Доброго времени суток, Valeri!
ComboFix 09-03-25.04 — Сергей 2009-03-26 19:07:41.4 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.2550.1882 [GMT 3:00]
Running from: c:documents and settingsСергейРабочий столComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsСергейLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
.
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.
2009-03-24 20:53 . 2009-03-26 17:25 7,077,888 —ah
c:documents and settingsСергейNTUSER.DAT
2009-03-24 20:53 . 2009-03-26 17:25 7,077,888 —ah
c:documents and settingsСергейNTUSER.DAT
2009-03-24 20:48 . 2008-07-19 00:06 d
c:documents and settingsАдминистраторWINDOWS
2009-03-24 20:48 . 2008-07-19 00:06 d
c:documents and settingsАдминистраторWINDOWS
2009-03-24 20:48 . 2008-07-19 00:06 d
c:documents and settingsАдминистраторApplication Datatoshiba
2009-03-24 20:48 . 2008-07-19 00:06 d
c:documents and settingsАдминистраторApplication DataSonic
2009-03-24 20:48 . 2008-07-18 14:48 d
c:documents and settingsАдминистраторApplication DataIntel
2009-03-24 20:48 . 2008-07-19 00:06 d
c:documents and settingsАдминистраторApplication DataATI
2009-03-24 20:48 . 2008-07-19 00:06 d—h
c:documents and settingsАдминистраторШаблоны
2009-03-24 20:48 . 2008-07-19 00:06 d—h
c:documents and settingsАдминистраторШаблоны
2009-03-24 20:48 . 2008-07-30 13:54 d
c:documents and settingsАдминистраторРабочий стол
2009-03-24 20:48 . 2008-07-30 13:54 d
c:documents and settingsАдминистраторРабочий стол
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторМои документы
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторМои документы
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторГлавное меню
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторГлавное меню
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторИзбранное
2009-03-24 20:48 . 2008-07-19 00:06 dr
c:documents and settingsАдминистраторИзбранное
2009-03-24 20:48 . 2009-03-24 20:49 d
c:documents and settingsАдминистратор
2009-03-23 00:21 . 2009-03-23 00:21 d
c:documents and settingsLocalServiceApplication DataSACore
2009-03-23 00:21 . 2009-03-23 00:21 d
c:documents and settingsAll UsersApplication DataSiteAdvisor
2009-03-23 00:20 . 2009-03-23 00:20 d
c:program filesCommon FilesMcAfee
2009-03-23 00:19 . 2009-03-26 12:24 d
c:program filesMcAfee
2009-03-23 00:19 . 2009-03-23 00:20 d
c:documents and settingsAll UsersApplication DataMcAfee
2009-03-22 00:09 . 2009-03-22 00:19 d
c:windowssystem32CatRoot_bak
2009-03-20 14:40 . 2009-03-23 00:08 d
c:program filestrend micro
2009-03-20 11:47 . 2009-03-20 12:03 d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-03-20 11:47 . 2009-03-20 11:47 d
c:documents and settingsСергейApplication DataSimply Super Software
2009-03-20 11:19 . 2009-03-20 11:19 d
c:documents and settingsСергейApplication DataMozilla
2009-03-20 11:19 . 2009-03-20 11:19 d
c:documents and settingsСергейApplication Datafvbxpgzs
2009-03-20 11:19 . 2009-03-20 11:19 2 —h
c:windowst55ft2935f44.dat
2009-03-20 01:51 . 2009-03-20 01:51 2 —h
c:windowst55ft2951f44.dat
2009-03-19 21:45 . 2009-03-19 21:45 d
c:program filesMSECache
2009-03-18 02:04 . 2008-08-08 16:35 436,784 —a
c:windowssystem32vnetlib.dll
2009-03-18 02:04 . 2008-08-08 16:34 150,064 —a
c:windowssystem32vmnat.exe
2009-03-18 02:04 . 2008-08-08 16:35 121,392 —a
c:windowssystem32vmnetdhcp.exe
2009-03-18 02:04 . 2008-08-08 16:32 50,992 -ra
c:windowssystem32vmnetbridge.dll
2009-03-18 02:04 . 2008-08-08 16:32 28,592 -ra
c:windowssystem32driversvmnetbridge.sys
2009-03-18 02:04 . 2008-08-08 16:36 25,264 —a
c:windowssystem32driversvmnetuserif.sys
2009-03-18 02:04 . 2008-08-08 16:36 20,912 —a
c:windowssystem32driversVMkbd.sys
2009-03-18 02:04 . 2008-08-08 16:32 17,712 -ra
c:windowssystem32driversvmnet.sys
2009-03-18 02:04 . 2008-08-08 16:32 16,816 -ra
c:windowssystem32driversvmnetadapter.sys
2009-03-18 02:04 . 2008-08-08 16:32 13,104 -ra
c:windowssystem32vnetinst.dll
2009-03-18 02:02 . 2009-03-18 02:02 d
c:program filesCommon FilesVMware
2009-03-15 22:22 . 2009-03-26 16:45 d
c:documents and settingsСергейApplication DataVMware
2009-03-15 22:14 . 2009-03-26 12:25 d
c:documents and settingsLocalServiceApplication DataVMware
2009-03-15 22:10 . 2009-03-18 02:02 d
c:program filesVMware
2009-03-15 22:10 . 2009-03-26 12:24 d
c:documents and settingsAll UsersApplication DataVMware
2009-03-15 00:23 . 2009-03-15 00:23 d
c:program filesFLVPlayer
2009-03-12 02:22 . 2009-03-12 02:22 d
c:program filesMSXML 4.0
2009-03-12 00:19 . 2008-08-14 16:40 2,187,776
c— c:windowssystem32dllcachentoskrnl.exe
2009-03-12 00:19 . 2008-08-14 16:40 2,144,768
c— c:windowssystem32dllcachentkrnlmp.exe
2009-03-12 00:19 . 2008-08-14 16:40 2,064,768
c— c:windowssystem32dllcachentkrnlpa.exe
2009-03-12 00:19 . 2008-08-14 16:40 2,022,912
c— c:windowssystem32dllcachentkrpamp.exe
2009-03-12 00:19 . 2007-04-02 08:59 546,304
c— c:windowssystem32dllcachehhctrl.ocx
2009-03-12 00:19 . 2008-06-14 20:59 272,512
c:windowssystem32driversbthport.sys
2009-03-12 00:19 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2009-03-12 00:16 . 2008-04-11 21:51 683,520
c— c:windowssystem32dllcacheinetcomm.dll
2009-03-12 00:16 . 2008-10-24 14:10 453,632
c— c:windowssystem32dllcachemrxsmb.sys
2009-03-12 00:16 . 2008-12-11 14:57 333,184
c— c:windowssystem32dllcachesrv.sys
2009-03-12 00:16 . 2008-05-01 17:33 331,776
c— c:windowssystem32dllcachemsadce.dll
2009-03-12 00:16 . 2008-05-08 15:28 202,752
c— c:windowssystem32dllcachermcast.sys
2009-03-12 00:15 . 2008-12-21 02:03 6,066,688
c— c:windowssystem32dllcacheieframe.dll
2009-03-12 00:15 . 2007-04-17 12:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2009-03-12 00:15 . 2007-03-08 08:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2009-03-12 00:15 . 2008-12-21 02:03 459,264
c— c:windowssystem32dllcachemsfeeds.dll
2009-03-12 00:15 . 2008-12-21 02:03 383,488
c— c:windowssystem32dllcacheieapfltr.dll
2009-03-12 00:15 . 2008-12-21 02:03 267,776
c— c:windowssystem32dllcacheiertutil.dll
2009-03-12 00:15 . 2008-12-21 02:03 63,488
c— c:windowssystem32dllcacheicardie.dll
2009-03-12 00:15 . 2008-12-21 02:03 52,224
c— c:windowssystem32dllcachemsfeedsbs.dll
2009-03-12 00:15 . 2008-12-19 12:10 13,824
c— c:windowssystem32dllcacheieudinit.exe
2009-03-12 00:14 . 2008-09-04 19:45 1,106,944
c— c:windowssystem32dllcachemsxml3.dll
2009-03-12 00:14 . 2008-10-15 20:00 332,800
c— c:windowssystem32dllcachenetapi32.dll
2009-03-12 00:14 . 2008-10-03 13:17 247,326
c— c:windowssystem32dllcachestrmdll.dll
2009-03-10 17:21 . 2009-03-10 17:21 d
c:program filesETrainer
2009-03-10 11:36 . 2009-03-10 11:36 d
c:program filesQIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 00:03
d
w c:program filesGoogle
2009-03-19 22:58
d
w c:program filesESET
2009-02-09 14:18 1,846,400 —-a-w c:windowssystem32win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«CeEKEY»=»c:program filesTOSHIBAE-KEYCeEKey.exe» [2005-12-01 671744]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2005-12-05 667718]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-07-18 950664]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 11 Six LanguagesLvagent.exe» [2005-09-01 106496]
«vmware-tray»=»c:program filesVMwareVMware Workstationvmware-tray.exe» [2008-08-08 72240]
«VMware hqtray»=»c:program filesVMwareVMware Workstationhqtray.exe» [2008-08-08 55856]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 39792]
«NDSTray.exe»=»NDSTray.exe» [BU]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.ffds»= ffdshow.ax
«vidc.DIV3″= DivXc32.dll
«vidc.DIV4″= DivXc32f.dll
«msacm.divxa32″= DivXa32.acm
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ARIS6.2\LocalServer\ASA8\win32\dbsrv8.exe»=
«c:\Program Files\ARIS6.2\ArisServerW62.exe»=
«c:\WebServers\usr\local\apache\Apache.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\WINDOWS\system32\igfxtray.exe»=
«c:\WINDOWS\system32\hkcmd.exe»=
«c:\WINDOWS\system32\igfxpers.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe»=
«c:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe»=
«c:\Program Files\Eset\nod32kui.exe»=
«c:\Program Files\ABBYY Lingvo 11 Six Languages\LvAgent.exe»=
«c:\Program Files\VMware\VMware Workstation\vmware-tray.exe»=
«c:\Program Files\VMware\VMware Workstation\hqtray.exe»=
«c:\Program Files\TOSHIBA\E-KEY\CeEKey.exe»=
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-07-18 15424]
R2 hl_mull;hl_mull;c:windowssystem32drivershl_mull.sys [2008-07-25 67712]
R2 LogWatch;Event Log Watch;c:ca_licLogWatNT.exe [2006-10-17 69632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesMcAfeeSiteAdvisorMcSACore.exe [2009-03-23 210216]
S2 amd64si;amd64si;??c:windowssystem32driversamd64si.sys —> c:windowssystem32driversamd64si.sys [?]
S2 fips32cup;fips32cup;??c:windowssystem32driversfips32cup.sys —> c:windowssystem32driversfips32cup.sys [?]
S2 netsik;netsik;??c:windowssystem32driversnetsik.sys —> c:windowssystem32driversnetsik.sys [?]
S2 systemntmi;systemntmi;??c:windowssystem32driverssystemntmi.sys —> c:windowssystem32driverssystemntmi.sys [?]
S3 GoogleDesktopManager-092308-165331;Диспетчер Google Desktop 5.8.809.23506;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2009-03-10 30192]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bd25be78-ac4b-11dd-929b-f9c804c34718}]
ShellAutoRuncommand — E:npeuinst.exe
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/
IE: &Google Search — c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Backward &Links — c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page — c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages — c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English — c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
IE: Translate with ABBYY &Lingvo — c:program filesABBYY Lingvo 11 Six LanguagesLingvo.exe/3000
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPROMT 7PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPROMT 7PRMTIEoptions.htm
LSP: c:windowssystem32imon.dll
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} — hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 19:11:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(684)
c:windowssystem32Ati2evxx.dll
— — — — — — — > ‘lsass.exe'(740)
c:windowssystem32imon.dll
.
Completion time: 2009-03-26 19:12:58
ComboFix-quarantined-files.txt 2009-03-26 16:12:44
Pre-Run: 27 348 250 624 байт свободно
Post-Run: 27,626,106,880 байт свободно
198 — E O F — 2009-03-20 07:28:36
