Re: Re: стоит блокировка просит смс

18 июля, 2009 в 10:51 дп #24622

Participant

Темы:1
Сообщений:13

☆

ComboFix 09-07-14.08 — Admin 18.07.2009 14:16.8.1 — NTFSx86
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
«c:documents and settingsAdminApplication Databhomf.exe»
«c:documents and settingsAdminApplication Datafemfb.exe»
«c:documents and settingsAdminApplication Datazifhh.exe»
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAdminApplication Databhomf.exe
c:documents and settingsAdminApplication Datafemfb.exe
c:documents and settingsAdminApplication Datazifhh.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_ILVDXC

Service_ilvdxc

((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-04 07:28 . 2009-07-04 07:28

w- C:_OTM
2009-06-29 15:40 . 2009-06-29 15:40

w- c:windowssystem32%DataRoot%
2009-06-28 16:41 . 2009-06-29 08:51

w- c:program filestrend micro
2009-06-28 08:30 . 2009-06-28 08:30 220 —-a-w- C:ScreenSaveActive.reg
2009-06-28 08:30 . 2009-06-28 08:30 226 —-a-w- C:ScreenSaverIsSecure.reg
2009-06-28 08:30 . 2009-06-28 08:30 222 —-a-w- C:PowerOffTimeOut.reg
2009-06-28 08:29 . 2009-06-28 08:29 226 —-a-w- C:ScreenSaveTimeOut.reg
2009-06-25 16:37 . 2009-06-25 17:18

w- c:windowssystem32CatRoot
2009-06-21 11:26 . 2009-07-18 09:29

w- c:windowssystem32NtmsData
2009-06-19 07:06 . 2009-06-19 07:06

d-sh—w- c:documents and settingsNetworkServiceIETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 10:35 . 2008-09-08 17:50

w- c:documents and settingsAdminApplication DataGetRight
2009-07-18 10:31 . 2008-06-10 16:53 1150752 —sha-w- c:windowssystem32driversfidbox2.dat
2009-07-18 10:30 . 2008-06-10 16:53 113060 —sha-w- c:windowssystem32driversfidbox2.idx
2009-07-18 10:30 . 2008-06-10 16:53 651884 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-18 10:30 . 2008-06-10 16:53 48559648 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-17 18:52 . 2008-08-02 11:22

w- c:documents and settingsAdminApplication DataMra
2009-07-17 16:54 . 2009-05-10 20:24

w- c:program filesMetin2_RU
2009-07-04 09:04 . 2008-06-11 15:54 77168 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-04 08:06 . 2008-08-17 19:59

w- c:program filesGoogle
2009-06-26 11:14 . 2008-06-10 16:05

w- c:program filesCommon FilesAhead
2009-06-25 15:15 . 2008-07-04 06:20

w- c:program filesCommon FilesAdobe
2009-06-20 12:06 . 2004-08-18 12:00 78258 —-a-w- c:windowssystem32perfc019.dat
2009-06-20 12:06 . 2004-08-18 12:00 452866 —-a-w- c:windowssystem32perfh019.dat
2009-06-02 05:48 . 2009-06-02 05:48

w- c:documents and settingsAll UsersApplication DatanView_Profiles
2009-06-02 05:30 . 2008-06-10 16:53

w- c:program filesKaspersky Lab
2009-06-01 15:23 . 2009-06-01 15:23

w- c:program filesOpera
2009-05-29 12:59 . 2009-05-29 12:43 103680 —-a-w- c:windowsmemtest86+-2.11.iso.zip
2009-05-29 10:01 . 2009-05-29 10:01 655728 —-a-w- c:windowsWindowsXP-KB958644-x86-RUS.exe
2009-05-29 07:36 . 2008-06-10 15:57

w- c:program filesThe KMPlayer
2009-05-29 07:31 . 2009-05-26 07:07

d—h—w- c:program filesInstallShield Installation Information
2009-05-27 18:46 . 2009-05-27 18:46

w- c:program filesMicrosoft Silverlight
2009-05-27 05:26 . 2009-05-27 05:26 1878888 —-a-w- c:documents and settingsAdminApplication DataOperaOpera 9.5 alphaprofilecache4temporary_downloadinstall_flash_player.exe
2009-05-26 12:29 . 2009-05-26 12:29

w- c:documents and settingsAdminApplication DataAdobeUM
2009-05-26 10:04 . 2009-05-26 10:04

w- c:program filesAnalog Devices
2009-05-25 13:09 . 2008-06-10 15:39 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-25 11:55 . 2008-07-04 06:23

w- c:program filese-Life Pal
2009-05-25 11:18 . 2008-06-10 16:01

w- c:program filesLClock
2009-05-25 08:50 . 2008-09-08 17:49

w- c:program filesGetRight
2009-05-16 14:32 . 2009-05-16 09:00 126976 —-a-w- c:windowssystem32mslpadap.dll
2009-05-13 05:05 . 2007-12-21 19:48 915456 —-a-w- c:windowssystem32wininet.dll
2009-05-07 15:33 . 2004-08-18 12:00 346624 —-a-w- c:windowssystem32localspl.dll
2009-04-19 19:51 . 2007-12-21 19:18 1847296 —-a-w- c:windowssystem32win32k.sys
.

Sigcheck

[-] 2004-08-18 12:00 14336 5DB0AE95BF08D5A63C167648F1314C07 c:windows$NtServicePackUninstall$svchost.exe
[-] 2008-04-14 16:11 14336 E948A9079D0E6350BE92D4D3E0077F81 c:windowsServicePackFilesi386svchost.exe
[-] 2008-04-14 16:11 14336 E948A9079D0E6350BE92D4D3E0077F81 c:windowssystem32svchost.exe

[-] 2007-12-21 19:24 578560 196B409A7C1C39A5A0F7566C2741FAD1 c:windows$NtServicePackUninstall$user32.dll
[-] 2008-04-14 16:10 579072 A9CDF92EA1CFFB67448EF26F5DF21A6F c:windowsServicePackFilesi386user32.dll
[-] 2008-04-14 16:10 579072 A9CDF92EA1CFFB67448EF26F5DF21A6F c:windowssystem32user32.dll

[-] 2004-08-18 12:00 82944 0B6185E58290D4E5944F6FB9BF6562A1 c:windows$NtServicePackUninstall$ws2_32.dll
[-] 2008-04-14 16:10 82432 5E2915645A0D139519A99F0F95437D96 c:windowsServicePackFilesi386ws2_32.dll
[-] 2008-04-14 16:10 82432 5E2915645A0D139519A99F0F95437D96 c:windowssystem32ws2_32.dll

[-] 2009-03-03 00:16 828416 B1F222F07D53E0A45DEADCBEC7AF3336 c:windows$hf_mig$KB963027-IE7SP3QFEwininet.dll
[-] 2009-05-13 05:09 915456 5CE4E5300A2AD2ABBF3E1028B78FDE25 c:windows$hf_mig$KB969897-IE8SP3QFEwininet.dll
[-] 2008-06-23 15:41 827904 04B0920B661877A10E3409FAF1900810 c:windowsie7updatesKB963027-IE7wininet.dll
[-] 2009-03-03 00:16 828416 B1F222F07D53E0A45DEADCBEC7AF3336 c:windowsie8wininet.dll
[-] 2009-03-08 00:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:windowsie8updatesKB969897-IE8wininet.dll
[-] 2008-04-14 16:10 666624 BD953FC6D28126E19882944944E39904 c:windowsServicePackFilesi386wininet.dll
[-] 2009-05-13 05:05 915456 6026DFFED0787AC7540FD1554338BC17 c:windowsSoftwareDistributionDownloadb04aa9f2c0f154067d5d7b8a659f2a3bSP3GDRwininet.dll
[-] 2009-05-13 05:09 915456 5CE4E5300A2AD2ABBF3E1028B78FDE25 c:windowsSoftwareDistributionDownloadb04aa9f2c0f154067d5d7b8a659f2a3bSP3QFEwininet.dll
[-] 2009-05-13 05:05 915456 6026DFFED0787AC7540FD1554338BC17 c:windowssystem32wininet.dll
[-] 2009-05-13 05:05 915456 6026DFFED0787AC7540FD1554338BC17 c:windowssystem32dllcachewininet.dll

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windows$hf_mig$KB951748SP3GDRtcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:windows$NtServicePackUninstall$tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32driverstcpip.sys

[-] 2004-08-18 12:00 503808 BA9DF5930B2582C31C0C8E52C94DDA48 c:windows$NtServicePackUninstall$winlogon.exe
[-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowsServicePackFilesi386winlogon.exe
[-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowssystem32winlogon.exe

[-] 2007-12-21 19:18 182656 BC84C4F67D0E880B0C46DC0CE2B8CBAA c:windows$NtServicePackUninstall$ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:windowsServicePackFilesi386ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:windowssystem32driversndis.sys

[-] 2004-08-18 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:windows$NtServicePackUninstall$ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:windowsServicePackFilesi386ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:windowssystem32driversip6fw.sys

[-] 2009-02-09 11:18 2067968 F94532F9047E2D94B5CC2125487EBB8D c:windows$hf_mig$KB956572SP3QFEntkrnlpa.exe
[-] 2008-08-14 15:26 2067840 D06434874D29A427B642702B06FA36E2 c:windows$hf_mig$KB956841SP3QFEntkrnlpa.exe
[-] 2007-12-21 19:20 2061184 B683F99750E5C450A03DB3F01648BD4A c:windows$NtServicePackUninstall$ntkrnlpa.exe
[-] 2009-02-10 15:09 2067840 32136AF697E44465D73FA014F459C037 c:windowsDriver Cachei386ntkrnlpa.exe
[-] 2008-04-14 15:50 2067712 B732BB0B17FE6547FC1F5C770549391E c:windowsServicePackFilesi386ntkrnlpa.exe
[-] 2009-02-10 15:09 2067840 32136AF697E44465D73FA014F459C037 c:windowssystem32ntkrnlpa.exe
[-] 2009-02-10 15:09 2067840 32136AF697E44465D73FA014F459C037 c:windowssystem32dllcachentkrnlpa.exe

[-] 2009-02-10 15:18 2190976 5BA788BE01A673A0A5176486CE432DF2 c:windows$hf_mig$KB956572SP3QFEntoskrnl.exe
[-] 2008-08-14 15:26 2190976 73E4452E6A88F91C2C847A2264E85891 c:windows$hf_mig$KB956841SP3QFEntoskrnl.exe
[-] 2007-12-21 19:17 2183936 32FF36DB045A32F606F1EEEC98C78954 c:windows$NtServicePackUninstall$ntoskrnl.exe
[-] 2009-02-09 11:26 2190848 71724D6DC686B1597DE3631F09B3E5C7 c:windowsDriver Cachei386ntoskrnl.exe
[-] 2008-04-14 15:51 2190848 DBD9F0B1A0D346EBBCF20940B86941C5 c:windowsServicePackFilesi386ntoskrnl.exe
[-] 2009-02-09 11:26 2190848 71724D6DC686B1597DE3631F09B3E5C7 c:windowssystem32ntoskrnl.exe
[-] 2009-02-09 11:26 2190848 71724D6DC686B1597DE3631F09B3E5C7 c:windowssystem32dllcachentoskrnl.exe

[-] 2008-04-14 16:10 1034240 847C01CA71883702CC7445364DD9D097 c:windowsexplorer.exe
[-] 2007-12-21 19:23 1720832 907712EC5AE77486FC4DB8DD917C731A c:windows$NtServicePackUninstall$explorer.exe
[-] 2008-04-14 16:10 1034240 847C01CA71883702CC7445364DD9D097 c:windowsServicePackFilesi386explorer.exe
[-] 2008-04-14 16:10 1034240 847C01CA71883702CC7445364DD9D097 c:windowssystem32dllcacheexplorer.exe

[-] 2009-02-09 11:18 111104 0AF0D6AF45220ADB9C30B33CFEC41831 c:windows$hf_mig$KB956572SP3QFEservices.exe
[-] 2004-08-18 12:00 108544 394BE1D5B35B031A94AE51C6F05E3967 c:windows$NtServicePackUninstall$services.exe
[-] 2008-04-14 16:11 109056 AE5D25E59BC5D193ADD3DBF01864BDC5 c:windowsServicePackFilesi386services.exe
[-] 2009-02-09 11:25 111104 94824EEFEBE244036335E644EB5FF3AC c:windowssystem32services.exe
[-] 2009-02-09 11:25 111104 94824EEFEBE244036335E644EB5FF3AC c:windowssystem32dllcacheservices.exe

[-] 2004-08-18 12:00 13312 1952DDC36E60C313CD6ACBD07D4548D6 c:windows$NtServicePackUninstall$lsass.exe
[-] 2008-04-14 16:10 13312 17C1AC326238EFADF17A0612AFD822AD c:windowsServicePackFilesi386lsass.exe
[-] 2008-04-14 16:10 13312 17C1AC326238EFADF17A0612AFD822AD c:windowssystem32lsass.exe

[-] 2007-12-21 19:23 30208 ACC544D628A758A445DF844269E803A7 c:windows$NtServicePackUninstall$ctfmon.exe
[-] 2008-04-14 16:10 15360 B5DC70BB43A14093E00C5A735CC5DFD4 c:windowsServicePackFilesi386ctfmon.exe
[-] 2008-04-14 16:10 15360 B5DC70BB43A14093E00C5A735CC5DFD4 c:windowssystem32ctfmon.exe

[-] 2007-12-21 19:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:windows$NtServicePackUninstall$spoolsv.exe
[-] 2008-04-14 16:11 57856 0139187CDD1B598B6CBB235517117832 c:windowsServicePackFilesi386spoolsv.exe
[-] 2008-04-14 16:11 57856 0139187CDD1B598B6CBB235517117832 c:windowssystem32spoolsv.exe

[-] 2004-08-18 12:00 25088 B5F1A73EDAB83FA2DB9662E10E027587 c:windows$NtServicePackUninstall$userinit.exe
[-] 2008-04-14 16:11 26624 4F88778DD0CD6B99FCDA408E16B36AE7 c:windowsServicePackFilesi386userinit.exe
[-] 2008-04-14 16:11 26624 4F88778DD0CD6B99FCDA408E16B36AE7 c:windowssystem32userinit.exe

[-] 2004-08-18 12:00 295936 FBE10ED076D1E87782778A6CD2AB7085 c:windows$NtServicePackUninstall$termsrv.dll
[-] 2008-04-14 16:10 295936 804A741E1806E8C33C8C642781896C0D c:windowsServicePackFilesi386termsrv.dll
[-] 2008-04-14 16:10 295936 804A741E1806E8C33C8C642781896C0D c:windowssystem32termsrv.dll

[-] 2009-03-21 14:00 997888 B6D7F9BD6A4EC30F22025BA670211AB8 c:windows$hf_mig$KB959426SP3QFEkernel32.dll
[-] 2007-12-21 19:17 992256 386376D4516F7922C5AFE1752B6DED84 c:windows$NtServicePackUninstall$kernel32.dll
[-] 2008-04-14 16:10 995840 D612EE36F95DA6D1179F7567B2B77D77 c:windowsServicePackFilesi386kernel32.dll
[-] 2009-03-21 14:09 995840 7A163D793AF7208E13B0F33864D36438 c:windowssystem32kernel32.dll
[-] 2009-03-21 14:09 995840 7A163D793AF7208E13B0F33864D36438 c:windowssystem32dllcachekernel32.dll

[-] 2004-08-18 12:00 17408 604F22705C12080012968D72D97C6D64 c:windows$NtServicePackUninstall$powrprof.dll
[-] 2008-04-14 16:10 17408 DDDB63DB4C327CA3996AD326C1A8B8D4 c:windowsServicePackFilesi386powrprof.dll
[-] 2008-04-14 16:10 17408 DDDB63DB4C327CA3996AD326C1A8B8D4 c:windowssystem32powrprof.dll

[-] 2004-08-18 12:00 110080 318492C9327EDBBD7FAD35FB3DF65CC3 c:windows$NtServicePackUninstall$imm32.dll
[-] 2008-04-14 16:10 110080 A9690FD601E9F5102F0D3388DF6081BD c:windowsServicePackFilesi386imm32.dll
[-] 2008-04-14 16:10 110080 A9690FD601E9F5102F0D3388DF6081BD c:windowssystem32imm32.dll

[-] 2007-12-21 20:32 1548288 9E62E0CDEC5617D03A1598040E73A70B c:windows$NtServicePackUninstall$sfcfiles.dll
[-] 2008-04-14 16:10 1571840 4379CA978CB35BB2458156B2B6CB35DF c:windowsServicePackFilesi386sfcfiles.dll
[-] 2008-04-14 16:10 1571840 4379CA978CB35BB2458156B2B6CB35DF c:windowssystem32sfcfiles.dll

[-] 2004-08-18 12:00 171008 7A2CF119A6D8C946CC0426E0F6EEE733 c:windows$NtServicePackUninstall$appmgmts.dll
[-] 2008-04-14 16:10 171008 49CD07F6A6D14430D773D83E7E60BB07 c:windowsServicePackFilesi386appmgmts.dll
[-] 2008-04-14 16:10 171008 49CD07F6A6D14430D773D83E7E60BB07 c:windowssystem32appmgmts.dll
[-] 2008-04-14 16:10 171008 49CD07F6A6D14430D773D83E7E60BB07 c:windowssystem32dllcacheappmgmts.dll

[-] 2004-08-18 12:00 24832 84C85813DDB595F97A9F95DA3EDBF81B c:windows$NtServicePackUninstall$kbdclass.sys
[-] 2008-04-14 15:47 24832 2B0018DE01BFB628D0A49A301F34B46F c:windowsServicePackFilesi386kbdclass.sys
[-] 2008-04-14 15:47 24832 2B0018DE01BFB628D0A49A301F34B46F c:windowssystem32driverskbdclass.sys

[-] 2007-12-21 19:23 855040 6168D52CBC1A7F1467915BBB8EE33D86 c:windows$NtServicePackUninstall$comres.dll
[-] 2008-04-14 16:10 797696 F40029071D0DA1013E2CF72EDD07198C c:windowsServicePackFilesi386comres.dll
[-] 2008-04-14 16:10 797696 F40029071D0DA1013E2CF72EDD07198C c:windowssystem32comres.dll

[-] 2004-08-18 12:00 22016 37A519EA77EA438BA4B7A996F92D6B7E c:windows$NtServicePackUninstall$lpk.dll
[-] 2008-04-14 16:10 22016 C50FAD9307F12333FFBE0B80066AB045 c:windowsServicePackFilesi386lpk.dll
[-] 2008-04-14 16:10 22016 C50FAD9307F12333FFBE0B80066AB045 c:windowssystem32lpk.dll

[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:windowssystem32dllcachebeep.sys
[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:windowssystem32driversbeep.sys

[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:windowssystem32dllcachenull.sys
[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:windowssystem32driversnull.sys

[-] 2007-12-21 19:17 927504 452A6521AAAFBE11DAA5CAD9B1E86052 c:windows$NtServicePackUninstall$mfc40u.dll
[-] 2008-04-14 16:10 927504 21B8BD18B4FF64AB41B858F282C5BC81 c:windowsServicePackFilesi386mfc40u.dll
[-] 2008-04-14 16:10 927504 21B8BD18B4FF64AB41B858F282C5BC81 c:windowssystem32mfc40u.dll

[-] 2009-02-09 10:57 401408 F70CC57608BF3CC9F89222A9E515DCCF c:windows$hf_mig$KB956572SP3QFErpcss.dll
[-] 2007-12-21 19:17 398848 92B68A397C659302891E4FEF60366721 c:windows$NtServicePackUninstall$rpcss.dll
[-] 2008-04-14 16:10 399360 7567F54A2957F1281DCB0ED169A22148 c:windowsServicePackFilesi386rpcss.dll
[-] 2009-02-09 10:54 401408 293D96B9A523C8D3A5F3EE448405388E c:windowssystem32rpcss.dll
[-] 2009-02-09 10:54 401408 293D96B9A523C8D3A5F3EE448405388E c:windowssystem32dllcacherpcss.dll

[-] 2004-08-18 12:00 33792 A69AA08A453B9BAF7782A98EF57AF3D1 c:windows$NtServicePackUninstall$msgsvc.dll
[-] 2008-04-14 16:10 33792 1CEA42E9B7DC30FC313C8277EBDC8FCF c:windowsServicePackFilesi386msgsvc.dll
[-] 2008-04-14 16:10 33792 1CEA42E9B7DC30FC313C8277EBDC8FCF c:windowssystem32msgsvc.dll

[-] 2007-12-21 19:16 617472 BA0065C83F4E340C8FD05EECF199A48E c:windows$NtServicePackUninstall$comctl32.dll
[-] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:windowsI386ASMS6000MSFTWINDOWSCOMMONCONTROLSCOMCTL32.DLL
[-] 2008-04-14 16:10 617472 E464083934A22C7E0EDE8A8FFA90D26C c:windowsServicePackFilesi386comctl32.dll
[-] 2008-04-14 16:10 617472 E464083934A22C7E0EDE8A8FFA90D26C c:windowssystem32comctl32.dll
[-] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70acomctl32.dll
[-] 2006-08-25 04:53 1054208 D9C17E4F0DADD879313011B674960883 c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll
[-] 2008-04-14 16:08 1054208 FF63BB56C05EA817124D4E18162FCE46 c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83comctl32.dll

[-] 2004-08-18 12:00 11776 CEA8D1DA7696ACBFC69A3823BCF1C738 c:windowssystem32driversacpiec.sys

[-] 2004-08-18 12:00 5120 F5F629B5CE930A832A7404A91121DB7C c:windows$NtServicePackUninstall$sfc.dll
[-] 2008-04-14 16:10 5120 86E2562942CE84CBC59FCE8011245D7A c:windowsServicePackFilesi386sfc.dll
[-] 2008-04-14 16:10 5120 86E2562942CE84CBC59FCE8011245D7A c:windowssystem32sfc.dll

[-] 2004-08-18 12:00 436736 2105738264B4DDAEB24C2B3851D6427B c:windows$NtServicePackUninstall$ntmssvc.dll
[-] 2008-04-14 16:10 436736 8E6A3AAC5A889AD59479A05A990E8ED3 c:windowsServicePackFilesi386ntmssvc.dll
[-] 2008-04-14 16:10 436736 8E6A3AAC5A889AD59479A05A990E8ED3 c:windowssystem32ntmssvc.dll

[-] 2004-08-18 12:00 89088 2320D8107BAF5284381F70E28751104A c:windows$NtServicePackUninstall$rasauto.dll
[-] 2008-04-14 16:10 88576 C7F1C27D7CD10B86079CB62800974880 c:windowsServicePackFilesi386rasauto.dll
[-] 2008-04-14 16:10 88576 C7F1C27D7CD10B86079CB62800974880 c:windowssystem32rasauto.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-07-04_09.54.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-18 10:33 . 2009-07-18 10:33 16384 c:windowsTempPerflib_Perfdata_504.dat
+ 2009-07-18 09:29 . 2009-07-18 09:29 16384 c:windowsTempPerflib_Perfdata_2c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»d:daemon tools litedaemon.exe» [2008-07-24 490952]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«kav»=»c:program filesKaspersky LabKaspersky Anti-Virus 6.0avp.exe» [2006-03-24 139367]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-13 8466432]
«MAgent»=»E:MAgent.exe» [2009-06-01 5603000]
«Ulead Photo Express Calendar Checker»=»c:program filesUlead SystemsUlead Photo Express 5 SEcalcheck.exe» [2004-01-12 69632]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-21 925696]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-07-13 1626112]
«NvMediaCenter»=»NvMCTray.dll» — c:windowssystem32nvmctray.dll [2007-07-13 81920]
«Ярлык для страницы свойств High Definition Audio»=»HDAShCut.exe» — c:windowssystem32hdashcut.exe [2005-12-26 61952]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«EditLevel»= 0 (0x0)
«NoCommonGroups»= 0 (0x0)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Metin2_RU\metin2.bin»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
«AllowInboundTimestampRequest»= 1 (0x1)
«AllowInboundMaskRequest»= 1 (0x1)
«AllowInboundRouterRequest»= 1 (0x1)
«AllowOutboundParameterProblem»= 0 (0x0)

S2 cglptnt;cglptnt;c:windowssystem32DRIVERScglptnt.sys [2007-09-06 7888]
S2 NwSapAgent;Агент SAP;c:windowssystem32svchost.exe [2008-04-14 14336]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-07-18 c:windowsTasksUser_Feed_Synchronization-{567CECAE-CA91-4173-9C96-3E2C56356C82}.job
— c:windowssystem32msfeedssync.exe [2008-06-10 00:31]

2009-07-18 c:windowsTasksUser_Feed_Synchronization-{BFE786AA-C4C3-4355-BCE7-4C91AB78EB8A}.job
— c:windowssystem32msfeedssync.exe [2008-06-10 00:31]
.
.

Supplementary Scan

.
uStart Page = http://www.mail.ru
uInternet Settings,ProxyOverride =
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:magent.exe
TCP: {186459A1-0A8D-4FA8-875F-C2D9741A2840} = 80.95.32.19 80.95.32.20
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-57989841-2139871995-725345543-500SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(804)
c:windowssystem32cscdll.dll
c:windowssystem32klogon.dll

— — — — — — — > ‘explorer.exe'(3104)
c:windowssystem32WININET.dll
c:windowssystem32nview.dll
c:program filesPunto Switchercorrect.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32webcheck.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.

Other Running Processes

.
c:windowssystem32scardsvr.exe
c:windowssystem32netdde.exe
c:windowssystem32clipsrv.exe
c:windowssystem32imapi.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32tcpsvcs.exe
c:windowssystem32snmp.exe
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:windowssystem32wscntfy.exe
c:program filesOperaopera.exe
.
**************************************************************************
.
Completion time: 2009-07-18 14:45 — machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 10:45
ComboFix2.txt 2009-07-12 18:24
ComboFix3.txt 2009-07-06 04:44
ComboFix4.txt 2009-07-05 16:06
ComboFix5.txt 2009-07-18 10:13

Pre-Run: 5 315 592 192 байт свободно
Post-Run: 5 246 828 544 байт свободно

334 — E O F — 2009-06-11 12:55

Re: Re: стоит блокировка просит смс

Добро пожаловать

Поиск

Важные инструкции

Нет доступа в интернет после удаления вируса — Как восстановить

Как восстановить зашифрованные файлы (Инструкция)

Какой лучший антивирус ? Как выбрать антивирус ?

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Как сбросить настройки Firefox (Инструкция)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки