Re: Re: Помогите — Adsubscribe на 60 сек

[vglp17]

Сделал как Вы сказали…..

Рекламы больше нет….. УРА! СПАСИБО!

лог-файл:

ComboFix 09-06-23.01 — 555 25.06.2009 10:52.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.502.250 [GMT 4:00]
Running from: c:documents and settings555Рабочий столComboFix.exe
Command switches used :: c:documents and settings555Рабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settings555Application DataAdSubscribe
c:documents and settings555Application DataFieryAds
c:documents and settings555Application DataAdSubscribeAdSubscribe.dat
c:documents and settings555Application DataAdSubscribeAdSubscribe.dll
c:documents and settings555Application DataAdSubscribeFeed.jpg
c:documents and settings555Application DataAdSubscribeFeed1.jpg
c:documents and settings555Application DataAdSubscribeFeed10.jpg
c:documents and settings555Application DataAdSubscribeFeed11.jpg
c:documents and settings555Application DataAdSubscribeFeed12.jpg
c:documents and settings555Application DataAdSubscribeFeed13.jpg
c:documents and settings555Application DataAdSubscribeFeed14.jpg
c:documents and settings555Application DataAdSubscribeFeed15.jpg
c:documents and settings555Application DataAdSubscribeFeed2.jpg
c:documents and settings555Application DataAdSubscribeFeed3.jpg
c:documents and settings555Application DataAdSubscribeFeed4.jpg
c:documents and settings555Application DataAdSubscribeFeed5.jpg
c:documents and settings555Application DataAdSubscribeFeed6.jpg
c:documents and settings555Application DataAdSubscribeFeed7.jpg
c:documents and settings555Application DataAdSubscribeFeed8.jpg
c:documents and settings555Application DataAdSubscribeFeed9.jpg
c:documents and settings555Application DataAdSubscribeFeedfeed.xml
c:documents and settings555Application DataAdSubscribeUninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-24 19:20 . 2009-06-24 19:51

---

d

---

w- c:program filesProxy Switcher Standard
2009-06-24 17:22 . 2009-06-24 17:22

---

dc—-w- c:windowssystem32dllcachecache
2009-06-20 17:31 . 2009-06-20 17:31

---

d—h—w- c:program filesInstallShield Installation Information
2009-06-19 09:08 . 2009-06-19 09:08

---

d

---

w- c:program filesKAS (c)
2009-06-18 17:54 . 2009-06-18 17:54

---

d

---

w- c:documents and settings555Application DataWNR
2009-06-15 11:08 . 2009-06-15 11:08

---

d

---

w- c:program filesFLVPlayer
2009-06-09 20:57 . 2009-01-21 22:40 163840 —-a-w- c:windowssystem32SecureNet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 06:50 . 2008-11-24 20:18

---

d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-06-25 06:49 . 2009-03-29 15:57

---

d

---

w- c:program filesSpyware Doctor
2009-06-25 06:47 . 2009-02-20 08:32

---

d

---

w- c:documents and settings555Application DataDNA
2009-06-24 17:19 . 2009-02-20 08:32

---

d

---

w- c:program filesDNA
2009-06-23 18:25 . 2009-04-16 17:12

---

d

---

w- c:documents and settings555Application DataSkype
2009-06-23 17:55 . 2009-04-16 17:29

---

d

---

w- c:documents and settings555Application DataskypePM
2009-06-20 20:32 . 2001-10-20 22:00 78770 —-a-w- c:windowssystem32perfc019.dat
2009-06-20 20:32 . 2001-10-20 22:00 472114 —-a-w- c:windowssystem32perfh019.dat
2009-06-18 20:26 . 2009-03-27 05:42

---

d

---

w- c:program filesBonjour
2009-06-18 16:09 . 2008-11-19 14:59

---

d

---

w- c:program fileseBesucher Restarter
2009-06-18 16:08 . 2009-02-24 07:01

---

d

---

w- c:documents and settings555Application DataBSplayer PRO
2009-06-05 06:25 . 2008-07-14 15:38 43328 —-a-w- c:documents and settings555Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-08 05:43 . 2008-12-18 15:38

---

d

---

w- c:program filesReferats
2009-05-07 15:33 . 2004-08-17 12:04 346624 —-a-w- c:windowssystem32localspl.dll
2009-05-01 14:25 . 2009-05-01 14:25

---

d

---

w- c:program filesMicrosoft Silverlight
2009-04-30 10:06 . 2009-04-29 18:03

---

d

---

w- c:program filesWindows Media Connect 2
2009-04-29 20:38 . 2009-04-16 16:31

---

d

---

w- c:program filesICQ6Toolbar
2009-04-29 04:47 . 2004-08-17 12:04 827392 —-a-w- c:windowssystem32wininet.dll
2009-04-29 04:47 . 2004-08-17 12:04 78336 —-a-w- c:windowssystem32ieencode.dll
2009-04-23 13:29 . 2009-03-29 18:45 39200 —-a-w- c:windowssystem32driversTfSysMon.sys
2009-04-23 13:28 . 2009-03-29 18:45 33056 —-a-w- c:windowssystem32driversTfNetMon.sys
2009-04-23 13:28 . 2009-03-29 18:45 12576 —-a-w- c:windowssystem32driversTfKbMon.sys
2009-04-23 13:28 . 2009-03-29 18:45 51488 —-a-w- c:windowssystem32driversTfFsMon.sys
2009-04-23 13:25 . 2009-03-29 17:48 130936 —-a-w- c:windowssystem32driversPCTCore.sys
2009-04-19 19:51 . 2004-08-17 11:54 1847296 —-a-w- c:windowssystem32win32k.sys
2009-04-16 17:29 . 2009-04-16 17:29 48 —ha-w- c:windowssystem32ezsidmv.dat
2009-04-15 14:53 . 2004-08-17 12:04 585216 —-a-w- c:windowssystem32rpcrt4.dll
2009-03-29 16:13 . 2009-03-29 15:57 66952 —-a-w- c:windowssystem32driversiksysflt.sys
2009-03-29 16:12 . 2009-03-29 15:57 81288 —-a-w- c:windowssystem32driversiksyssec.sys
2009-03-29 16:12 . 2009-03-29 15:57 40840 —-a-w- c:windowssystem32driversikfilesec.sys
2009-03-28 08:11 . 2009-03-27 16:37 385056 —sha-w- c:windowssystem32driversfidbox2.dat
2009-03-28 08:11 . 2009-03-27 16:37 3386912 —sha-w- c:windowssystem32driversfidbox.dat
2009-03-27 16:19 . 2008-12-12 15:55 77824 —-atw- c:windowssystem32DRWEBSP.DLL
.

---

Sigcheck

---

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:windows$hf_mig$KB951748SP2QFEtcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windows$hf_mig$KB951748SP3GDRtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:windows$NtServicePackUninstall$tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:windows$NtUninstallKB951748$tcpip.sys
[7] 2004-08-03 19:14 359040 9F4B36614A0FC234525BA224957DE55C c:windows$NtUninstallKB951748_0$tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:windowsServicePackFilesi386tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:windowssystem32dllcachetcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_18.30.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 19:54 . 2009-06-24 19:54 16384 c:windowsTempPerflib_Perfdata_e04.dat
+ 2009-06-25 06:57 . 2009-06-25 06:57 53248 c:windowsTempcatchme.dll
— 2009-06-24 18:29 . 2009-06-24 18:29 53248 c:windowsTempcatchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-20 321344]
«PSwitch»=»c:program filesProxy Switcher StandardProxySwitcher.exe» [2007-01-17 1302528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-06-13 142104]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-06-13 162584]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-06-13 138008]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«AzMixerSel»=»c:program filesRealtekInstallShieldAzMixerSel.exe» [2005-06-12 53248]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-03 36352]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-10 136600]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2007-05-29 16132608]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-17 44544]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є AutorunsDisabled
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2008-12-9 1167360]
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\VGLP\Программы\Установленные\Paid Mails Reader\ssl\stunnel.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe»=

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [29.03.2009 21:48 130936]
R0 TfFsMon;TfFsMon;c:windowssystem32driversTfFsMon.sys [29.03.2009 22:45 51488]
R0 TfSysMon;TfSysMon;c:windowssystem32driversTfSysMon.sys [29.03.2009 22:45 39200]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [29.03.2009 21:48 159600]
R3 TfNetMon;TfNetMon;c:windowssystem32driversTfNetMon.sys [29.03.2009 22:45 33056]
S2 ThreatFire;ThreatFire;c:program filesSpyware DoctorTFEngineTFService.exe service —> c:program filesSpyware DoctorTFEngineTFService.exe service [?]
S3 pctplsg;pctplsg;c:windowssystem32driverspctplsg.sys [29.03.2009 21:48 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [29.03.2009 19:57 348752]

— Other Services/Drivers In Memory —

*Deregistered* — mchInjDrv
.
Contents of the ‘Scheduled Tasks’ folder

2009-06-16 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
IE: &Отправить на устройство Bluetooth…
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU1.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU1.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU1.dll/dic.htm
LSP: c:program filesCommon FilesPC ToolsLspPCTLsp.dll
FF — ProfilePath —
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 10:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(792)
c:windowssystem32igfxdev.dll

— — — — — — — > ‘lsass.exe'(848)
c:program filesCommon FilesPC ToolsLspPCTLsp.dll
.
Completion time: 2009-06-25 10:58
ComboFix-quarantined-files.txt 2009-06-25 06:58
ComboFix2.txt 2009-06-24 18:32
ComboFix3.txt 2009-06-24 17:24

Pre-Run: 50 698 391 552 байт свободно
Post-Run: 50 687 623 168 байт свободно

186 — E O F — 2009-06-11 20:19