-08 17:56 . 2009-09-08 17:56
d
w- c:windowsie8updates
2009-09-08 17:54 . 2009-09-08 17:54
d—h—w- c:windowsie8
2009-09-08 17:54 . 2009-09-08 17:54
d
w- c:program filesMicrosoft Silverlight
2009-09-08 17:53 . 2009-09-08 17:53
d—h—w- c:windowsmsdownld.tmp
2009-09-08 17:47 . 2009-08-07 08:48 100352
w- c:windowssystem32dllcacheiecompat.dll
2009-09-08 17:47 . 2009-07-03 17:00 55296
w- c:windowssystem32dllcachemsfeedsbs.dll
2009-09-08 17:47 . 2009-07-03 17:00 246272
w- c:windowssystem32dllcacheieproxy.dll
2009-09-08 17:47 . 2009-07-03 17:00 12800
w- c:windowssystem32dllcachexpshims.dll
2009-09-08 17:47 . 2009-07-03 17:00 1985536
w- c:windowssystem32dllcacheiertutil.dll
2009-09-08 17:47 . 2009-07-03 17:00 594432
w- c:windowssystem32dllcachemsfeeds.dll
2009-09-01 14:26 . 2009-07-10 13:28 1315328
w- c:windowssystem32dllcachemsoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 21:49 . 2009-09-16 21:49 7396 —-a-w- c:windowssystem32driverspctcore.cat
2009-08-05 09:01 . 2004-09-22 13:51 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon Filesxing shared
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesCommon FilesReal
2009-07-28 11:39 . 2009-07-28 11:39
d
w- c:program filesReal
2009-07-17 19:03 . 2004-09-22 13:50 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 08:21 . 2004-09-22 13:51 49750 —-a-w- c:windowssystem32perfc019.dat
2009-07-13 08:21 . 2004-09-22 13:51 346690 —-a-w- c:windowssystem32perfh019.dat
2009-07-12 08:21 . 2004-09-22 13:51 233472 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 13:51 915456
w- c:windowssystem32wininet.dll
2009-06-25 08:27 . 2004-09-22 13:51 54272 —-a-w- c:windowssystem32wdigest.dll
2009-06-25 08:27 . 2004-09-22 13:51 56832 —-a-w- c:windowssystem32secur32.dll
2009-06-25 08:27 . 2004-09-22 13:51 147456 —-a-w- c:windowssystem32schannel.dll
2009-06-25 08:27 . 2004-09-22 13:51 136192 —-a-w- c:windowssystem32msv1_0.dll
2009-06-25 08:27 . 2004-09-22 13:51 732160 —-a-w- c:windowssystem32lsasrv.dll
2009-06-25 08:27 . 2004-09-22 13:51 301568 —-a-w- c:windowssystem32kerberos.dll
2009-06-24 11:18 . 2004-09-22 13:51 92928 —-a-w- c:windowssystem32driversksecdd.sys
2008-12-07 23:00 . 2008-12-07 22:59 2788800 —-a-w- c:program filesFLV PlayerFCSetup.exe
2008-12-07 22:59 . 2008-12-07 22:58 8320728 —-a-w- c:program filesFLV PlayerRCATSetup.exe
2008-12-07 22:55 . 2008-12-07 22:54 20938728 —-a-w- c:program filesFLV PlayerRCSetup.exe
2009-01-13 22:36 . 2006-12-26 11:22 67688 —-a-w- c:program filesmozilla firefoxcomponentsjar50.dll
2009-01-13 22:36 . 2006-12-26 11:22 54368 —-a-w- c:program filesmozilla firefoxcomponentsjsd3250.dll
2009-01-13 22:36 . 2006-12-26 11:22 46712 —-a-w- c:program filesmozilla firefoxcomponentsspellchk.dll
2009-01-13 22:36 . 2006-12-26 11:22 34944 —-a-w- c:program filesmozilla firefoxcomponentsmyspell.dll
2009-01-13 22:36 . 2006-12-26 11:22 172136 —-a-w- c:program filesmozilla firefoxcomponentsxpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-17_20.27.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 13:11 . 2009-09-20 13:11 16384 c:windowsTempPerflib_Perfdata_7d4.dat
+ 2009-09-19 11:45 . 2009-09-19 11:45 16384 c:windowsTempPerflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-04-16 24264488]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2006-12-13 987136]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-04-17 110592]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-03-16 7561216]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-03-16 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-02-15 49152]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-02 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-02-21 17920]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-04-14 667718]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-04-14 602182]
«EOUApp»=»c:program filesIntelWirelessBinEOUWiz.exe» [2006-04-14 569413]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2003-12-12 33792]
«EPSON Stylus Photo R220 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIAIE.EXE» [2005-03-09 98304]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2006-11-12 157592]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«QuickTime Task»=»c:program filesK-Lite Codec PackQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-07-28 198160]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-08-17 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-03-16 1519616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2006-05-04 16206848]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2006-12-26 278528]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-3-30 113664]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\UTORRENT.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Documents and Settings\Кристина\Рабочий стол\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.09.2009 2:54 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.09.2009 2:54 20560]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:windowssystem32driversSynMini.sys [17.10.2006 10:21 841110]
R3 SynScan;ASUS WebCam Still Image;c:windowssystem32driversSynScan.sys [17.10.2006 10:21 8278]
S2 gupdate1ca0f77dbc21edc;Служба Google Update (gupdate1ca0f77dbc21edc);c:program filesGoogleUpdateGoogleUpdate.exe [28.07.2009 15:37 133104]
.
Contents of the ‘Scheduled Tasks’ folder
2009-07-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 10:57]
2009-09-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]
2009-09-20 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-28 11:37]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — c:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
FF — ProfilePath — c:documents and settingsКристинаApplication DataMozillaFirefoxProfiles206vs1co.default
FF — prefs.js: browser.search.selectedEngine — ICQ Search
FF — prefs.js: keyword.URL — hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF — component: c:program filesMozilla Firefoxcomponentsxpinstal.dll
FF — component: c:program filesRealRealPlayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 17:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2492)
c:windowssystem32WININET.dll
c:program filesABBYY Lingvo 12LvHook.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:program filesINTELWIRELESSBINEVTENG.EXE
c:program filesINTELWIRELESSBINS24EVMON.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesCOMMON FILESAPPLEMOBILE DEVICE SUPPORTBINAPPLEMOBILEDEVICESERVICE.EXE
c:program filesCOMMON FILESMICROSOFT SHAREDVS7DEBUGMDM.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:program filesINTELWIRELESSBINREGSRVC.EXE
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowsATK0100ATKOSD.exe
c:windowsSYSTEM32ACENGSVR.EXE
c:progra~1IntelWirelessBinDot1XCfg.exe
c:program filesALWIL SOFTWAREAVAST4ASHDISP.EXE
c:program filesiPodbiniPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-20 17:16 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 13:16
ComboFix2.txt 2009-09-17 20:30
Pre-Run: 18 836 209 664 байт свободно
Post-Run: 19 724 091 392 байт свободно
212 — E O F — 2009-09-09 23:01
