Посмотрите пожалуйста отчет

This topic has 0 ответов, 1 участник, and was last updated 15 years, 4 months назад by Diuse.

Просмотр 1 сообщения - с 1 по 1 (всего 1)

Автор

Сообщения
23 апреля, 2010 в 9:05 пп #17817
Diuse
Participant
- Темы:1
- Сообщений:1
ComboFix 10-04-21.01 — Виталий 24.04.2010 0:44.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1625 [GMT 4:00]
Running from: c:downloadsПрограммыComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:2.exe
c:documents and settingsAll UsersГлавное менюПрограммыRitmix Multi Player
c:documents and settingsAll UsersГлавное менюПрограммыRitmix Multi Player LDB ManagerRitmix LDB Manager.lnk
c:documents and settingsAll UsersГлавное менюПрограммыRitmix Multi Player LDB ManagerUnInstall.lnk
c:program filesFieryAds
c:program filesMyCentria
c:program filesVKSaver
c:program filesVKSaveruninstall.exe
c:recyclerS-1-5-21-2000478354-162531612-725345543-500
c:windowssystem32msconfig.exe
c:windowssystem32mssrv32.exe
c:windowssystem32vksaver.dll
c:windowsTEMPinstall_flash_player.exe
d:diuses папкаwmk_ruWebMoney AdvisortbHElper.dll

Infected copy of c:windowssystem32srsvc.dll was found and disinfected
Restored copy from — c:windowsServicePackFilesi386srsvc.dll

c:windowssystem32proquota.exe was missing
Restored copy from — c:windowsServicePackFilesi386proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_MSUPDATE

Service_msupdate

((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 20:47 . 2008-04-14 16:11 50688 —-a-w- c:windowssystem32proquota.exe
2010-04-23 20:47 . 2008-04-14 16:10 171008 —-a-w- c:windowssystem32srsvc.dll
2010-04-14 19:45 . 2010-04-14 19:45 21840 —-a-w- c:windowssystem32SIntfNT.dll
2010-04-14 19:45 . 2010-04-14 19:45 17212 —-a-w- c:windowssystem32SIntf32.dll
2010-04-14 19:45 . 2010-04-14 19:45 12067 —-a-w- c:windowssystem32SIntf16.dll
2010-04-14 10:14 . 2010-04-14 10:14 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2010-04-07 08:00 . 2010-04-21 06:21

d

w- c:documents and settingsГостьApplication DataOpenOffice.org2
2010-04-05 17:38 . 2010-04-05 17:43

d

w- C:USD
2010-03-31 17:20 . 2010-03-31 17:20

d

w- c:program filesCommon FilesSkype
2010-03-31 16:59 . 2010-03-31 16:59

d

w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
2010-03-31 16:59 . 2010-03-31 16:59

d

w- c:program filesNVIDIA Corporation
2010-03-31 16:58 . 2010-03-16 06:51 61440 —-a-w- c:windowssystem32OpenCL.dll
2010-03-31 16:58 . 2010-03-16 06:51 2646632 —-a-w- c:windowssystem32nvcuvenc.dll
2010-03-31 16:58 . 2010-03-16 06:51 2030184 —-a-w- c:windowssystem32nvcuvid.dll
2010-03-31 16:58 . 2010-03-16 06:51 2183470 —-a-w- c:windowssystem32nvdata.bin
2010-03-31 16:58 . 2010-03-16 06:51 11640832 —-a-w- c:windowssystem32nvcompiler.dll
2010-03-31 09:40 . 2010-03-31 09:40

d

w- c:documents and settingsГостьLocal SettingsApplication DataOpera
2010-03-28 22:31 . 2010-03-28 22:31

d

w- C:NVIDIA
2010-03-28 20:59 . 2010-03-28 20:59

d

w- c:program filesSystemRequirementsLab
2010-03-28 11:37 . 2010-03-28 11:37

d

w- c:documents and settingsГостьLocal SettingsApplication DataAdobe
2010-03-26 17:16 . 2010-03-26 17:16

d

w- C:KEYSLOGS
2010-03-26 11:18 . 2010-03-26 11:18

d

w- c:documents and settingsAll UsersApplication DataFarm Frenzy
2010-03-26 08:29 . 2010-03-26 08:29

d

w- c:documents and settingsГостьLocal SettingsApplication DataWinamp Toolbar
2010-03-26 08:26 . 2010-03-28 11:30

d

w- c:documents and settingsГостьLocal SettingsApplication Datafree-downloads.net
2010-03-26 08:26 . 2010-03-26 08:29

d

w- c:documents and settingsГостьLocal SettingsApplication DataConduit
2010-03-26 08:26 . 2010-03-26 08:26

d

w- c:documents and settingsГостьLocal SettingsApplication DataGoogle
2010-03-25 00:02 . 2010-03-25 00:02 114496 —-a-w- c:windowssystem32driversprodrv04.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 20:44 . 2004-08-18 12:00 75072 —-a-w- c:windowssystem32perfc019.dat
2010-04-23 20:44 . 2004-08-18 12:00 68932 —-a-w- c:windowssystem32perfh019.dat
2010-04-23 07:28 . 2009-02-01 18:37

d

w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-04-22 09:12 . 2010-03-07 14:00

d

w- c:program filesDivX
2010-04-21 10:37 . 2010-01-16 02:48

d

w- c:program filesFileZilla FTP Client
2010-04-16 14:36 . 2008-12-22 18:51

d

w- c:program filesGoogle
2010-04-13 22:56 . 2009-04-17 14:09

d

w- c:program filesGarena
2010-04-13 20:57 . 2008-12-21 18:13

d

w- c:program filesAMD
2010-03-31 17:20 . 2009-04-05 17:12

d

r- c:program filesSkype
2010-03-31 17:20 . 2009-04-05 17:12

d

w- c:documents and settingsAll UsersApplication DataSkype
2010-03-31 09:31 . 2010-03-31 09:31 503808 —-a-w- c:documents and settingsГостьApplication DataSunJavaDeploymentSystemCache6.0541a209876-42efb4df-nmsvcp71.dll
2010-03-31 09:31 . 2010-03-31 09:31 499712 —-a-w- c:documents and settingsГостьApplication DataSunJavaDeploymentSystemCache6.0541a209876-42efb4df-njmc.dll
2010-03-31 09:31 . 2010-03-31 09:31 348160 —-a-w- c:documents and settingsГостьApplication DataSunJavaDeploymentSystemCache6.0541a209876-42efb4df-nmsvcr71.dll
2010-03-31 09:30 . 2010-03-31 09:30 61440 —-a-w- c:documents and settingsГостьApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-5ecf0235-ndecora-sse.dll
2010-03-31 09:30 . 2010-03-31 09:30 12800 —-a-w- c:documents and settingsГостьApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-5ecf0235-ndecora-d3d.dll
2010-03-30 19:23 . 2009-04-05 19:16

d

w- c:program filesCommon FilesJava
2010-03-30 19:23 . 2009-04-05 19:16

d

w- c:program filesJava
2010-03-24 14:04 . 2010-03-24 14:04

d

w- c:program filesdirectx
2010-03-23 14:46 . 2008-12-29 18:56

d

w- c:program filesDownload Master
2010-03-16 19:33 . 2008-12-21 16:54

d—h—w- c:program filesInstallShield Installation Information
2010-03-16 06:51 . 2008-12-21 17:00 600680 —-a-w- c:windowssystem32nvudisp.exe
2010-03-16 06:51 . 2008-02-28 05:34 6432128 —-a-w- c:windowssystem32nv4_disp.dll
2010-03-16 06:51 . 2008-02-28 05:34 4075520 —-a-w- c:windowssystem32nvcuda.dll
2010-03-16 06:51 . 2008-02-28 05:34 215656 —-a-w- c:windowssystem32nvcodins.dll
2010-03-16 06:51 . 2008-02-28 05:34 215656 —-a-w- c:windowssystem32nvcod.dll
2010-03-16 06:51 . 2008-02-28 05:34 14757888 —-a-w- c:windowssystem32nvoglnt.dll
2010-03-16 06:51 . 2008-02-28 05:34 1097728 —-a-w- c:windowssystem32nvapi.dll
2010-03-16 06:51 . 2008-02-28 05:34 10232352 —-a-w- c:windowssystem32driversnv4_mini.sys
2010-03-12 22:10 . 2009-01-21 19:13 285534 —-a-w- c:windowsWar3Unin.dat
2010-03-12 07:26 . 2008-12-21 17:00 600680 —-a-w- c:windowssystem32NVUNINST.EXE
2010-03-11 12:37 . 2007-08-30 12:23 832512 —-a-w- c:windowssystem32wininet.dll
2010-03-11 12:37 . 2004-08-18 12:00 78336 —-a-w- c:windowssystem32ieencode.dll
2010-03-11 12:37 . 2004-08-18 12:00 17408

w- c:windowssystem32corpol.dll
2010-03-09 11:11 . 2007-08-29 12:47 430080 —-a-w- c:windowssystem32vbscript.dll
2010-03-09 00:28 . 2009-04-06 08:19 411368 —-a-w- c:windowssystem32deploytk.dll
2010-03-07 14:00 . 2010-03-07 14:00

d

w- c:program filesCommon FilesDivX Shared
2010-03-05 18:37 . 2010-03-05 18:37

d

w- c:program filesICCup
2010-02-24 13:11 . 2007-08-29 12:46 455680 —-a-w- c:windowssystem32driversmrxsmb.sys
2010-02-16 19:09 . 2007-08-30 16:14 2026496 —-a-w- c:windowssystem32ntkrnlpa.exe
2010-02-16 19:09 . 2007-08-30 12:14 2148352 —-a-w- c:windowssystem32ntoskrnl.exe
2010-02-12 04:35 . 2007-08-29 12:45 100864 —-a-w- c:windowssystem326to4svc.dll
2010-02-11 12:02 . 2007-08-29 12:47 226880 —-a-w- c:windowssystem32driverstcpip6.sys
2010-02-02 18:00 . 2010-02-04 13:09 85504 —-a-w- c:windowssystem32ff_vfw.dll
2008-12-29 18:52 . 2008-12-29 18:51 4966218 —-a-w- c:program filesdmaster.exe
2006-01-05 21:06 . 2009-01-17 22:14 1730968 —-a-w- c:program filesdaemon403-x64.exe
2006-01-05 21:06 . 2009-01-17 22:14 1439128 —-a-w- c:program filesdaemon403-x86.exe
.

Sigcheck

[7] 2008-04-14 . 7AE94A5CEDB2916F20A2811E14DDFD7E . 59904 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386regsvc.dll

[7] 2008-04-14 . 962E76142BFE6AA160855326A488E778 . 193024 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386schedsvc.dll

[-] 2006-10-18 17:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll

c:windowsSystem32regsvc.dll … is missing !!
c:windowsSystem32schedsvc.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «c:program filesfree-downloads.nettbfre1.dll» [2010-02-12 2349080]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-09-05 11:42 2409472 —-a-w- d:diuses папкаwmk_ruWebMoney Advisorwmadvisor.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-02-12 12:32 2349080 —-a-w- c:program filesfree-downloads.nettbfre1.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «c:program filesfree-downloads.nettbfre1.dll» [2010-02-12 2349080]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «d:diuses папкаwmk_ruWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «c:program filesfree-downloads.nettbfre1.dll» [2010-02-12 2349080]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «d:diuses папкаwmk_ruWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-12-29 68856]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2007-12-22 221568]
«RoboForm»=»c:program filesSiber SystemsAI RoboFormRoboTaskBarIcon.exe» [2010-01-17 160592]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Vistadrv»=»c:program filesVistaDrivevsdrv.exe» [2006-07-30 121089]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2007-12-21 1443072]
«amd_dc_opt»=»c:program filesAMDDual-Core Optimizeramd_dc_opt.exe» [2007-07-23 77824]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«MAgent»=»d:diuses папкаMail агентmagent.exe» [2009-08-28 7975608]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«RTHDCPL»=»RTHDCPL.EXE» [2008-01-29 16859648]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-03-15 13670504]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2010-03-15 110696]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2010-03-11 124928]

c:documents and settingsѓ®бвмѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
OpenOffice.org 2.2.lnk — c:program filesOpenOffice.org 2.2programquickstart.exe [2007-3-22 393216]

c:documents and settings‚Ёв «Ё©ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Create virtual drive for Denwer.lnk — c:webserversdenwerBoot.exe [2009-12-24 6656]
USDownloader.lnk — d:‡ є зє Ќ®ў п Ї ЇЄ USD_newUSDownloader.exe [2009-1-12 529920]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Monitor Apache Servers.lnk — c:program filesApache Software FoundationApache2.2binApacheMonitor.exe [2009-9-28 41051]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableStatusMessages»= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«1234567890»= 1

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«HonorAutoRunSetting»= 255 (0xff)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«HonorAutorunSetting»= 255 (0xff)
«AutorunINFConfig»= 152181111 (0x9121977)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«StartMenuLogoff»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)
«HonorAutorunSetting»= 255 (0xff)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«d:\Diuses папка\QIP\qip.exe»=
«d:\Diuses папка\QIP\QIP\qip.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\Diuses папка\Warcraft III\War3.exe»=
«d:\Diuses папка\Left4Dead\hl2.exe»=
«d:\Diuses папка\DungeonKeeper2\DKii.EXE»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

R0 sptd;sptd;c:windowssystem32driverssptd.sys [21.12.2008 19:34 717296]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [21.12.2007 9:21 33800]
R2 ekrn;Eset Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [21.12.2007 9:21 468224]
R2 hl_mull;hl_mull;c:windowssystem32drivershl_mull.sys [22.05.2009 20:58 67712]
S1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [25.03.2010 4:02 114496]
S2 Apache2.2;Apache2.2;c:program filesApache Software FoundationApache2.2binhttpd.exe [28.09.2009 23:41 24645]
S2 gupdate1c9849d19d1e40c;Google Update Service (gupdate1c9849d19d1e40c);c:program filesGoogleUpdateGoogleUpdate.exe [01.02.2009 22:44 133104]
S2 LBeepKE;LBeepKE;c:windowssystem32DriversLBeepKE.sys —> c:windowssystem32DriversLBeepKE.sys [?]
S3 FLASHSYS;FLASHSYS;c:program filesMSILive Update 4LU4FlashSys.sys [10.10.2009 18:11 9216]
S3 GarenaPEngine;GarenaPEngine;??c:windowsTEMPMQN2C3.tmp —> c:windowsTEMPMQN2C3.tmp [?]

— Other Services/Drivers In Memory —

*NewlyCreated* — HELPSVC
.
.

Supplementary Scan

.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Заполнить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComFillForms.html
IE: Настроить Меню — file://c:program filesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMRSptnk2_1_0_4.dll/282
IE: Скачать при помощи USDownloader’а — d:закачкаНовая папкаUSDownloader135Extdownloadie.html
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMRSptnk2_1_0_4.dll/283
IE: Сохранить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComSavePass.html
IE: Тулбар RoboForm — file://c:program filesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — d:diuses папкаMail агентmagent.exe
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesX-Translator DIAMONDPROMTIE4promtie5.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — d:diuses папкаwmk_ruWebMoney Advisorwmadvisor.dll
FF — ProfilePath — c:documents and settingsВиталийApplication DataMozillaFirefoxProfileszvwnhgun.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — component: c:program filesSiber SystemsAI RoboFormFirefoxcomponentsrfproxy_31.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-DAEMON Tools — d:diuses папкаDAEMON Toolsdaemon.exe
HKCU-Run-ICQ — d:diuses папкаQIPICQ6.5ICQ.exe
HKCU-Run-Uniblue RegistryBooster 2009 — c:program filesUniblueRegistryBoosterRegistryBooster.exe
HKLM-Run-nwiz — nwiz.exe
AddRemove-I-Fluid_is1 — d:diuses папкаI-Fluidunins000.exe
AddRemove-Leisure Suit Larry — Magna Cum Laude_is1 — d:diuses папкаLeisure Suit Larry — Magna Cum Laudeunins000.exe
AddRemove-MyCentria — c:program filesMyCentriaMyCentriaUninstall.exe
AddRemove-NVIDIA Display Control Panel — c:program filesNVIDIA CorporationUninstallnvuninst.exe
AddRemove-Supreme Ruler 2010 4.0 — d:diuses~1SUPREM~1UNWISE.EXE
AddRemove-VKSaver — c:program filesVKSaveruninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvj.sys >>UNKNOWN [0x89BC1938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf763bf28
DriverACPI -> ACPI.sys @ 0xf7496cb8
Driveratapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2 -> SendCompleteHandler -> NDIS.sys @ 0xf7a20bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7a2da21
SendHandler -> NDIS.sys @ 0xf7a0b87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:windowsTEMPMQN2C3.tmp»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMySQL]
«ImagePath»=»»c:program filesMySQLMySQL Server 6.0binmysqld» —defaults-file=»c:program filesMySQLMySQL Server 6.0my.ini» MySQL»
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘explorer.exe'(3556)
c:windowssystem32WININET.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

Other Running Processes

.
c:windowssystem32nvsvc32.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesMySQLMySQL Server 6.0binmysqld.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowsRTHDCPL.EXE
c:windowssystem32RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-04-24 00:54:11 — machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 20:54

Pre-Run: 48 387 362 816 байт свободно
Post-Run: 50 134 577 152 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer

— — End Of File — — 43C37757B49B5E9ADEF2CE3F237C990D

Все ли в порядке?
Автор

Сообщения

Просмотр 1 сообщения - с 1 по 1 (всего 1)

Для ответа в этой теме необходимо авторизоваться.

Посмотрите пожалуйста отчет

Добро пожаловать

Поиск

Последние темы

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки