Созданные ответы форума
-
Сообщения
-
Вот, смотрите лог Комбофикса
ComboFix 09-11-08.03 — Дима 09.11.2009 22:25.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.479.126 [GMT 2:00]
Running from: d:загрузкиComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091109-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsДимаApplication Databcrypt.html
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:recyclerS-1-5-21-4461275612-2968999590-646986002-3116
c:recyclerS-1-5-21-7823143793-1915226001-966404280-5975
c:recyclerS-1-5-21-842925246-1202660629-839522115-1004
c:windowsDelete.bat
c:windowssystem32ieuinit.inf
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.2009-12-25 20:10 . 2009-12-25 20:10
d
w- c:program filesITTerritory
2009-12-25 19:44 . 2009-08-08 03:14
d
w- c:program filesVg
2009-12-25 19:33 . 2009-12-25 19:44 4 —-a-w- c:windowsinfo147.sys
2009-12-25 19:33 . 2009-12-25 19:33
d
w- c:program filesCommon FilesTotem Shared
2009-11-09 20:29 . 2006-02-23 03:39 11264 —-a-r- c:windowssystem32driversxfilt_2.sys
2009-11-09 20:12 . 2009-11-09 20:13
d
w- c:documents and settingsДимаApplication DataAuslogics
2009-11-09 17:14 . 2009-11-09 17:14
d
w- c:documents and settingsДимаLocal SettingsApplication DataChemTable Software
2009-11-09 17:14 . 2009-11-09 17:14
d
w- c:documents and settingsДимаApplication DataChemTable Software
2009-11-09 17:14 . 2009-11-09 17:14
d
w- c:program filesReg Organizer
2009-11-09 11:43 . 2009-11-09 11:45
d
w- c:program filestrend micro
2009-11-09 06:06 . 2009-09-15 11:54 52368 —-a-w- c:windowssystem32driversaswTdi.sys
2009-11-09 06:06 . 2009-09-15 11:54 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-11-09 06:06 . 2009-09-15 11:53 27408 —-a-w- c:windowssystem32driversaavmker4.sys
2009-11-09 06:06 . 2009-09-15 11:55 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-11-09 06:06 . 2009-09-15 11:55 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-11-09 06:06 . 2009-09-15 11:53 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-11-09 06:06 . 2009-09-15 11:56 93424 —-a-w- c:windowssystem32driversaswmon.sys
2009-11-09 06:06 . 2009-09-15 11:56 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-11-09 06:06 . 2009-09-15 11:59 1279968 —-a-w- c:windowssystem32aswBoot.exe
2009-11-09 06:06 . 2009-11-09 06:06
d
w- c:program filesAlwil Software
2009-11-09 05:47 . 2009-11-09 05:47
d
w- c:program filesseba14mods
2009-11-08 18:46 . 2009-11-08 18:46
d
w- c:program filesEASEUS
2009-11-08 14:48 . 2009-11-08 14:48
d
w- C:found.000
2009-11-08 11:37 . 2009-11-08 11:37
d
w- C:rsit
2009-11-07 23:41 . 2009-11-07 23:41
d
w- c:documents and settingsДимаApplication DataWinPatrol
2009-11-07 23:41 . 2008-09-06 19:46 0 —-a-w- c:documents and settingsДимаApplication DataWinPatrolConfig.sys
2009-11-07 23:41 . 2008-09-06 19:46 0 —-a-w- c:documents and settingsДимаApplication DataWinPatrolAutoexec.bat
2009-11-07 23:41 . 2009-11-07 23:41
d
w- c:program filesBillP Studios
2009-11-07 22:43 . 2009-11-07 22:43
d—h—w- c:windowssystem32GroupPolicy
2009-11-07 20:03 . 2009-11-07 20:03
d
w- c:program filesSecurity Task Manager
2009-11-07 12:01 . 2009-11-09 08:04
d
w- c:program filesElcomSoft
2009-11-06 23:49 . 2009-11-06 23:49
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataESET
2009-11-04 10:36 . 2009-11-04 10:36
d
w- c:program filesKolor
2009-11-03 11:59 . 2009-11-03 12:01
d
w- c:program filesAviSynth 2.5
2009-11-03 11:47 . 2009-11-03 11:47
d
w- c:program filesVirtualDub
2009-11-02 19:51 . 2009-11-02 19:51
d
w- c:program filesURUSoft
2009-11-02 17:20 . 2009-11-02 17:28 104130 —-a-w- c:windowsWar3Unin.dat
2009-11-02 17:20 . 2009-11-02 17:26 2829 —-a-w- c:windowsWar3Unin.pif
2009-11-02 17:20 . 2009-11-02 17:26 139264 —-a-w- c:windowsWar3Unin.exe
2009-11-01 20:25 . 2009-11-02 13:11
d
w- c:program filesDownload Master
2009-11-01 19:56 . 2009-11-01 19:56
d
w- c:windowsFLV Player
2009-10-31 19:46 . 2008-10-16 12:06 208744 —-a-w- c:windowssystem32muweb.dll
2009-10-31 19:46 . 2008-10-16 12:06 268648 —-a-w- c:windowssystem32mucltui.dll
2009-10-29 20:17 . 2009-10-29 20:18
d
w- c:program filesSVT
2009-10-29 20:17 . 2009-10-29 20:17
d
w- c:program filesBorland
2009-10-29 18:11 . 2009-10-29 18:29
d
w- c:program filesABBYY FineReader 7.0 Professional Edition
2009-10-29 18:08 . 2009-10-29 18:08
d
w- c:program filesCommon FilesArsenal Shared
2009-10-29 18:08 . 2009-10-29 18:08
d
w- c:program filesArsenal Company
2009-10-28 19:41 . 2009-10-06 15:04 52224 —-a-w- c:documents and settingsДимаApplication DataMozillaFirefoxProfilesxs9v2p1h.defaultextensions{a33fa729-d155-4b23-842b-2c665ecabdb6}componentsFFExternalAlert.dll
2009-10-28 19:41 . 2009-10-06 15:04 114688 —-a-w- c:documents and settingsДимаApplication DataMozillaFirefoxProfilesxs9v2p1h.defaultextensions{a33fa729-d155-4b23-842b-2c665ecabdb6}componentsnpmozax.dll
2009-10-28 06:37 . 2009-10-28 06:37
d
w- c:program filesGribUser
2009-10-27 19:59 . 2009-10-27 19:59
d
w- c:documents and settingsДимаdwhelper
2009-10-27 03:28 . 2009-10-27 03:28
d
w- c:program filesMicrosoft Silverlight
2009-10-23 18:40 . 2009-10-23 18:51
d
w- c:documents and settingsДимаLocal SettingsApplication DataTemp
2009-10-22 13:41 . 2009-11-09 07:23
d
w- c:program filesAny Video Converter
2009-10-20 15:29 . 2009-10-20 15:29
d
w- c:program filesCommon FilesDirectX
2009-10-16 20:59 . 2009-10-16 20:59 249856
w- c:windowsSetup1.exe
2009-10-16 20:59 . 2009-10-16 20:59 73216 —-a-w- c:windowsST6UNST.EXE
2009-10-11 07:05 . 2009-10-11 07:15 129 —ha-w- c:documents and settingsДимаApplication Datalakerda1967.sys
2009-10-11 07:05 . 2009-10-11 07:05 360580 —-a-w- c:windowseSellerateEngine.dll
2009-10-11 07:05 . 2009-10-11 07:05
d
w- c:program filesCommon FileseSellerate.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 20:09 . 2008-11-03 11:28
d
w- c:documents and settingsДимаApplication DatauTorrent
2009-11-08 21:25 . 2009-11-07 20:04
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2009-11-08 16:46 . 2008-09-13 10:11
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-11-07 22:23 . 2009-07-05 07:28
d
w- c:program filesInfo.Com Miranda Pack
2009-11-07 03:48 . 2008-10-15 04:58
d
w- c:documents and settingsДимаApplication DataRu.OpenOffice.org2
2009-11-04 12:45 . 2008-11-01 20:47
d
w- c:program filesFastStone Image Viewer
2009-10-31 19:03 . 2008-09-21 19:18
d
w- c:program filesCheMaxFC
2009-10-31 15:47 . 2009-03-05 14:35
d
w- c:program filesAlawar.ru
2009-10-30 08:45 . 2008-10-12 10:45
d
w- c:program filesCheMaxRus
2009-10-30 07:10 . 2008-09-07 02:59 65336 —-a-w- c:documents and settingsДимаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-10-29 18:08 . 2008-09-07 07:11
d—h—w- c:program filesInstallShield Installation Information
2009-10-26 03:50 . 2008-09-14 00:10
d
w- c:program filesCommon FilesAdobe
2009-10-25 19:28 . 2009-09-20 05:31
d
w- c:program filesESET
2009-10-25 14:46 . 2009-03-05 14:37
d
w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-10-25 06:00 . 2001-10-20 12:00 68476 —-a-w- c:windowssystem32perfc019.dat
2009-10-25 06:00 . 2001-10-20 12:00 393820 —-a-w- c:windowssystem32perfh019.dat
2009-10-19 13:24 . 2008-11-30 14:48 26 —-a-w- c:windowspopcinfo.dat
2009-10-14 13:43 . 2009-07-29 03:45 25 —-a-w- c:windowspopcinfot.dat
2009-10-11 19:53 . 2009-10-04 14:43
d
w- c:program filesAll To AVI VCD SVCD DVD MPEG Converter
2009-09-29 16:12 . 2009-09-29 16:12
d
w- c:program filesHasbro
2009-09-29 15:58 . 2009-09-29 15:58
d—h—r- c:documents and settingsДимаApplication DataSecuROM
2009-09-29 15:58 . 2009-07-06 11:04 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-08-16 17:16 . 2009-08-16 17:20 12800 —-a-w- c:windowssystem32wing32.dll
2009-08-16 02:16 . 2009-01-18 17:57 717296 —-a-w- c:windowssystem32driverssptd.sys
2009-08-15 17:56 . 2009-08-15 17:56 16 —-a-w- c:windowssystem32perfs082_mlang.dat
2009-08-15 17:39 . 2009-08-15 17:39 137344 —-a-w- c:windowssystem32drivershwpsgt.sys
2009-08-15 17:39 . 2009-08-15 17:39 9472 —-a-w- c:windowssystem32driverslemsgt.sys
2009-08-14 08:22 . 2009-08-14 08:22 62 —-a-w- c:windowssystem32mscomdb32.dat
2009-04-03 11:50 . 2009-04-03 11:48 66936 —sha-w- c:windowsdlinfo_0.drv
2009-05-26 16:32 . 2009-05-26 16:32 56 —sh—r- c:windowssystem32B41E3881EB.sys
2009-05-26 16:32 . 2009-05-26 16:32 2516 —sha-w- c:windowssystem32KGyGaAvL.sys
.
Sigcheck
[-] 2004-09-17 . A975A70FCEFE2A224412214320C89DED . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«avast!»=»c:program filesAlwil SoftwareAvast4ashDisp.exe» [2009-09-15 81000]
«BluetoothAuthenticationAgent»=»bthprops.cpl» — c:windowssystem32bthprops.cpl [2004-08-17 110592]
«VTTimer»=»VTTimer.exe» — c:windowssystem32VTTimer.exe [2005-03-07 53248]
«VTTrayp»=»VTtrayp.exe» — c:windowssystem32VTTrayp.exe [2005-10-31 163840]
«SoundMan»=»SOUNDMAN.EXE» — c:windowssoundman.exe [2006-03-02 577536]
«PCTVOICE»=»pctspk.exe» — c:windowssystem32pctspk.exe [2003-07-17 180224][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«ICQ»=»c:program filesICQ6ICQ.exe» silent
«Free Download Manager»=c:program filesFree Download Managerfdm.exe -autorun
«MSMSGS»=»c:program filesMessengermsmsgs.exe» /background[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» -Embedding -boot
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» -start[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:\Program Files\seba14mods\µtorrent 1.8 (build 11758) Leecher Pack\utorrent 1.8 (11758)_noreport.exe»=
«c:\Program Files\seba14mods\µtorrent 1.8 (build 11758) Leecher Pack\utorrent 1.8 (11758)_stealth.exe»=
«c:\Program Files\seba14mods\µtorrent 1.8 (build 11758) Leecher Pack\utorrent 1.8 (11758)_mult100_leecher.exe»=
«c:\Program Files\seba14mods\µtorrent 1.8 (build 11758) Leecher Pack\utorrent 1.8 (11758)_org.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\seba14mods\µtorrent 1.8 (build 11758) Leecher Pack\utorrent 1.8 (11758)_report.exe»=
«d:\Program Files\Warcraft III\Warcraft III.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1633:TCP»= 1633:TCP:rwjqrR0 xfilt;VIA SATA IDE Hot-plug Driver;c:windowssystem32driversxfilt.sys [13.09.2008 20:04 11264]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [09.11.2009 8:06 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [09.11.2009 8:06 20560]
S2 FILESpy;FILESpy;??c:program filesSoftwinBitDefender8filespy.sys —> c:program filesSoftwinBitDefender8filespy.sys [?]
S2 hbnulcqk;Shell Network;c:windowssystem32svchost.exe -k netsvcs [17.08.2004 14:05 14336]
S2 vhshshny;Time Manager;c:windowssystem32svchost.exe -k netsvcs [17.08.2004 14:05 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;??c:program filesEverestkerneld.wnt —> c:program filesEverestkerneld.wnt [?]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1C4C4~1LOCALS~1TempXQX8A7.tmp —> c:docume~1C4C4~1LOCALS~1TempXQX8A7.tmp [?]— Other Services/Drivers In Memory —
*NewlyCreated* — MBR
*Deregistered* — mbr
*Deregistered* — PROCEXP113HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
hbnulcqk
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.11.106:8080
IE: &ICQ Toolbar Search — c:program filesICQToolbartoolbaru.dll/SEARCH.HTML
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {EC1ABE32-D712-4D3C-A386-5EFBF6CF0851} = 192.168.11.106,192.168.0.10
FF — ProfilePath — c:documents and settingsДимаApplication DataMozillaFirefoxProfilesxs9v2p1h.default
FF — prefs.js: browser.search.selectedEngine — ICQ Search
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — component: c:documents and settingsДимаApplication DataMozillaFirefoxProfilesxs9v2p1h.defaultextensions{a33fa729-d155-4b23-842b-2c665ecabdb6}componentsFFExternalAlert.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 8
FF — user.js: network.http.max-persistent-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 200000
FF — user.js: content.notify.interval — 100000
FF — user.js: nglayout.initialpaint.delay — 300
FF — user.js: content.switch.threshold — 650000
.
— — — — ORPHANS REMOVED — — — —AddRemove-GameSpy Arcade — d:progra~1UNWISE.EXE
AddRemove-Крутой Сэм в поисках книги Ам-Дуат — d:progra~1SERIOU~1UNWISE.EXE
AddRemove-Моя экзотическая ферма — d:program filesAlawar.ruМоя экзотическая фермаUninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 22:29
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x859721F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
Driveratapi -> 0x859721f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x1ac !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x012A18AC1 !
Use «Recovery Console» command «fixmbr» to clear infection !**************************************************************************
.
Completion time: 2009-11-09 22:31
ComboFix-quarantined-files.txt 2009-11-09 20:31Pre-Run: 8 995 192 832 байт свободно
Post-Run: 8 952 381 440 байт свободноCurrent=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
— — End Of File — — 0728619498E01624B09C61231CE38EDA
