Валерий добрый день.Провел вышесказанную операцию.Симптомы следующие.Отключился интернет.Позвонил провайдеру разбирались в настройках интернет заработал.Попросили обновит драйвера и поискать вирус т.к. происходит сбой.Прилагаю лог:
ComboFix 10-02-07.04 — Dmitriy 08.02.2010 0:00.4.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.535 [GMT 3:00]
Running from: G:ComboFix.exe
Command switches used :: c:documents and settingsDmitriyРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
«c:windowssystem32Driversati3fnxx.sys»
«c:windowssystem32Driversati3kaxx.sys»
«c:windowssystem32Driversati4tlxx.sys»
«c:windowssystem32Driversati8fhxx.sys»
«c:windowssystem32Driversati8nnxx.sys»
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_ati3fnxx
Service_ati3kaxx
Service_ati4tlxx
Service_ati8fhxx
Service_ati8nnxx
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-06 20:00 . 2004-08-26 19:43 56320 —-a-w- c:windowssystem32DeltTray.exe
2010-02-06 20:00 . 2004-09-10 08:28 291456 —-a-w- c:windowssystem32driversdelta.sys
2010-02-06 20:00 . 2004-08-13 08:37 19968 —-a-w- c:windowssystem32deltasio.dll
2010-02-06 20:00 . 2004-09-09 13:45 44032 —-a-w- c:windowssystem32deltapnl.dll
2010-02-06 20:00 . 2004-09-09 13:45 1122304 —-a-w- c:windowssystem32deltapnl.exe
2010-02-06 19:59 . 2010-02-06 20:00
d
w- c:program filesM-Audio Delta
2010-02-05 09:23 . 2010-02-05 09:23
d
w- c:documents and settingsDmitriySecurityScans
2010-02-03 07:21 . 2003-05-30 15:31 212992 —-a-w- c:windowssystem32ReWire.dll
2010-02-03 07:20 . 2010-02-03 07:20
d
w- c:program filesAbleton
2010-02-02 21:39 . 2010-02-02 21:39
d
w- c:documents and settingsDmitriyApplication DataURSoft
2010-02-02 19:30 . 2010-02-02 19:30 60416 —-a-w- c:windowsALCFDRTM.EXE
2010-02-02 19:26 . 2010-02-02 19:26
d
w- c:windowssystem32Lang
2010-02-02 19:23 . 2004-07-02 11:49 57344 —-a-r- c:windowsALCMTR.EXE
2010-02-02 19:23 . 2004-02-27 02:10 156160 —-a-r- c:windowssystem32RTLCPAPI.dll
2010-02-02 19:23 . 2004-07-05 10:05 2550272 —-a-r- c:windowsALCWZRD.EXE
2010-02-02 19:23 . 2004-07-05 08:38 8779776 —-a-r- c:windowsRTLCPL.EXE
2010-02-02 19:23 . 2004-07-01 03:58 73728 —-a-r- c:windowsSOUNDMAN.EXE
2010-02-02 19:23 . 2004-07-06 08:59 2185408 —-a-r- c:windowssystem32driversRtkHDAud.sys
2010-02-02 19:06 . 2004-07-16 09:12 24971 —-a-r- c:windowssystem32driversiteraid.sys
2010-02-02 07:22 . 2010-02-06 15:56
d
w- c:program filestrend micro
2010-02-01 11:53 . 2010-02-01 11:53
d
w- c:program filesAskBardis
2010-02-01 10:23 . 2010-02-01 10:23
d
w- c:documents and settingsDmitriyApplication DataMalwarebytes
2010-02-01 10:23 . 2010-02-01 10:23
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-01 09:53 . 2010-02-01 09:53
d
w- c:program filesSpycheck Fast AntiSpyware
2010-01-30 16:17 . 2002-05-21 14:33 61440 —-a-w- c:windowssystemBPEnhan.dll
2010-01-28 09:46 . 2009-02-09 10:54 687616 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskMan_entreelist.dll
2010-01-26 09:52 . 2010-01-26 09:52
d
w- c:documents and settingsDmitriyApplication DataRetouchPilot
2010-01-26 09:51 . 2010-01-26 09:51
d
w- c:program filesTwo Pilots
2010-01-26 09:51 . 2010-01-26 09:51
d
w- c:program filesRetouch Pilot
2010-01-26 07:56 . 2010-01-26 07:56
d
w- c:program filesFoxit Software
2010-01-26 07:56 . 2010-01-26 07:56
d
w- c:documents and settingsDmitriyApplication DataFoxit
2010-01-24 15:54 . 2010-01-25 19:33
d
w- c:windowsSxsCaPendDel
2010-01-24 15:32 . 2010-01-25 07:37
dc—-w- c:windowssystem32DRVSTORE
2010-01-24 15:32 . 2010-01-24 15:32
d
w- c:documents and settingsAll UsersApplication DataSamsung
2010-01-24 15:31 . 2009-12-17 15:42 238952 —-a-w- c:windowssystem32FsUsbExService.Exe
2010-01-24 15:31 . 2009-12-14 06:21 36608 —-a-w- c:windowssystem32FsUsbExDisk.Sys
2010-01-24 15:31 . 2009-12-14 06:21 110592 —-a-w- c:windowssystem32FsUsbExDevice.Dll
2010-01-24 15:31 . 2010-01-24 20:45 69632 —-a-w- c:documents and settingsDmitriyApplication DataSamsungNew PC StudioDriverChecker.exe
2010-01-24 15:31 . 2010-01-24 15:31
d
w- c:documents and settingsDmitriyApplication DataSamsung
2010-01-24 15:30 . 2010-01-25 07:34
d
w- c:program filesSamsung
2010-01-24 09:11 . 2010-01-24 09:11
d
w- c:program filesAdobe Photoshop CS3 rus
2010-01-13 06:29 . 2009-11-21 16:03 471552 -c—-w- c:windowssystem32dllcacheaclayers.dll
2010-01-09 13:14 . 2010-01-09 13:14
d
w- c:program filesAdorageI-GfxDatas
2010-01-09 13:14 . 2010-01-09 13:14
d
w- c:program filesAdorageI-SAL
2010-01-08 22:21 . 2007-08-30 13:21 29952
w- c:windowssystem32driverszskrnl.sys
2010-01-08 21:45 . 2006-05-12 08:34 446464 —-a-w- c:windowssystem32raprcore.dll
2010-01-08 21:45 . 2006-05-12 07:13 173952 —-a-w- c:windowssystem32driversRAPRKRNL.SYS
2010-01-08 21:45 . 2005-01-20 12:31 28672 —-a-w- c:windowssystem32raprdd.dll
2010-01-08 21:45 . 2002-05-29 13:40 208896 —-a-w- c:windowssystem32raprconf.dll
2010-01-08 21:45 . 2002-05-01 10:55 24576 —-a-w- c:windowssystem32raprcdvc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 21:08 . 2008-08-06 15:02
d
w- c:program filesSymantec AntiVirus
2010-02-07 21:07 . 2009-08-16 05:37
d
w- c:documents and settingsDmitriyApplication DataSkype
2010-02-07 20:49 . 2009-12-29 08:43
d
w- c:program filesuTorrent
2010-02-07 08:25 . 2009-08-16 05:40
d
w- c:documents and settingsDmitriyApplication DataskypePM
2010-02-03 09:40 . 2004-08-18 12:00 361600 —-a-w- c:windowssystem32driverstcpip.sys
2010-02-03 09:22 . 2008-08-06 16:28
d
w- c:program filesWindows Media Connect 2
2010-02-02 21:51 . 2009-12-17 09:25
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-02 18:36 . 2008-08-06 14:35
d—h—w- c:program filesInstallShield Installation Information
2010-02-02 06:50 . 2008-11-02 09:52
d
w- c:program filesDownload Master
2010-02-01 12:14 . 2010-01-28 09:45
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2010-01-28 09:47 . 2010-01-28 09:45
d
w- c:program filesSecurity Task Manager
2010-01-27 06:31 . 2009-02-27 08:29
d
w- c:program filesGoogle
2010-01-24 09:11 . 2008-08-08 06:18
d
w- c:program filesCommon FilesAdobe
2010-01-19 07:07 . 2010-01-08 17:05
d
w- c:program filesCanopus
2010-01-15 18:24 . 2009-12-17 09:31
d
w- c:documents and settingsDmitriyApplication DataWebMoney
2010-01-08 21:45 . 2010-01-08 17:05
d
w- c:program filesCommon FilesCanopus Shared
2010-01-08 21:20 . 2009-12-04 10:12
d
w- c:program filesKMPlayer
2010-01-08 17:38 . 2010-01-08 17:38
d
w- c:documents and settingsDmitriyApplication DataApple Computer
2010-01-08 17:30 . 2008-08-06 16:36 23072 —-a-w- c:documents and settingsDmitriyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-08 17:30 . 2010-01-08 17:29
d
w- c:documents and settingsDmitriyApplication DataCanopus
2010-01-08 17:29 . 2010-01-08 17:06
d
w- c:documents and settingsAll UsersApplication DataCanopus
2010-01-08 17:07 . 2010-01-08 17:07
d
w- c:program filesQuickTime
2010-01-08 17:07 . 2010-01-08 17:07
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2010-01-08 17:06 . 2010-01-08 17:06
d
w- c:program filesCommon FilesSnell & Wilcox Shared
2010-01-08 17:06 . 2010-01-08 17:06
d
w- c:program filesCommon FilesCanopus
2010-01-08 15:46 . 2010-01-08 17:28 40960 —-a-w- c:windowssystem32pavedius.dll
2010-01-08 15:46 . 2010-01-08 17:28 1024 —-a-w- c:windowssystem32pavplal.dll
2009-12-29 22:12 . 2009-03-08 11:12
d
w- c:documents and settingsDmitriyApplication DatauTorrent
2009-12-29 09:06 . 2008-11-02 09:52
d
w- c:documents and settingsDmitriyApplication DataYandex
2009-12-28 19:44 . 2009-12-28 19:44
d
w- c:documents and settingsAll UsersApplication DataYandex
2009-12-21 19:08 . 2004-08-18 12:00 916480
w- c:windowssystem32wininet.dll
2009-12-17 09:25 . 2009-12-17 09:25
d
w- c:program filesWebMoney Agent
2009-12-17 09:25 . 2009-12-17 09:24
d
w- c:program filesWebMoney
2009-12-14 06:42 . 2004-08-18 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-12-14 06:42 . 2004-08-18 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-11-21 16:03 . 2004-08-18 12:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
.
Sigcheck
[-] 2010-02-03 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcachetcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-10-09 25623336]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«nwiz»=»nwiz.exe» [2008-05-16 1630208]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-16 86016]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2007-05-29 52840]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2007-12-17 125224]
«DiskeeperSystray»=»c:program filesDiskeeper CorporationDiskeeperDkIcon.exe» [2006-06-07 319488]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«NevoDRM»=»c:игрыNevoDRMNevoDRM.exe» [2008-12-11 41984]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-06-29 286720]
«SoundMan»=»SOUNDMAN.EXE» [2004-07-01 73728]
«AlcWzrd»=»ALCWZRD.EXE» [2004-07-05 2550272]
«DeltTray»=»DeltTray.exe» [2004-08-26 56320]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 16:10 15360
w- c:windowssystem32ctfmon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
R0 iteraid;ITERAID_Service_Install;c:windowssystem32driversiteraid.sys [02.02.2010 22:06 24971]
R1 cdrblock;cdrblock;c:windowssystem32driverscdrblock.sys [08.01.2010 20:05 20992]
R1 cdrport;cdrport;c:windowssystem32driverscdrport.sys [08.01.2010 20:05 4608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [27.08.2009 20:00 102448]
S2 gupdate1c998b58e0495dc;Google Update Service (gupdate1c998b58e0495dc);c:program filesGoogleUpdateGoogleUpdate.exe [27.02.2009 11:29 133104]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:windowssystem32DRIVERSdeltaII.sys —> c:windowssystem32DRIVERSdeltaII.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [24.01.2010 18:31 36608]
S3 SavRoam;SAVRoam;c:program filesSymantec AntiVirusSavRoam.exe [17.12.2007 23:29 119592]
.
Contents of the ‘Scheduled Tasks’ folder
2010-02-07 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-27 08:29]
2010-02-07 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-27 08:29]
2010-02-07 c:windowsTasksUser_Feed_Synchronization-{9777BDF7-75F8-4221-A920-624FD82BD921}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 01:31]
2010-02-07 c:windowsTasksVPDN_LU.job
— c:program filesSymantec AntiVirusVPDN_LU.exe [2007-12-17 20:30]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=48105
mStart Page = hxxp://topdownloads.ru/games/catalog
uInternet Settings,ProxyServer = http=127.0.0.1:8600
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsDmitriyApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40795
FF — prefs.js: keyword.URL — hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.13npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpFoxitReaderPlugin.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 00:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*i*n*f*_*«€O=…(glљ]
@Class=»Shell»
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*i*n*f*_*«€O=…(glљOpenWithList]
@Class=»Shell»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3820)
c:windowssystem32WININET.dll
c:windowssystem32nview.dll
c:windowssystem32NVWRSRU.DLL
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesCommon FilesSymantec SharedccSetMgr.exe
c:program filesCommon FilesSymantec SharedccEvtMgr.exe
c:program filesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
c:program filesSymantec AntiVirusDefWatch.exe
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:windowssystem32nvsvc32.exe
c:program filesSymantec AntiVirusRtvscan.exe
c:windowssystem32wscntfy.exe
c:windowssystem32RUNDLL32.EXE
c:windowssystem32rundll32.exe
c:windowsSOUNDMAN.EXE
c:игрыNevoDRMrun.exe
c:windowsALCWZRD.EXE
c:windowssystem32DeltTray.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-08 00:10:24 — machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 21:10
Pre-Run: 64 976 904 192 байт свободно
Post-Run: 64 904 224 768 байт свободно
— — End Of File — — B61D091752890A1D222F23183B87DFDE
