Созданные ответы форума
-
Сообщения
-
GMER 1.0.15.15163 — http://www.gmer.net
Rootkit scan 2009-10-19 13:08:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:DOCUME~1SAVLOCALS~1Temppxtdapow.sys—- System — GMER 1.0.15 —-
SSDT spds.sys ZwCreateKey [0xF72E00E0]
SSDT spds.sys ZwEnumerateKey [0xF72FECA2]
SSDT spds.sys ZwEnumerateValueKey [0xF72FF030]
SSDT spds.sys ZwOpenKey [0xF72E00C0]
SSDT spds.sys ZwQueryKey [0xF72FF108]
SSDT spds.sys ZwQueryValueKey [0xF72FEF88]
SSDT spds.sys ZwSetValueKey [0xF72FF19A]INT 0x73 ? 85F42F00
INT 0x83 ? 861D9BF8
INT 0x83 ? 85F42F00
INT 0x83 ? 861D9BF8
INT 0x84 ? 85F42F00
INT 0xA4 ? 85F42F00
INT 0xB4 ? 861D6BF8
INT 0xB4 ? 861D6BF8
INT 0xB4 ? 861D6BF8
INT 0xB4 ? 861D6BF8
INT 0xB4 ? 85F42F00
INT 0xB4 ? 861D6BF8—- Kernel code sections — GMER 1.0.15 —-
? spds.sys Не удается найти указанный файл. !
.text USBPORT.SYS!DllUnload F658B8AC 5 Bytes JMP 85F424E0
.text a1817ld6.SYS F64BE384 1 Byte [20]
.text a1817ld6.SYS F64BE384 37 Bytes [20, 00, 00, 68, 00, 00, 00, …]
.text a1817ld6.SYS F64BE3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, …]
.text a1817ld6.SYS F64BE3C4 3 Bytes [00, 00, 00]
.text a1817ld6.SYS F64BE3C9 1 Byte [00]
.text …—- User code sections — GMER 1.0.15 —-
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0124DBCB C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 0124DD81 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 011B1CA2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[1004] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 0125488E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program Filesinternet exploreriexplore.exe[3984] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)—- Kernel IAT/EAT — GMER 1.0.15 —-
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72E1040] spds.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72E113C] spds.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72E10BE] spds.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72E17FC] spds.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72E16D2] spds.sys
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT SystemRootSystem32Driversa1817ld6.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT SystemRootSystem32Driversa1817ld6.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT SystemRootSystem32Driversa1817ld6.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC—- Devices — GMER 1.0.15 —-
Device FileSystemNtfs Ntfs 861651F8
Device FileSystemFastfat FatCdrom 85CA4500
Device DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device Driverusbuhci DeviceUSBPDO-0 85F3B1F8
Device Driverusbuhci DeviceUSBPDO-1 85F3B1F8
Device Driverdmio DeviceDmControlDmIoDaemon 861671F8
Device Driverdmio DeviceDmControlDmConfig 861671F8
Device Driverdmio DeviceDmControlDmPnP 861671F8
Device Driverdmio DeviceDmControlDmInfo 861671F8
Device Driverusbehci DeviceUSBPDO-2 85F241F8
Device Driverusbuhci DeviceUSBPDO-3 85F3B1F8
Device Driverusbuhci DeviceUSBPDO-4 85F3B1F8
Device Driverusbuhci DeviceUSBPDO-5 85F3B1F8
Device DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device Driverusbehci DeviceUSBPDO-6 85F241F8
Device DriverFtdisk DeviceHarddiskVolume1 861D71F8
Device DriverFtdisk DeviceHarddiskVolume2 861D71F8
Device DriverCdrom DeviceCdRom0 85F161F8
Device DriverFtdisk DeviceHarddiskVolume3 861D71F8
Device Driveratapi DeviceIdeIdePort0 [F7234B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 [F7234B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdePort1 [F7234B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdePort2 [F7234B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdePort3 [F7234B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device DriverCdrom DeviceCdRom1 85F161F8
Device DriverNetBT DeviceNetBt_Wins_Export 855EC1F8
Device DriverNetBT DeviceNetbiosSmb 855EC1F8
Device DriverPCI_PNP4838 Device000004d spds.sys
Device DriverPCI_PNP4838 Device000004d spds.sys
Device DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device Driverusbuhci DeviceUSBFDO-0 85F3B1F8
Device Driversptd Device4223881088 spds.sys
Device Driverusbuhci DeviceUSBFDO-1 85F3B1F8
Device Driverusbehci DeviceUSBFDO-2 85F241F8
Device DriverTcpip DeviceIPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 855D41F8
Device FileSystemMRxSmb DeviceLanmanRedirector 855D41F8
Device Driverusbuhci DeviceUSBFDO-3 85F3B1F8
Device DriverFtdisk DeviceFtControl 861D71F8
Device Driverusbuhci DeviceUSBFDO-4 85F3B1F8
Device Driverusbuhci DeviceUSBFDO-5 85F3B1F8
Device Driverusbehci DeviceUSBFDO-6 85F241F8
Device Drivera1817ld6 DeviceScsia1817ld61 85ED91F8
Device DriverJRAID DeviceScsiJRAID1Port4Path0Target0Lun0 861661F8
Device Drivera1817ld6 DeviceScsia1817ld61Port5Path0Target0Lun0 85ED91F8
Device DriverJRAID DeviceScsiJRAID1 861661F8
Device FileSystemFastfat Fat 85CA4500AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device FileSystemCdfs Cdfs 85EBD1F8
—- Registry — GMER 1.0.15 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B0424>4 Bluetooth (?4@4>4B4>4:4>4;4 RFCOMM TDI) 1?
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys111111111111
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8D 0x47 0x19 0x29 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0xF2 0x2F 0xDF 0xD5 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x92 0x5A 0x58 0x0B …
Reg HKLMSYSTEMCurrentControlSetServicesSysmonLogLog Queries{7bf5a4e5-81cc-4a9a-b874-9cfdba93444b}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8D 0x47 0x19 0x29 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0xF2 0x2F 0xDF 0xD5 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x4B 0x4C 0xC3 0x2F …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8D 0x47 0x19 0x29 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0xF2 0x2F 0xDF 0xD5 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x4B 0x4C 0xC3 0x2F …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8D 0x47 0x19 0x29 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0xF2 0x2F 0xDF 0xD5 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x4B 0x4C 0xC3 0x2F …
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B0424>4 Bluetooth (?4@4>4B4>4:4>4;4 RFCOMM TDI) 1?
Reg HKLMSYSTEMControlSet005ServicesBTHPORTParametersKeys111111111111 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x8D 0x47 0x19 0x29 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0xF2 0x2F 0xDF 0xD5 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x92 0x5A 0x58 0x0B …
Reg HKLMSYSTEMControlSet005ServicesSysmonLogLog Queries{7bf5a4e5-81cc-4a9a-b874-9cfdba93444b}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33—- Files — GMER 1.0.15 —-
—- EOF — GMER 1.0.15 —-
ComboFix 09-10-11.01 — SAV 12.10.2009 8:20.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.999.646 [GMT 7:00]
Running from: c:documents and settingsSAVРабочий столComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssystem32Mstoolbr.dll
BITS: Possible infected sites
hxxp://wu.windowsupdate.tomsk.ru
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.2009-10-09 08:59 . 2009-10-09 09:17
d
w- c:program filestrend micro
2009-10-09 08:59 . 2009-10-09 08:59
d
w- C:rsit
2009-10-08 07:15 . 2009-10-12 01:10
d
w- c:documents and settingsSAVApplication DataCoreFTP
2009-10-08 07:15 . 2009-10-08 07:15
d
w- c:program filesCoreFTP
2009-10-08 06:04 . 2009-10-08 06:04
d
w- c:documents and settingsSAVftp.sibinet.com
2009-10-06 09:28 . 2009-10-06 09:28
d
w- c:documents and settingsAll UsersApplication DataProtect
2009-10-06 09:26 . 2009-10-06 09:26
d
w- c:windowsLastGood.Tmp
2009-10-06 09:26 . 2005-07-28 01:18 685056 —-a-w- c:windowssystem32drivershardlock.sys
2009-10-06 09:26 . 2009-10-06 09:26
d
w- c:program filesCommon FilesBeeline
2009-10-06 09:24 . 2002-12-17 09:23 33340
w- c:windowssystem32dbmsqlgc.dll
2009-10-06 09:24 . 2002-10-20 07:05 24576
w- c:windowssystem32dbmsgnet.dll
2009-10-06 09:23 . 2009-10-06 09:23
d
w- c:program filesMicrosoft SQL Server
2009-10-06 05:45 . 1999-02-10 07:36 125856 —-a-w- c:windowssystem32Mfco250.dll
2009-10-06 05:45 . 1999-02-10 07:36 24598 —-a-w- c:windowssystem32Ole2.reg
2009-10-06 05:45 . 1999-02-10 07:36 51712 —-a-w- c:windowssystem32Ole2prox.dll
2009-10-04 20:00 . 2009-10-04 20:00 55808 —-a-w- c:windowssystem32DevCon.exe
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsUc.pif
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsRar.pif
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsPkzip.pif
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsPkunzip.pif
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsLha.pif
2009-10-04 20:00 . 2009-10-04 20:00 545 —-a-w- c:windowsArj.pif
2009-10-04 20:00 . 2009-10-04 20:00 24576 —-a-w- c:windowsNoClose.pif
2009-10-02 01:02 . 2005-12-06 07:14 7680 —-a-w- c:windowssystem32LW400MON.DLL
2009-10-02 01:02 . 2005-08-01 09:27 2560 —-a-w- c:windowssystem32lmmonres.dll
2009-10-02 01:02 . 2002-03-26 01:59 57344 —-a-w- c:windowssystem32DYMOCFG.DLL
2009-10-02 01:02 . 2006-04-25 13:33 421888 —-a-w- c:windowssystem32DYMOSmartPaste.dll
2009-10-02 01:01 . 2009-10-02 03:14
d
w- c:program filesDYMO Label
2009-10-02 00:59 . 2006-06-07 06:00 184320 —-a-w- c:windowssystem32DymoInst.dll
2009-09-16 04:06 . 2009-09-16 04:06
d
w- c:documents and settingsSAVApplication DataEPSON
2009-09-15 02:14 . 2009-09-15 02:14
d-sh—w- c:documents and settingsSAVIECompatCache.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 01:04 . 2008-04-15 03:50
d
w- c:program filesQIP Infium
2009-10-09 00:28 . 2008-04-15 01:30
d
w- c:documents and settingsSAVApplication DataThe Bat!
2009-10-08 09:30 . 2009-02-11 05:57 2516 —sha-w- c:documents and settingsAll UsersApplication DataKGyGaAvL.sys
2009-10-08 06:21 . 2008-04-22 01:12
d
w- c:program filesTotal Commander
2009-10-06 09:24 . 2004-08-18 12:00 87372 —-a-w- c:windowssystem32perfc019.dat
2009-10-06 09:24 . 2004-08-18 12:00 493518 —-a-w- c:windowssystem32perfh019.dat
2009-10-06 05:48 . 2008-04-15 00:10
d—h—w- c:program filesInstallShield Installation Information
2009-10-06 05:45 . 2008-04-15 02:58
d
w- c:program filesActerna
2009-09-29 10:06 . 2008-04-15 02:29 2516 —sha-w- c:windowssystem32KGyGaAvL.sys
2009-09-29 05:48 . 2008-04-15 00:25 121440 —-a-w- c:documents and settingsSAVLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-29 05:18 . 2008-08-11 06:44
d
w- c:documents and settingsAll UsersApplication DataFLEXnet
2009-09-29 05:12 . 2008-05-07 04:46
d
w- c:program filesCommon FilesAdobe
2009-09-15 10:00 . 2008-04-15 01:14
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-09-08 09:15 . 2008-11-28 10:12
d
w- c:program filesQIP
2009-09-08 04:22 . 2009-05-28 14:50 492376 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-09-04 06:30 . 2009-09-04 03:12
d
w- c:program filesPunto Switcher
2009-08-31 03:03 . 2009-08-31 02:18
d
w- c:program filesEPSON Print CD
2009-08-31 02:25 . 2009-08-31 02:25
d
w- c:documents and settingsAll UsersApplication DataUDL
2009-08-31 02:24 . 2009-02-20 03:28
d
w- c:program filesEPSON
2009-08-31 02:23 . 2009-08-31 02:23
d
w- c:documents and settingsSAVApplication DataInstallShield
2009-08-27 08:27 . 2009-08-27 08:27
d
w- c:program filesK-Lite Codec Pack
2009-08-27 08:26 . 2009-08-27 08:22
d
w- c:documents and settingsSAVApplication DataBSplayer PRO
2009-08-27 08:22 . 2009-08-27 08:22
d
w- c:program filesWebteh
2009-08-27 05:41 . 2009-08-27 05:41
d
w- c:program filesConvertHelper
2009-08-17 10:46 . 2009-08-12 05:22
d
w- c:program filesRazor
2009-08-06 12:24 . 2008-04-14 11:16 209632 —-a-w- c:windowssystem32wuweb.dll
2009-08-06 12:24 . 2008-04-14 11:16 327896 —-a-w- c:windowssystem32wucltui.dll
2009-08-06 12:24 . 2008-04-14 11:16 35552 —-a-w- c:windowssystem32wups.dll
2009-08-06 12:24 . 2007-08-27 09:16 44768 —-a-w- c:windowssystem32wups2.dll
2009-08-06 12:24 . 2008-04-14 11:16 53472 —-a-w- c:windowssystem32wuauclt.exe
2009-08-06 12:24 . 2008-01-19 11:18 96480 —-a-w- c:windowssystem32cdm.dll
2009-08-06 12:23 . 2008-04-14 11:16 575704 —-a-w- c:windowssystem32wuapi.dll
2009-08-06 12:23 . 2008-04-14 11:16 1929952 —-a-w- c:windowssystem32wuaueng.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers1TortoiseNormal]
@=»{C5994560-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers2TortoiseModified]
@=»{C5994561-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers3TortoiseConflict]
@=»{C5994562-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers4TortoiseLocked]
@=»{C5994563-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers5TortoiseReadOnly]
@=»{C5994564-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers6TortoiseDeleted]
@=»{C5994565-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers7TortoiseAdded]
@=»{C5994566-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers8TortoiseIgnored]
@=»{C5994567-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers9TortoiseUnversioned]
@=»{C5994568-53D9-4125-87C9-F193FC689CB2}»
[HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 02:26 80384 —-a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersBackupIconOverlayId]
@=»{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}»
[HKEY_CLASSES_ROOTCLSID{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 08:34 238968 —-a-w- c:program filesWebrootWebrootSecurityBackupCtxMenu_1_0_0_10.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«USB Safely Remove»=»c:program filesUSB Safely RemoveUSBSafelyRemove.exe» [2009-04-17 898560]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2009-10-5 3520256][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2008-12-29 05:36 10520 —-a-w- c:windowssystem32avgrsstx.dll[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWebrootSpySweeperService]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWRConsumerService]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe»=
«c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Russian\setup.exe»=
«c:\Program Files\Vypress Chat\VyChat.exe»=
«c:\Program Files\AVG\AVG8\avgupd.exe»=
«c:\Program Files\AVG\AVG8\avgnsx.exe»=R0 Achernar;Achernar — SCSI Command Filters;c:windowssystem32driversAchernar.sys [07.06.2008 10:09 16851]
R0 AvgRkx86;avgrkx86.sys;c:windowssystem32driversavgrkx86.sys [29.12.2008 12:36 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [29.12.2008 12:36 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:windowssystem32driversavgtdix.sys [29.12.2008 12:36 76040]
R1 bizVSerial;Franson VSerial;c:windowssystem32driversbizVSerialNT.sys [03.04.2006 22:00 14949]
R2 avg8wd;AVG8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [29.12.2008 12:36 231704]
R2 avgfws8;AVG8 Firewall;c:progra~1AVGAVG8avgfws8.exe [29.12.2008 12:36 1220888]
R2 PDSched;PDScheduler;c:program filesRaxcoPerfectDiskPDSched.exe [11.02.2004 15:13 200771]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:program filesUSB Safely RemoveUSBSRService.exe [24.06.2009 9:58 213776]
R2 vkey;vkey;c:windowssystem32driversvkey.sys [31.03.2009 12:46 10624]
R3 Aldebaran;Aldebaran — SCSI Command Filters;c:windowssystem32driversAldebaran.sys [07.06.2008 10:09 11731]
R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [29.12.2008 12:36 23296]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:windowssystem32driversevserial.sys [16.06.2009 18:27 53888]
R3 mpfilt;mpfilt;c:windowssystem32driversmpfilt.sys [21.10.2008 10:17 10588]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:windowssystem32driversevsbc.sys [16.06.2009 18:27 27904]
S0 ssfs0bbc;ssfs0bbc;c:windowssystem32DRIVERSssfs0bbc.sys —> c:windowssystem32DRIVERSssfs0bbc.sys [?]
S1 SASKUTIL;SASKUTIL; [x]
S2 WRConsumerService;Webroot Client Service;»c:program filesWebrootWebrootSecurityWRConsumerService.exe» —> c:program filesWebrootWebrootSecurityWRConsumerService.exe [?]
S3 ATE_PROCMON;ATE_PROCMON; [x]
S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [29.12.2008 12:36 23296]
S3 epmntdrv;epmntdrv;c:windowssystem32epmntdrv.sys [24.06.2009 9:55 8704]
S3 EuGdiDrv;EuGdiDrv;c:windowssystem32EuGdiDrv.sys [24.06.2009 9:55 3072]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:program filesFransonGpsGate 2.0GpsGateService.exe [12.09.2008 1:58 258048]
S3 xpvcom;XPVCOM Port;c:windowssystem32driversXPVCOM.sys [23.03.2007 2:00 30032]
S4 setup_7.0.0.180_01.05.2008_10-26;setup_7.0.0.180_01.05.2008_10-26;»c:documents and settingsAll UsersРабочий столKaspersky Lab Toolsetup_7.0.0.180_01.05.2008_10-26.exe» -r —> c:documents and settingsAll UsersРабочий столKaspersky Lab Toolsetup_7.0.0.180_01.05.2008_10-26.exe [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Добавить в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить выделенное в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить выделенные ссылки в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Добавить целевую ссылку в существующий PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
IE: Преобразовать в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать выбранные ссылки в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Преобразовать выделенную область в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать целевую ссылку в Adobe PDF — c:program filesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
Trusted Zone: cracks.am
TCP: {20ABB03F-8031-46C4-BB06-4577E1358729} = 192.168.147.5
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} — hxxp://217.29.93.100/activex/AMC.cab
FF — ProfilePath — c:documents and settingsSAVApplication DataMozillaFirefoxProfilesfqg6xig.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — about:blank
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.
— — — — ORPHANS REMOVED — — — —WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} — (no file)
Notify-pmnMcayY — pmnMcayY.dll**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 08:30
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1016)
c:windowssystem32avgrsstx.dll— — — — — — — > ‘explorer.exe'(1316)
c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
c:program filesTortoiseSVNbinTortoiseStub.dll
c:program filesTortoiseSVNbinTortoiseSVN.dll
c:program filesTortoiseSVNbinintl3_tsvn.dll
c:program filesTortoiseSVNLanguagesTortoiseProc1049.dll
c:program filesWebrootWebrootSecurityBackupCtxMenu_1_0_0_10.dll
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:progra~1AVGAVG8avgam.exe
c:program filesAVGAVG8avgrsx.exe
c:windowssystem32wdfmgr.exe
c:program filesTortoiseSVNbinTSVNCache.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-12 8:32 — machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 01:32Pre-Run: 5 163 761 664 байт свободно
Post-Run: 5 188 288 512 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
255 — E O F — 2009-09-15 10:00
