- This topic has 0 ответов, 1 участник, and was last updated 14 years назад by
.
Просмотр 1 сообщения - с 1 по 1 (всего 1)
-
Сообщения
-
вощим числился от вирусов и прочей гадости и мусора CCliner , вощем много чем , теперь нез звука на передней пегнли и нет языковой панели , ну с языковой то я справлюсь а вот как наушники с микрофоном сделать незнаю , на задней панели все номанльно звук есть колонки работают. возможно мне нужно поменять драй вера но где их беркт и какие имннно мне надо …..вощем обья сните как для блондина если можно …
ComboFix 11-06-13.06 — ad 14.06.2011 17:10:00.3.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.2038.1156 [GMT 4:00]
Running from: c:documents and settingsadМои документыЗагрузкиComboFix.exe
AV: Doctor Web Anti-Virus *Disabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
FW: Dr.Web Firewall *Disabled* {3454C8F1-ECBC-4181-A7F4-04632FBA762B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowsTEMPGuardGuard.exe
.
BITS: Possible infected sites
.
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-13 19:06 . 2011-06-13 19:06
d
w- c:program filesOpera
2011-06-13 19:05 . 2011-06-13 19:21
d
w- c:program filesFoxit Software
2011-06-13 18:11 . 2011-06-13 18:11
d
w- c:documents and settingsadLocal SettingsApplication DataBromium
2011-06-13 15:59 . 2011-06-13 15:59
d
w- c:documents and settingsadApplication DataCarambis
2011-06-13 15:56 . 2011-06-13 15:56
d
w- c:documents and settingsadLocal SettingsApplication DataDownloaded Installations
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsAll UsersApplication DataYandex
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsadLocal SettingsApplication DataYandex
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsadApplication DataYandex
2011-05-31 07:25 . 2011-06-06 11:40 404640 —-a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2011-05-25 10:41 . 2011-02-03 12:05 139768 —-a-w- c:windowssystem32driversdwprot.sys
2011-05-25 10:41 . 2011-01-26 09:45 93944 —-a-w- c:windowssystem32driversspiderg3.sys
2011-05-25 10:41 . 2011-05-25 10:39 72568 —-a-w- c:windowssystem32driversDrWebPF.sys
2011-05-25 10:41 . 2011-05-25 10:39 84728 —-a-w- c:windowssystem32driversdrwebaf.sys
2011-05-25 10:41 . 2011-05-25 10:41
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2011-05-24 21:20 . 2011-05-24 21:20
d
w- c:windowssystem32wbemRepository
2011-05-24 21:19 . 2011-06-13 20:11
d
w- c:program filesDrWeb
2011-05-24 21:16 . 2011-05-24 21:17
d
w- c:program filesMozilla Firefox 4.0 Beta 11
2011-05-24 16:37 . 2011-05-24 16:37
d
w- c:windowssystem32driversNIS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 05:11 . 2011-05-05 19:07 39984 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2011-05-29 05:11 . 2011-05-05 19:07 22712 —-a-w- c:windowssystem32driversmbam.sys
2011-05-04 15:47 . 2011-01-28 16:34 348256 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftVSTAHostCorelPHOTOPAINT9.01033ResourceCache.dll
2011-05-04 15:46 . 2011-01-28 16:33 348256 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftVSTAHostCorelDRAW9.01033ResourceCache.dll
2011-04-14 17:01 . 2011-05-25 11:11 142296 —-a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 14:15 257384 —-a-w- c:program filesAlterGeoAlterGeo Magic Scanner2.8.8.615AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Apoint»=»c:program filesApointApoint.exe» [2010-01-16 167936]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2010-01-28 141336]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2010-01-28 173592]
«Persistence»=»c:windowssystem32igfxpers.exe» [2010-01-28 142360]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2011-01-28 12263616]
«Guard.Mail.ru.gui»=»c:program filesMail.RuGuardGuardMailRu.exe» [2011-04-08 1472720]
«Microsoft Default Manager»=»c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe» [2009-11-11 288088]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2011-01-26 1572592]
«SpIDerGate»=»c:program filesDrWebspidergate.exe» [2011-04-20 2193648]
«Dr.Web Firewall»=»c:program filesDrWebfrwl_notify.exe» [2011-05-26 2583304]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [2011-04-20 1473264]
«Malwarebytes’ Anti-Malware»=»c:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2011-05-29 449584]
«RTHDCPL»=»RTHDCPL.EXE» [2011-01-21 20026472]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
.
c:documents and settingsadѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesPunto Switcherpunto.exe [N/A]
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 16:11 1695232
w- c:program filesMessengermsmsgs.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\TeamViewer\Version5\TeamViewer.exe»=
«c:\Documents and Settings\ad\Рабочий стол\utorrent161.exe»=
«c:\Program Files\Shareman\Shareman.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5985:TCP»= 5985:TCP:*:Disabled:Удаленное управление Windows
«1035:TCP»= 1035:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession Interface
.
R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [25.05.2011 14:41 139768]
R0 SpiderG3;DrWeb file system scanner;c:windowssystem32driversspiderg3.sys [25.05.2011 14:41 93944]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [28.01.2011 18:38 721904]
R1 DRWEBAF;DrWEB Firewall Application Filter;c:windowssystem32driversdrwebaf.sys [25.05.2011 14:41 84728]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [16.12.2010 17:43 1667416]
R2 DrWebFwSvc;Dr.Web Firewall Service;c:program filesDrWebfrwl_svc.exe [25.05.2011 14:41 2267120]
R2 Guard.Mail.ru;Guard.Mail.ru;c:program filesMail.RuGuardGuardMailRu.exe [29.01.2011 1:29 1472720]
R2 MBAMService;MBAMService;c:program filesMalwarebytes’ Anti-Malwarembamservice.exe [05.05.2011 23:07 366640]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:windowssystem32driversl151x86.sys [28.01.2011 18:15 37888]
R3 DKRtWrt;DKRtWrt;c:windowssystem32driversDKRtWrt.sys [03.02.2011 2:01 44368]
R3 DrWebPF;DrWeb Packet Filter Driver;c:windowssystem32driversDrWebPF.sys [25.05.2011 14:41 72568]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [05.05.2011 23:07 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [18.03.2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [18.02.2011 22:55 136176]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [28.01.2011 20:15 1691480]
S3 gupdatem;Служба Google Update (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [18.02.2011 22:55 136176]
S3 Revoflt;Revoflt;c:windowssystem32driversrevoflt.sys [29.01.2011 0:41 27064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:windowssystem32driversteamviewervpn.sys [12.01.2011 13:42 25088]
S3 vmmouse;VMware Pointing Device;c:windowssystem32driversvmmouse.sys [28.01.2011 18:16 11440]
S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [18.08.2004 16:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-05-25 c:windowsTasksDr.Web Daily scan.job
— c:program filesDrWebdrweb32w.exe [2010-12-08 10:39]
.
2011-06-13 c:windowsTasksDr.Web Update.job
— c:program filesDrWebDrWebUpW.exe [2010-12-13 10:46]
.
2011-06-14 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2011-02-18 18:54]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2011-02-18 18:54]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-343818398-1336601894-725345543-1004Core.job
— c:documents and settingsadLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2011-05-06 07:02]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-343818398-1336601894-725345543-1004UA.job
— c:documents and settingsadLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2011-05-06 07:02]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
IE: &Экспорт в Microsoft Excel — c:progra~1MI1933~1OFFICE11EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:program filesDrWebdrwebsp.dll
TCP: Interfaces{66D3CE9D-F6E5-4933-BC6D-E9E519741C34}: NameServer = 85.113.62.227,85.113.63.252
FF — ProfilePath — c:documents and settingsadApplication DataMozillaFirefoxProfiles9grxlgeg.default
FF — prefs.js: browser.search.selectedEngine — Google
.
— — — — ORPHANS REMOVED — — — —
.
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} — (no file)
HKCU-Run-Praetorian — c:documents and settingsadLocal SettingsApplication DataYandexUpdaterpraetorian.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-14 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
**************************************************************************
«ImagePath»=»system32driversdwprot.sys»
«Name»=»ImagePath»
.
DLLs Loaded Under Running Processes
.
— — — — — — — > ‘lsass.exe'(1036)
c:program filesDrWebdrwebsp.dll
.
— — — — — — — > ‘explorer.exe'(3404)
c:windowssystem32WININET.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:windowsTEMPGuardGuard.exe
c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe
c:windowssystem32igfxsrvc.exe
c:windowsRTHDCPL.EXE
c:program filesApointApMsgFwd.exe
c:program filesApointApntex.exe
c:program filesApointApvfb.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-14 17:18:30 — machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 13:18
.
Pre-Run: 87 091 683 328 байт свободно
Post-Run: 87 123 472 384 байт свободно
.
— — End Of File — — FF56ED8B5FC40F8F570233A296F38EF1ComboFix 11-06-13.06 — ad 14.06.2011 17:10:00.3.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.2038.1156 [GMT 4:00]
Running from: c:documents and settingsadМои документыЗагрузкиComboFix.exe
AV: Doctor Web Anti-Virus *Disabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
FW: Dr.Web Firewall *Disabled* {3454C8F1-ECBC-4181-A7F4-04632FBA762B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowsTEMPGuardGuard.exe
.
BITS: Possible infected sites
.
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-13 19:06 . 2011-06-13 19:06
d
w- c:program filesOpera
2011-06-13 19:05 . 2011-06-13 19:21
d
w- c:program filesFoxit Software
2011-06-13 18:11 . 2011-06-13 18:11
d
w- c:documents and settingsadLocal SettingsApplication DataBromium
2011-06-13 15:59 . 2011-06-13 15:59
d
w- c:documents and settingsadApplication DataCarambis
2011-06-13 15:56 . 2011-06-13 15:56
d
w- c:documents and settingsadLocal SettingsApplication DataDownloaded Installations
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsAll UsersApplication DataYandex
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsadLocal SettingsApplication DataYandex
2011-06-11 19:24 . 2011-06-13 19:21
d
w- c:documents and settingsadApplication DataYandex
2011-05-31 07:25 . 2011-06-06 11:40 404640 —-a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2011-05-25 10:41 . 2011-02-03 12:05 139768 —-a-w- c:windowssystem32driversdwprot.sys
2011-05-25 10:41 . 2011-01-26 09:45 93944 —-a-w- c:windowssystem32driversspiderg3.sys
2011-05-25 10:41 . 2011-05-25 10:39 72568 —-a-w- c:windowssystem32driversDrWebPF.sys
2011-05-25 10:41 . 2011-05-25 10:39 84728 —-a-w- c:windowssystem32driversdrwebaf.sys
2011-05-25 10:41 . 2011-05-25 10:41
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2011-05-24 21:20 . 2011-05-24 21:20
d
w- c:windowssystem32wbemRepository
2011-05-24 21:19 . 2011-06-13 20:11
d
w- c:program filesDrWeb
2011-05-24 21:16 . 2011-05-24 21:17
d
w- c:program filesMozilla Firefox 4.0 Beta 11
2011-05-24 16:37 . 2011-05-24 16:37
d
w- c:windowssystem32driversNIS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 05:11 . 2011-05-05 19:07 39984 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2011-05-29 05:11 . 2011-05-05 19:07 22712 —-a-w- c:windowssystem32driversmbam.sys
2011-05-04 15:47 . 2011-01-28 16:34 348256 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftVSTAHostCorelPHOTOPAINT9.01033ResourceCache.dll
2011-05-04 15:46 . 2011-01-28 16:33 348256 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftVSTAHostCorelDRAW9.01033ResourceCache.dll
2011-04-14 17:01 . 2011-05-25 11:11 142296 —-a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 14:15 257384 —-a-w- c:program filesAlterGeoAlterGeo Magic Scanner2.8.8.615AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Apoint»=»c:program filesApointApoint.exe» [2010-01-16 167936]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2010-01-28 141336]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2010-01-28 173592]
«Persistence»=»c:windowssystem32igfxpers.exe» [2010-01-28 142360]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2011-01-28 12263616]
«Guard.Mail.ru.gui»=»c:program filesMail.RuGuardGuardMailRu.exe» [2011-04-08 1472720]
«Microsoft Default Manager»=»c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe» [2009-11-11 288088]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2011-01-26 1572592]
«SpIDerGate»=»c:program filesDrWebspidergate.exe» [2011-04-20 2193648]
«Dr.Web Firewall»=»c:program filesDrWebfrwl_notify.exe» [2011-05-26 2583304]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [2011-04-20 1473264]
«Malwarebytes’ Anti-Malware»=»c:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2011-05-29 449584]
«RTHDCPL»=»RTHDCPL.EXE» [2011-01-21 20026472]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
.
c:documents and settingsadѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesPunto Switcherpunto.exe [N/A]
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 16:11 1695232
w- c:program filesMessengermsmsgs.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\TeamViewer\Version5\TeamViewer.exe»=
«c:\Documents and Settings\ad\Рабочий стол\utorrent161.exe»=
«c:\Program Files\Shareman\Shareman.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5985:TCP»= 5985:TCP:*:Disabled:Удаленное управление Windows
«1035:TCP»= 1035:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession Interface
.
R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [25.05.2011 14:41 139768]
R0 SpiderG3;DrWeb file system scanner;c:windowssystem32driversspiderg3.sys [25.05.2011 14:41 93944]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [28.01.2011 18:38 721904]
R1 DRWEBAF;DrWEB Firewall Application Filter;c:windowssystem32driversdrwebaf.sys [25.05.2011 14:41 84728]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [16.12.2010 17:43 1667416]
R2 DrWebFwSvc;Dr.Web Firewall Service;c:program filesDrWebfrwl_svc.exe [25.05.2011 14:41 2267120]
R2 Guard.Mail.ru;Guard.Mail.ru;c:program filesMail.RuGuardGuardMailRu.exe [29.01.2011 1:29 1472720]
R2 MBAMService;MBAMService;c:program filesMalwarebytes’ Anti-Malwarembamservice.exe [05.05.2011 23:07 366640]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:windowssystem32driversl151x86.sys [28.01.2011 18:15 37888]
R3 DKRtWrt;DKRtWrt;c:windowssystem32driversDKRtWrt.sys [03.02.2011 2:01 44368]
R3 DrWebPF;DrWeb Packet Filter Driver;c:windowssystem32driversDrWebPF.sys [25.05.2011 14:41 72568]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [05.05.2011 23:07 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [18.03.2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [18.02.2011 22:55 136176]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [28.01.2011 20:15 1691480]
S3 gupdatem;Служба Google Update (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [18.02.2011 22:55 136176]
S3 Revoflt;Revoflt;c:windowssystem32driversrevoflt.sys [29.01.2011 0:41 27064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:windowssystem32driversteamviewervpn.sys [12.01.2011 13:42 25088]
S3 vmmouse;VMware Pointing Device;c:windowssystem32driversvmmouse.sys [28.01.2011 18:16 11440]
S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [18.08.2004 16:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-05-25 c:windowsTasksDr.Web Daily scan.job
— c:program filesDrWebdrweb32w.exe [2010-12-08 10:39]
.
2011-06-13 c:windowsTasksDr.Web Update.job
— c:program filesDrWebDrWebUpW.exe [2010-12-13 10:46]
.
2011-06-14 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2011-02-18 18:54]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2011-02-18 18:54]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-343818398-1336601894-725345543-1004Core.job
— c:documents and settingsadLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2011-05-06 07:02]
.
2011-06-13 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-343818398-1336601894-725345543-1004UA.job
— c:documents and settingsadLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2011-05-06 07:02]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
IE: &Экспорт в Microsoft Excel — c:progra~1MI1933~1OFFICE11EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:program filesDrWebdrwebsp.dll
TCP: Interfaces{66D3CE9D-F6E5-4933-BC6D-E9E519741C34}: NameServer = 85.113.62.227,85.113.63.252
FF — ProfilePath — c:documents and settingsadApplication DataMozillaFirefoxProfiles9grxlgeg.default
FF — prefs.js: browser.search.selectedEngine — Google
.
— — — — ORPHANS REMOVED — — — —
.
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} — (no file)
HKCU-Run-Praetorian — c:documents and settingsadLocal SettingsApplication DataYandexUpdaterpraetorian.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-14 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
**************************************************************************
«ImagePath»=»system32driversdwprot.sys»
«Name»=»ImagePath»
.
DLLs Loaded Under Running Processes
.
— — — — — — — > ‘lsass.exe'(1036)
c:program filesDrWebdrwebsp.dll
.
— — — — — — — > ‘explorer.exe'(3404)
c:windowssystem32WININET.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:windowsTEMPGuardGuard.exe
c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe
c:windowssystem32igfxsrvc.exe
c:windowsRTHDCPL.EXE
c:program filesApointApMsgFwd.exe
c:program filesApointApntex.exe
c:program filesApointApvfb.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-14 17:18:30 — machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 13:18
.
Pre-Run: 87 091 683 328 байт свободно
Post-Run: 87 123 472 384 байт свободно
.
— — End Of File — — FF56ED8B5FC40F8F570233A296F38EF1
Просмотр 1 сообщения - с 1 по 1 (всего 1)
- Тема ‘пропал звук на передней панели .’ закрыта для новых сообщений.
