- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 10-05-09.08 — Общий 10.05.2010 22:32:59.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1022.594 [GMT 6:00]
Running from: c:documents and settingsОбщийРабочий столComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:windowssystem32Пузыри.scr
c:windowssystem32Vb40016.dll
c:windowssystem32Vb40032.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.
2010-05-08 18:06 . 2010-05-08 18:06
d
w- c:windowsERUNT
2010-05-08 18:06 . 2010-05-08 18:06
d
w- C:!FixIEDef
2010-05-08 17:30 . 2010-04-29 09:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-05-08 17:30 . 2010-05-08 18:11
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-05-08 17:30 . 2010-05-08 17:30
d
w- c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2010-05-08 17:30 . 2010-04-29 09:39 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-05-08 17:21 . 2010-05-08 17:21
d
w- c:program filesUniblue
2010-05-08 15:44 . 2010-05-08 18:00
d
w- c:program filestrend micro
2010-05-08 15:44 . 2010-05-08 15:45
d
w- C:rsit
2010-04-29 10:28 . 2010-05-04 10:54
d
w- c:program filesOpera
2010-04-18 17:24 . 2010-04-18 17:24
d
w- c:program filesR-Studio
2010-04-18 13:48 . 2010-04-18 13:50
d
w- c:program filesUnlocker
2010-04-18 11:13 . 2010-04-18 11:13
d
w- c:program filesFoxit Phantom
2010-04-18 10:52 . 2010-04-18 10:52
d
w- c:documents and settingsAll Users.WINDOWSApplication Data2DBoy
2010-04-18 10:47 . 2010-04-18 10:47
d
w- c:program filesWorldOfGoo
2010-04-18 10:47 . 2010-04-18 10:47
d
w- c:program filesWinamp
2010-04-18 10:47 . 2010-05-07 04:22
d
w- c:program filesKMPlayer
2010-04-18 07:09 . 2010-04-18 07:17
d
w- C:totalcmd
2010-04-18 07:01 . 2010-04-18 07:01
d
w- c:windowssystem32LogFiles
2010-04-18 07:01 . 2008-04-13 18:15 26112 -c—a-w- c:windowssystem32dllcacheusbser.sys
2010-04-18 07:01 . 2008-04-13 18:15 26112 —-a-w- c:windowssystem32driversusbser.sys
2010-04-18 07:01 . 2009-12-22 18:39 23856 —-a-w- c:windowssystem32spupdsvc.exe
2010-04-18 07:01 . 2008-03-21 07:57 14640
w- c:windowssystem32spmsgXP_2k3.dll
2010-04-17 18:58 . 2010-04-20 15:21
d
w- c:program filesGoogle
2010-04-17 18:38 . 2010-05-05 15:18
d
w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoft Help
2010-04-17 17:51 . 2010-04-17 17:56
d
w- c:program filesPower Data Recovery
2010-04-17 17:31 . 2010-04-18 07:19
d
w- c:program filesTotal Commander
2010-04-17 13:29 . 2010-04-17 13:29
d
w- C:Games
2010-04-17 13:25 . 2010-04-17 13:25
d
w- c:program filesGroove Games
2010-04-17 13:20 . 2010-04-17 13:20
d
w- c:program filesJar Head Games
2010-04-12 15:37 . 2008-04-15 13:00 26624 —-a-w- c:documents and settingsLocalServiceApplication DataMicrosoftUPnP Device Hostupnphostudhisapi.dll
2010-04-11 16:27 . 2010-04-11 16:27
d
w- c:program filesUSB Keyboard Driver
2010-04-11 16:26 . 2010-04-14 13:39
d
w- c:program filesMultiKeyboard Driver
2010-04-11 16:26 . 2010-04-11 16:26
d
w- c:program filesHotkey
2010-04-11 16:23 . 2010-04-11 16:23
d
w- c:program filesEnhanceKeyboard
2010-04-11 16:23 . 2010-04-11 16:23
d
w- c:windowssetup
2010-04-11 04:49 . 2010-04-11 07:39
d
w- c:documents and settingsAll Users.WINDOWSApplication Data2GIS
2010-04-11 04:49 . 2010-04-11 04:50
d
w- c:program files2gis
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 17:35 . 2010-04-10 14:56
d
w- c:program filesRadio_W
2010-04-24 14:05 . 2008-04-15 13:00 50408 —-a-w- c:windowssystem32perfc019.dat
2010-04-24 14:05 . 2008-04-15 13:00 349532 —-a-w- c:windowssystem32perfh019.dat
2010-04-18 13:44 . 2010-04-10 11:17
d
w- c:program filesMail.Ru
2010-04-18 07:36 . 2010-04-10 09:37
d—h—w- c:program filesInstallShield Installation Information
2010-04-18 07:27 . 2010-04-08 17:20
d
w- c:program filesWindows Sidebar
2010-04-18 07:02 . 2010-04-18 07:02 0 —ha-w- c:windowssystem32driversMsft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-18 07:01 . 2010-04-18 07:01 0 —ha-w- c:windowssystem32driversMsftWdf_user_01_07_00.Wdf
2010-04-18 07:01 . 2010-04-08 17:22
d
w- c:documents and settingsAll Users.WINDOWSApplication DataPC Suite
2010-04-18 07:01 . 2010-04-18 07:01 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2010-04-18 07:01 . 2010-04-18 07:01 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-18 07:00 . 2010-04-08 17:21
d
w- c:program filesNokia
2010-04-17 18:40 . 2010-04-10 09:54
d
w- c:program filesMicrosoft Works
2010-04-17 13:25 . 2010-04-10 09:37
d
w- c:program filesCommon FilesInstallShield
2010-04-14 14:28 . 2010-04-07 16:13 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2010-04-10 15:19 . 2010-04-10 15:16
d
w- c:program filesICQ7.1
2010-04-10 15:18 . 2010-04-10 15:18
d
w- c:program filesICQ6Toolbar
2010-04-10 15:18 . 2010-04-10 15:18
d
w- c:documents and settingsAll Users.WINDOWSApplication DataICQ
2010-04-10 14:56 . 2010-04-10 14:56
d
w- c:program filesConduit
2010-04-10 14:50 . 2010-04-10 14:50
d
w- c:program filesJet Radio
2010-04-10 14:18 . 2009-12-26 09:20 1571840 —-a-w- c:windowssystem32SfcFiles.dll
2010-04-10 14:18 . 2009-12-26 08:58 219648 —-a-w- c:windowssystem32uxtheme.dll
2010-04-10 11:17 . 2010-04-10 11:17
d
w- c:documents and settingsLocalServiceApplication Data{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2010-04-10 10:21 . 2010-04-10 10:18
d
w- c:program filesABBYY FineReader 6.0 Sprint
2010-04-10 09:54 . 2010-04-10 09:54
d
w- c:program filesMicrosoft.NET
2010-04-09 17:47 . 2010-04-09 17:47
d
w- c:program filesAvira
2010-04-09 17:47 . 2010-04-09 17:47
d
w- c:documents and settingsAll Users.WINDOWSApplication DataAvira
2010-04-08 17:34 . 2010-04-08 17:22
d
w- c:program fileseMule
2010-04-08 17:22 . 2010-04-08 17:22
d
w- c:program filesCommon FilesPCSuite
2010-04-08 17:22 . 2010-04-08 17:22
d
w- c:program filesCommon FilesNokia
2010-04-08 17:21 . 2010-04-08 17:21
d
w- c:program filesDIFX
2010-04-08 17:21 . 2010-04-08 17:21
d
w- c:program filesPC Connectivity Solution
2010-04-08 17:21 . 2010-04-08 17:21
d
w- c:program filesЗаставка MGM
2010-04-08 17:21 . 2010-04-08 17:21
d
w- c:program filesRocketDock
2010-04-08 17:21 . 2010-04-08 17:21
d
w- c:program filesiColorFolder
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program filesLClock
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program filesSkype
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program filesQIP Infium
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program files7-Zip
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program filesUSB Disk Security
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:documents and settingsAll Users.WINDOWSApplication DataZbshareware Lab
2010-04-08 17:20 . 2010-04-08 17:20
d
w- c:program filesYandex
2010-04-07 22:02 . 2010-04-07 22:02 0 —-a-w- c:windowsativpsrm.bin
2010-04-07 16:15 . 2010-04-07 16:15
d
w- c:program filesVistaDriveIcon
2010-04-07 16:14 . 2010-04-07 16:14 411368 —-a-w- c:windowssystem32deploytk.dll
2010-04-07 16:14 . 2010-04-07 16:14
d
w- c:program filesJava
2010-04-07 16:11 . 2010-04-07 16:11 22564 —-a-w- c:windowssystem32emptyregdb.dat
2010-04-07 16:10 . 2010-04-07 16:10
d
w- c:program filesWindows Media Connect 2
2010-02-19 23:47 . 2010-02-19 23:47 3604480 —-a-w- c:windowssystem32GPhotos.scr
.
Sigcheck
[-] 2009-12-26 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[-] 2009-12-26 . 40120E0F032B37FB3BC64B15E484546C . 80608 . . [7.4.7600.226] . . c:windowssystem32wuauclt.exe
[-] 2009-12-26 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[-] 2009-12-26 . DF3D39434D58565BEE26BDC6452687AB . 1041408 . . [8.00.6001.22945] . . c:windowssystem32wininet.dll
[-] 2009-12-26 . D1B7919B18903BDB01FA33FC12F23680 . 1721344 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2010-04-10 . 2D65E7C1A34D3338085E85A934A9FBB4 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32SfcFiles.dll
[-] 2010-04-10 . 2D65E7C1A34D3338085E85A934A9FBB4 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32dllcacheSfcFiles.dll
[-] 2009-12-26 . 31F4BCDDA7FE01D70032AB927F0EC6A1 . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad1.dll» [2010-04-27 2515552]
[HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
2010-04-27 17:38 2515552 —-a-w- c:program filesRadio_WtbRad1.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad1.dll» [2010-04-27 2515552]
[HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «c:program filesRadio_WtbRad1.dll» [2010-04-27 2515552]
[HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«LClock»=»c:program filesLClocklclock.exe» [2007-12-14 86016]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2007-02-26 1254912]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-11-11 1451520]
«ICQ»=»c:program filesICQ7.1ICQ.exe» [2010-04-10 133368]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=»RTHDCPL.EXE» [2009-10-16 18782720]
«USB Antivirus»=»c:program filesUSB Disk SecurityUSBGuard.exe» [2009-12-19 819200]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«Guard.Mail.ru.gui»=»c:program filesMail.RuGuardGuardMailRu.exe» [2010-04-10 562368]
«USB Keyboard»=»c:program filesUSB Keyboard Driverkb_2k.exe» [2004-03-30 155648]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2010-04-18 8746680]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2009-12-26 30208]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE8_01″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2009-12-26 128512]
«IE8_02″=»advpack.dll» [2009-12-26 128512]
c:documents and settingsAll Users.WINDOWSѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
enhanced keyboard driver.lnk — c:program filesEnhanceKeyboardkb_2k.exe [2010-4-11 221184]
intro.exe [2009-9-21 5183112]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ7.1\ICQ.exe»=
«c:\Program Files\ICQ7.1\aolload.exe»=
«c:\Documents and Settings\Общий\Рабочий стол\Opera\opera.exe»=
«c:\Program Files\Opera\opera.exe»=
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [17.09.2008 12:03 1134592]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [09.04.2010 23:47 108289]
R2 Guard.Mail.ru;Guard.Mail.ru;c:program filesMail.RuGuardGuardMailRu.exe [10.04.2010 17:17 562368]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [10.04.2010 21:18 222968]
S2 SSPORT;SSPORT;??c:windowssystem32DriversSSPORT.sys —> c:windowssystem32DriversSSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [08.04.2010 3:54 1684736]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-03 23:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-03 23:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 02:57 38912 —-a-w- c:program filesWindows SidebarVAIOvshellext.dll
.
Contents of the ‘Scheduled Tasks’ folder
2010-05-10 c:windowsTasksUser_Feed_Synchronization-{2BFFF13D-4CF7-4A11-A762-97E7BE7EDA24}.job
— c:windowssystem32msfeedssync.exe [2010-04-07 22:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} — c:program filesICQ7.1ICQ.exe
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {8B4717BF-419A-4E7E-BFA6-27C6B99C5069} = 195.54.2.1
.
— — — — ORPHANS REMOVED — — — —
Toolbar-ITBar7Position — (no file)
Notify-WgaLogon — (no file)
ActiveSetup-Windows Sidebar — c:windowssystem32hidec
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 22:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(776)
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll
.
Completion time: 2010-05-10 22:38:32
ComboFix-quarantined-files.txt 2010-05-10 16:38
Pre-Run: 17 749 696 512 байт свободно
Post-Run: 17 899 696 128 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /fastdetect
multi(0)disk(0)rdisk(0)partition(1)WINDOWS.1=»Microsoft Windows XP Professional RU» /execute /fastdetect
multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0=»Microsoft Windows XP Professional RU» /execute /fastdetect
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Professional RU» /EXECUTE /FASTDETECT
— — End Of File — — E5DFE640849FFDEF6C5A4987F63CFF7B
