- This topic has 3 ответа, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
ComboFix 09-01-21.04 — pp 2009-01-28 20:07:53.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1049.18.511.273 [GMT 3:00]
Running from: c:documents and settingsppРабочий столsergComboFix.exe
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32i
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.2009-01-28 20:01 . 2009-01-28 20:01 13 —a
c:windowsreset5.dt3
2009-01-28 20:01 . 2009-01-28 20:01 13 —a
c:windowsreset5.dt2
2009-01-28 20:01 . 2009-01-28 20:01 13 —a
c:windowsreset5.dt1
2009-01-28 18:13 . 2009-01-28 18:13d
c:windowssystem32bits
2009-01-28 18:10 . 2009-01-28 19:33d—h
c:windows$hf_mig$
2009-01-28 18:10 . 2005-02-25 06:36 22,752 —a
c:windowssystem32spupdsvc.exe
2009-01-28 18:09 . 2004-07-02 01:08 360,448 —a—c— c:windowssystem32dllcacheqmgr.dll
2009-01-28 18:09 . 2004-07-02 01:08 331,776 —a
c:windowssystem32winhttp.dll
2009-01-28 18:09 . 2004-07-02 01:08 331,776 —a—c— c:windowssystem32dllcachewinhttp.dll
2009-01-28 18:09 . 2004-07-02 01:08 17,408 —a
c:windowssystem32qmgrprxy.dll
2009-01-28 18:09 . 2004-07-02 01:08 17,408 —a—c— c:windowssystem32dllcacheqmgrprxy.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,680
c— c:windowssystem32dllcachebitsprx2.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,680
c:windowssystem32bitsprx2.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,168
c— c:windowssystem32dllcachebitsprx3.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,168
c:windowssystem32bitsprx3.dll
2009-01-28 18:06 . 2008-10-16 14:06 268,648 —a
c:windowssystem32mucltui.dll
2009-01-28 18:06 . 2008-10-16 14:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-01-28 18:05 . 2008-10-16 14:09 43,544 —a
c:windowssystem32wups2.dll
2009-01-28 18:05 . 2008-10-16 14:08 31,768 —a
c:windowssystem32wucltui.dll.mui
2009-01-28 18:05 . 2008-10-16 14:08 27,672 —a
c:windowssystem32wuapi.dll.mui
2009-01-28 18:05 . 2008-10-16 14:07 23,576 —a
c:windowssystem32wuaucpl.cpl.mui
2009-01-28 18:05 . 2008-10-16 14:07 18,968 —a
c:windowssystem32wuaueng.dll.mui
2009-01-28 18:04 . 2008-10-16 14:12 561,688 —a
c:windowssystem32wuapi.dll
2009-01-28 18:04 . 2008-10-16 14:12 323,608 —a
c:windowssystem32wucltui.dll
2009-01-28 18:04 . 2008-10-16 14:12 213,528 —a
c:windowssystem32wuaucpl.cpl
2009-01-28 18:04 . 2004-08-03 14:04 187,160 —a
c:windowssystem32wuaueng1.dll
2009-01-28 18:04 . 2004-08-03 14:04 168,728 —a
c:windowssystem32wuauclt1.exe
2009-01-28 18:04 . 2008-10-16 14:08 34,328 —a
c:windowssystem32wups.dll
2009-01-28 18:02 . 2009-01-28 18:02d—s—- c:documents and settingsppUserData
2009-01-28 14:17 . 2009-01-28 14:17 735,232 -r-hs—- c:windowssystem32driversSCtri.exe
2009-01-27 19:11 . 2009-01-27 19:16d
c:documents and settingsppDSS DJ Data
2009-01-27 19:10 . 2009-01-27 19:10d
c:program filesMyXOFT
2009-01-27 18:15 . 2009-01-27 18:37 33,367 —a
C:z8g5q3d3n2s9.exe
2009-01-27 00:54 . 2009-01-28 14:17 735,232 —a
c:windowssystem32SCtri.exe
2009-01-27 00:11 . 2009-01-27 00:14 94,208 —a
c:windowsScUnin.exe
2009-01-27 00:11 . 2009-01-27 00:14 35,525 —a
c:windowsscunin.dat
2009-01-27 00:11 . 2009-01-27 00:14 967 —a
c:windowsScUnin.pif
2009-01-27 00:10 . 2009-01-27 00:27d
c:program filesStarcraft
2009-01-26 23:56 . 2009-01-27 00:57d
c:program filesGarena
2009-01-26 23:56 . 2009-01-26 23:56d
c:documents and settingsppApplication DataInstallShield
2009-01-25 22:16 . 2009-01-25 22:15 735,232 —a
c:windowssystem32driversSCtri.exe.vir
2009-01-24 05:36 . 2007-09-04 17:56 164,352 —a
c:windowssystem32unrar.dll
2009-01-24 05:35 . 2009-01-24 05:35d
c:program filesK-Lite Codec Pack
2009-01-24 05:35 . 2007-11-29 23:30 3,596,288 —a
c:windowssystem32qt-dx331.dll
2009-01-24 05:35 . 2007-07-25 14:24 1,559,040 —a
c:windowssystem32xvidcore.dll
2009-01-24 05:35 . 2007-12-04 02:33 682,496 —a
c:windowssystem32divx.dll
2009-01-24 05:35 . 2006-09-24 16:11 389,120 —a
c:windowssystem32lameACM.acm
2009-01-24 05:35 . 2007-03-10 12:51 282,624 —a
c:windowssystem32xvidvfw.dll
2009-01-24 05:35 . 2004-01-25 17:18 217,088 —a
c:windowssystem32yv12vfw.dll
2009-01-24 05:35 . 2007-09-21 01:52 118,784 —a
c:windowssystem32ac3acm.acm
2009-01-24 05:35 . 2007-11-29 23:28 81,920 —a
c:windowssystem32dpl100.dll
2009-01-24 05:35 . 2007-12-24 13:49 7,680 —a
c:windowssystem32ff_vfw.dll
2009-01-24 05:35 . 2007-07-10 17:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2009-01-24 05:35 . 2007-10-03 16:03 414 —a
c:windowssystem32lame_acm.xml
2009-01-23 20:09 . 2009-01-24 00:04 720,896 —a
c:windowssystem32SbCtri.exe
2009-01-23 20:09 . 2009-01-24 00:04 720,896 -r-hs—- c:windowssystem32driversSbCtri.exe
2009-01-23 18:00 . 2009-01-28 20:06 4,933,320 —a
c:windows{00000002-00000000-00000006-00001102-00000008-10011102}.CDF
2009-01-23 18:00 . 2009-01-23 18:00 4,933,320
c:windows{00000002-00000000-00000006-00001102-00000008-10011102}.BAK
2009-01-23 17:59 . 2009-01-28 20:00 30,624 —a
c:windowssystem32BMXStateBkp-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 20:00 30,624 —a
c:windowssystem32BMXState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 20:00 29,772 —a
c:windowssystem32BMXCtrlState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 20:00 29,772 —a
c:windowssystem32BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 20:00 2,796 —a
c:windowssystem32DVCState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 20:00 1,072 —a
c:windowssystem32settingsbkup.sfm
2009-01-23 17:59 . 2009-01-28 20:00 1,072 —a
c:windowssystem32settings.sfm
2009-01-23 17:55 . 1998-01-08 04:00 1,048,576
c:windowssystem32SFMAN.DAT
2009-01-23 17:55 . 2000-05-11 01:00 90,112
c:windowsUpdreg.EXE
2009-01-23 17:55 . 1998-06-05 05:00 84,992
c:windowssystem32SFCVRT32.DLL
2009-01-23 17:55 . 1995-08-30 05:02 82,432
c:windowssystem32CTWFLT32.DLL
2009-01-23 17:55 . 1998-10-20 11:05 54,784
c:windowssystem32INETWH32.DLL
2009-01-23 17:55 . 1994-12-05 06:11 53,552
c:windowsCTCCW.DLL
2009-01-23 17:55 . 1995-07-13 05:01 26,768
c:windowssystem32CTL3D.DLL
2009-01-23 17:55 . 1996-05-23 05:24 24,976
c:windowsCTRES.DLL
2009-01-23 17:55 . 1999-01-14 09:04 231
c:windowsAC3API.INI
2009-01-23 17:54 . 2009-01-23 17:55d
c:windowssystem32Defaults
2009-01-23 17:54 . 2002-08-29 02:01 134,272 —a
c:windowssystem32driversportcls.sys
2009-01-23 17:54 . 2002-08-29 01:32 57,856 —a
c:windowssystem32driversdrmk.sys
2009-01-23 17:52 . 2003-10-28 12:03 4,932,148 —a
c:windowsCTDVAUDY.CDF
2009-01-23 17:50 . 2003-11-11 11:08 77,824 —a
c:windowssystem32ctdvda32.dll
2009-01-23 17:46 . 2002-02-20 06:00 331,776
c:windowssystem32CTMEDENG.DLL
2009-01-23 17:46 . 2001-09-18 03:00 139,264 —a
c:windowssystem32Video.skn
2009-01-23 17:46 . 2001-03-30 02:00 62,976 —a
c:windowssystem32CTDetres.dll
2009-01-23 17:46 . 1999-12-13 04:01 44,032
c:windowssystem32CTSVCCDA.EXE
2009-01-23 17:46 . 1999-11-18 04:00 25,088
c:windowssystem32CTSVCCTL.EXE
2009-01-23 17:46 . 2000-04-20 01:00 24,576 —a
c:windowssystem32CTMERes.DLL
2009-01-23 17:46 . 1998-09-17 01:52 17,350 —a
c:windowssystem32CTDetect.hlp
2009-01-23 17:46 . 1998-09-17 01:52 641 —a
c:windowssystem32CTDetect.cnt
2009-01-23 01:16 . 2009-01-23 01:17d
c:documents and settingsppApplication DataMra
2009-01-23 01:15 . 2009-01-23 01:15d
c:program filesMail.Ru
2009-01-22 19:43 . 2009-01-22 19:52 49,197 —a
C:f2q2q4j8g1t8.exe
2009-01-22 00:40 . 2009-01-22 00:40 720,896 —a
c:windowssystem32driversSbCtri.exe.vir
2009-01-20 02:08 . 2009-01-20 02:26d
c:program filesOCCT
2009-01-19 19:05 . 2009-01-19 19:05 715,776 -r-hs—- c:windowssystem32driversSbiCtr.exe
2009-01-19 14:20 . 2009-01-19 14:20 715,776 —a
c:windowssystem32driversSbiCtr.exe.vir
2009-01-16 20:42 . 2009-01-16 20:42d
c:program filesBuka
2009-01-16 20:24 . 2009-01-16 20:34d
C:Games
2009-01-14 16:51 . 2009-01-14 16:52d
c:program filesAd Muncher
2009-01-14 03:41 . 2009-01-14 04:34d
c:program filesFlylinkDC++
2009-01-11 18:47 . 2007-12-28 07:54 5,791 —a
c:windowssystem32instcm.inf
2009-01-06 03:24 . 2009-01-06 03:24d
c:documents and settingsppApplication DataMedia Player Classic
2009-01-06 03:23 . 2004-01-12 01:00 348,160 —a
c:windowssystem32msvcr71.dll
2009-01-05 21:45 . 2009-01-25 22:16d
c:program filesSoulseek
2009-01-05 19:53 . 2009-01-28 18:50d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-01-05 19:52 . 2006-05-25 14:52 162,304 —a
c:windowssystem32ztvunrar36.dll
2009-01-05 19:52 . 2003-02-02 19:06 153,088 —a
c:windowssystem32UNRAR3.dll
2009-01-05 19:52 . 2005-08-26 00:50 77,312 —a
c:windowssystem32ztvunace26.dll
2009-01-05 19:52 . 2002-03-06 00:00 75,264 —a
c:windowssystem32unacev2.dll
2009-01-05 19:52 . 2006-06-19 12:01 69,632 —a
c:windowssystem32ztvcabinet.dll
2009-01-05 19:51 . 2009-01-28 18:45d
c:program filesTrojan Remover
2009-01-05 19:51 . 2009-01-05 19:51d
c:documents and settingsppApplication DataSimply Super Software
2009-01-05 19:51 . 2009-01-05 19:51d
c:documents and settingsAll UsersApplication DataSimply Super Software
2009-01-05 19:09 . 2009-01-05 19:14d
c:program filesVITSOFT
2009-01-05 15:32 . 2009-01-05 15:32d
c:program filesDAMN NFO Viewer
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsUC.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsRAR.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsPKZIP.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsPKUNZIP.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsNOCLOSE.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsLHA.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsARJ.PIF
2009-01-05 15:27 . 2009-01-05 15:28d
c:program filesTotal Commander XP
2009-01-05 15:17 . 2009-01-05 15:16 512,096 —a
c:windowssystem32driversamon.sys
2009-01-05 15:17 . 2009-01-05 15:16 298,104 —a
c:windowssystem32imon.dll
2009-01-05 15:17 . 2009-01-05 15:16 15,424 —a
c:windowssystem32driversnod32drv.sys
2009-01-05 15:15 . 2009-01-05 20:45d
c:program filesESET.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 14:23 133,120 —-a-w c:windowssystem32sfc_os.dll
2009-01-02 12:50 8,192 —-a-w c:windowssystem32resetwpa.reg
2009-01-02 11:59
d
w c:program filesCommon FilesInstallShield
2009-01-02 11:51
d
w c:program filesmicrosoft frontpage
2009-01-02 11:50 558,142 —-a-w c:windowsjavaPackages87P31JRH.ZIP
2009-01-02 11:50 155,995 —-a-w c:windowsjavaPackages4RTNRLZX.ZIP
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SBDrvDet»=»c:program filesCreativeSB Drive DetSBDrvDet.exe» [2002-12-03 45056]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-05 949376]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-01-18 751616]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-01-23 5603000]
«CTSysVol»=»c:program filesCreativeSBAudigy2Surround MixerCTSysVol.exe» [2003-09-17 57344]
«CTDVDDET»=»c:program filesCreativeSBAudigy2DVDAudioCTDVDDet.EXE» [2003-06-18 45056]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«CTHelper»=»CTHELPER.EXE» [2004-03-19 c:windowssystem32CTHELPER.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2002-09-24 13312][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyreset5]
2002-09-09 23:30 17408 c:windowssystem32reset5.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2009-01-05 15424]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1ppLOCALS~1TempBWN10.tmp —> c:docume~1ppLOCALS~1TempBWN10.tmp [?]
S4 Service Controler Installer;Service Controler Installer; [x]
S4 Service Controler;Service Controler; [x]
.
.
Supplementary Scan
.
uStart Page = hxxp://active.mns.ru/
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
LSP: c:windowsSystem32imon.dll
TCP: {70BE2B90-E27D-484D-B7FA-A04E7A005C7D} = 80.70.224.2,80.70.224.4
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 20:10:57
Windows 5.1.2600 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet002ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1ppLOCALS~1TempBWN10.tmp»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(616)
c:windowsSystem32ODBC32.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32reset5.dll— — — — — — — > ‘lsass.exe'(676)
c:windowsSystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowsSystem32dssenh.dll
.
Completion time: 2009-01-28 20:12:43
ComboFix-quarantined-files.txt 2009-01-28 17:12:40Pre-Run: 15 479 787 520 байт свободно
Post-Run: 16,206,548,992 байт свободно215 — E O F — 2009-01-28 16:21:28
И если мона то в двух словах о нём..)
Здравствуйте, добро пожаловать на Spyware-ru форум.
И если мона то в двух словах о нём..)
О нём, это о ком ?
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
GarenaPEngine
Service Controler Installer
Service Controler
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-01-21.04 — pp 2009-01-29 18:44:08.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1049.18.511.242 [GMT 3:00]
Running from: c:documents and settingsppРабочий столComboFix.exe
Command switches used :: c:documents and settingsppРабочий столCFScript.txt
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32fci.exe
c:windowssystem32i.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_GARENAPENGINE
Legacy_SERVICE_CONTROLER
Legacy_SERVICE_CONTROLER_INSTALLER
Service_GarenaPEngine
Service_Service Controler
Service_Service Controler Installer((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.2009-01-29 18:48 . 2009-01-29 18:48 13 —a
c:windowsreset5.dt3
2009-01-29 18:48 . 2009-01-29 18:48 13 —a
c:windowsreset5.dt2
2009-01-29 18:48 . 2009-01-29 18:48 13 —a
c:windowsreset5.dt1
2009-01-28 21:11 . 2009-01-28 21:11d
C:rsit
2009-01-28 21:11 . 2009-01-28 21:11d
c:program filestrend micro
2009-01-28 18:13 . 2009-01-28 18:13d
c:windowssystem32bits
2009-01-28 18:10 . 2009-01-28 19:33d—h
c:windows$hf_mig$
2009-01-28 18:10 . 2005-02-25 06:36 22,752 —a
c:windowssystem32spupdsvc.exe
2009-01-28 18:09 . 2004-07-02 01:08 360,448 —a—c— c:windowssystem32dllcacheqmgr.dll
2009-01-28 18:09 . 2004-07-02 01:08 331,776 —a
c:windowssystem32winhttp.dll
2009-01-28 18:09 . 2004-07-02 01:08 331,776 —a—c— c:windowssystem32dllcachewinhttp.dll
2009-01-28 18:09 . 2004-07-02 01:08 17,408 —a
c:windowssystem32qmgrprxy.dll
2009-01-28 18:09 . 2004-07-02 01:08 17,408 —a—c— c:windowssystem32dllcacheqmgrprxy.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,680
c— c:windowssystem32dllcachebitsprx2.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,680
c:windowssystem32bitsprx2.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,168
c— c:windowssystem32dllcachebitsprx3.dll
2009-01-28 18:09 . 2004-07-02 01:08 7,168
c:windowssystem32bitsprx3.dll
2009-01-28 18:06 . 2008-10-16 14:06 268,648 —a
c:windowssystem32mucltui.dll
2009-01-28 18:06 . 2008-10-16 14:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-01-28 18:05 . 2008-10-16 14:09 43,544 —a
c:windowssystem32wups2.dll
2009-01-28 18:05 . 2008-10-16 14:08 31,768 —a
c:windowssystem32wucltui.dll.mui
2009-01-28 18:05 . 2008-10-16 14:08 27,672 —a
c:windowssystem32wuapi.dll.mui
2009-01-28 18:05 . 2008-10-16 14:07 23,576 —a
c:windowssystem32wuaucpl.cpl.mui
2009-01-28 18:05 . 2008-10-16 14:07 18,968 —a
c:windowssystem32wuaueng.dll.mui
2009-01-28 18:04 . 2008-10-16 14:12 561,688 —a
c:windowssystem32wuapi.dll
2009-01-28 18:04 . 2008-10-16 14:12 323,608 —a
c:windowssystem32wucltui.dll
2009-01-28 18:04 . 2008-10-16 14:12 213,528 —a
c:windowssystem32wuaucpl.cpl
2009-01-28 18:04 . 2004-08-03 14:04 187,160 —a
c:windowssystem32wuaueng1.dll
2009-01-28 18:04 . 2004-08-03 14:04 168,728 —a
c:windowssystem32wuauclt1.exe
2009-01-28 18:04 . 2008-10-16 14:08 34,328 —a
c:windowssystem32wups.dll
2009-01-28 18:02 . 2009-01-28 18:02d—s—- c:documents and settingsppUserData
2009-01-28 14:17 . 2009-01-28 21:51 735,232 -r-hs—- c:windowssystem32driversSCtri.exe
2009-01-27 19:11 . 2009-01-27 19:16d
c:documents and settingsppDSS DJ Data
2009-01-27 19:10 . 2009-01-27 19:10d
c:program filesMyXOFT
2009-01-27 18:15 . 2009-01-27 18:37 33,367 —a
C:z8g5q3d3n2s9.exe
2009-01-27 00:54 . 2009-01-28 21:51 735,232 —a
c:windowssystem32SCtri.exe
2009-01-27 00:11 . 2009-01-27 00:14 94,208 —a
c:windowsScUnin.exe
2009-01-27 00:11 . 2009-01-27 00:14 35,525 —a
c:windowsscunin.dat
2009-01-27 00:11 . 2009-01-27 00:14 967 —a
c:windowsScUnin.pif
2009-01-27 00:10 . 2009-01-27 00:27d
c:program filesStarcraft
2009-01-26 23:56 . 2009-01-27 00:57d
c:program filesGarena
2009-01-26 23:56 . 2009-01-26 23:56d
c:documents and settingsppApplication DataInstallShield
2009-01-25 22:16 . 2009-01-25 22:15 735,232 —a
c:windowssystem32driversSCtri.exe.vir
2009-01-24 05:36 . 2007-09-04 17:56 164,352 —a
c:windowssystem32unrar.dll
2009-01-24 05:35 . 2009-01-24 05:35d
c:program filesK-Lite Codec Pack
2009-01-24 05:35 . 2007-11-29 23:30 3,596,288 —a
c:windowssystem32qt-dx331.dll
2009-01-24 05:35 . 2007-07-25 14:24 1,559,040 —a
c:windowssystem32xvidcore.dll
2009-01-24 05:35 . 2007-12-04 02:33 682,496 —a
c:windowssystem32divx.dll
2009-01-24 05:35 . 2006-09-24 16:11 389,120 —a
c:windowssystem32lameACM.acm
2009-01-24 05:35 . 2007-03-10 12:51 282,624 —a
c:windowssystem32xvidvfw.dll
2009-01-24 05:35 . 2004-01-25 17:18 217,088 —a
c:windowssystem32yv12vfw.dll
2009-01-24 05:35 . 2007-09-21 01:52 118,784 —a
c:windowssystem32ac3acm.acm
2009-01-24 05:35 . 2007-11-29 23:28 81,920 —a
c:windowssystem32dpl100.dll
2009-01-24 05:35 . 2007-12-24 13:49 7,680 —a
c:windowssystem32ff_vfw.dll
2009-01-24 05:35 . 2007-07-10 17:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2009-01-24 05:35 . 2007-10-03 16:03 414 —a
c:windowssystem32lame_acm.xml
2009-01-23 20:09 . 2009-01-24 00:04 720,896 —a
c:windowssystem32SbCtri.exe
2009-01-23 20:09 . 2009-01-24 00:04 720,896 -r-hs—- c:windowssystem32driversSbCtri.exe
2009-01-23 18:00 . 2009-01-29 18:49 4,933,320 —a
c:windows{00000002-00000000-00000006-00001102-00000008-10011102}.CDF
2009-01-23 18:00 . 2009-01-23 18:00 4,933,320
c:windows{00000002-00000000-00000006-00001102-00000008-10011102}.BAK
2009-01-23 17:59 . 2009-01-28 22:09 30,624 —a
c:windowssystem32BMXStateBkp-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 22:09 30,624 —a
c:windowssystem32BMXState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 22:09 29,772 —a
c:windowssystem32BMXCtrlState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 22:09 29,772 —a
c:windowssystem32BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 22:09 2,796 —a
c:windowssystem32DVCState-{00000002-00000000-00000006-00001102-00000008-10011102}.rfx
2009-01-23 17:59 . 2009-01-28 22:09 1,072 —a
c:windowssystem32settingsbkup.sfm
2009-01-23 17:59 . 2009-01-28 22:09 1,072 —a
c:windowssystem32settings.sfm
2009-01-23 17:55 . 1998-01-08 04:00 1,048,576
c:windowssystem32SFMAN.DAT
2009-01-23 17:55 . 2000-05-11 01:00 90,112
c:windowsUpdreg.EXE
2009-01-23 17:55 . 1998-06-05 05:00 84,992
c:windowssystem32SFCVRT32.DLL
2009-01-23 17:55 . 1995-08-30 05:02 82,432
c:windowssystem32CTWFLT32.DLL
2009-01-23 17:55 . 1998-10-20 11:05 54,784
c:windowssystem32INETWH32.DLL
2009-01-23 17:55 . 1994-12-05 06:11 53,552
c:windowsCTCCW.DLL
2009-01-23 17:55 . 1995-07-13 05:01 26,768
c:windowssystem32CTL3D.DLL
2009-01-23 17:55 . 1996-05-23 05:24 24,976
c:windowsCTRES.DLL
2009-01-23 17:55 . 1999-01-14 09:04 231
c:windowsAC3API.INI
2009-01-23 17:54 . 2009-01-23 17:55d
c:windowssystem32Defaults
2009-01-23 17:54 . 2002-08-29 02:01 134,272 —a
c:windowssystem32driversportcls.sys
2009-01-23 17:54 . 2002-08-29 01:32 57,856 —a
c:windowssystem32driversdrmk.sys
2009-01-23 17:52 . 2003-10-28 12:03 4,932,148 —a
c:windowsCTDVAUDY.CDF
2009-01-23 17:50 . 2003-11-11 11:08 77,824 —a
c:windowssystem32ctdvda32.dll
2009-01-23 17:46 . 2002-02-20 06:00 331,776
c:windowssystem32CTMEDENG.DLL
2009-01-23 17:46 . 2001-09-18 03:00 139,264 —a
c:windowssystem32Video.skn
2009-01-23 17:46 . 2001-03-30 02:00 62,976 —a
c:windowssystem32CTDetres.dll
2009-01-23 17:46 . 1999-12-13 04:01 44,032
c:windowssystem32CTSVCCDA.EXE
2009-01-23 17:46 . 1999-11-18 04:00 25,088
c:windowssystem32CTSVCCTL.EXE
2009-01-23 17:46 . 2000-04-20 01:00 24,576 —a
c:windowssystem32CTMERes.DLL
2009-01-23 17:46 . 1998-09-17 01:52 17,350 —a
c:windowssystem32CTDetect.hlp
2009-01-23 17:46 . 1998-09-17 01:52 641 —a
c:windowssystem32CTDetect.cnt
2009-01-23 01:16 . 2009-01-23 01:17d
c:documents and settingsppApplication DataMra
2009-01-23 01:15 . 2009-01-23 01:15d
c:program filesMail.Ru
2009-01-22 19:43 . 2009-01-22 19:52 49,197 —a
C:f2q2q4j8g1t8.exe
2009-01-22 00:40 . 2009-01-22 00:40 720,896 —a
c:windowssystem32driversSbCtri.exe.vir
2009-01-20 02:08 . 2009-01-20 02:26d
c:program filesOCCT
2009-01-19 19:05 . 2009-01-19 19:05 715,776 -r-hs—- c:windowssystem32driversSbiCtr.exe
2009-01-19 14:20 . 2009-01-19 14:20 715,776 —a
c:windowssystem32driversSbiCtr.exe.vir
2009-01-16 20:42 . 2009-01-16 20:42d
c:program filesBuka
2009-01-16 20:24 . 2009-01-16 20:34d
C:Games
2009-01-14 16:51 . 2009-01-14 16:52d
c:program filesAd Muncher
2009-01-14 03:41 . 2009-01-14 04:34d
c:program filesFlylinkDC++
2009-01-11 18:47 . 2007-12-28 07:54 5,791 —a
c:windowssystem32instcm.inf
2009-01-06 03:24 . 2009-01-06 03:24d
c:documents and settingsppApplication DataMedia Player Classic
2009-01-06 03:23 . 2004-01-12 01:00 348,160 —a
c:windowssystem32msvcr71.dll
2009-01-05 21:45 . 2009-01-25 22:16d
c:program filesSoulseek
2009-01-05 19:53 . 2009-01-28 20:22d-a
c:documents and settingsAll UsersApplication DataTEMP
2009-01-05 19:52 . 2006-05-25 14:52 162,304 —a
c:windowssystem32ztvunrar36.dll
2009-01-05 19:52 . 2003-02-02 19:06 153,088 —a
c:windowssystem32UNRAR3.dll
2009-01-05 19:52 . 2005-08-26 00:50 77,312 —a
c:windowssystem32ztvunace26.dll
2009-01-05 19:52 . 2002-03-06 00:00 75,264 —a
c:windowssystem32unacev2.dll
2009-01-05 19:52 . 2006-06-19 12:01 69,632 —a
c:windowssystem32ztvcabinet.dll
2009-01-05 19:51 . 2009-01-28 18:45d
c:program filesTrojan Remover
2009-01-05 19:51 . 2009-01-05 19:51d
c:documents and settingsppApplication DataSimply Super Software
2009-01-05 19:51 . 2009-01-05 19:51d
c:documents and settingsAll UsersApplication DataSimply Super Software
2009-01-05 19:09 . 2009-01-05 19:14d
c:program filesVITSOFT
2009-01-05 15:32 . 2009-01-05 15:32d
c:program filesDAMN NFO Viewer
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsUC.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsRAR.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsPKZIP.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsPKUNZIP.PIF
2009-01-05 15:28 . 2005-02-11 00:00 545 —a
c:windowsNOCLOSE.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsLHA.PIF
2009-01-05 15:28 . 2003-11-26 05:01 545 —a
c:windowsARJ.PIF
2009-01-05 15:27 . 2009-01-05 15:28d
c:program filesTotal Commander XP
2009-01-05 15:17 . 2009-01-05 15:16 512,096 —a
c:windowssystem32driversamon.sys
2009-01-05 15:17 . 2009-01-05 15:16 298,104 —a
c:windowssystem32imon.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 11:59
d
w c:program filesCommon FilesInstallShield
2009-01-02 11:51
d
w c:program filesmicrosoft frontpage
2009-01-02 11:50 558,142 —-a-w c:windowsjavaPackages87P31JRH.ZIP
2009-01-02 11:50 155,995 —-a-w c:windowsjavaPackages4RTNRLZX.ZIP
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SBDrvDet»=»c:program filesCreativeSB Drive DetSBDrvDet.exe» [2002-12-03 45056]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-01-05 949376]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-01-18 751616]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-01-23 5603000]
«CTSysVol»=»c:program filesCreativeSBAudigy2Surround MixerCTSysVol.exe» [2003-09-17 57344]
«CTDVDDET»=»c:program filesCreativeSBAudigy2DVDAudioCTDVDDet.EXE» [2003-06-18 45056]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«CTHelper»=»CTHELPER.EXE» [2004-03-19 c:windowssystem32CTHELPER.EXE][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2002-09-24 13312][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyreset5]
2002-09-09 23:30 17408 c:windowssystem32reset5.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2009-01-05 15424]
.
.
Supplementary Scan
.
uStart Page = hxxp://active.mns.ru/
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=E3B46J7T&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=E3B46J7T&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=E3B46J7T&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=E3B46J7T&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=E3B46J7T&id=menu_ie_report
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
LSP: c:windowsSystem32imon.dll
TCP: {2E05A69A-E964-4EBB-B258-579F55E54807} = 80.70.224.4 80.70.224.2
TCP: {70BE2B90-E27D-484D-B7FA-A04E7A005C7D} = 80.70.224.2,80.70.224.4
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 18:49:13
Windows 5.1.2600 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(612)
c:windowsSystem32ODBC32.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32reset5.dll— — — — — — — > ‘lsass.exe'(704)
c:windowsSystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowsSystem32dssenh.dll
.
Other Running Processes
.
c:windowssystem32savedump.exe
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:windowssystem32CTSVCCDA.EXE
c:program filesESETnod32krn.exe
c:windowssystem32MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2009-01-29 18:52:01 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 15:51:57
ComboFix2.txt 2009-01-28 17:24:49Pre-Run: 18 330 943 488 байт свободно
Post-Run: 18,310,488,064 байт свободно236 — E O F — 2009-01-28 16:21:28
- Для ответа в этой теме необходимо авторизоваться.
