[_45]

ComboFix 09-08-24.06 — Администратор 25.08.2009 15:56.1.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.223.94 [GMT 6:00]
Running from: c:documents and settingsАдминистратор.ADMIN.000Рабочий столComboFix.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsАдминистратор.ADMIN.000Application Data.#
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@954@343578.###
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@954@343598.###
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@954@3435A8.###
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@F7C@343838.###
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@F7C@343858.###
c:documents and settingsАдминистратор.ADMIN.000Application Data.#MBX@F7C@343868.###
c:documents and settingsАдминистраторApplication Data.#
c:documents and settingsuserApplication Data.#
c:recyclerS-1-5-21-1085031214-484061587-725345543-1003
c:recyclerS-1-5-21-1220945662-1454471165-1801674531-500
c:windows.0system32ieuinit.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-20 06:32 . 2009-08-20 06:32

---

d

---

w- c:program filestrend micro
2009-08-20 06:32 . 2009-08-20 06:32

---

d

---

w- C:rsit
2009-08-19 09:43 . 2009-06-13 14:00 3015544 —-a-w- c:documents and settingsАдминистратор.ADMIN.000Application DataSimply Super SoftwareTrojan Removerjsk65AF.exe
2009-08-17 06:34 . 2009-08-17 06:34

---

d—h—w- c:windows.0system32GroupPolicy
2009-08-10 03:56 . 2009-08-11 08:25

---

d

---

w- c:documents and settingsАдминистратор.ADMIN.000Local SettingsApplication DataSTDUViewer
2009-08-10 03:56 . 2009-08-10 03:56

---

d

---

w- c:program filesCommon FilesSTDUtility
2009-08-10 03:56 . 2009-08-10 03:56

---

d

---

w- c:program filesSTDU Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 09:44 . 2007-08-10 07:32

---

d

---

w- c:documents and settingsАдминистратор.ADMIN.000Application DataThe Bat!
2009-08-25 09:35 . 2009-06-24 04:59

---

d—a-w- c:documents and settingsAll Users.WINDOWS.0Application DataTEMP
2008-03-28 04:33 . 2007-09-03 01:58 67696 —-a-w- c:program filesmozilla firefoxcomponentsjar50.dll
2008-03-28 04:33 . 2007-09-03 01:58 54376 —-a-w- c:program filesmozilla firefoxcomponentsjsd3250.dll
2008-03-28 04:33 . 2007-09-03 01:58 34952 —-a-w- c:program filesmozilla firefoxcomponentsmyspell.dll
2008-03-28 04:33 . 2007-09-03 01:58 46720 —-a-w- c:program filesmozilla firefoxcomponentsspellchk.dll
2008-03-28 04:33 . 2007-09-03 01:58 172144 —-a-w- c:program filesmozilla firefoxcomponentsxpinstal.dll
.

---

Sigcheck

---

[-] 2008-03-12 07:48 503808 A975A70FCEFE2A224412214320C89DED c:windows.0system32winlogon.exe

[-] 2006-05-15 04:38 25088 140EF97B64F560FD78643CAE2CDAD838 c:windows.0system32mspmsnsv.dll

c:windows.0system32driversacpiec.sys … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Unreal Commander»=»c:program filesUnreal CommanderUncom.exe» [2008-01-20 1385472]
«NetView_2.0″=»c:program filesKillSoftNetViewnetview.exe» [2008-01-22 1978368]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208]
«thebat_startup»=»c:program filesThe Bat!thebat.exe» [2006-02-20 12055352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windows.0system32dumprep 0 -u» [X]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-03-12 949376]
«SberSign TestHash»=»c:program filesSberSigntesthash.bat» [2008-04-01 159]
«CAP3ON»=»c:windows.0system32spooldriversw32x863CAP3ONN.EXE» [2002-08-22 22528]
«SoundMan»=»SOUNDMAN.EXE» — c:windows.0SOUNDMAN.EXE [2005-02-23 77824]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windows.0system32CTFMON.EXE» [2004-08-18 15360]

c:documents and settingsЂ¤¬Ё­Ёбва в®аѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Abilon.lnk — c:program filesAbilonAbilon.exe [2004-12-26 1134592]
The Bat! E-Mail Client.lnk — c:program filesThe Bat!thebat.exe [2006-2-20 12055352]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=

R1 nod32drv;nod32drv;c:windows.0system32driversnod32drv.sys [12.03.2008 14:05 15424]
R3 ticapdrv;Traffic Inspector network driver;c:windows.0system32driversticap.sys [24.06.2009 11:04 176728]
S3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windows.0system32driversNtApm.sys [12.03.2008 16:36 9472]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
uInternet Settings,ProxyServer = server
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windows.0system32imon.dll
TCP: {E560CBE8-C887-481E-ADD4-B66148F5404A} = 85.233.130.67,85.233.144.10
Handler: kwtp — {2F1D9E53-51C5-4BD9-A1ED-C8F4D50E6717} — c:documents and settingsАдминистратор.ADMIN.000Application Datakwtp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 16:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘lsass.exe'(948)
c:windows.0system32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-08-25 16:10
ComboFix-quarantined-files.txt 2009-08-25 10:10

Pre-Run: 928 092 160 байт свободно
Post-Run: 1 147 621 376 байт свободно

107

[Автор]

Сообщения