- This topic has 1 ответ, 2 участника, and was last updated 15 years, 11 months назад by
.
-
Сообщения
-
ComboFix 09-10-30.01 — User 01.11.2009 21:54.5.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.2047.1027 [GMT 2:00]
Running from: c:documents and settingsUserDesktopComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091007-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssvchost.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.2009-11-01 13:14 . 2009-09-21 12:47 105080 —-a-w- c:windowssystem32driversdwprot.sys
2009-11-01 13:14 . 2009-11-01 13:14
d
w- c:program filesCommon FilesDoctor Web
2009-11-01 13:14 . 2009-11-01 13:14
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-11-01 13:14 . 2009-11-01 18:44
d
w- c:program filesDrWeb
2009-10-31 18:41 . 2009-10-31 18:41 306176 —-a-w- c:windowsmsconfig.exe
2009-10-29 12:19 . 2009-10-29 12:27
d
w- c:program filesВиртуальный Макияж
2009-10-19 00:01 . 2009-10-19 00:01
d-sh—w- c:documents and settingsDefault UserIETldCache
2009-10-10 17:54 . 2009-10-10 17:54
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Pro
2009-10-08 15:40 . 2009-10-08 15:40
d
w- c:documents and settingsUserApplication DataABBYY
2009-10-08 15:25 . 2009-10-08 15:28
d
w- c:program filesABBYY FineReader 9.0
2009-10-08 15:16 . 2009-10-15 13:33
d
w- C:temp
2009-10-08 15:16 . 2009-10-08 15:17
d
w- c:tempFR90PE.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 19:56 . 2009-05-29 22:58
d
w- c:documents and settingsUserApplication DataDNA
2009-11-01 19:50 . 2008-11-14 18:43
d
w- c:documents and settingsUserApplication DataSkype
2009-11-01 19:28 . 2008-12-03 21:02
d
w- c:documents and settingsUserApplication DatauTorrent
2009-11-01 19:26 . 2009-05-29 22:58
d
w- c:program filesDNA
2009-11-01 17:59 . 2008-12-05 09:16
d
w- c:program filesCommon FilesWise Installation Wizard
2009-11-01 16:50 . 2009-05-02 17:38
d
w- c:program filesCommon FilesSandlot Shared
2009-11-01 01:53 . 2008-08-28 13:00 196608 —-a-w- c:windowssystem32driversnStandard.bin
2009-11-01 01:42 . 2008-11-16 15:54
d
w- c:documents and settingsUserApplication Datadvdcss
2009-10-31 21:53 . 2009-03-24 15:14
d
w- c:documents and settingsUserApplication DataAIMP
2009-10-29 12:19 . 2008-11-14 18:39
d
w- c:documents and settingsUserApplication DataYandex
2009-10-28 01:06 . 2008-08-28 13:11
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-10-28 01:03 . 2008-08-28 13:14
d
w- c:program filesMicrosoft Works
2009-10-23 04:50 . 2008-11-15 19:05
d
w- c:program filesRevConnect
2009-10-15 14:17 . 2008-11-30 20:43
d
w- c:program filesElectronic Arts
2009-10-13 16:19 . 2009-03-22 12:48
d
w- c:program filesValve
2009-10-08 15:49 . 2009-09-24 17:59
d
w- c:documents and settingsAll UsersApplication DataABBYY
2009-10-08 15:31 . 2009-09-24 17:59
d
w- c:program filesCommon FilesABBYY
2009-09-27 16:32 . 2009-09-27 16:32
d
w- c:documents and settingsAll UsersApplication DataSTDUConverter
2009-09-27 16:32 . 2009-09-27 16:32
d
w- c:program filesCommon FilesSTDUtility
2009-09-24 15:04 . 2008-08-28 12:52 73136 —-a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-24 13:08 . 2009-09-24 13:08
d
w- c:program filesMicrosoft.NET
2009-09-24 12:37 . 2009-09-24 12:37
d
w- c:program filesMicrosoft Visual Studio 8
2009-09-23 16:56 . 2009-06-01 18:48
d
w- c:documents and settingsAll UsersApplication DataFLEXnet
2009-09-23 16:15 . 2009-07-03 17:12
d
w- c:program filesPivim Multibar
2009-09-20 22:43 . 2009-09-20 22:43
d
w- c:program filesPLR
2009-09-20 22:43 . 2009-09-20 22:43
d
w- c:program filesALPHA
2009-09-20 22:43 . 2009-09-20 22:43
d
w- c:program filesPREPROC
2009-09-20 22:43 . 2009-09-20 22:43
d
w- c:program filesFTM
2009-09-20 22:43 . 2009-09-20 22:43
d
w- c:program filesODA
2009-09-20 22:42 . 2009-09-20 22:42
d
w- c:documents and settingsAll UsersApplication DataPRMT
2009-09-20 20:33 . 2009-09-20 20:24
d
w- c:program filesX-Translator PLATINUM
2009-09-20 19:43 . 2009-09-20 19:43
d
w- c:program filesParagon Software
2009-09-11 14:18 . 2006-02-28 12:00 136192 —-a-w- c:windowssystem32msv1_0.dll
2009-09-06 08:08 . 2009-04-29 19:55
d
w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-09-05 21:51 . 2009-09-05 21:51
d
w- c:documents and settingsUserApplication DataV-Games
2009-09-05 21:51 . 2009-04-29 19:59
d
w- c:program filesAlawar
2009-09-05 17:38 . 2008-11-14 17:31
d
w- c:program filesDownload Master
2009-09-04 21:03 . 2006-02-28 12:00 58880 —-a-w- c:windowssystem32msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480
w- c:windowssystem32wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 —-a-w- c:windowssystem32strmdll.dll
2009-08-17 20:33 . 2009-08-17 20:33 1193832 —-a-w- c:windowssystem32FM20.DLL
2009-08-06 16:24 . 2008-08-28 12:44 327896 —-a-w- c:windowssystem32wucltui.dll
2009-08-06 16:24 . 2008-08-28 12:44 209632 —-a-w- c:windowssystem32wuweb.dll
2009-08-06 16:24 . 2008-08-28 12:44 35552 —-a-w- c:windowssystem32wups.dll
2009-08-06 16:24 . 2007-07-30 17:19 44768 —-a-w- c:windowssystem32wups2.dll
2009-08-06 16:24 . 2008-08-28 12:44 53472
w- c:windowssystem32wuauclt.exe
2009-08-06 16:24 . 2006-02-28 12:00 96480 —-a-w- c:windowssystem32cdm.dll
2009-08-06 16:23 . 2008-08-28 12:44 575704 —-a-w- c:windowssystem32wuapi.dll
2009-08-06 16:23 . 2008-11-14 23:02 274288 —-a-w- c:windowssystem32mucltui.dll
2009-08-06 16:23 . 2008-11-14 23:02 215920 —-a-w- c:windowssystem32muweb.dll
2009-08-06 16:23 . 2008-08-28 12:44 1929952 —-a-w- c:windowssystem32wuaueng.dll
2009-08-05 09:01 . 2006-02-28 12:00 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-08-04 15:13 . 2006-02-28 12:00 2145280
w- c:windowssystem32ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936
w- c:windowssystem32ntkrnlpa.exe
2009-01-28 22:20 . 2009-01-28 22:04 22058104 —-a-w- c:program filesantivir_workstation_winu_en_h.exe
2007-10-19 18:17 . 2007-10-19 18:17 6948144 —-a-w- c:program filesQuickTimePlayer.exe
2007-10-19 18:17 . 2007-10-19 18:17 582960 —-a-w- c:program filesQTPlugin.ocx
2007-10-19 18:17 . 2007-10-19 18:17 303104 —-a-w- c:program filesQTUIPanelControl.dll
2007-10-19 18:17 . 2007-10-19 18:17 749568 —-a-w- c:program filesQTOControl.dll
2007-10-19 18:17 . 2007-10-19 18:17 684032 —-a-w- c:program filesQTOLibrary.dll
2007-10-19 18:17 . 2007-10-19 18:17 618496 —-a-w- c:program filesQTInfo.exe
2007-10-19 18:16 . 2007-10-19 18:16 10207 —-a-w- c:program filesQuickTime Read Me.htm
2007-10-19 18:16 . 2007-10-19 18:16 55622 —-a-w- c:program filesSample.mov
2007-10-19 18:16 . 2007-10-19 18:16 18663 —-a-w- c:program filesSample.qtif
2007-10-19 18:16 . 2007-10-19 18:16 286720 —-a-w- c:program filesQTTask.exe
2007-10-19 18:16 . 2007-10-19 18:16 483328 —-a-w- c:program filesPictureViewer.exe
2007-09-24 12:21 . 2007-09-24 12:21 102400 —-a-w- c:program filesPrmtSvr.exe
2007-03-21 13:18 . 2007-03-21 13:18 565248 —-a-w- c:program filesPRMTLDB.DLL
2007-03-21 09:57 . 2007-03-21 09:57 544768 —-a-w- c:program filesprmtweb.dll
2007-03-20 15:22 . 2007-03-20 15:22 1298432 —-a-w- c:program filesPrmtCtl.dll
2007-03-20 14:56 . 2007-03-20 14:56 75889 —-a-w- c:program filesPrmtWeb.chm
2007-03-20 10:07 . 2007-03-20 10:07 294912 —-a-w- c:program filesPrmproxy.dll
2007-03-19 18:48 . 2007-03-19 18:48 1802240 —-a-w- c:program filesPrmtDServices.dll
2007-03-19 14:52 . 2007-03-19 14:52 66315 —-a-w- c:program filesPrmtDServices.chm
2007-03-19 11:45 . 2007-03-19 11:45 163840 —-a-w- c:program filesPDict.dll
2007-03-17 07:37 . 2007-03-17 07:37 282624 —-a-w- c:program filesEntryGrid.ocx
2007-03-16 15:25 . 2007-03-16 15:25 119817 —-a-w- c:program filesprmtctl.chm
2007-03-16 14:57 . 2007-03-16 14:57 471040 —-a-w- c:program filesautodict.dll
2007-03-15 16:09 . 2007-03-15 16:09 253952 —-a-w- c:program filesdictedit.dll
2007-03-15 16:07 . 2007-03-15 16:07 38846464 —-a-w- c:program filesldbconv.dll
2007-03-15 10:26 . 2007-03-15 10:26 544768 —-a-w- c:program filesPrmtSvr.dll
2007-03-14 12:49 . 2007-03-14 12:49 438272 —-a-w- c:program filesPrmAgentCtl.dll
2007-03-14 08:48 . 2007-03-14 08:48 516096 —-a-w- c:program filesPrmtLib.ocx
2007-03-12 10:03 . 2007-03-12 10:03 90112 —-a-w- c:program filesLangs40.dll
2007-03-12 09:25 . 2007-03-12 09:25 421888 —-a-w- c:program filesmorph.dll
2007-03-10 12:11 . 2007-03-10 12:11 110592 —-a-w- c:program filessmartfld.dll
2007-03-07 09:43 . 2007-03-07 09:43 2409142 —-a-w- c:program filesPROMT 8 User’s guide.pdf
2007-03-07 05:33 . 2007-03-07 05:33 200704 —-a-w- c:program filespdsetup.dll
2007-02-15 13:04 . 2007-02-15 13:04 172032 —-a-w- c:program filesPrmttts.dll
2006-12-12 15:02 . 2006-12-12 15:02 98304 —-a-w- c:program filesPrmtEvw.dll
2006-12-12 14:10 . 2006-12-12 14:10 282624 —-a-w- c:program filesREGBASIC.DLL
2006-12-12 14:04 . 2006-12-12 14:04 81920 —-a-w- c:program filespSETUP8.dll
2006-12-08 14:58 . 2006-12-08 14:58 118784 —-a-w- c:program filesPrmRange.dll
2006-12-08 13:19 . 2006-12-08 13:19 155648 —-a-w- c:program filesPrmtLog.dll
.
Sigcheck
[-] 2009-06-29 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:windowssystem32driversTCPIP.SYS
[-] 2009-06-29 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcacheTCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windows$NtUninstallKB951748$tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386TCPIP.SYS
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:windows$NtServicePackUninstall$tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-01_19.16.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 19:25 . 2009-11-01 19:25 16384 c:windowsTempPerflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2009-02-19 1262888]
«{0a452a47-c5a8-4854-a237-4b9b06b376f0}»= «c:program filesGossipertbGos1.dll» [2009-08-08 2215960]
«{2bae58c2-79f9-45d1-a286-81f911301c3a}»= «c:program filesP2P_EnergytbP2P0.dll» [2009-08-08 2215960]
«{bc4be15d-6a34-4356-9e97-79e43da32b1d}»= «c:program filesP2P_TorrenttbP2P1.dll» [2009-09-12 2215960][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch][HKEY_CLASSES_ROOTclsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOTclsid{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOTclsid{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
2009-08-08 18:20 2215960 —-a-w- c:program filesGossipertbGos1.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 14:24 325000 —-a-w- c:program filesAskBarDisbarbinaskBar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-08-08 18:20 2215960 —-a-w- c:program filesP2P_EnergytbP2P0.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{39AA6D29-4236-4F25-A36A-3410EF5283D9}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2009-09-12 09:52 2215960 —-a-w- c:program filesP2P_TorrenttbP2P1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]
«{0a452a47-c5a8-4854-a237-4b9b06b376f0}»= «c:program filesGossipertbGos1.dll» [2009-08-08 2215960]
«{2bae58c2-79f9-45d1-a286-81f911301c3a}»= «c:program filesP2P_EnergytbP2P0.dll» [2009-08-08 2215960]
«{bc4be15d-6a34-4356-9e97-79e43da32b1d}»= «c:program filesP2P_TorrenttbP2P1.dll» [2009-09-12 2215960]
«{3041d03e-fd4b-44e0-b742-2d9b88305f98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-09-29 325000][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOTclsid{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOTclsid{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]
«{0A452A47-C5A8-4854-A237-4B9B06B376F0}»= «c:program filesGossipertbGos1.dll» [2009-08-08 2215960]
«{2BAE58C2-79F9-45D1-A286-81F911301C3A}»= «c:program filesP2P_EnergytbP2P0.dll» [2009-08-08 2215960]
«{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}»= «c:program filesP2P_TorrenttbP2P1.dll» [2009-09-12 2215960]
«{3041D03E-FD4B-44E0-B742-2D9B88305F98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-09-29 325000][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOTclsid{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOTclsid{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-08-05 3777536]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-05-29 321344]
«Uniblue SpeedUpMyPC»=»c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe» [2007-10-22 9438488]
«uTorrent»=»c:documents and settingsUserDesktopEnglishuTorrent.exe» [2009-07-03 274224]
«GreedyTorrent»=»c:program filesGreedyTorrentGTor.exe» [2007-03-08 2526661]
«AdobeUpdater»=»c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe» [2009-06-01 2356088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AsusStartupHelp»=»c:program filesASUSAASP1.00.24AsRunHelp.exe» [2006-12-29 363008]
«Name of App»=»c:program filesSAMSUNGFW LiveUpdateFWManager.exe» [2009-05-21 692333]
«ASUSGamerOSD»=»c:program filesASUSGamerOSDGamerOSD.exe» [2007-09-13 380928]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-03-27 13684736]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-03-27 86016]
«QuickTime Task»=»c:program filesqttask.exe» [2007-10-19 286720]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2007-03-01 153136]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2005-10-26 159744]
«Acrobat Assistant 8.0″=»c:program filesAdobeAcrobat 8.0AcrobatAcrotray.exe» [2006-10-22 620152]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«MS Office»=»c:windowsmsconfig.exe» [2009-10-31 306176]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [2009-06-01 447728]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2009-06-30 644336]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [2009-08-17 231840]
«UnlockerAssistant»=»c:documents and settingsUserDesktopUnlockerUnlockerAssistant.exe» [2009-10-26 15872]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2009-03-27 1657376]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2009-05-21 17881600][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Acrobat Speed Launcher.lnk — c:windowsInstaller{AC76BA86-1050-0000-7760-000000000003}_SC_Acrobat.exe [2009-9-15 295606]
Adobe Acrobat Synchronizer.lnk — c:program filesAdobeAcrobat 8.0AcrobatAdobeCollabSync.exe [2006-10-23 734872][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«ASUSGamerOSD»=c:program filesASUSGamerOSDGamerOSD.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\BitSpirit\BitSpirit.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\Valve\hl.exe»=
«c:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe»=
«c:\Program Files\Russobit-M\Tom Clancy’s Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe»=
«c:\Program Files\Russobit-M\Tom Clancy’s Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe»=
«c:\Program Files\JustVoip.com\JustVoip\JustVoip.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\GreedyTorrent\GTor.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Electronic Arts\Dead Space\Dead Space.exe»=
«c:\Documents and Settings\User\Desktop\English\uTorrent.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\RevConnect\DCPlusPlus.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=P2 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [17.08.2009 17:47 231328]
R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [01.11.2009 15:14 105080]
R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [19.04.2009 1:38 2915944]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [04.07.2009 2:08 114768]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [06.12.2007 20:03 660768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [04.07.2009 2:08 20560]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [22.09.2009 18:09 869688]
R2 FCSvr;FileControl Server;c:program filesFileControl2fcsvr.exe [30.01.2009 13:10 680448]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [13.12.2008 18:53 222456]
R2 SPIDER;SpIDer Guard File System Monitor;c:progra~1DrWebspider.sys [17.08.2009 17:47 306464]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:windowssystem32driversl151x86.sys [28.08.2008 14:58 39424]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [05.12.2008 11:03 9216]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
S2 gupdate1c9b523bf1540f6;Служба Google Update (gupdate1c9b523bf1540f6);c:program filesGoogleUpdateGoogleUpdate.exe [04.04.2009 14:49 133104]
S2 spd3ssl;Spyware Process Detector v3.16;??c:program filesSpyware Process Detectorspd316.sys —> c:program filesSpyware Process Detectorspd316.sys [?]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [04.06.2009 2:56 1684736]
S3 CTUPnPSv;Creative Centrale Media Server;c:program filesCreativeCreative CentraleCTUPnPSv.exe [21.05.2008 13:42 64000]
S3 RTCore32;RTCore32;c:program filesRMClockRTCore32.sys [29.05.2009 2:51 4608]— Other Services/Drivers In Memory —
*Deregistered* — CLASSPNP_2
*Deregistered* — DwShield0000597E
*Deregistered* — mbr[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
«c:program filesCommon FilesLightScribeLSRunOnce.exe»
.
Contents of the ‘Scheduled Tasks’ folder2009-10-29 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]2009-11-01 c:windowsTasksDr.Web Daily scan.job
— c:program filesDrWebDrWeb32w.exe [2009-09-21 16:02]2009-11-01 c:windowsTasksDr.Web Update.job
— c:program filesDrWebDrWebUpW.exe [2009-09-14 08:18]2009-11-01 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-04 22:37]2009-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-04 12:49]2009-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-04 12:49]2009-10-27 c:windowsTasksUniblue SpeedUpMyPC Nag.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2009-06-09 07:13]2009-06-09 c:windowsTasksUniblue SpeedUpMyPC.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2009-06-09 07:13]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=49136
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Добавить в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить выделенное в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить выделенные ссылки в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Добавить целевую ссылку в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Загрузить с помощью &BitSpirit — c:program filesBitSpiritbsurl.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Настройки перевода — c:program filesX-Translator PLATINUMPRMTEToptions.htm
IE: Перевод страницы — c:program filesX-Translator PLATINUMPRMTETtranslat.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: Преобразовать в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать выбранные ссылки в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Преобразовать выделенную область в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать целевую ссылку в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: УГ±ИМШѕ«БйПВФШ(&B)
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{39AA6D29-4236-4F25-A36A-3410EF5283D9} — {39AA6D29-4236-4F25-A36A-3410EF5283D9} — c:progra~1PIVIMM~1MULTIS~1.DLL
LSP: c:program filesDrWebdrwebsp.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfiles3tat5nx2.default
FF — prefs.js: browser.search.defaulturl — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF — prefs.js: browser.search.selectedEngine — ICQ Search
FF — prefs.js: browser.startup.homepage — hxxp://kinozal.tv/
FF — prefs.js: keyword.URL — hxxp://search.yahoo.com/search?fr=ffds1&p=
FF — plugin: c:program filesGoogleGoogle Updater2.4.1601.7122npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesJavajre1.6.0binnpjava11.dll
FF — plugin: c:program filesJavajre1.6.0binnpjava12.dll
FF — plugin: c:program filesJavajre1.6.0binnpjava13.dll
FF — plugin: c:program filesJavajre1.6.0binnpjava14.dll
FF — plugin: c:program filesJavajre1.6.0binnpjava32.dll
FF — plugin: c:program filesJavajre1.6.0binnpjpi160.dll
FF — plugin: c:program filesJavajre1.6.0binnpoji610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpbittorrent.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
FF — plugin: c:program filesOperaprogrampluginsnpdm.dll
FF — plugin: c:program filesPluginsnpqtplugin.dll
FF — plugin: c:program filesPluginsnpqtplugin2.dll
FF — plugin: c:program filesPluginsnpqtplugin3.dll
FF — plugin: c:program filesPluginsnpqtplugin4.dll
FF — plugin: c:program filesPluginsnpqtplugin5.dll
FF — plugin: c:program filesPluginsnpqtplugin6.dll
FF — plugin: c:program filesPluginsnpqtplugin7.dll
FF — plugin: c:program filesUnityWebPlayerloadernpUnity3D32.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl3.rsa_seed_sha», true);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 22:01
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spyf.sys >>UNKNOWN [0x8A902938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netatapi.sys @ 0x0 0x0 bytes
Driveratapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9E21B40 atapi.sys
Driveratapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9E21B40 atapi.sys
Driveratapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9E21B40 atapi.sys
Driveratapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA0C98B4 sfsync02.sys
Driveratapi [ IRP_MJ_POWER ] 0xA73C != 0xB9E21B40 atapi.sys
Driveratapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9E21B40 atapi.sys
Driveratapi IRP hooks detected !**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesWINIO]
«ImagePath»=»€э12»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1004336348-616249376-1417001333-1004SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(768)
c:program filesDrWebdrwebsp.dll
.
Completion time: 2009-11-01 22:03
ComboFix-quarantined-files.txt 2009-11-01 20:03
ComboFix2.txt 2009-11-01 19:18Pre-Run: 9 304 772 608 bytes free
Post-Run: 9 263 063 040 bytes freeCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — AE4ACADBCFCC8DBDF80D56C8DCD31C08
- Для ответа в этой теме необходимо авторизоваться.
