Re: Re: Не могу зайти в IE

[Romario01]

ComboFix 10-07-19.02 — Наумов Роман 20.07.2010 14:23:13.3.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1022.684 [GMT 1:00]
Running from: d:скачкиComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsНаумов РоманГлавное менюПрограммыАвтозагрузкаwwwznv32.exe
c:documents and settingsНаумов РоманApplication Dataavdrn.dat
c:program filesCommon Fileskeylog.txt
c:windowsa3kebook.ini
c:windowsakebook.ini
c:windowsANS2000.INI
c:windowssystem32bqbjyyb.exe
c:windowssystem32civaaku.exe
c:windowssystem32cpywwiz.exe
c:windowssystem32cyayyxv.exe
c:windowssystem32ealregsnapshot1.reg
c:windowssystem32eigwrqn.exe
c:windowssystem32qzpveqz.exe
c:windowssystem32tqsfdgj.exe
c:windowsxpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 13:29 . 2010-07-20 13:29 53248 —-a-w- c:tempcatchme.dll
2010-07-20 11:02 . 2010-07-20 11:02

---

d

---

w- C:rsit
2010-07-19 12:09 . 2010-07-19 12:09

---

d

---

w- C:mega
2010-07-18 11:40 . 2010-07-18 11:40 97280 —-a-w- c:windowssystem32gyqcri.exe
2010-07-17 22:46 . 2010-07-17 22:46 43520 —-a-w- c:windowssystem32ab2ce665.exe
2010-07-14 10:06 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe
2010-07-12 19:53 . 2009-03-04 00:18 73728 —-a-w- c:windowssystem32RtNicProp32.dll
2010-07-05 12:25 . 2010-07-05 14:40

---

d

---

w- c:documents and settingsНаумов РоманApplication DataiSendSMS
2010-07-05 12:23 . 2010-07-05 12:23

---

d

---

w- c:program filesiSendSMS
2010-07-05 12:14 . 2009-10-22 12:54 37392 —-a-w- c:windowssystem32drivers7992952.sys
2010-07-05 12:14 . 2009-09-25 16:59 128016 —-a-w- c:windowssystem32drivers7992951.sys
2010-07-05 12:14 . 2009-10-09 22:31 315408 —-a-w- c:windowssystem32drivers799295.sys
2010-07-02 21:56 . 2010-07-03 18:26

---

d

---

w- c:documents and settingsНаумов РоманApplication DataWebMoney
2010-06-26 17:32 . 2010-06-26 17:32

---

d

---

w- c:documents and settingsНаумов РоманApplication DataMicrosoft Shared
2010-06-26 17:32 . 2010-04-17 23:56 652288 —-a-w- c:documents and settingsНаумов РоманApplication DataMicrosoft SharedUninstallFirewallInstallHelper.dll
2010-06-26 17:32 . 2010-01-30 14:45 395184 —-a-w- c:documents and settingsНаумов РоманApplication DataMicrosoft SharedUninstallGameuxInstallHelper.dll
2010-06-25 18:44 . 2010-07-18 14:12

---

d

---

w- c:documents and settingsНаумов РоманDoctorWeb
2010-06-23 15:15 . 2010-06-23 15:15

---

d-sh—w- c:documents and settingsНаумов РоманIECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 11:02 . 2010-05-30 09:49

---

d

---

w- c:program filestrend micro
2010-07-19 14:03 . 2010-02-05 18:50

---

d

---

w- c:documents and settingsНаумов РоманApplication DataICQ
2010-07-18 10:17 . 2010-02-04 23:13

---

d

---

w- c:program filesShareman
2010-07-17 22:46 . 2010-07-17 22:46 12 —-a-w- c:windowssystem32configsystemprofileApplication Dataswqatk.dat
2010-07-16 17:38 . 2010-05-25 21:22

---

d

---

w- c:program filesOpera
2010-07-14 12:52 . 2010-02-04 14:18

---

d

---

w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-07-05 14:51 . 2010-04-18 18:02

---

d

---

w- c:documents and settingsНаумов РоманApplication DataSkype
2010-07-05 13:24 . 2010-04-18 18:08

---

d

---

w- c:documents and settingsНаумов РоманApplication DataskypePM
2010-07-03 18:27 . 2010-06-07 09:13

---

d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-06-26 23:03 . 2010-02-06 13:31

---

d

---

w- c:program files2gis
2010-06-23 19:01 . 2008-04-15 10:00 558312 —-a-w- c:windowssystem32perfh019.dat
2010-06-23 19:01 . 2008-04-15 10:00 107642 —-a-w- c:windowssystem32perfc019.dat
2010-06-22 19:04 . 2010-02-04 14:29

---

d—h—w- c:program filesInstallShield Installation Information
2010-06-15 17:49 . 2010-06-15 17:49

---

d

---

w- c:documents and settingsAll UsersApplication DatanView_Profiles
2010-06-14 14:31 . 2010-02-04 13:10 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-11 19:17 . 2010-02-05 20:14

---

d

---

w- c:program filesICQ7.0
2010-06-11 12:35 . 2010-02-12 13:02

---

d

---

w- c:program filesRadioClicker LITE
2010-06-09 20:42 . 2010-06-09 20:40

---

d

---

w- c:documents and settingsНаумов РоманApplication DataDAEMON Tools Lite
2010-06-09 20:41 . 2010-06-09 20:41

---

d

---

w- c:program filesDAEMON Tools Lite
2010-06-09 20:30 . 2010-02-04 13:15 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-06-09 20:19 . 2010-06-09 01:16

---

d

---

w- c:program filesCommon FilesOpera
2010-06-09 01:16 . 2010-02-04 13:48

---

d

---

w- c:documents and settingsНаумов РоманApplication DataAdobeUM
2010-06-04 17:04 . 2010-02-18 20:40

---

d

---

w- c:program filesMicrosoft Silverlight
2010-06-04 14:08 . 2010-03-09 14:40

---

d

---

w- c:program filesXvid
2010-06-04 10:34 . 2010-06-04 10:34

---

d

---

w- c:program filesAuslogics
2010-06-02 15:53 . 2010-02-04 14:29

---

d

---

w- c:program filesIEPro
2010-05-31 16:10 . 2010-05-31 16:10

---

d

---

w- c:documents and settingsAll UsersApplication DataCodemasters
2010-05-31 16:05 . 2010-05-31 16:05

---

d

---

w- c:program filesBRS
2010-05-31 16:05 . 2010-02-04 13:13 445016 —-a-w- c:windowssystem32wrap_oal.dll
2010-05-31 16:05 . 2010-02-04 13:13 109144 —-a-w- c:windowssystem32OpenAL32.dll
2010-05-31 11:06 . 2010-05-31 11:06

---

d

---

w- c:program filesOpenAL
2010-05-11 22:20 . 2010-02-04 14:35 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-05-06 10:35 . 2009-03-15 16:40 916480 —-a-w- c:windowssystem32wininet.dll
2010-05-02 12:33 . 2009-03-15 16:40 1860480 —-a-w- c:windowssystem32win32k.sys
2010-02-10 17:59 . 2010-02-10 17:58 3580 —-a-w- c:program filesCommon Filesunins000.dat
2010-02-10 17:58 . 2010-02-10 17:58 729072 —-a-w- c:program filesCommon Filesunins000.exe
2006-12-10 18:30 . 2010-02-04 13:19 225 —-a-r- c:program filesboot.ini
.

---

Sigcheck

---

[-] 2008-10-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys

[-] 2010-04-01 . FAD4579B18A9E134B5BAC0A88874E2FD . 509440 . . [5.1.2600.5512] . . c:windowssystem32winlogon.exe

[-] 2008-04-15 . 85461D19DA3F60CBF2B99DB254183AC3 . 653312 . . [5.82] . . c:windowssystem32comctl32.dll

[-] 2008-04-14 . 2BCDBCC87A74950CD0786E2A6B73F895 . 631808 . . [5.1.2600.5512] . . c:windowssystem32user32.dll

[-] 2008-04-15 . 06E454E5D1340DE9E4BF491E6C840AF0 . 1926144 . . [6.00.2900.5512] . . c:windowsexplorer.exe

[-] 2010-02-04 . 64F69CB7BF611283ABAF72864FBC14A6 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll

[-] 2008-04-15 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SkinClock»=»c:program filesAtomic Alarm ClockAtomicAlarmClock.exe» [2008-09-30 1740288]
«tPerm»=»c:program filestPermtPerm.exe» [2006-03-19 680960]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-02-01 2154496]
«exflashservice»=»c:program filesEPOXEFSEZ_FLASH_SERVICE.exe» [2006-05-02 408064]
«hwmdr»=»c:program filesEPoXEPTPEPTP.EXE» [2006-07-03 988160]
«CHotkey»=»mHotkey.exe» [2004-12-08 550912]
«ShowWnd»=»showwnd.exe» [2003-09-18 36864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640]
«BootSkin Startup Jobs»=»c:program filesStardockWinCustomizeBootSkinBootSkin.exe» [2004-04-26 270336]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-06-10 13758464]
«nwiz»=»nwiz.exe» [2009-06-10 1657376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-06-10 86016]
«2Gis Update Notifier»=»c:program files2gis3.02GISTrayNotifier.exe» [2010-06-04 3319640]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 577536]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 37376]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2009-03-08 128512]

c:documents and settingsЌ г¬®ў ђ®¬ ­ѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2010-2-4 831272]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Atomic Alarm Clock.lnk — c:program filesAtomic Alarm ClockAtomicAlarmClock.exe [2010-2-4 1740288]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,c:windowssystem32ab2ce665.exe,c:windowssystem32gyqcri.exe,»

[HKLM~startupfolderC:^Documents and Settings^Наумов Роман^Главное меню^Программы^Автозагрузка^setup_9.0.0.722_30.03.2010_21-04.lnk]
path=c:documents and settingsНаумов РоманГлавное менюПрограммыАвтозагрузкаsetup_9.0.0.722_30.03.2010_21-04.lnk
backup=c:windowspsssetup_9.0.0.722_30.03.2010_21-04.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\ICQ7.0\ICQ.exe»=
«c:\Program Files\ICQ7.0\aolload.exe»=
«c:\Program Files\TVUPlayer\TVUPlayer.exe»=
«d:\Игрушки\Napoleon — Total War\Napoleon.exe»=
«c:\Program Files\IEPro\MiniDM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Opera\opera.exe»=
«d:\Games\DiRT2\dirt2_game.exe»=
«d:\Games\3D Instructor 2.0 Home\bin\win32\Starter.exe»=
«d:\Games\Brothers in Arms — Hell’s Highway\Binaries\biahh.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Shareman\Shareman.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4
«9216:TCP»= 9216:TCP

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14.05.2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14.05.2009 16:49 94360]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [14.05.2009 16:47 731840]
R2 epcpuid;epcpuid;c:windowssystem32driversepcpuid.SYS [04.02.2010 14:37 2816]
R2 GetBINFile;GetBINFile;c:windowssystem32driversGetBinFile.SYS [04.02.2010 14:37 3200]
R2 hwmdr;hwmdr;c:windowssystem32drivershwmdr.SYS [04.02.2010 14:37 12288]
S3 2GISUpdateService;2GIS UpdateService;c:program files2gis3.02GISUpdateService.exe [04.06.2010 16:30 775512]
S3 EPScanMemory;EPScanMemory;c:program filesEPOXEPTPScanMemory32.sys [04.02.2010 14:37 2432]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [04.02.2010 14:15 691696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
UPHClean REG_MULTI_SZ UPHClean

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsNewUserCustom]
2009-03-08 03:32 128512 —-a-w- c:windowssystem32advpack.dll
.
Contents of the ‘Scheduled Tasks’ folder

2010-07-20 c:windowsTasksUser_Feed_Synchronization-{BC16DFA8-353D-4DC9-AB02-333030CB66CB}.job
— c:windowssystem32msfeedssync.exe [2010-02-04 03:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://libra.ccl.ru/
mStart Page = hxxp://www.rambler.ru/ra/
uInternet Settings,ProxyOverride = local
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
.
— — — — ORPHANS REMOVED — — — —

Toolbar-ITBar7Position — (no file)
AddRemove-Brothers in Arms — Hell’s Highway — d:gamesBrothers in Arms — Hell’s Highwayunins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 14:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(668)
c:windowssystem32SETUPAPI.dll

— — — — — — — > ‘lsass.exe'(724)
c:windowssystem32setupapi.dll
.
Completion time: 2010-07-20 14:31:50
ComboFix-quarantined-files.txt 2010-07-20 13:31

Pre-Run: 11 344 785 408 байт свободно
Post-Run: 11 974 696 960 байт свободно

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
— — End Of File — — 36E7FE45B6EBEDAF87F835F30500CBEC