Созданные ответы форума
-
Сообщения
-
ComboFix 10-05-13.02 — Инна 17.05.2010 22:19:48.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1391 [GMT 6:00]
Running from: d:комбо- программа для удаленя баннеровComboFix.exe
AV: Антивирус Касперского *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsИннаApplication DataDesktopicon
c:documents and settingsИннаApplication DataDesktopiconconfig.ini
c:documents and settingsИннаApplication DataDesktopiconeBayShortcuts.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsAll UsersMedia
c:program filesdriver
c:program filesMail.RuAgentMradllnewmrasearch.dll
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.2010-05-17 15:31 . 2010-05-17 15:31
dc—-w- c:documents and settingsАдминистратор.RUSSIA.000
2010-05-13 21:04 . 2010-05-16 05:12
d
w- c:program filestrend micro
2010-05-13 21:04 . 2010-05-13 21:04
dc—-w- C:rsit
2010-05-13 19:26 . 2010-05-16 14:06
dc—-w- C:Downloads
2010-05-13 19:23 . 2010-05-13 19:23
dc—-w- c:documents and settingsAll UsersApplication DataYandex
2010-05-13 19:23 . 2010-05-13 19:23
d
w- c:documents and settingsИннаLocal SettingsApplication DataGoogle
2010-05-13 19:22 . 2010-05-15 16:44
d
w- c:documents and settingsИннаApplication DataDownload Master
2010-05-13 19:22 . 2007-12-18 08:56 1412608 —-a-w- c:documents and settingsИннаApplication DataDownload Mastertempskin.dll
2010-05-13 19:22 . 2010-05-13 19:22
d
w- c:program filesYandex
2010-05-13 19:22 . 2010-05-13 19:22
d
w- c:program filesCommon FilesYandex
2010-05-13 18:18 . 2010-05-16 05:12
d
w- c:documents and settingsИннаDoctorWeb
2010-05-13 17:37 . 2010-05-13 17:37
dc—-w- c:documents and settingsAll UsersApplication DataIObit
2010-05-13 02:05 . 2010-05-13 02:05
d
w- c:program filesCommon FilesAdobe
2010-05-12 13:57 . 2010-05-12 13:57
d
w- c:documents and settingsИннаLocal SettingsApplication DataIObitCom
2010-05-12 13:57 . 2010-05-12 13:57
d
w- c:program filesConduit
2010-05-12 13:57 . 2010-05-12 13:57
d
w- c:documents and settingsИннаLocal SettingsApplication DataConduit
2010-05-12 13:57 . 2010-05-12 14:06
d
w- c:program filesIObitCom
2010-05-12 13:57 . 2010-05-12 19:17
d
w- c:documents and settingsИннаApplication DataIObit
2010-05-12 13:57 . 2009-11-04 10:49 635664 —-a-w- c:documents and settingsИннаApplication DataIObitCommonTB_Helper.exe
2010-05-11 21:40 . 2010-05-17 16:09 7168 —-a-w- c:windowssystem32driversute4odky.sys
2010-05-11 21:32 . 2010-05-11 21:32
d
w- c:documents and settingsИннаApplication DataMedia Player Classic
2010-05-04 13:26 . 2010-05-04 13:26
d
w- c:documents and settingsИннаLocal SettingsApplication DataIdentities
2010-04-29 08:18 . 2010-05-13 19:23
d
w- c:documents and settingsИннаLocal SettingsApplication DataYandex
2010-04-29 08:18 . 2010-05-13 19:23
d
w- c:documents and settingsИннаApplication DataYandex
2010-04-27 14:18 . 2008-04-14 15:40 21504 —-a-w- c:windowssystem32hidserv.dll
2010-04-26 16:19 . 2010-04-26 16:19
d-sh—w- c:documents and settingsLocalServiceIETldCache
2010-04-26 15:15 . 2010-04-26 15:15
d
w- c:documents and settingsLocalServiceApplication Data{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2010-04-25 05:01 . 2010-05-17 11:24
d
w- c:program filesDownload Master
2010-04-25 04:58 . 2010-04-25 04:58
d
w- c:program filesREDEMAX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 16:24 . 2010-03-23 17:05
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-05-17 14:49 . 2010-03-23 14:30
d
w- c:program filesuTorrent
2010-05-16 05:12 . 2010-03-23 14:30
d
w- c:documents and settingsИннаApplication DatauTorrent
2010-05-15 07:59 . 2010-03-23 09:02
d
w- c:program filesOpera
2010-05-12 14:06 . 2010-03-23 14:30
d
w- c:program filesK-Lite Codec Pack
2010-05-12 13:50 . 2010-03-23 21:22
d
w- c:program filesVettonWallpapers
2010-05-12 13:49 . 2010-03-23 16:51
d
w- c:program filesAhead
2010-05-07 15:37 . 2010-03-23 17:21
d
w- c:documents and settingsИннаApplication DataMra
2010-05-05 13:13 . 2010-03-23 17:05 97549 —-a-w- c:windowssystem32driversklick.dat
2010-05-05 13:13 . 2010-03-23 17:05 113933 —-a-w- c:windowssystem32driversklin.dat
2010-04-26 16:17 . 2010-03-23 17:21
d
w- c:program filesMail.Ru
2010-04-25 13:58 . 2010-03-23 08:50 70784 —-a-w- c:documents and settingsИннаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-04-23 16:29 . 2010-04-02 07:39
d
w- c:documents and settingsИннаApplication DataICQ
2010-04-23 13:12 . 2004-08-18 12:00 50206 —-a-w- c:windowssystem32perfc019.dat
2010-04-23 13:12 . 2004-08-18 12:00 349224 —-a-w- c:windowssystem32perfh019.dat
2010-04-11 12:52 . 2010-03-23 16:52
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-04-08 07:53 . 2010-04-08 07:53
d
r- c:documents and settingsИннаApplication DataBrother
2010-04-02 09:39 . 2010-04-02 09:39
dc—-w- c:documents and settingsAll UsersApplication DataICQ
2010-04-02 07:40 . 2010-03-23 08:46
d—h—w- c:program filesInstallShield Installation Information
2010-03-25 14:39 . 2010-03-25 14:39
dc—-w- c:documents and settingsAll UsersApplication DataCrystalIdea Software
2010-03-25 14:21 . 2010-03-25 14:21
d
w- c:program filesCCleaner
2010-03-25 14:18 . 2010-03-23 14:30
d
w- c:program filesUninstall Tool
2010-03-23 21:29 . 2010-03-23 21:22
d
w- c:program filesWindows Sidebar
2010-03-23 21:22 . 2010-03-23 21:22
d
w- c:program filesAlky for Applications
2010-03-23 18:34 . 2010-03-23 18:26
d
w- c:program filesCCSSaver
2010-03-23 18:25 . 2010-03-23 18:25 545912 —-a-w- c:windowsclock02.scr
2010-03-23 18:25 . 2010-03-23 18:25
d
w- c:program filesScreensaver Clock v.2.0
2010-03-23 18:23 . 2010-03-23 18:23 566320 —-a-w- c:windowsCleaner.exe
2010-03-23 18:23 . 2010-03-23 18:23 28672 —-a-w- c:windowsgscr.dll
2010-03-23 18:23 . 2010-03-23 18:23 107062 —-a-w- c:windowsCleaner.scr
2010-03-23 18:15 . 2010-03-23 18:15 1254306 —-a-w- c:windowssystem32auto2005concept.scr
2010-03-23 18:14 . 2010-03-23 18:14 719872 —-a-w- c:windowssystem32bubbloids.scr
2010-03-23 18:14 . 2010-03-23 18:14 35 —-a-w- c:windowsbrassi.dat
2010-03-23 17:23 . 2010-03-23 17:23 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736fssync.dll
2010-03-23 17:23 . 2010-03-23 17:23 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736fssync.dll
2010-03-23 17:05 . 2010-03-23 17:05
d
w- c:program filesKaspersky Lab
2010-03-23 17:04 . 2010-03-23 17:04
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-03-23 17:01 . 2010-03-23 16:51
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2010-03-23 16:53 . 2010-03-23 08:58
d
w- c:program filesMicrosoft Works
2010-03-23 16:51 . 2010-03-23 16:51
d
w- c:documents and settingsИннаApplication DataTuneUp Software
2010-03-23 16:07 . 2010-03-23 16:07
d
w- c:documents and settingsAll UsersApplication DataNVIDIA
2010-03-23 16:03 . 2010-03-23 14:18
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2010-03-23 14:31 . 2010-03-23 14:30
d
w- c:program filesKMPlayer
2010-03-23 14:12 . 2010-03-23 14:12
d
w- c:program filesYahoo!
2010-03-23 13:31 . 2010-03-23 13:31 34 —-a-w- c:windowssystem32BD7010.DAT
2010-03-23 09:03 . 2010-03-23 09:03
d
w- c:program filesWindows Media Connect 2
2010-03-23 08:59 . 2010-03-23 08:59
d
w- c:program filesMSECache
2010-03-23 08:58 . 2010-03-23 08:58
d
w- c:program filesMicrosoft.NET
2010-03-23 08:46 . 2010-03-23 08:46
d
w- c:program filesRealtek
2010-03-23 08:46 . 2010-03-23 08:46 315392 —-a-w- c:windowsHideWin.exe
2010-03-23 08:44 . 2010-03-23 08:44
d
w- c:program filesCommon FilesInstallShield
2010-03-23 08:26 . 2010-03-23 08:08 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2010-03-23 08:12 . 2010-03-23 08:12
d
w- c:program filesmicrosoft frontpage
2010-03-23 08:06 . 2010-03-23 08:06 22564 —-a-w- c:windowssystem32emptyregdb.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{31c7d459-9cc3-44f2-9dca-fc11795309b4}»= «c:program filesIObitComtbIObi.dll» [2009-10-01 2166296][HKEY_CLASSES_ROOTclsid{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 11:29 2166296 —-a-w- c:program filesIObitComtbIObi.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-02-16 8944968][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{31C7D459-9CC3-44F2-9DCA-FC11795309B4}»= «c:program filesIObitComtbIObi.dll» [2009-10-01 2166296]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-02-16 8944968][HKEY_CLASSES_ROOTclsid{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Advanced SystemCare 3″=»d:флеш плеерAdvanced SystemCare 3AWC.exe» [2010-03-29 2343120]
«Download Master»=»d:флеш плеерСсылка СергейД мастерDownload Masterdmaster.exe» [2010-04-30 3791360]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-05-10 8429568]
«nwiz»=»nwiz.exe» [2007-05-10 1626112]
«RTHDCPL»=»RTHDCPL.EXE» [2007-02-26 16125440]
«SkyTel»=»SkyTel.EXE» [2006-05-16 2879488]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-05-10 81920]
«UnlockerAssistant»=»d:спец папкаUnlockerUnlockerAssistant.exe» [2008-05-02 15872]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe» [2009-10-20 340456]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2010-04-26 9422016]
«Vetton Wallpapers»=»c:program filesVettonWallpapersvw.exe» [2005-01-10 1172480]
«Guard.Mail.ru.gui»=»c:program filesMail.RuGuardGuardMailRu.exe» [2010-04-26 563392]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-04-04 36272]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-03-24 952768][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Opera\opera.exe»=
«d:\Спец папка\Игры\Pes 2010\PES 2010\pes2010.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«d:\Спец папка\Unlocker\World Poker Championship\World Poker Championship.exe»=
«c:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe»=
«c:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe»=
«d:\Counter-Strike 1.6 Professional Edition\cstrike.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [14.10.2009 21:18 36880]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [23.03.2010 14:44 13696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [14.09.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32driversklmouflt.sys [02.10.2009 19:39 19472]
S2 Guard.Mail.ru;Guard.Mail.ru;c:program filesMail.RuGuardGuardMailRu.exe [26.04.2010 21:15 563392]
S2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe —> c:program filesICQ6ToolbarICQ Service.exe [?]
S3 ute4odky;AVZ Kernel Driver;c:windowssystem32driversute4odky.sys [12.05.2010 3:40 7168]
.
Contents of the ‘Scheduled Tasks’ folder2010-05-17 c:windowsTasksUser_Feed_Synchronization-{7009A04F-3CF9-44BC-95F9-D36A9B280EF2}.job
— c:windowssystem32msfeedssync.exe [2009-03-07 23:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=22042
mStart Page = hxxp://www.yahoo.com
IE: Закачать ВСЕ при помощи Download Master — d:флеш плеерСсылка СергейД мастерDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — d:флеш плеерСсылка СергейД мастерDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — d:флеш плеерСсылка СергейД мастерDownload Masterremdown.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
.
— — — — ORPHANS REMOVED — — — —Toolbar-Locked — (no file)
AddRemove-ConditionZero 1.2 from VSI (Version 1.03) — d:counte~1.6prUNWISE.EXE
AddRemove-Counter Strike 1.6 V34 — d:counter-strike 1.6 professional editionCounter-strikeuninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 22:24
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2696)
c:windowssystem32nview.dll
c:windowssystem32NVWRSRU.DLL
c:progra~1WINDOW~2wmpband.dll
c:windowssystem32nvwddi.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowsRTHDCPL.EXE
c:windowssystem32rundll32.exe
c:windowssystem32RUNDLL32.EXE
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32nvsvc32.exe
c:windowssystem32wscntfy.exe
c:program filesMicrosoft OfficeOffice12WINWORD.EXE
c:windowssystem32rundll32.exe
.
**************************************************************************
.
Completion time: 2010-05-17 22:27:07 — machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 16:27Pre-Run: 1 118 175 232 байт свободно
Post-Run: 1 048 494 080 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — BE7148C35DE1F9CE900A8662A818C11C
