ComboFix 09-02-17.02 — Berzz 2009-02-19 0:32:49.7 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.511.206 [GMT 3:00]
Running from: c:documents and settingsBerzzРабочий столComboFix.exe
Command switches used :: c:documents and settingsBerzzРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.50 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active
FILE ::
c:documents and settingsBerzzApplication Databpfeed.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsBerzzApplication Databpfeed.dll
c:windowsIE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.
2009-02-18 01:08 . 2006-12-07 15:01 20,480 —a
c:windowssystem32DreamSaver.scr
2009-02-18 01:01 . 2009-02-18 01:01
c:program filesDreamRender
2009-02-17 22:52 . 2009-02-17 22:52
c:windowsLhsp
2009-02-17 22:51 . 2009-02-17 22:51
c:windowsspeech
2009-02-17 17:53 . 2009-02-17 17:53
2009-02-17 16:54 . 2009-02-17 16:54 19 —a
c:windowsSoundConverter.INI
2009-02-17 14:54 . 2009-02-17 14:54
c:documents and settingsBerzzApplication DataNokia
2009-02-17 14:54 . 2009-02-17 14:54
c:documents and settingsBerzzApplication DataDataLayer
2009-02-17 14:53 . 2009-02-17 14:53
c:documents and settingsBerzzPhone Browser
2009-02-17 14:50 . 2009-02-17 14:50
c:program filesNokia
2009-02-17 14:43 . 2009-02-17 14:43 332 —a
c:windowsdesctemp.dat
2009-02-16 17:14 . 2009-02-16 17:14
c:program filesK-Lite Codec Pack
2009-02-16 17:14 . 2006-12-27 15:17 5,120 —a
c:windowssystem32ff_vfw.dll
2009-02-16 17:14 . 2005-02-24 18:56 547 —a
c:windowssystem32ff_vfw.dll.manifest
2009-02-16 09:21 . 2009-02-16 09:21
c:documents and settingsAll UsersApplication DataBluetooth
2009-02-16 09:16 . 2009-02-16 09:16
c:program filesIVT Corporation
2009-02-16 08:40 . 2008-04-14 19:10 54,272 —a
c:windowssystem32driversvfwwdm32.dll
2009-02-15 18:31 . 2009-02-15 18:31
2009-02-12 16:18 . 2009-02-12 16:18
2009-02-10 02:27 . 2009-02-10 02:27
2009-02-09 18:44 . 2009-02-09 18:44 3,584 —ahs—- C:Thumbs.db
2009-02-06 21:09 . 2009-02-06 21:09
2009-02-05 13:09 . 2009-02-05 13:09
c:program filesQIP.Online
2009-02-01 16:53 . 2009-02-01 16:53
c:program filesICQ6Toolbar
2009-02-01 16:53 . 2009-02-01 16:53
c:documents and settingsBerzzApplication DataICQ
2009-02-01 16:53 . 2009-02-01 16:53
c:documents and settingsAll UsersApplication DataICQ
2009-01-31 17:53 . 2009-01-31 17:53
c:program filesWIBUKEY
2009-01-31 17:53 . 2009-01-31 17:53
c:program filesWIBU-SYSTEMS
2009-01-31 17:53 . 2006-11-23 05:20 1,253,376 —a
c:windowssystem32WibuKe32.cpl
2009-01-31 17:53 . 2006-11-17 06:00 516,096 —a
c:windowssystem32WibuXpm4J32.dll
2009-01-31 17:53 . 2006-11-02 05:20 479,232 —a
c:windowssystem32wibuKJni.dll
2009-01-31 17:53 . 2006-11-22 05:20 348,160 —a
c:windowssystem32WkExt32.dll
2009-01-31 17:53 . 2006-11-22 05:20 159,744 —a
c:windowssystem32WkWin32.dll
2009-01-31 17:53 . 2006-11-22 05:20 72,704 —a
c:windowssystem32driversWibuKey.sys
2009-01-31 17:53 . 2000-10-18 02:00 57,552 —a
c:windowssystem32WkDos.exe
2009-01-31 17:53 . 2006-03-06 05:10 54,336 —a
c:windowssystemWkWin.dll
2009-01-31 17:53 . 2006-11-09 05:20 16,384 —a
c:windowssystem32driversWibukey2.sys
2009-01-31 17:51 . 2009-01-31 17:51
c:program filesChaos Group
2009-01-30 20:35 . 2009-01-30 20:35
c:documents and settingsBerzzApplication DataYandex
2009-01-30 13:26 . 2009-01-30 13:26
2009-01-30 13:16 . 2009-01-30 13:16
2009-01-30 13:12 . 2009-01-30 13:12
c:windowsie8
2009-01-28 09:38 . 2009-01-28 09:38
c:documents and settingsAll UsersApplication DataNFS Underground
2009-01-28 09:37 . 2009-01-28 09:37
c:program filesCommon FilesDirectX
2009-01-28 01:32 . 2009-01-28 01:32 73,728 —a
c:windowssystem32javacpl.cpl
2009-01-28 00:27 . 2009-01-27 19:46 102,664 —a
c:windowssystem32driverstmcomm.sys
2009-01-27 22:50 . 2009-01-27 22:50
c:program filesWindows Live Safety Center
2009-01-27 19:46 . 2009-01-27 19:46
c:documents and settingsBerzz.housecall6.6
2009-01-27 19:44 . 2009-01-27 19:44
c:program filesJava
2009-01-27 19:42 . 2009-01-27 19:42
c:program filesCommon FilesJava
2009-01-27 19:37 . 2009-01-27 19:37
2009-01-25 18:03 . 2009-01-25 18:03
c:documents and settingsAll UsersApplication DataEgoset
2009-01-25 18:02 . 2009-01-25 18:02
c:program filesGamerOnline.ru
2009-01-25 01:04 . 2009-01-25 01:04
c:documents and settingsBerzzApplication DataMalwarebytes
2009-01-25 01:04 . 2009-01-25 01:04
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-01-24 22:33 . 2008-10-16 14:06 268,648 —a
c:windowssystem32mucltui.dll
2009-01-24 22:33 . 2008-10-16 14:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-01-24 20:17 . 2009-01-24 20:17
c:program filesQIP Infium
2009-01-24 15:24 . 2009-01-24 15:24
c:windowsie8updates
2009-01-24 15:21 . 2009-01-24 15:21
C:rsit
2009-01-24 13:41 . 2009-01-24 13:41 88 —a
c:windowswininit.ini
2009-01-24 13:03 . 2009-01-24 13:03
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-01-24 04:09 . 2009-01-24 04:09
c:program filesparentalcontrol
2009-01-24 03:10 . 2009-01-24 03:10
c:program filestrend micro
2009-01-23 23:12 . 2009-01-23 23:12
c:program filesWindows Media Connect 2
2009-01-23 20:42 . 2009-01-23 20:42
2009-01-23 18:58 . 2009-01-23 18:58
c:program filesOpera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 23:51 502,208 —-a-w c:windowssystem32driversamon.sys
2009-02-09 23:51 270,336 —-a-w c:windowssystem32imon.dll
2009-01-27 22:32 410,984 —-a-w c:windowssystem32deploytk.dll
2009-01-16 21:08
d
w c:program filesthriXXX
2009-01-14 23:17 636,264 —-a-w c:windowssystem32dllcacheiexplore.exe
2009-01-14 23:17 392,040 —-a-w c:windowssystem32dllcacheiedkcs32.dll
2009-01-14 23:13 5,888,512 —-a-w c:windowssystem32dllcachemshtml.dll
2009-01-14 23:12 10,963,968 —-a-w c:windowssystem32dllcacheieframe.dll
2009-01-14 23:06 236,544 —-a-w c:windowssystem32dllcachewebcheck.dll
2009-01-14 23:06 105,984 —-a-w c:windowssystem32dllcacheurl.dll
2009-01-14 23:06 1,182,720 —-a-w c:windowssystem32dllcacheurlmon.dll
2009-01-14 23:05 911,872 —-a-w c:windowssystem32wininet.dll
2009-01-14 23:05 911,872 —-a-w c:windowssystem32dllcachewininet.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32licmgr10.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32dllcachelicmgr10.dll
2009-01-14 23:05 193,536 —-a-w c:windowssystem32dllcachemsrating.dll
2009-01-14 23:05 109,056 —-a-w c:windowssystem32dllcacheoccache.dll
2009-01-14 23:04 755,200 —-a-w c:windowssystem32dllcacheVGX.dll
2009-01-14 23:04 25,600 —-a-w c:windowssystem32dllcachejsproxy.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32dllcachecorpol.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32corpol.dll
2009-01-14 23:02 611,840 —-a-w c:windowssystem32dllcachemstime.dll
2009-01-14 23:02 593,920 —-a-w c:windowssystem32dllcachemsfeeds.dll
2009-01-14 23:02 1,975,296 —-a-w c:windowssystem32dllcacheiertutil.dll
2009-01-14 23:01 66,560 —-a-w c:windowssystem32dllcachemshtmled.dll
2009-01-14 23:01 59,904 —-a-w c:windowssystem32dllcacheicardie.dll
2009-01-14 23:01 54,272 —-a-w c:windowssystem32dllcachemsfeedsbs.dll
2009-01-14 23:01 46,592 —-a-w c:windowssystem32dllcachepngfilt.dll
2009-01-14 23:01 348,160 —-a-w c:windowssystem32dllcachedxtmsft.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32imgutil.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32dllcacheimgutil.dll
2009-01-14 23:01 216,064 —-a-w c:windowssystem32dllcachedxtrans.dll
2009-01-14 23:01 183,808 —-a-w c:windowssystem32dllcacheiepeers.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32mshtmler.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32dllcachemshtmler.dll
2009-01-14 23:00 45,568 —-a-w c:windowssystem32mshta.exe
2009-01-14 23:00 45,568 —-a-w c:windowssystem32dllcachemshta.exe
2009-01-14 22:53 68,608 —-a-w c:windowssystem32dllcachehmmapi.dll
2009-01-14 22:50 156,160 —-a-w c:windowssystem32msls31.dll
2009-01-14 22:50 156,160 —-a-w c:windowssystem32dllcachemsls31.dll
2009-01-14 22:35 445,440 —-a-w c:windowssystem32dllcacheieapfltr.dll
2009-01-14 01:00
d
w c:documents and settingsBerzzApplication DataGetRight
2009-01-12 11:59 22,328 —-a-w c:documents and settingsBerzzApplication DataPnkBstrK.sys
2009-01-08 14:02
d
w c:program filesAutodesk
2009-01-08 13:08
d
w c:program filesSuperCleaner
2009-01-08 10:42
d
w c:documents and settingsAll UsersApplication DataTEMP
2009-01-05 22:34
d
w c:program filesReflexiveArcade
2009-01-05 17:14
d
w c:program filesPopCap Games
2009-01-05 15:19
d
w c:documents and settingsAll UsersApplication DataTrymedia
2008-12-29 19:06 96,384 —-a-w c:windowssystem32driverssptd8413.sys
2008-12-27 10:46
d
w c:program filesCommon FilesAhead
2008-12-25 12:24
d
w c:program filesCommon FilesChaosGroup
2008-12-25 00:29
d
w c:documents and settingsAll UsersApplication DataAutodesk
2008-12-25 00:21
d
w c:program filesCommon FilesAutodesk Shared
2008-12-22 22:26 2,334,720 —-a-w c:windowssystem32frysdk32.dll
2008-12-21 01:48
d
w c:documents and settingsAll UsersApplication DatanView_Profiles
2008-12-19 19:15
d
w c:documents and settingsAll UsersApplication DataKnights Of The Temple
2008-12-11 10:57 333,952
w c:windowssystem32dllcachesrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{95289393-33EA-4F8D-B952-483415B9C955}»= «c:documents and settingsBerzzApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2008-12-30 131072]
[HKEY_CLASSES_ROOTclsid{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
2008-12-30 15:56 131072 —a
c:documents and settingsBerzzApplication DataMicrosoftInternet Explorerqipsearchbar.dll
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Google Update»=»c:documents and settingsBerzzLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2009-02-12 133104]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RemoteControl»=»d:softpower DVDPDVDServ.exe» [2005-12-07 30208]
«Process Killer»=»d:softProcess Killerprkiller.exe» [2005-07-30 38400]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-02-10 917504]
«LanguageShortcut»=»d:softpower DVDLanguageLanguage.exe» [2006-04-13 49152]
«FlashGet»=»d:softFlashGetFlashGet.exe» [2007-01-30 1554184]
«parentalcontrol»=»c:program filesparentalcontrolparentalcontrol.exe» [2006-08-31 36544]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-28 136600]
«SoundMan»=»SOUNDMAN.EXE» [2003-07-23 c:windowsSOUNDMAN.EXE]
«nwiz»=»nwiz.exe» [2008-05-03 c:windowssystem32nwiz.exe]
«LiveNote»=»livenote.exe» [2002-07-11 c:windowslivenote.exe]
«anvshell»=»anvshell.exe» [2003-05-29 c:windowsanvshell.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2005-08-31 1196032]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.iv31″= c:windowssystem32ir32_32.dll
«vidc.iv32″= c:windowssystem32ir32_32.dll
«msacm.l3radius»= l3codecp.acm
«SENTINEL»= snti386.dll
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\GAMES\Valve\hl.exe»=
«d:\Autodesk\3ds Max 9\3dsmax.exe»=
«c:\Program Files\QIP Infium\infium.exe»=
«d:\soft\FlashGet\FlashGet.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
R1 ANVIOCTL;ANVIOCTL;c:windowssystem32driversanvioctl.sys [2008-08-30 233280]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-08-08 15424]
R1 prodrv01;prodrv01;c:windowssystem32driversprodrv01.sys [2009-01-02 125184]
S2 MySQL5;MySQL5;»c:program filesMySQLMySQL Server 5.0binmysqld-nt» —defaults-file=»c:program filesMySQLMySQL Server 5.0my.ini» MySQL5 —> c:program filesMySQLMySQL Server 5.0binmysqld-nt [?]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc —> c:windowssystem32sfrem02.exe svc [?]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder
2009-02-18 c:windowsTasksUser_Feed_Synchronization-{A7A15D39-BC39-4077-8CB5-CCA51290A715}.job
— c:windowssystem32msfeedssync.exe [2009-01-15 02:01]
2009-02-18 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-117609710-1220945662-839522115-1003.job
— c:documents and settingsBerzzLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-02-12 13:42]
2009-02-13 c:windowsTaskslf.job
— c:program filesEverstrike SoftwareLock Folder XP 3.5LF30.exe []
.
— — — — ORPHANS REMOVED — — — —
HKCU-Run-Punto Switcher — c:program filesPunto Switcherps.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} — c:program filesCommon FilesAheadLibNMBgMonitor.exe
HKLM-Run-Active Web Reader — c:program filesDeskshareActive Web ReaderActive Web Reader.exe
.
Supplementary Scan
.
uStart Page = start.qip.ru
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &D&ownload &with BitComet — d:softBitCometBitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet — d:softBitCometBitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet — d:softBitCometBitComet.exe/AddAllLink.htm
IE: &Закачать все при помощи FlashGet — d:softFlashGetjc_all.htm
IE: &Закачать при помощи FlashGet — d:softFlashGetjc_link.htm
IE: {{F10082A8-5BC5-489A-9892-28B9EE35F5E3} — c:program filesBytescout Movies Extractor Scoutflashextract_ie.html
LSP: c:windowssystem32imon.dll
TCP: {DA69388E-2CAA-409F-B5BF-28AD81F85B1A} = 91.144.164.1 91.144.166.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 00:34:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(652)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-02-19 0:35:41
ComboFix2.txt 2009-02-10 21:51:00
ComboFix-quarantined-files.txt 2009-02-18 21:35:40
Pre-Run: 319 594 496 байт свободно
Post-Run: 1,473,191,936 байт свободно
249 — E O F — 2009-02-11 23:18:39
Большое спасибо, вроде бы всё работает нормально, Internet Explorer запускается и работает хорошо а надоедливые окошки пропали.
