Re: Re: Поведение вируса, но не классика

8 января, 2009 в 10:49 пп #20974

Participant

Темы:1
Сообщений:11

☆

ComboFix 09-01-08.01 — Администратор 2009-01-08 23:27:48.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2046.1510 [GMT 3:00]
Running from: E:ComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Outdated)
FW: Outpost Security Suite Pro *disabled*
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32VFP5RUS.DLL

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 22:38 . 2009-01-01 14:06 8,192 —a

c:windowssystem32driversFStarForce.sys
2009-01-08 22:24 . 2009-01-08 22:24 d

c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:24 . 2009-01-08 22:24 d

c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:23 . 2009-01-08 22:23 d

c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-01-08 22:22 . 2009-01-08 22:24 d

c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-08 22:22 . 2009-01-08 22:24 d

c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-07 15:27 . 2009-01-07 15:27 d

c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-01-07 15:27 . 2009-01-07 15:27 d

c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-01-07 13:04 . 2009-01-07 13:04 d

C:My Downloads
2009-01-07 02:05 . 2009-01-07 02:05 d

c:program filesCPU-Control
2009-01-07 02:05 . 2009-01-07 02:05 d

c:documents and settingsАдминистраторApplication DataCPUControl
2009-01-07 02:05 . 2009-01-07 02:05 d

c:documents and settingsАдминистраторApplication DataCPUControl
2009-01-07 00:07 . 2009-01-07 00:07 d

c:windowsLogs
2009-01-07 00:05 . 2009-01-07 00:05 d

c:windowssystem32xlive
2009-01-07 00:05 . 2009-01-07 00:05 d

c:program filesMicrosoft Games for Windows — LIVE
2009-01-06 22:12 . 2009-01-06 22:13 d

c:program filesRockstar Games
2009-01-05 15:25 . 2009-01-05 15:25 d

C:Games
2009-01-04 23:39 . 2009-01-04 23:39 d

c:documents and settingsАдминистраторApplication DataLeadertech
2009-01-04 23:39 . 2009-01-04 23:39 d

c:documents and settingsАдминистраторApplication DataLeadertech
2009-01-04 19:35 . 2009-01-07 14:27 d

c:windowssystem32LogFiles
2009-01-04 19:24 . 2009-01-04 19:24 d

c:program filesEA Games
2009-01-03 17:03 . 2009-01-03 17:03 56 —ah

c:windowssystem32ezsidmv.dat
2009-01-03 17:02 . 2009-01-03 17:02 d

c:program filesCommon FilesSkype
2008-12-28 19:31 . 2008-12-28 19:31 d

c:documents and settingsАдминистраторApplication DataScanSoft
2008-12-28 19:31 . 2008-12-28 19:31 d

c:documents and settingsАдминистраторApplication DataScanSoft
2008-12-27 01:32 . 2008-04-14 00:26 30,592 —a

c:windowssystem32driversrndismpx.sys
2008-12-27 01:32 . 2008-04-14 00:26 30,592 —a—c— c:windowssystem32dllcacherndismpx.sys
2008-12-27 01:32 . 2008-04-14 00:26 12,800 —a

c:windowssystem32driversusb8023x.sys
2008-12-27 01:32 . 2008-04-14 00:26 12,800 —a—c— c:windowssystem32dllcacheusb8023x.sys
2008-12-27 01:20 . 2008-12-27 01:20 d—h

c:windowsPIF
2008-12-27 01:19 . 2008-12-27 01:19 d

c:documents and settingsАдминистраторApplication DataWindows Search
2008-12-27 01:19 . 2008-12-27 01:19 d

c:documents and settingsАдминистраторApplication DataWindows Search
2008-12-27 01:15 . 2008-12-27 01:15 d

c:program filesWindows Desktop Search
2008-12-27 01:11 . 2008-12-27 01:11 d

c:windowsASTULogTemp
2008-12-27 01:11 . 2008-12-27 01:11 65,739 —a

c:windowssystem32ASTULog.cab
2008-12-27 01:11 . 2008-12-27 01:11 1,049 —a

c:windowssystem32setup.inf
2008-12-27 01:11 . 2008-12-27 01:11 283 —a

c:windowssystem32setup.rpt
2008-12-27 00:42 . 2008-12-27 00:42 106,557 —a

c:windowssystem32btw_ci.dll
2008-12-26 20:24 . 2008-12-29 21:46 8 —a

c:windowssystem32nvModes.dat
2008-12-24 16:04 . 2008-12-24 16:04 d

c:program filesWhale Communications
2008-12-24 00:50 . 2008-12-24 01:32 d

c:documents and settingsАдминистраторApplication DataAuslogics
2008-12-24 00:50 . 2008-12-24 01:32 d

c:documents and settingsАдминистраторApplication DataAuslogics
2008-12-24 00:48 . 2008-12-24 00:48 d

c:program filesAuslogics
2008-12-21 21:44 . 2008-04-13 22:16 37,888 —a

c:windowssystem32driversbthmodem.sys
2008-12-21 21:44 . 2008-04-13 22:16 37,888 —a—c— c:windowssystem32dllcachebthmodem.sys
2008-12-21 18:10 . 2008-12-21 18:10 d

c:program filesK-Lite Codec Pack
2008-12-21 18:04 . 2008-12-21 18:04 d

c:documents and settingsAll UsersApplication DataFLEXnet
2008-12-21 14:46 . 2008-12-21 14:46 d—h

c:windowssystem32GroupPolicy
2008-12-21 14:23 . 2008-12-21 14:23 d

c:documents and settingsАдминистраторApplication DataViStart
2008-12-21 14:23 . 2008-12-21 14:23 d

c:documents and settingsАдминистраторApplication DataViStart
2008-12-21 14:18 . 2008-12-21 14:18 d

c:program filesVista Drive Icon
2008-12-21 14:17 . 2008-04-15 09:00 219,648 —a

c:windowssystem32uxtheme.backup
2008-12-21 14:16 . 2008-12-21 14:16 d

c:windowsDownloaded Installations
2008-12-21 14:16 . 2008-12-21 14:16 d

c:program filesSDF Lab
2008-12-21 14:15 . 2008-12-21 14:24 d

c:program filesViStart
2008-12-21 14:10 . 2008-12-21 14:17 d—h

c:windowsSDF Vista Shell Pack
2008-12-21 14:05 . 2007-07-17 21:28 6,410,240 -ra

c:windowssystemC6501.cpl
2008-12-21 14:05 . 2004-08-18 06:00 1,700,352 -ra

c:windowssystem32GdiPlus.dll
2008-12-21 14:05 . 2007-07-10 04:42 1,310,720 -ra

c:windowssystem32driversc6501.sys
2008-12-21 14:05 . 2001-11-23 22:08 712,704 -ra

c:windowssystemc6501a3d.dll
2008-12-21 14:05 . 2001-11-23 22:08 712,704 -ra

c:windowssystema3d.dll
2008-12-21 14:05 . 2007-06-28 04:02 274,432 -ra

c:windowssystem32C6501rm.exe
2008-12-21 14:05 . 2005-12-27 03:23 53,248 -ra

c:windowssystem32C6501rm.dll
2008-12-21 14:05 . 2006-06-28 00:54 32,768 -ra

c:windowssystem32c6501prop.dll
2008-12-21 14:05 . 2009-01-07 15:25 238 —a

c:windowssystemC6501.ini
2008-12-21 14:05 . 2008-12-21 14:05 162 —a

c:windowsC6501.ini.cfl
2008-12-21 14:04 . 2008-12-21 14:04 d

c:program filesC-Media 6501 Sound
2008-12-21 14:04 . 2007-06-28 20:16 266,240 -r

c:windowsCmi6501Uninstall.exe
2008-12-21 14:04 . 2008-12-21 14:04 12,376 —a

c:windowsAscd_tmp.ini
2008-12-21 14:04 . 2007-06-29 04:55 4,571 -ra

c:windowsC6501.ini.cfg
2008-12-21 14:04 . 2007-08-09 04:18 326 -r

c:windowsc6501.ini
2008-12-21 12:54 . 2008-04-22 12:22 1,048,576 —a

c:windows0901.BIN
2008-12-21 12:53 . 2008-12-21 12:54 445,515 —a

c:windows0901.zip
2008-12-21 12:52 . 2008-12-21 12:52 d

c:program filesASUS
2008-12-21 12:42 . 2008-12-21 12:42 32 —a

c:documents and settingsAll UsersApplication Dataezsid.dat
2008-12-21 12:41 . 2009-01-03 17:02 d

c:program filesSkype
2008-12-21 12:41 . 2008-12-21 12:41 d

c:documents and settingsAll UsersApplication DataSkype
2008-12-21 12:22 . 2008-12-21 12:25 d

c:program filesPaint.NET
2008-12-21 12:17 . 2008-12-21 12:17 d

c:windowssystem32XPSViewer
2008-12-21 12:17 . 2008-12-21 12:17 d

c:program filesReference Assemblies
2008-12-21 12:17 . 2008-12-21 12:17 d

c:program filesQIP Infium
2008-12-21 12:17 . 2008-12-21 12:17 d

c:program filesMSBuild
2008-12-21 12:17 . 2007-09-27 10:48 23,856 —a

c:windowssystem32spupdsvc.exe
2008-12-21 12:17 . 2006-06-29 11:07 14,048

c:windowssystem32spmsg2.dll
2008-12-21 12:15 . 2009-01-07 15:27 116 —a

c:windowsNeroDigital.ini
2008-12-21 11:58 . 2009-01-05 15:33 d

c:program filesuTorrent
2008-12-21 11:34 . 2008-12-21 11:34 d

c:documents and settingsАдминистраторApplication DataYandex
2008-12-21 11:34 . 2008-12-21 11:34 d

c:documents and settingsАдминистраторApplication DataYandex
2008-12-21 11:13 . 2008-12-21 11:13 431 —a

c:windowsBRWMARK.INI
2008-12-21 11:13 . 2008-12-21 11:13 184 —a

c:windowssystem32brsvc01a.bsi
2008-12-21 11:13 . 2008-12-21 11:13 30 —a

c:windowssystem32brss01a.ini
2008-12-21 11:13 . 2008-12-21 11:13 27 —a

c:windowsBRPP2KA.INI
2008-12-21 11:12 . 2008-12-21 11:12 d

c:program filesBrother
2008-12-21 11:11 . 2008-12-21 11:11 d

C:Brother
2008-12-21 11:11 . 2003-09-29 17:37 196,230

c:windowsCVRPAGE.BMP
2008-12-21 11:11 . 2005-04-08 13:48 163,840

c:windowssystem32NSSearch.dll
2008-12-21 11:11 . 2004-12-10 14:35 147,456

c:windowsbrunin03.dll
2008-12-21 11:11 . 2002-11-26 11:43 106,496

c:windowssystem32BrMuSNMP.dll
2008-12-21 11:09 . 2008-12-21 11:09 d

c:program filesScanSoft
2008-12-21 11:09 . 2008-12-21 11:09 d

c:program filesCommon FilesScanSoft Shared
2008-12-21 11:09 . 2008-12-21 11:09 d

c:documents and settingsAll UsersApplication DataScanSoft
2008-12-21 11:09 . 2008-12-21 11:09 d

c:documents and settingsAll UsersApplication DataInstallShield
2008-12-21 11:09 . 2003-09-24 08:36 27,019 —a

c:windowsmaxlink.ini
2008-12-21 11:07 . 2008-12-21 11:07 d

c:documents and settingsAll UsersApplication DataBrother
2008-12-21 00:30 . 2009-01-08 23:59 d

c:documents and settingsАдминистраторApplication DatauTorrent
2008-12-21 00:30 . 2009-01-08 23:59 d

c:documents and settingsАдминистраторApplication DatauTorrent
2008-12-21 00:30 . 2009-01-08 21:26 d

c:documents and settingsАдминистраторApplication DataskypePM
2008-12-21 00:30 . 2009-01-08 21:26 d

c:documents and settingsАдминистраторApplication DataskypePM
2008-12-21 00:30 . 2009-01-08 23:48 d

c:documents and settingsАдминистраторApplication DataSkype
2008-12-21 00:30 . 2009-01-08 23:48 d

c:documents and settingsАдминистраторApplication DataSkype
2008-12-21 00:30 . 2008-12-21 00:30 d

c:documents and settingsАдминистраторApplication DataQIP
2008-12-21 00:30 . 2008-12-21 00:30 d

c:documents and settingsАдминистраторApplication DataQIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 19:24

w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-01-08 19:24

w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-01-08 19:23

w c:program filesDAEMON Tools Lite
2009-01-06 19:13

d—h—w c:program filesInstallShield Installation Information
2008-12-27 10:39

w c:program filesMicrosoft ActiveSync
2008-12-26 10:09

w c:program filesAkelPad
2008-12-21 11:52 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-12-21 11:17 219,648 —-a-w c:windowssystem32uxtheme.dll
2008-12-21 08:12

w c:program filesCommon FilesInstallShield
2008-12-20 21:27

w c:program filesAgnitum
2008-12-20 21:27

w c:documents and settingsAll UsersApplication DataAgnitum
2008-12-20 20:48

w c:documents and settingsAll UsersApplication DatanView_Profiles
2008-12-20 20:44

w c:program filesCommon FilesWise Installation Wizard
2008-12-20 20:44

w c:program filesAGEIA Technologies
2008-12-20 20:42

w c:program filesUnlocker
2008-12-20 20:32

w c:program filesAPC
2008-12-20 20:29

w c:program filesDIFX
2008-12-20 20:27

d—h—w c:program filesZenographics
2008-12-20 20:27

w c:program filesHewlett-Packard
2008-12-20 20:26

w c:program filesMedia Key
2008-12-20 20:26

w c:program filesA4Tech
2008-12-20 19:09

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-12-20 19:08

w c:program filesMicrosoft Works
2008-12-20 19:02

w c:program filesPunto Switcher
2008-12-20 19:02

w c:program filesKristanix
2008-12-20 19:02

w c:program filesFoxit Software
2008-12-20 18:59

w c:program filesCommon FilesAdobe
2008-12-20 18:52

w c:program filesCommon FilesMacrovision Shared
2008-12-20 18:51

w c:program filesLavalys
2008-12-20 18:51

w c:program filesFastStone Image Viewer
2008-12-20 18:51

w c:documents and settingsАдминистраторApplication DataDesktopicon
2008-12-20 18:51

w c:documents and settingsАдминистраторApplication DataDesktopicon
2008-12-20 18:50

w c:program filesLight Alloy
2008-12-20 18:50

w c:program filesCommon FilesAhead
2008-12-20 18:50

w c:program filesAhead
2008-12-20 18:49

w c:program filesWinamp
2008-12-20 18:41

w c:program filesmicrosoft frontpage
2008-12-20 18:40

d—a-w c:documents and settingsАдминистраторApplication DataMiniDm
2008-12-20 18:40

d—a-w c:documents and settingsАдминистраторApplication DataIEPro
2008-12-20 18:40

w c:program filesStartup Extractor
2008-12-20 18:40

w c:program filesIEPro
2008-12-20 18:40

w c:program filesDirectX Update
2008-12-20 18:36

w c:program filesWindows Media Connect 2
2008-11-26 09:42 565,760 —-a-w c:windowssystem32setup.exe
2008-11-26 09:38 1,571,840 —-a-w c:windowssystem32sfcfiles.dll
2008-11-26 09:31 99,840 —-a-w c:windowssystem32wmpshell.dll
2008-11-26 09:30 991,744 —-a-w c:windowssystem32drmv2clt.dll
2008-11-25 08:45 2,283,027 —-a-w c:windowssystem32x264vfw.dll
2008-11-24 14:32 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-14 18:07 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-28 22:35 684,032 —-a-w c:windowssystem32divx.dll
2008-10-28 14:41 14,303,392 —-a-w c:windowssystem32xlive.dll
2008-10-28 14:41 13,643,936 —-a-w c:windowssystem32xlivefnt.dll
2008-10-27 08:04 70,992 —-a-w c:windowssystem32xapofx1_2.dll
2008-10-27 08:04 514,384 —-a-w c:windowssystem32xaudio2_3.dll
2008-10-27 08:04 235,856 —-a-w c:windowssystem32xactengine3_3.dll
2008-10-27 08:04 23,376 —-a-w c:windowssystem32x3daudio1_5.dll
2008-10-11 11:13 10,752 —-a-w c:windowssystem32rspndr.exe
2008-10-10 02:52 452,440 —-a-w c:windowssystem32d3dx10_40.dll
2008-10-10 02:52 4,379,984 —-a-w c:windowssystem32d3dx9_40.dll
2008-10-10 02:52 2,036,576 —-a-w c:windowssystem32d3dcompiler_40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«Punto Switcher»=»c:program filesPunto SwitcherPS.exe» [2008-05-30 722112]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2008-10-10 270128]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«Infium»=»c:program filesQIP Infiuminfium.exe» [2008-12-09 5062144]
«H/PC Connection Agent»=»c:progra~1MI3AA1~1wcescomm.exe» [2006-11-13 1289000]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2008-05-02 15872]
«VMSnap3″=»c:windowsVMSnap3.EXE» [2006-08-30 49152]
«Domino»=»c:windowsDomino.EXE» [2006-06-28 49152]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2008-03-06 241664]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2004-03-15 45056]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-01-30 98304]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-15 1207128]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Security Suite Profeedback.exe» [2008-07-15 435544]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2003-09-29 155648]
«PaperPort PTD»=»c:program filesScanSoftPaperPortpptd40nt.exe» [2005-08-25 57393]
«IndexSearch»=»c:program filesScanSoftPaperPortIndexSearch.exe» [2005-08-25 40960]
«SetDefPrt»=»c:program filesBrotherBrmfl05aBrStDvPt.exe» [2005-01-26 49152]
«ControlCenter2.0″=»c:program filesBrotherControlCenter2brctrcen.exe» [2005-07-19 933888]
«DrvIcon»=»c:program filesVista Drive IconDrvIcon.exe» [2008-04-13 49152]
«nwiz»=»nwiz.exe» [2008-10-07 c:windowssystem32nwiz.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-15 c:windowssystem32bthprops.cpl]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-11-26 c:windowssystem32advpack.dll]

c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
LClock.lnk — c:program filesSDF LabLclockLClock.exe [2004-09-19 65536]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
APC UPS Status.lnk — c:program filesAPCAPC PowerChute Personal EditionDisplay.exe [2008-12-20 221247]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoStartMenuMorePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:windowssystem32driversnvcchflt.sys [2008-12-21 16640]
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2008-12-21 673920]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2008-12-21 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-12-21 234640]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-12-21 33408]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:windowssystem32driversc6501.sys [2008-12-21 1310720]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2009-01-08 8192]
R3 VBEngNT;VBEngNT;c:windowssystem32driversVBEngNT.sys [2008-12-21 1072722]
R3 VBFilt;VBFilt;c:windowssystem32FiltVBFilt.dll [2008-12-21 158816]
R3 vmfilter303;vmfilter303;c:windowssystem32driversvmfilter303.sys [2008-12-20 428160]
R4 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-12-21 1570136]
S3 DMService;Whale Component Manager;c:windowsDOWNLO~1DMService.exe [2008-12-24 423576]
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-C6501Sound — c6501.cpl

Supplementary Scan

.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} — {CD275D4E-791A-4993-9D4D-6A071EDD2709} — c:program filesIEProIEPro.dll
TCP: {32978208-8199-4E0C-88B2-043ED06A10CA} = 85.113.128.136,85.113.147.110
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesu97vtsot.default
FF — prefs.js: browser.search.selectedEngine — РЇРЅРґРµРєСЃ
FF — prefs.js: browser.startup.homepage — hxxp://client.intercon.ru/client.aspx|http://vtorrents.ru/forums/index.php|http://torrents.ru/forums/index.php
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 23:44:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSAdministratorSoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(1164)
c:windowssystem32cscui.dll

— — — — — — — > ‘explorer.exe'(2216)
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:program filesSDF LabLclockLC.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

Other Running Processes

.
SystemRootSystem32smss.exe [1068]
??c:windowssystem32csrss.exe [1132]
??c:windowssystem32winlogon.exe [1164]
c:windowssystem32services.exe [1220]
c:windowssystem32lsass.exe [1236]
c:windowssystem32svchost.exe [1416]
c:windowssystem32svchost.exe [1500]
c:windowsSystem32svchost.exe [1664]
c:windowssystem32svchost.exe [1808]
c:windowssystem32svchost.exe [2036]
c:windowssystem32brss01a.exe [316]
c:windowssystem32spoolsv.exe [324]
c:program filesAPCAPC PowerChute Personal Editionmainserv.exe [1040]
c:windowssystem32svchost.exe [1308]
c:windowssystem32nvsvc32.exe [1528]
c:windowssystem32svchost.exe [1688]
c:windowsSystem32alg.exe [1092]
c:windowssystem32CF29881.exe [1572]
c:windowsVMSnap3.EXE [1180]
c:windowsDomino.EXE [1932]
c:program filesHewlett-PackardOrderReminderOrderReminder.exe [2244]
c:windowssystem32RUNDLL32.EXE [3820]
c:program filesScanSoftPaperPortpptd40nt.exe [2172]
c:program filesBrotherControlCenter2brctrcen.exe [2500]
c:windowssystem32rundll32.exe [2588]
c:windowssystem32RunDll32.exe [3816]
c:program filesVista Drive IconDrvIcon.exe [3964]
c:windowssystem32ctfmon.exe [3972]
c:program filesPunto SwitcherPS.exe [4008]
c:program filesuTorrentuTorrent.exe [4072]
c:program filesSkypePhoneSkype.exe [1712]
c:program filesQIP Infiuminfium.exe [2548]
c:progra~1MI3AA1~1wcescomm.exe [2176]
c:program filesDAEMON Tools Litedaemon.exe [2644]
c:progra~1MI3AA1~1rapimgr.exe [2472]
c:program filesSkypePlugin ManagerskypePM.exe [3092]
c:program filesSDF LabLclockLClock.exe [520]
c:program filesAPCAPC PowerChute Personal Editionapcsystray.exe [3288]
c:windowssystem32taskmgr.exe [1100]
c:windowsexplorer.exe [2216]
c:combofixcatchme.cfexe [1376]
.
**************************************************************************
.
Completion time: 2009-01-09 0:06:28 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 21:06:05

Pre-Run: 173 948 903 424 байт свободно
Post-Run: 173,659,123,712 байт свободно

402

Re: Re: Поведение вируса, но не классика

Добро пожаловать

Поиск

Важные инструкции

Как удалить всплывающие окна

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Нет доступа в интернет после удаления вируса — Как восстановить

Как удалить вирус с телефона Андроид (Инструкция)

Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки