GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 00:31:06
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB2B13A60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB2AF8BF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB2B15920]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB2AF4F60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB2B00090]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB2B0C2B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB2B0CBB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB2AF3D10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB2AFFE40]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB2B0AD70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB2B18F30]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB2AFEB20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB2B01900]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB2B083A0]
SSDT spdy.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spdy.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB2B09BB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB2AFF6B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB2AF7C10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2B00FC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB2B0ECA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB2AF4580]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB2B0E060]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB2B14DA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB2AF98A0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB2B03750]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB2B03FA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2B12ED0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB2B07590]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB2B05500]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB2B17A50]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB2B17D70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB2B06D20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB2B05C80]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB2B064D0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB2B16480]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB2B12440]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xB2B19520]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2AFABF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB2B091C0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB2B04820]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2B11190]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB2B11AC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB2B18770]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB2B0F790]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2B10620]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB2B0A530]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB2B142B0]
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89A45BF8
INT 0x73 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89A45BF8
INT 0x83 ? 89BE3BF8
INT 0x84 ? 89A45BF8
INT 0xA4 ? 89A45BF8
INT 0xB4 ? 89A45BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [90, 11, B1, B2, C0, 1A, B1, ...]
? spdy.sys Íå óäàåòñÿ íàéòè óêàçàííûé ôàéë. !
.text USBPORT.SYS!DllUnload B84DE8AC 5 Bytes JMP 89A451D8
? System32Driversa8943f91.SYS Ñèñòåìå íå óäàåòñÿ íàéòè óêàçàííûé ïóòü. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spdy.sys
IAT SystemRootsystem32DRIVERSndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSraspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSpsched.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootSystem32DriversNDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSarp1394.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device FileSystemNtfs Ntfs 89BE21F8
Device FileSystemFastfat FatCdrom 87C281F8
Device DriverTcpip DeviceIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverPCI_PNP6566 Device0000043 spdy.sys
Device Driverusbuhci DeviceUSBPDO-0 89A5F1F8
Device Driverdmio DeviceDmControlDmIoDaemon 89C541F8
Device Driverdmio DeviceDmControlDmConfig 89C541F8
Device Driverdmio DeviceDmControlDmPnP 89C541F8
Device Driverdmio DeviceDmControlDmInfo 89C541F8
Device Driverusbuhci DeviceUSBPDO-1 89A5F1F8
Device Driverusbehci DeviceUSBPDO-2 89A411F8
Device Driverusbuhci DeviceUSBPDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBPDO-4 89A5F1F8
Device DriverTcpip DeviceTcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBPDO-5 89A5F1F8
Device Driverusbehci DeviceUSBPDO-6 89A411F8
Device DriverFtdisk DeviceHarddiskVolume1 89BE41F8
Device DriverFtdisk DeviceHarddiskVolume2 89BE41F8
Device DriverCdrom DeviceCdRom0 899F11F8
Device DriverFtdisk DeviceHarddiskVolume3 89BE41F8
Device DriverCdrom DeviceCdRom1 899F11F8
Device DriverCdrom DeviceCdRom2 899F11F8
Device DriverNetBT DeviceNetBt_Wins_Export 893831F8
Device DriverNetBT DeviceNetbiosSmb 893831F8
Device Driversptd Device2574426566 spdy.sys
Device DriverTcpip DeviceUdp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverTcpip DeviceRawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBFDO-0 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-1 89A5F1F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 8839E1F8
Device DriverTcpip DeviceIPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbehci DeviceUSBFDO-2 89A411F8
Device FileSystemMRxSmb DeviceLanmanRedirector 8839E1F8
Device Driverusbuhci DeviceUSBFDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-4 89A5F1F8
Device DriverFtdisk DeviceFtControl 89BE41F8
Device Driverusbuhci DeviceUSBFDO-5 89A5F1F8
Device Driverusbehci DeviceUSBFDO-6 89A411F8
Device Drivera8943f91 DeviceScsia8943f911 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target0Lun0 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target1Lun0 899AB500
Device FileSystemFastfat Fat 87C281F8
Device FileSystemCdfs Cdfs 898FB500
---- Registry - GMER 1.0.15 ----
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
---- EOF - GMER 1.0.15 ----ComboFix 09-03-23.01 - Administrator 2009-03-26 0:40:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1571 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-25 13:43 . 2009-03-25 13:48 d
c:program filesmIRC
2009-03-25 13:33 . 2009-03-25 13:37 d
c:program filesDenS-mIRC
2009-03-25 12:56 . 2009-03-25 12:56 361,600 --a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-24 23:16 . 2001-09-19 21:47 765,952 --a
c:windowssystemcrlds3d.dll
2009-03-24 23:16 . 2006-03-18 02:18 392,960 --a
c:windowssystem32driverssenfilt.sys
2009-03-24 23:16 . 2008-07-10 18:22 334,336 --a
c:windowssystem32driversADIHdAud.sys
2009-03-24 23:16 . 2007-10-17 23:37 28,672 --a
c:windowssystem32PostProc.dll
2009-03-24 21:03 . 2009-03-24 21:03 d
c:program filesInterpretatio
2009-03-23 14:22 . 2009-03-23 14:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 12:42 . 2009-03-25 19:05 d
c:program filesAlawar.ru
2009-03-23 12:25 . 2009-03-23 12:25 d
c:program filesVirtualDubMod
2009-03-22 16:00 . 2009-03-22 16:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 18:02 . 2009-03-20 21:52 d
c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 15:05 . 2009-03-25 12:13 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 --a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 --a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 --a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 --a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2004-09-06 10:25 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 --a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 --a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 --a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 --a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 --a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 --a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 --a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 --a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 --a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 --a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 --a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 --a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 --a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 --a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 --a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 --a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 --a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a--c--- c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 17:58
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-25 16:12
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-25 06:56 361,600 ----a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d--h--w c:program filesInstallShield Installation Information
2009-02-21 12:01
d---a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 ----a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 ----a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-18 12:04 632 ----a-w C:settings.dat
2006-06-23 06:48 32,768 ----a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 17:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 18:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32ctfmon.exe" [2008-04-15 15360]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-12-26 86016]
"2gis update client UI"="c:program files2gisUpdateClientWin32UpdateClientUI.exe" [2008-09-17 4055040]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-06-12 34672]
"OutpostFeedBack"="c:program filesAgnitumOutpost Firewall Profeedback.exe" [2009-03-02 433480]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2008-04-15 1040384]
"nwiz"="nwiz.exe" [2008-12-26 c:windowssystem32nwiz.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"c:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\sessmgr.exe"=
"c:\Program Files\uTorrent\utorrent.exe"=
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
*Deregistered* - DwShield00006C58
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
- c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web - http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores - {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} - c:progra~1Solo9SoloRes.dll
FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 00:41:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-26 0:42:41
ComboFix-quarantined-files.txt 2009-03-25 18:42:39
ComboFix2.txt 2009-03-23 06:08:00
Pre-Run: 33 174 167 552 байт свободно
Post-Run: 33,177,890,816 байт свободно
183 --- E O F --- 2009-03-14 08:20:38
