Re: Re: сайт Одноклассники

[Nana]

ComboFix 09-10-23.01 — Елена 27.10.2009 22:07.1.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.2047.1256 [GMT 3:00]
Running from: c:usersЕленаDesktopComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Outpost Security Suite Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesMail.RuAgentMradllnewmrasearch.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-27 19:16 . 2009-10-27 19:17

---

d

---

w- c:usersЕленаAppDataLocaltemp
2009-10-27 19:16 . 2009-10-27 19:16

---

d

---

w- c:usersDefaultAppDataLocaltemp
2009-10-23 18:50 . 2009-10-23 18:50

---

d

---

w- c:usersЕленаAppDataRoamingWinPatrol
2009-10-23 18:50 . 2006-09-18 21:43 10 —-a-w- c:usersЕленаAppDataRoamingWinPatrolConfig.sys
2009-10-23 18:50 . 2006-09-18 21:43 24 —-a-w- c:usersЕленаAppDataRoamingWinPatrolAutoexec.bat
2009-10-23 18:50 . 2009-10-23 18:50

---

d

---

w- c:program filesBillP Studios
2009-10-23 18:34 . 2009-10-24 18:25

---

d

---

w- c:program filestrend micro
2009-10-23 18:34 . 2009-10-23 18:35

---

d

---

w- C:rsit
2009-10-23 18:14 . 2009-10-23 18:14

---

d

---

w- c:usersЕленаAppDataRoamingMalwarebytes
2009-10-23 18:14 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-10-23 18:14 . 2009-10-23 18:14

---

d

---

w- c:programdataMalwarebytes
2009-10-23 18:14 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-10-23 18:14 . 2009-10-23 18:14

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2009-10-15 17:31 . 2009-09-10 16:48 218624 —-a-w- c:windowssystem32msv1_0.dll
2009-10-15 17:31 . 2009-08-04 12:34 3600456 —-a-w- c:windowssystem32ntkrnlpa.exe
2009-10-15 17:31 . 2009-08-04 12:34 3548216 —-a-w- c:windowssystem32ntoskrnl.exe
2009-10-15 17:11 . 2009-09-04 11:41 60928 —-a-w- c:windowssystem32msasn1.dll
2009-10-15 17:11 . 2009-09-14 09:29 144896 —-a-w- c:windowssystem32driverssrv2.sys
2009-10-15 17:06 . 2009-05-08 12:53 604672 —-a-w- c:windowssystem32WMSPDMOD.DLL
2009-10-06 17:54 . 2009-08-07 02:24 44768 —-a-w- c:windowssystem32wups2.dll
2009-10-06 17:54 . 2009-08-07 02:24 53472 —-a-w- c:windowssystem32wuauclt.exe
2009-10-06 17:54 . 2009-08-07 02:23 1929952 —-a-w- c:windowssystem32wuaueng.dll
2009-10-06 17:54 . 2009-08-07 01:45 2421760 —-a-w- c:windowssystem32wucltux.dll
2009-10-06 17:54 . 2009-08-07 02:24 35552 —-a-w- c:windowssystem32wups.dll
2009-10-06 17:54 . 2009-08-07 02:23 575704 —-a-w- c:windowssystem32wuapi.dll
2009-10-06 17:54 . 2009-08-07 01:44 87552 —-a-w- c:windowssystem32wudriver.dll
2009-10-06 17:54 . 2009-08-06 15:23 171608 —-a-w- c:windowssystem32wuwebv.dll
2009-10-06 17:54 . 2009-08-06 14:44 33792 —-a-w- c:windowssystem32wuapp.exe
2009-10-04 15:51 . 2009-10-04 15:51

---

d

---

w- c:program filesLongman
2009-10-02 18:07 . 2009-10-01 06:29 195440

---

w- c:windowssystem32MpSigStub.exe
2009-09-28 18:07 . 2009-09-28 18:07

---

d

---

w- c:program filesCPUID
2009-09-28 18:07 . 2009-03-26 21:16 12672 —-a-w- c:windowssystem32driverscpuz132_x32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 19:15 . 2009-07-29 19:03 1310720 —sha-w- c:usersЕленаNTUSER.DAT
2009-10-27 19:03 . 2008-01-21 05:44 653074 —-a-w- c:windowssystem32perfh019.dat
2009-10-27 19:03 . 2008-01-21 05:44 125594 —-a-w- c:windowssystem32perfc019.dat
2009-10-27 18:59 . 2009-07-29 20:03

---

d

---

w- c:programdataNVIDIA
2009-10-27 18:58 . 2009-07-29 19:03 55376 —-a-w- c:usersЕленаAppDataLocalGDIPFONTCACHEV1.DAT
2009-10-27 18:58 . 2009-07-29 21:03 78995 —-a-w- c:programdatanvModes.dat
2009-10-25 19:16 . 2009-07-30 18:22

---

d

---

w- c:programdataMicrosoft Help
2009-10-25 19:13 . 2009-07-30 18:25

---

d

---

w- c:program filesMicrosoft Works
2009-10-25 13:36 . 2009-08-02 14:39

---

d

---

w- c:usersЕленаAppDataRoamingSkype
2009-10-25 13:03 . 2009-08-02 14:48

---

d

---

w- c:usersЕленаAppDataRoamingskypePM
2009-10-24 10:15 . 2009-07-30 17:59

---

d

---

w- c:usersЕленаAppDataRoamingMra
2009-10-23 18:50 . 2009-10-23 18:50

---

d

---

w- c:usersЕленаAppDataRoamingWinPatrol
2009-10-23 18:14 . 2009-10-23 18:14

---

d

---

w- c:usersЕленаAppDataRoamingMalwarebytes
2009-10-16 18:23 . 2006-11-02 11:18

---

d

---

w- c:program filesWindows Mail
2009-10-09 18:12 . 2009-07-30 19:01

---

d

---

w- c:usersЕленаAppDataRoamingdvdcss
2009-10-03 13:17 . 2009-09-27 12:22

---

d

---

w- c:program filesGridinSoft Trojan Killer
2009-09-27 13:30 . 2009-08-02 09:02

---

d

---

w- c:program filesGoogle
2009-09-27 11:54 . 2009-09-27 11:46

---

d

---

w- c:program filesTrojan Killer
2009-09-25 17:29 . 2009-07-29 19:03 1356 —-a-w- c:usersЕленаAppDataLocald3d9caps.dat
2009-09-06 14:16 . 2009-07-30 18:48

---

d

---

w- c:program filesDownload Master
2009-09-03 18:32 . 2009-09-03 18:32 48 —ha-w- c:windowssystem32ezsidmv.dat
2009-09-02 17:51 . 2009-09-02 17:51

---

d

---

w- c:program filesCommon FilesDeterministic Networks
2009-09-02 17:51 . 2009-09-02 17:51

---

d

---

w- c:program filesCisco Systems
2009-09-01 17:53 . 2009-09-01 17:46 19558 —-a-w- c:windowshpoins01.dat
2009-09-01 17:48 . 2009-09-01 17:48

---

d

---

w- c:program filesCommon FilesHewlett-Packard
2009-09-01 17:47 . 2009-09-01 17:47

---

d

---

w- c:program filesHewlett-Packard
2009-08-29 00:27 . 2009-09-03 17:07 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 17:07 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2009-08-27 05:22 . 2009-10-24 09:20 916480 —-a-w- c:windowssystem32wininet.dll
2009-08-27 05:17 . 2009-10-24 09:20 71680 —-a-w- c:windowssystem32iesetup.dll
2009-08-27 05:17 . 2009-10-24 09:20 109056 —-a-w- c:windowssystem32iesysprep.dll
2009-08-27 03:42 . 2009-10-24 09:20 133632 —-a-w- c:windowssystem32ieUnatt.exe
2009-08-17 20:33 . 2009-08-17 20:33 1193832 —-a-w- c:windowssystem32FM20.DLL
2009-08-14 16:27 . 2009-09-09 17:05 904776 —-a-w- c:windowssystem32driverstcpip.sys
2009-08-14 15:53 . 2009-09-09 17:05 17920 —-a-w- c:windowssystem32netevent.dll
2009-08-14 13:49 . 2009-09-09 17:05 9728 —-a-w- c:windowssystem32TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:05 17920 —-a-w- c:windowssystem32ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:05 11264 —-a-w- c:windowssystem32MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:05 27136 —-a-w- c:windowssystem32NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:05 19968 —-a-w- c:windowssystem32ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:05 8704 —-a-w- c:windowssystem32HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:05 10240 —-a-w- c:windowssystem32finger.exe
2009-08-14 13:48 . 2009-09-09 17:05 30720 —-a-w- c:windowssystem32driverstcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:05 105984 —-a-w- c:windowssystem32netiohlp.dll
2009-07-30 18:38 . 2009-07-30 18:38 0 —-a-w- c:windowsnsreg.dat
2009-07-30 09:46 . 2009-07-30 09:46 319456 —-a-w- c:windowsDIFxAPI.dll
2009-07-30 09:41 . 2009-07-30 09:41 9158 —-a-r- c:usersЕленаAppDataRoamingMicrosoftInstaller{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-04-11 1233920]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-08-05 3777536]
«utm5_wintray»=»c:program filesNetUPUTM5_wintrayutm5_wintray.exe» [2005-12-25 462848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-21 1008184]
«RtHDVCpl»=»c:program filesRealtekAudioHDARtHDVCpl.exe» [2009-03-12 6965792]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-07-30 7975608]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-15 1207128]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Security Suite Profeedback.exe» [2008-07-15 435544]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«Windows Mobile-based device management»=»c:windowsWindowsMobilewmdcBase.exe» [2007-05-31 648072]
«tsnpstd3″=»c:windowstsnpstd3.exe» [2007-03-30 262144]
«snpstd3″=»c:windowsvsnpstd3.exe» [2006-09-18 843776]
«WinPatrol»=»c:program filesBillP StudiosWinPatrolWinPatrol.exe» [2007-08-06 292152]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolwinpatrol.exe» [2007-08-06 292152]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
hp psc 2000 Series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-9 28672]
VPN Client.lnk — c:windowsInstaller{4C271126-C295-4828-A901-5910AE0C258B}Icon3E5562ED7.ico [2009-9-2 6144]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1AgnitumOUTPOS~1wl_hook.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux2″=wdmaud.drv

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):40,7f,e1,49,93,10,ca,01

R1 afw;Agnitum Firewall Driver;c:windowsSystem32driversafw.sys [30.07.2009 21:04 28688]
R1 SandBox;SandBox;c:windowsSystem32driversSandBox.sys [30.07.2009 21:04 673920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program filesNVIDIA Corporation3D VisionnvSCPAPISvr.exe [14.07.2009 11:28 239648]
R3 afwcore;afwcore;c:windowsSystem32driversafwcore.sys [30.07.2009 21:05 242704]
R3 ASWFilt;ASWFilt;c:windowsSystem32FiltASWFilt.dll [30.07.2009 21:04 33408]
R3 VBEngNT;VBEngNT;c:windowsSystem32driversVBEngNT.sys [30.07.2009 21:04 1072722]
R3 VBFilt;VBFilt;c:windowsSystem32FiltVBFilt.dll [30.07.2009 21:04 158816]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [30.07.2009 21:04 1570136]
S2 gupdate1ca1350ac3845c;Служба Google Update (gupdate1ca1350ac3845c);c:program filesGoogleUpdateGoogleUpdate.exe [02.08.2009 12:03 133104]
S3 cpuz132;cpuz132;c:windowsSystem32driverscpuz132_x32.sys [28.09.2009 21:07 12672]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the ‘Scheduled Tasks’ folder

2009-10-27 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-02 09:02]

2009-10-27 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-02 09:02]

2009-10-27 c:windowsTasksUser_Feed_Synchronization-{B1F49A5E-8084-4DE8-BDFE-BB499D4E1A86}.job
— c:windowssystem32msfeedssync.exe [2009-10-24 03:41]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {68611C7A-D3D4-45AF-86AB-93723FF1BBF2} = 89.222.165.2,89.222.167.2
FF — ProfilePath — c:usersЕленаAppDataRoamingMozillaFirefoxProfilesmfh2tim6.default
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
FF — plugin: c:program filesVistaCodecPackrmbrowserpluginsnppl3260.dll
FF — plugin: c:program filesVistaCodecPackrmbrowserpluginsnprpjplug.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 22:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-27 22:19
ComboFix-quarantined-files.txt 2009-10-27 19:19

Pre-Run: 22 917 201 920 байт свободно
Post-Run: 22 941 278 208 байт свободно

Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8,15
— — End Of File — — 3D2B2F2E3F2AF0E3D133DCEB0337C317