ComboFix 10-07-23.04 — Наумов Роман 24.07.2010 21:57:39.5.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1022.617 [GMT 1:00]
Running from: c:documents and settingsНаумов РоманРабочий столComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsНаумов РоманГлавное менюПрограммыАвтозагрузкаwwwznv32.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.
2010-07-24 21:03 . 2010-07-24 21:03 53248 —-a-w- c:tempcatchme.dll
2010-07-24 19:21 . 2010-07-24 19:21
d
w- C:rsit
2010-07-24 14:52 . 2010-07-24 14:52
d
w- c:windowsЭкзамен ПДД 2010
2010-07-24 14:50 . 2010-07-24 21:01
d
w- c:temp_ir_sf_temp_0
2010-07-23 21:20 . 2008-04-13 23:10 34688 —-a-w- c:windowssystem32driverslbrtfdc.sys
2010-07-23 21:20 . 2008-04-13 23:11 8576 —-a-w- c:windowssystem32driversi2omgmt.sys
2010-07-23 21:20 . 2008-04-13 23:11 8192 —-a-w- c:windowssystem32driverschanger.sys
2010-07-23 00:05 . 2010-07-23 00:06 5642000 —-a-w- c:documents and settingsНаумов РоманApplication DataTVU NetworksAutoUpgradeTVUPlayer2.5.3.1.exe
2010-07-23 00:05 . 2010-07-23 00:05
d
w- c:documents and settingsAll UsersApplication DataTVU Networks
2010-07-21 11:59 . 2010-07-21 11:59
d
w- c:program filesDAEMON Tools Lite
2010-07-20 21:35 . 2010-07-20 21:35 13312 —-a-w- c:windowssystem32driversvdixndq5.sys
2010-07-20 19:56 . 2010-07-20 19:56
d
w- c:program filesRambler Assistant
2010-07-20 18:31 . 2010-07-20 18:31
d
w- c:documents and settingsНаумов РоманApplication DataMalwarebytes
2010-07-20 18:31 . 2010-04-29 14:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-07-20 18:31 . 2010-07-20 18:31
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-07-20 18:31 . 2010-04-29 14:39 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-07-20 18:31 . 2010-07-20 18:31
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-07-19 12:09 . 2010-07-19 12:09
d
w- C:mega
2010-07-14 10:06 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe
2010-07-12 19:53 . 2009-03-04 00:18 73728 —-a-w- c:windowssystem32RtNicProp32.dll
2010-07-05 12:25 . 2010-07-05 14:40
d
w- c:documents and settingsНаумов РоманApplication DataiSendSMS
2010-07-05 12:23 . 2010-07-05 12:23
d
w- c:program filesiSendSMS
2010-07-05 12:14 . 2009-10-22 12:54 37392 —-a-w- c:windowssystem32drivers7992952.sys
2010-07-05 12:14 . 2009-09-25 16:59 128016 —-a-w- c:windowssystem32drivers7992951.sys
2010-07-05 12:14 . 2009-10-09 22:31 315408 —-a-w- c:windowssystem32drivers799295.sys
2010-07-02 21:56 . 2010-07-03 18:26
d
w- c:documents and settingsНаумов РоманApplication DataWebMoney
2010-06-26 17:32 . 2010-06-26 17:32
d
w- c:documents and settingsНаумов РоманApplication DataMicrosoft Shared
2010-06-26 17:32 . 2010-04-17 23:56 652288 —-a-w- c:documents and settingsНаумов РоманApplication DataMicrosoft SharedUninstallFirewallInstallHelper.dll
2010-06-26 17:32 . 2010-01-30 14:45 395184 —-a-w- c:documents and settingsНаумов РоманApplication DataMicrosoft SharedUninstallGameuxInstallHelper.dll
2010-06-25 18:44 . 2010-07-18 14:12
d
w- c:documents and settingsНаумов РоманDoctorWeb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 20:44 . 2010-05-30 09:49
d
w- c:program filestrend micro
2010-07-24 11:55 . 2010-02-04 23:13
d
w- c:program filesShareman
2010-07-23 21:20 . 2010-07-17 22:46 16 —-a-w- c:windowssystem32configsystemprofileApplication Dataswqatk.dat
2010-07-23 00:05 . 2010-02-18 20:00
d
w- c:program filesTVUPlayer
2010-07-22 22:41 . 2010-04-18 18:02
d
w- c:documents and settingsНаумов РоманApplication DataSkype
2010-07-22 22:14 . 2010-04-18 18:08
d
w- c:documents and settingsНаумов РоманApplication DataskypePM
2010-07-22 21:23 . 2010-02-04 14:15
d
w- c:documents and settingsНаумов РоманApplication DataWinamp
2010-07-21 12:05 . 2010-02-04 18:16 104400 —-a-w- c:documents and settingsНаумов РоманLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-21 11:59 . 2010-02-04 13:15 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-07-19 14:03 . 2010-02-05 18:50
d
w- c:documents and settingsНаумов РоманApplication DataICQ
2010-07-16 17:38 . 2010-05-25 21:22
d
w- c:program filesOpera
2010-07-14 12:52 . 2010-02-04 14:18
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-07-03 18:27 . 2010-06-07 09:13
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-06-26 23:03 . 2010-02-06 13:31
d
w- c:program files2gis
2010-06-23 19:01 . 2008-04-15 10:00 558312 —-a-w- c:windowssystem32perfh019.dat
2010-06-23 19:01 . 2008-04-15 10:00 107642 —-a-w- c:windowssystem32perfc019.dat
2010-06-22 19:04 . 2010-02-04 14:29
d—h—w- c:program filesInstallShield Installation Information
2010-06-15 17:49 . 2010-06-15 17:49
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2010-06-14 14:31 . 2010-02-04 13:10 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-11 19:17 . 2010-02-05 20:14
d
w- c:program filesICQ7.0
2010-06-11 12:35 . 2010-02-12 13:02
d
w- c:program filesRadioClicker LITE
2010-06-09 20:42 . 2010-06-09 20:40
d
w- c:documents and settingsНаумов РоманApplication DataDAEMON Tools Lite
2010-06-09 20:19 . 2010-06-09 01:16
d
w- c:program filesCommon FilesOpera
2010-06-09 01:16 . 2010-02-04 13:48
d
w- c:documents and settingsНаумов РоманApplication DataAdobeUM
2010-06-04 17:04 . 2010-02-18 20:40
d
w- c:program filesMicrosoft Silverlight
2010-06-04 14:08 . 2010-03-09 14:40
d
w- c:program filesXvid
2010-06-04 10:34 . 2010-06-04 10:34
d
w- c:program filesAuslogics
2010-06-02 15:53 . 2010-02-04 14:29
d
w- c:program filesIEPro
2010-05-31 16:10 . 2010-05-31 16:10
d
w- c:documents and settingsAll UsersApplication DataCodemasters
2010-05-31 16:05 . 2010-05-31 16:05
d
w- c:program filesBRS
2010-05-31 16:05 . 2010-02-04 13:13 445016 —-a-w- c:windowssystem32wrap_oal.dll
2010-05-31 16:05 . 2010-02-04 13:13 109144 —-a-w- c:windowssystem32OpenAL32.dll
2010-05-31 11:06 . 2010-05-31 11:06
d
w- c:program filesOpenAL
2010-05-11 22:20 . 2010-02-04 14:35 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-05-06 10:35 . 2009-03-15 16:40 916480 —-a-w- c:windowssystem32wininet.dll
2010-05-02 12:33 . 2009-03-15 16:40 1860480 —-a-w- c:windowssystem32win32k.sys
2010-02-10 17:59 . 2010-02-10 17:58 3580 —-a-w- c:program filesCommon Filesunins000.dat
2010-02-10 17:58 . 2010-02-10 17:58 729072 —-a-w- c:program filesCommon Filesunins000.exe
2006-12-10 18:30 . 2010-02-04 13:19 225 —-a-r- c:program filesboot.ini
.
Sigcheck
[-] 2008-10-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[-] 2010-04-01 . FAD4579B18A9E134B5BAC0A88874E2FD . 509440 . . [5.1.2600.5512] . . c:windowssystem32winlogon.exe
[-] 2008-04-15 . 85461D19DA3F60CBF2B99DB254183AC3 . 653312 . . [5.82] . . c:windowssystem32comctl32.dll
[-] 2008-04-14 . 2BCDBCC87A74950CD0786E2A6B73F895 . 631808 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[-] 2008-04-15 . 06E454E5D1340DE9E4BF491E6C840AF0 . 1926144 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2010-02-04 . 64F69CB7BF611283ABAF72864FBC14A6 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
[-] 2008-04-15 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SkinClock»=»c:program filesAtomic Alarm ClockAtomicAlarmClock.exe» [2008-09-30 1740288]
«tPerm»=»c:program filestPermtPerm.exe» [2006-03-19 680960]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-02-01 2154496]
«exflashservice»=»c:program filesEPOXEFSEZ_FLASH_SERVICE.exe» [2006-05-02 408064]
«hwmdr»=»c:program filesEPoXEPTPEPTP.EXE» [2006-07-03 988160]
«CHotkey»=»mHotkey.exe» [2004-12-08 550912]
«ShowWnd»=»showwnd.exe» [2003-09-18 36864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640]
«BootSkin Startup Jobs»=»c:program filesStardockWinCustomizeBootSkinBootSkin.exe» [2004-04-26 270336]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-06-10 13758464]
«nwiz»=»nwiz.exe» [2009-06-10 1657376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-06-10 86016]
«2Gis Update Notifier»=»c:program files2gis3.02GISTrayNotifier.exe» [2010-06-04 3319640]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 577536]
«Malwarebytes’ Anti-Malware»=»c:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2010-04-29 437584]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 37376]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_012″=»advpack.dll» [2009-03-08 128512]
c:documents and settingsЌ 㬮ў ђ®¬ ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2010-2-4 831272]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Atomic Alarm Clock.lnk — c:program filesAtomic Alarm ClockAtomicAlarmClock.exe [2010-2-4 1740288]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 0 (0x0)
[HKLM~startupfolderC:^Documents and Settings^Наумов Роман^Главное меню^Программы^Автозагрузка^setup_9.0.0.722_30.03.2010_21-04.lnk]
path=c:documents and settingsНаумов РоманГлавное менюПрограммыАвтозагрузкаsetup_9.0.0.722_30.03.2010_21-04.lnk
backup=c:windowspsssetup_9.0.0.722_30.03.2010_21-04.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\ICQ7.0\ICQ.exe»=
«c:\Program Files\ICQ7.0\aolload.exe»=
«c:\Program Files\TVUPlayer\TVUPlayer.exe»=
«d:\Игрушки\Napoleon — Total War\Napoleon.exe»=
«c:\Program Files\IEPro\MiniDM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Opera\opera.exe»=
«d:\Games\DiRT2\dirt2_game.exe»=
«d:\Games\3D Instructor 2.0 Home\bin\win32\Starter.exe»=
«d:\Games\Brothers in Arms — Hell’s Highway\Binaries\biahh.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Shareman\Shareman.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14.05.2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14.05.2009 16:49 94360]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [14.05.2009 16:47 731840]
R2 epcpuid;epcpuid;c:windowssystem32driversepcpuid.SYS [04.02.2010 14:37 2816]
R2 GetBINFile;GetBINFile;c:windowssystem32driversGetBinFile.SYS [04.02.2010 14:37 3200]
R2 hwmdr;hwmdr;c:windowssystem32drivershwmdr.SYS [04.02.2010 14:37 12288]
R2 MBAMService;MBAMService;c:program filesMalwarebytes’ Anti-Malwarembamservice.exe [20.07.2010 19:31 304464]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [20.07.2010 19:31 20952]
S3 2GISUpdateService;2GIS UpdateService;c:program files2gis3.02GISUpdateService.exe [04.06.2010 16:30 775512]
S3 EPScanMemory;EPScanMemory;c:program filesEPOXEPTPScanMemory32.sys [04.02.2010 14:37 2432]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [04.02.2010 14:15 691696]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
UPHClean REG_MULTI_SZ UPHClean
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsNewUserCustom]
2009-03-08 03:32 128512 —-a-w- c:windowssystem32advpack.dll
.
Contents of the ‘Scheduled Tasks’ folder
2010-07-24 c:windowsTasksUser_Feed_Synchronization-{BC16DFA8-353D-4DC9-AB02-333030CB66CB}.job
— c:windowssystem32msfeedssync.exe [2010-02-04 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://libra.ccl.ru/
mStart Page = hxxp://www.rambler.ru/ra/
uInternet Settings,ProxyOverride = local
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU5950.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5950.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5950.dll/dic.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
.
— — — — ORPHANS REMOVED — — — —
Toolbar-ITBar7Position — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 22:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(668)
c:windowssystem32SETUPAPI.dll
— — — — — — — > ‘lsass.exe'(724)
c:windowssystem32setupapi.dll
.
Completion time: 2010-07-24 22:04:48
ComboFix-quarantined-files.txt 2010-07-24 21:04
Pre-Run: 11 985 514 496 байт свободно
Post-Run: 12 042 772 480 байт свободно
Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
— — End Of File — — 4FA852D1115107BE900FF82A8632650E
