Созданные ответы форума
-
Сообщения
-
ComboFix 09-07-06.A0 — User 07.07.2009 19:32.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1488 [GMT 3:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::
«c:program filesAdobeadrouter.dll»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesAdobeadrouter.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_MCHINJDRV
Service_mchInjDrv((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.2009-07-07 08:25 . 2009-07-07 08:25
dc—-w- c:windowsSHELLNEW
2009-07-06 11:39 . 2009-07-06 11:41
dc—-w- c:documents and settingsUserApplication DataDesktopicon
2009-07-06 08:46 . 2009-07-06 08:46
d
w- C:rsit
2009-07-06 08:46 . 2009-07-06 08:46
dc—-w- c:program filestrend micro
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:windowssystem32wbemRepository
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:program filesMSXML 4.0
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:program filesMicrosoft CAPICOM 2.1.0.2
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:windowsnview
2009-07-06 07:16 . 2009-07-06 07:16
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2009-07-06 05:56 . 2009-03-09 19:06 15688 -c—a-w- c:windowssystem32lsdelete.exe
2009-07-06 00:34 . 2009-07-06 06:57
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-07-06 00:34 . 2009-07-06 00:36
dc—-w- c:program filesSpybot — Search & Destroy
2009-07-06 00:24 . 2009-03-09 19:06 64160 -c—a-w- c:windowssystem32driversLbd.sys
2009-07-06 00:12 . 2009-07-06 00:12
dc-h—w- c:documents and settingsAll UsersApplication Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-06 00:12 . 2009-03-12 08:17 2902048 -c—a-w- c:documents and settingsAll UsersApplication Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}Ad-AwareAE.exe
2009-07-06 00:12 . 2009-07-06 00:24
d
w- c:documents and settingsAll UsersApplication DataLavasoft
2009-07-06 00:12 . 2009-07-06 00:12
dc—-w- c:program filesLavasoft
2009-07-04 08:15 . 2009-07-04 11:27 7168 -c—a-w- c:windowssystem32driversutezmzaz.sys
2009-07-04 08:14 . 2009-07-04 08:15 10240 -c—a-w- c:windowssystem32driversujezmzaz.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:34 . 2008-10-01 19:12 720928 —sha-w- c:windowssystem32driversfidbox2.dat
2009-07-07 16:34 . 2008-10-01 19:12 4592 —sha-w- c:windowssystem32driversfidbox2.idx
2009-07-07 16:34 . 2008-10-01 19:12 3042848 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-07 16:34 . 2008-10-01 19:12 25900 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-07 16:11 . 2009-03-19 22:26
dc—-w- c:documents and settingsUserApplication DataSkype
2009-07-07 08:11 . 2008-08-12 19:10
dc—-w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-04 12:09 . 2009-06-30 18:51
dc—-w- c:program filesUpsPilot
2009-07-04 12:07 . 2009-06-30 14:54
dc—-w- c:program filesNokia
2009-07-04 07:57 . 2009-07-03 21:16 11264 -c—a-w- c:windowssystem32driversuzezmzaz.sys
2009-07-03 16:51 . 2009-05-13 22:14 65296 -c—a-w- c:documents and settingsАндрюшкаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-03 08:23 . 2009-03-12 23:51
dc—-w- c:program filesCommon FilesApple
2009-07-03 07:47 . 2009-03-12 23:52
dc—-w- c:program filesBonjour
2009-07-01 19:15 . 2008-08-09 15:25
dc—-w- c:program filesCommon FilesAdobe
2009-07-01 18:24 . 2008-06-13 19:53 20 —h—w- c:documents and settingsAll UsersApplication DataPKP_DLdu.DAT
2009-06-30 18:51 . 2009-06-30 18:51
dc-h—w- c:program filesZero G Registry
2009-06-30 15:53 . 2009-06-30 15:53
dc—-w- c:documents and settingsАндрюшкаApplication DataPC Suite
2009-06-30 14:56 . 2009-06-30 14:54
dc—-w- c:documents and settingsUserApplication DataNokia
2009-06-30 14:55 . 2009-06-30 14:55
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-06-30 14:53 . 2009-06-30 14:53 9728 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstPCS.exe
2009-06-30 14:53 . 2009-06-30 14:53 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstCCD.exe
2009-06-30 14:53 . 2009-06-30 14:53 15360 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstPCSFEMsi.exe
2009-06-30 14:53 . 2009-06-30 14:53
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-06-16 11:31 . 2009-06-16 11:28
dc—-w- c:program filesBarbie Island Princess
2009-06-15 07:31 . 2004-08-18 12:00 50408 -c—a-w- c:windowssystem32perfc019.dat
2009-06-15 07:31 . 2004-08-18 12:00 349532 -c—a-w- c:windowssystem32perfh019.dat
2009-06-14 21:25 . 2009-03-29 18:38
dc—-w- c:program filesOberon Media
2009-06-14 21:18 . 2009-06-14 21:18
dc—-w- c:documents and settingsLocalServiceApplication DataAhead
2009-06-06 12:18 . 2008-05-01 10:30 64912 -c—a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-06-02 11:51 . 2008-08-10 13:43
d
w- c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-05-31 21:10 . 2009-05-31 20:42
dc—-w- c:program filesK-Lite Codec Pack
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:documents and settingsUserApplication DataBitSpirit
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:program filesCommon FilesBitSpirit
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:program filesBitSpirit
2009-05-31 08:03 . 2009-05-31 08:03
dc—-w- c:program filesMicrosoft Silverlight
2009-05-20 13:57 . 2008-10-01 19:05 94643 —-a-w- c:windowssystem32driversklick.dat
2009-05-20 13:57 . 2008-10-01 19:05 105395 —-a-w- c:windowssystem32driversklin.dat
2009-05-19 08:34 . 2009-05-30 22:20 51200 -c—a-w- c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsFFExternalAlert.dll
2009-05-19 08:34 . 2009-05-30 22:20 114688 -c—a-w- c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsnpmozax.dll
2009-05-14 21:11 . 2009-05-14 21:11
dc—-w- c:documents and settingsАндрюшкаApplication DataApple Computer
2009-05-14 21:10 . 2009-05-14 21:05
dc—-w- c:documents and settingsАндрюшкаApplication DataSkype
2009-05-07 15:33 . 2004-08-18 12:00 346624 -c—a-w- c:windowssystem32localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 -c—a-w- c:windowssystem32GPhotos.scr
2009-04-29 04:35 . 2007-08-02 19:02 667136 -c—a-w- c:windowssystem32wininet.dll
2009-04-29 04:35 . 2004-08-18 12:00 81920 -c—a-w- c:windowssystem32ieencode.dll
2009-04-19 19:51 . 2007-09-24 01:20 1847296 -c—a-w- c:windowssystem32win32k.sys
2009-04-15 14:53 . 2007-09-24 01:19 585216 -c—a-w- c:windowssystem32rpcrt4.dll
2009-04-09 11:32 . 2009-04-09 11:32 89088 -c—a-w- c:documents and settingsUserApplication DataDesktopiconeBayShortcuts.exe
2009-03-19 22:16 . 2009-03-19 22:09 23596840 -c—a-w- c:program filesSkypeSetupFull.exe
2009-03-19 11:28 . 2009-03-19 11:27 1558993 -c—a-w- c:program filesstduviewer.exe
.((((((((((((((((((((((((((((( SnapShot@2009-07-06_12.52.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 16:35 . 2009-07-07 16:35 16384 c:windowsTempPerflib_Perfdata_428.dat
+ 2009-07-07 08:10 . 2009-07-07 08:10 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2008-04-25 07:46 . 2009-07-06 12:29 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2008-04-25 07:46 . 2009-07-07 08:10 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2009-07-03 17:02 . 2009-07-06 12:29 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2009-07-03 17:02 . 2009-07-07 08:10 16384 c:windowssystem32configsystemprofileCookiesindex.dat
— 2008-05-01 10:14 . 2009-07-03 16:58 23040 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}unbndico.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 23040 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}unbndico.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 61440 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}pubs.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 61440 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}pubs.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 27136 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}oisicon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 27136 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}oisicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 11264 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}mspicons.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 11264 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}mspicons.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 86016 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}inficon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 86016 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}inficon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 12288 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}cagicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 12288 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}cagicon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 4096 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}opwicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 4096 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}opwicon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 409600 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}xlicons.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 409600 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}xlicons.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 286720 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}wordicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 286720 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}wordicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 249856 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}pptico.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 249856 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}pptico.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 794624 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}outicon.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 794624 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}outicon.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 135168 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}misc.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 135168 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}misc.exe
+ 2008-05-01 10:14 . 2009-07-07 08:25 593920 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}accicons.exe
— 2008-05-01 10:14 . 2009-07-03 16:58 593920 c:windowsInstaller{90110419-6000-11D3-8CFE-0150048383C9}accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-03-12 153136]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-03-11 24095528][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-07-13 81920]
«CoolSwitch»=»c:windowssystem32TaskSwitch.exe» [2005-12-21 45632]
«WrtMon.exe»=»c:windowssystem32spooldriversw32x863WrtMon.exe» [2006-09-20 20480]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-13 8466432]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2007-03-09 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2009-03-11 342312]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-03-09 148888]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2007-08-20 16384512][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-22 39264]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Nikon Monitor.lnk — c:program filesCommon FilesNikonMonitorNkMonitor.exe [2007-10-18 479232][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStrCmpLogical»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMBalloonTip»= 1 (0x1)
«MemCheckBoxInRunDlg»= 0 (0x0)
«NoResolveTrack»= 0 (0x0)
«NoWelcomeScreen»= 1 (0x1)
«NoRecentDocsNetHood»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«Start»=dword:00000004
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\UpsPilot\jre\bin\javaw.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\BitSpirit\BitSpirit.exe»=
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 18:29 33808]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [26.04.2008 19:58 13696]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:windowssystem32driverseusk2par.sys [12.08.2008 22:54 24786]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [25.03.2008 20:07 24592]
S3 eusk3usb;SmartKey 3 USB;c:windowssystem32driverseusk3usb.sys [12.08.2008 22:54 45534]
.
Contents of the ‘Scheduled Tasks’ folder2009-07-06 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-03-09 19:06]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search — c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Backward Links — c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page — c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: Similar Pages — c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English — c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
IE: Загрузить с помощью &BitSpirit — c:program filesBitSpiritbsurl.htm
IE: УГ±ИМШѕ«БйПВФШ(&B)
TCP: {ADDF0889-870F-4049-AB48-64C64855D95E} = 192.168.1.1
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q={searchTerms}
FF — prefs.js: browser.startup.homepage — hxxp://www.google.com.ua/firefox
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=2&q=
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsFFExternalAlert.dll
FF — component: d:mozilaextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — HiddenExtension: googletoolbar@1: No Registry Reference — d:mozilaextensionsgoogletoolbar@1
FF — HiddenExtension: Java Console: No Registry Reference — d:mozilaextensions{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:35
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1204)
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(3476)
c:windowssystem32msvdm.dll
.
Other Running Processes
.
c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe
c:program filesBonjourmDNSResponder.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32rundll32.exe
c:windowssystem32spooldriversw32x863WrtProc.exe
c:program filesCommon FilesAheadLibNMIndexingService.exe
c:program filesCommon FilesAheadLibNMIndexStoreSvr.exe
c:program filesiPodbiniPodService.exe
c:windowsALCFDRTM.EXE
.
**************************************************************************
.
Completion time: 2009-07-07 19:37 — machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 16:37
ComboFix2.txt 2009-07-06 19:27
ComboFix3.txt 2009-07-06 12:52Pre-Run: 18 068 254 720 байт свободно
Post-Run: 18 024 656 896 байт свободно262 — E O F — 2009-07-03 18:40
😕 Пробовала ComboFix, вот получившийся лог
ComboFix 09-07-05.04 — User 06.07.2009 15:50.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1543 [GMT 3:00]
Running from: d:завантаженняComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.2009-07-06 11:39 . 2009-07-06 11:41
dc—-w- c:documents and settingsUserApplication DataDesktopicon
2009-07-06 08:46 . 2009-07-06 08:46
d
w- C:rsit
2009-07-06 08:46 . 2009-07-06 08:46
dc—-w- c:program filestrend micro
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:windowssystem32wbemRepository
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:program filesMSXML 4.0
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:program filesMicrosoft CAPICOM 2.1.0.2
2009-07-06 07:16 . 2009-07-06 07:16
dc—-w- c:windowsnview
2009-07-06 07:16 . 2009-07-06 07:16
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2009-07-06 05:56 . 2009-03-09 19:06 15688 -c—a-w- c:windowssystem32lsdelete.exe
2009-07-06 00:34 . 2009-07-06 06:57
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-07-06 00:34 . 2009-07-06 00:36
dc—-w- c:program filesSpybot — Search & Destroy
2009-07-06 00:24 . 2009-03-09 19:06 64160 -c—a-w- c:windowssystem32driversLbd.sys
2009-07-06 00:12 . 2009-07-06 00:12
dc-h—w- c:documents and settingsAll UsersApplication Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-06 00:12 . 2009-03-12 08:17 2902048 -c—a-w- c:documents and settingsAll UsersApplication Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}Ad-AwareAE.exe
2009-07-06 00:12 . 2009-07-06 00:24
d
w- c:documents and settingsAll UsersApplication DataLavasoft
2009-07-06 00:12 . 2009-07-06 00:12
dc—-w- c:program filesLavasoft
2009-07-04 08:15 . 2009-07-04 11:27 7168 -c—a-w- c:windowssystem32driversutezmzaz.sys
2009-07-04 08:14 . 2009-07-04 08:15 10240 -c—a-w- c:windowssystem32driversujezmzaz.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 12:52 . 2009-03-19 22:26
dc—-w- c:documents and settingsUserApplication DataSkype
2009-07-06 12:48 . 2008-08-12 19:10
dc—-w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-06 12:47 . 2008-10-01 19:12 712736 —sha-w- c:windowssystem32driversfidbox2.dat
2009-07-06 12:47 . 2008-10-01 19:12 4564 —sha-w- c:windowssystem32driversfidbox2.idx
2009-07-06 12:47 . 2008-10-01 19:12 3042848 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-06 12:47 . 2008-10-01 19:12 25900 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-04 12:09 . 2009-06-30 18:51
dc—-w- c:program filesUpsPilot
2009-07-04 12:07 . 2009-06-30 14:54
dc—-w- c:program filesNokia
2009-07-04 07:57 . 2009-07-03 21:16 11264 -c—a-w- c:windowssystem32driversuzezmzaz.sys
2009-07-03 16:51 . 2009-05-13 22:14 65296 -c—a-w- c:documents and settingsАндрюшкаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-03 08:23 . 2009-03-12 23:51
dc—-w- c:program filesCommon FilesApple
2009-07-03 07:47 . 2009-03-12 23:52
dc—-w- c:program filesBonjour
2009-07-01 19:15 . 2008-08-09 15:25
dc—-w- c:program filesCommon FilesAdobe
2009-07-01 18:24 . 2008-06-13 19:53 20 —h—w- c:documents and settingsAll UsersApplication DataPKP_DLdu.DAT
2009-06-30 18:51 . 2009-06-30 18:51
dc-h—w- c:program filesZero G Registry
2009-06-30 15:53 . 2009-06-30 15:53
dc—-w- c:documents and settingsАндрюшкаApplication DataPC Suite
2009-06-30 14:56 . 2009-06-30 14:54
dc—-w- c:documents and settingsUserApplication DataNokia
2009-06-30 14:55 . 2009-06-30 14:55
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-06-30 14:53 . 2009-06-30 14:53 9728 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstPCS.exe
2009-06-30 14:53 . 2009-06-30 14:53 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstCCD.exe
2009-06-30 14:53 . 2009-06-30 14:53 15360 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}InstallationsCommonCustomActionsUninstPCSFEMsi.exe
2009-06-30 14:53 . 2009-06-30 14:53
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-06-16 11:31 . 2009-06-16 11:28
dc—-w- c:program filesBarbie Island Princess
2009-06-15 07:31 . 2004-08-18 12:00 50408 -c—a-w- c:windowssystem32perfc019.dat
2009-06-15 07:31 . 2004-08-18 12:00 349532 -c—a-w- c:windowssystem32perfh019.dat
2009-06-14 21:25 . 2009-03-29 18:38
dc—-w- c:program filesOberon Media
2009-06-14 21:18 . 2009-06-14 21:18
dc—-w- c:documents and settingsLocalServiceApplication DataAhead
2009-06-06 12:18 . 2008-05-01 10:30 64912 -c—a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-06-02 11:51 . 2008-08-10 13:43
d
w- c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-05-31 21:10 . 2009-05-31 20:42
dc—-w- c:program filesK-Lite Codec Pack
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:documents and settingsUserApplication DataBitSpirit
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:program filesCommon FilesBitSpirit
2009-05-31 13:55 . 2009-05-31 13:55
dc—-w- c:program filesBitSpirit
2009-05-31 08:03 . 2009-05-31 08:03
dc—-w- c:program filesMicrosoft Silverlight
2009-05-20 13:57 . 2008-10-01 19:05 94643 —-a-w- c:windowssystem32driversklick.dat
2009-05-20 13:57 . 2008-10-01 19:05 105395 —-a-w- c:windowssystem32driversklin.dat
2009-05-19 08:34 . 2009-05-30 22:20 51200 -c—a-w- c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsFFExternalAlert.dll
2009-05-19 08:34 . 2009-05-30 22:20 114688 -c—a-w- c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsnpmozax.dll
2009-05-14 21:11 . 2009-05-14 21:11
dc—-w- c:documents and settingsАндрюшкаApplication DataApple Computer
2009-05-14 21:10 . 2009-05-14 21:05
dc—-w- c:documents and settingsАндрюшкаApplication DataSkype
2009-05-07 15:33 . 2004-08-18 12:00 346624 -c—a-w- c:windowssystem32localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 -c—a-w- c:windowssystem32GPhotos.scr
2009-04-29 04:35 . 2007-08-02 19:02 667136 -c—a-w- c:windowssystem32wininet.dll
2009-04-29 04:35 . 2004-08-18 12:00 81920 -c—a-w- c:windowssystem32ieencode.dll
2009-04-19 19:51 . 2007-09-24 01:20 1847296 -c—a-w- c:windowssystem32win32k.sys
2009-04-15 14:53 . 2007-09-24 01:19 585216 -c—a-w- c:windowssystem32rpcrt4.dll
2009-04-09 11:32 . 2009-04-09 11:32 89088 -c—a-w- c:documents and settingsUserApplication DataDesktopiconeBayShortcuts.exe
2009-03-19 22:16 . 2009-03-19 22:09 23596840 -c—a-w- c:program filesSkypeSetupFull.exe
2009-03-19 11:28 . 2009-03-19 11:27 1558993 -c—a-w- c:program filesstduviewer.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdRouter]
@=»{E2085722-3AC0-4411-A14B-906AFE1A75C4}»
[HKEY_CLASSES_ROOTCLSID{E2085722-3AC0-4411-A14B-906AFE1A75C4}]
2009-07-01 20:52 98304 -c—a-w- c:program filesAdobeadrouter.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-03-12 153136]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-03-11 24095528][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-07-13 81920]
«CoolSwitch»=»c:windowssystem32TaskSwitch.exe» [2005-12-21 45632]
«WrtMon.exe»=»c:windowssystem32spooldriversw32x863WrtMon.exe» [2006-09-20 20480]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-13 8466432]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-02-05 201992]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2007-03-09 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2009-03-11 342312]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-03-09 148888]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2007-08-20 16384512][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-22 39264]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Nikon Monitor.lnk — c:program filesCommon FilesNikonMonitorNkMonitor.exe [2007-10-18 479232][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStrCmpLogical»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMBalloonTip»= 1 (0x1)
«MemCheckBoxInRunDlg»= 0 (0x0)
«NoResolveTrack»= 0 (0x0)
«NoWelcomeScreen»= 1 (0x1)
«NoRecentDocsNetHood»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«Start»=dword:00000004
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\UpsPilot\jre\bin\javaw.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\BitSpirit\BitSpirit.exe»=
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 18:29 33808]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [26.04.2008 19:58 13696]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:windowssystem32driverseusk2par.sys [12.08.2008 22:54 24786]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [25.03.2008 20:07 24592]
S3 eusk3usb;SmartKey 3 USB;c:windowssystem32driverseusk3usb.sys [12.08.2008 22:54 45534]
S4 mchInjDrv;mchInjDrv; [x]
.
Contents of the ‘Scheduled Tasks’ folder2009-07-06 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-03-09 19:06]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-SuperCopier2.exe — c:program filesSuperCopier2SuperCopier2.exe
HKLM-Run-UnlockerAssistant — c:program filesUnlockerUnlockerAssistant.exe
HKU-Default-Run-SuperCopier2.exe — c:program filesSuperCopier2SuperCopier2.exe.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search — c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Backward Links — c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page — c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: Similar Pages — c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English — c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
IE: Загрузить с помощью &BitSpirit — c:program filesBitSpiritbsurl.htm
IE: УГ±ИМШѕ«БйПВФШ(&B)
TCP: {ADDF0889-870F-4049-AB48-64C64855D95E} = 192.168.1.1
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q={searchTerms}
FF — prefs.js: browser.startup.homepage — hxxp://www.google.com.ua/firefox
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=2&q=
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfileshtlxmm4z.defaultextensions{e0c7b854-d5ce-4db6-9804-be1438603d89}componentsFFExternalAlert.dll
FF — component: d:mozilaextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — HiddenExtension: googletoolbar@1: No Registry Reference — d:mozilaextensionsgoogletoolbar@1
FF — HiddenExtension: Java Console: No Registry Reference — d:mozilaextensions{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 15:52
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1208)
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(1616)
c:program filesAdobeadrouter.dll
c:windowssystem32msvdm.dll
c:program filesBonjourmdnsNSP.dll
.
Completion time: 2009-07-06 15:52
ComboFix-quarantined-files.txt 2009-07-06 12:52Pre-Run: 18 180 562 944 байт свободно
Post-Run: 18 149 281 792 байт свободно210 — E O F — 2009-07-03 18:40
