Созданные ответы форума
-
Сообщения
-
ComboFix 09-01-02.01 — Марина 2009-01-03 23:10:01.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.218 [GMT 3:00]
Running from: c:documents and settingsМаринаРабочий столComboFix.exe
Command switches used :: c:documents and settingsМаринаРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32emolib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:docume~185B6~1LOCALS~1TempE_4
c:docume~185B6~1LOCALS~1TempE_4com.run
c:docume~185B6~1LOCALS~1TempE_4dp1.fne
c:docume~185B6~1LOCALS~1TempE_4eAPI.fne
c:docume~185B6~1LOCALS~1TempE_4internet.fne
c:docume~185B6~1LOCALS~1TempE_4krnln.fnr
c:docume~185B6~1LOCALS~1TempE_4RegEx.fnr
c:docume~185B6~1LOCALS~1TempE_4shell.fne
c:docume~185B6~1LOCALS~1TempE_4spec.fne
c:documents and settingsМаринаLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsМаринаLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsМаринаLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsМаринаLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsМаринаLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowsmdrive
c:windowssystem32com.run
c:windowssystem32dp1.fne
c:windowssystem32eAPI.fne
c:windowssystem32internet.fne
c:windowssystem32krnln.fnr
c:windowssystem32og.dll
c:windowssystem32og.edt
c:windowssystem32RegEx.fnr
c:windowssystem32shell.fne
c:windowssystem32spec.fne
c:windowssystem32ul.dll.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.2009-01-03 21:30 . 2009-01-03 21:30
d
c:documents and settingsAll Users.WINDOWSApplication DataAlawar Stargaze
2009-01-03 21:19 . 2009-01-03 21:19d
c:documents and settingsAll Users.WINDOWSApplication DataAlawarWrapper
2009-01-03 21:17 . 2009-01-03 22:49d
c:program filesAlawar.ru
2008-12-30 16:13 . 2008-12-30 16:14 12,126 —a
c:documents and settingsМаринаntuserdirect_MyManager.dat
2008-12-30 16:13 . 2008-12-30 16:14 12,126 —a
c:documents and settingsМаринаntuserdirect_MyManager.dat
2008-12-30 16:09 . 2008-12-30 16:09d
c:program filesEMS
2008-12-29 12:12 . 2008-12-29 12:12 1,501,856 -r-hs—- c:windowssystem32XP-F2A0D02D.EXE
2008-12-27 06:07 . 2008-12-27 06:07d
c:documents and settingsМаринаApplication DataSmartFTP
2008-12-27 01:43 . 2008-12-27 01:43d
c:documents and settingsМаринаApplication DataDesktop Software
2008-12-27 01:25 . 2008-12-27 01:25d
c:windowssystem32Logfiles
2008-12-27 01:25 . 2008-12-27 01:25d
C:Inetpub
2008-12-27 00:52 . 2008-12-27 00:52d
c:documents and settingsAll Users.WINDOWSApplication DataGlobalSCAPE
2008-12-27 00:51 . 2008-12-27 00:51d
c:program filesAskBarDis
2008-12-27 00:51 . 2008-12-27 00:51d
c:documents and settingsМаринаApplication DataGlobalSCAPE
2008-12-22 20:35 . 2008-12-22 20:35d
C:keuinit
2008-12-22 12:21 . 2008-10-16 23:33 6,066,176
c— c:windowssystem32dllcacheieframe.dll
2008-12-22 12:21 . 2007-04-17 12:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2008-12-22 12:21 . 2007-03-08 08:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2008-12-22 12:21 . 2008-10-16 23:33 459,264
c— c:windowssystem32dllcachemsfeeds.dll
2008-12-22 12:21 . 2008-10-16 23:33 383,488
c— c:windowssystem32dllcacheieapfltr.dll
2008-12-22 12:21 . 2008-10-16 23:33 267,776
c— c:windowssystem32dllcacheiertutil.dll
2008-12-22 12:21 . 2008-10-16 23:33 63,488
c— c:windowssystem32dllcacheicardie.dll
2008-12-22 12:21 . 2008-10-16 23:33 52,224
c— c:windowssystem32dllcachemsfeedsbs.dll
2008-12-22 12:21 . 2008-10-16 16:11 13,824
c— c:windowssystem32dllcacheieudinit.exe
2008-12-21 19:06 . 2008-12-21 19:06d
c:program filesVenta
2008-12-21 19:06 . 2003-08-29 13:59 16,384 —a
c:windowssystem32ventmon.dll
2008-12-21 18:56 . 2001-08-17 21:57 16,128 —a
c:windowssystem32driversMODEMCSA.sys
2008-12-19 16:29 . 2009-01-03 19:54d
c:documents and settingsМаринаApplication DataNewSoft
2008-12-19 16:19 . 1997-10-14 05:19 11,776 —a
c:windowssystem32pmsbfn32.dll
2008-12-19 16:18 . 2008-12-19 16:19d
c:program filesCommon FilesPDFView
2008-12-19 16:17 . 2008-12-19 16:17d
c:documents and settingsAll Users.WINDOWSApplication DataInstallShield
2008-12-19 16:17 . 2008-12-19 16:17d
c:documents and settingsМаринаApplication DataScanSoft
2008-12-19 16:17 . 2008-12-19 16:17 416 —a
c:windowsMAXLINK.INI
2008-12-19 16:16 . 2008-12-19 16:16d
c:program filesCommon FilesScanSoft Shared
2008-12-19 16:16 . 2008-12-19 16:17d
c:documents and settingsAll Users.WINDOWSApplication DataScanSoft
2008-12-19 16:15 . 2008-12-19 16:15d
c:program filesScanSoft
2008-12-19 13:09 . 2008-12-19 13:09d
c:documents and settingsМаринаApplication DataCanon
2008-12-17 12:06 . 2008-12-17 12:06d
c:program filesCanon
2008-12-17 12:05 . 2008-12-17 12:05d—h
c:windowssystem32CanonMF Uninstaller Information
2008-12-17 12:05 . 2008-12-17 12:05d—h
C:CanonMF
2008-12-17 11:56 . 2004-08-17 16:04 21,504 —a
c:windowssystem32hidserv.dll
2008-12-17 11:56 . 2004-08-17 16:04 21,504 —a—c— c:windowssystem32dllcachehidserv.dll
2008-12-17 11:56 . 2001-10-19 20:33 12,160 —a
c:windowssystem32driversmouhid.sys
2008-12-17 11:56 . 2001-10-19 20:33 12,160 —a—c— c:windowssystem32dllcachemouhid.sys
2008-12-17 11:55 . 2001-08-17 22:02 9,600 —a
c:windowssystem32drivershidusb.sys
2008-12-17 11:55 . 2001-08-17 22:02 9,600 —a—c— c:windowssystem32dllcachehidusb.sys
2008-12-14 15:46 . 2008-12-14 15:54d
C:logistik
2008-12-14 15:46 . 2007-03-02 14:05 393,216 —a
c:windowssystem32GDS32.DLL
2008-12-14 15:45 . 2008-12-14 15:45d
c:program filesFirebird
2008-12-14 14:37 . 2008-10-16 13:39 1,023,488
c— c:windowssystem32dllcachebrowseui.dll
2008-12-14 14:37 . 2008-10-16 23:33 477,696
c— c:windowssystem32dllcachemshtmled.dll
2008-12-14 14:37 . 2008-10-16 23:33 347,136
c— c:windowssystem32dllcachedxtmsft.dll
2008-12-14 14:37 . 2008-10-16 23:33 193,024
c— c:windowssystem32dllcachemsrating.dll
2008-12-14 14:36 . 2008-10-17 02:03 3,593,216
c— c:windowssystem32dllcachemshtml.dll
2008-12-14 14:36 . 2008-10-16 13:39 1,494,528
c— c:windowssystem32dllcacheshdocvw.dll
2008-12-14 14:36 . 2008-10-16 23:33 1,160,192
c— c:windowssystem32dllcacheurlmon.dll
2008-12-14 14:36 . 2008-10-16 13:39 1,055,232
c— c:windowssystem32dllcachedanim.dll
2008-12-14 14:36 . 2008-10-16 23:33 671,232
c— c:windowssystem32dllcachemstime.dll
2008-12-14 14:36 . 2008-10-16 13:39 474,112
c— c:windowssystem32dllcacheshlwapi.dll
2008-12-14 14:36 . 2008-10-16 23:33 214,528
c— c:windowssystem32dllcachedxtrans.dll
2008-12-14 14:36 . 2007-08-13 18:54 191,488 —a—c— c:windowssystem32dllcacheiepeers.dll
2008-12-14 14:36 . 2008-10-16 13:39 151,552
c— c:windowssystem32dllcachecdfview.dll
2008-12-14 14:36 . 2008-10-16 23:33 133,120
c— c:windowssystem32dllcacheextmgr.dll
2008-12-14 14:36 . 2007-08-13 18:39 92,672 —a—c— c:windowssystem32dllcacheinseng.dll
2008-12-14 14:36 . 2008-10-16 23:33 44,544
c— c:windowssystem32dllcachepngfilt.dll
2008-12-11 17:21 . 2008-10-03 13:17 247,326
c— c:windowssystem32dllcachestrmdll.dll
2008-12-11 17:01 . 2008-12-11 17:14 512,096 —a
c:windowssystem32driversamon.sys
2008-12-11 17:01 . 2008-12-11 17:14 298,104 —a
c:windowssystem32imon.dll
2008-12-11 17:01 . 2008-12-11 17:14 15,424 —a
c:windowssystem32driversnod32drv.sys
2008-12-11 16:17 . 2008-12-11 16:17 0 —a
c:windowscfgedit.INI
2008-12-09 02:36 . 2008-12-09 02:36d
c:program filesMSXML 4.0
2008-12-08 20:26 . 2008-12-08 20:26d
c:documents and settingsAll Users.WINDOWSApplication DataCrystal Office
2008-12-08 20:25 . 2008-12-08 20:27d
c:program filesMaple Professional
2008-12-08 18:51 . 2008-12-17 11:04d
c:windowssystem32CatRoot_bak
2008-12-08 18:40 . 2008-06-14 20:59 272,512
c— c:windowssystem32dllcachebthport.sys
2008-12-08 18:39 . 2008-08-14 16:47 2,182,144
c— c:windowssystem32dllcachentoskrnl.exe
2008-12-08 18:39 . 2008-08-14 16:47 2,138,112
c— c:windowssystem32dllcachentkrnlmp.exe
2008-12-08 18:39 . 2008-08-14 16:47 2,059,520
c— c:windowssystem32dllcachentkrnlpa.exe
2008-12-08 18:39 . 2008-08-14 16:47 2,017,792
c— c:windowssystem32dllcachentkrpamp.exe
2008-12-07 23:13 . 2008-08-14 12:51 138,368
c— c:windowssystem32dllcacheafd.sys
2008-12-07 23:11 . 2008-08-28 13:04 333,056
c— c:windowssystem32dllcachesrv.sys
2008-12-07 23:10 . 2008-09-15 18:40 1,846,144
c— c:windowssystem32dllcachewin32k.sys
2008-12-07 23:01 . 2008-10-24 14:10 453,632
c— c:windowssystem32dllcachemrxsmb.sys
2008-12-07 23:01 . 2008-05-08 15:28 202,752
c— c:windowssystem32dllcachermcast.sys
2008-12-07 23:00 . 2008-05-01 17:33 331,776
c— c:windowssystem32dllcachemsadce.dll
2008-12-07 22:59 . 2008-04-11 21:51 683,520
c— c:windowssystem32dllcacheinetcomm.dll
2008-12-07 22:57 . 2008-09-04 19:45 1,106,944
c— c:windowssystem32dllcachemsxml3.dll
2008-12-07 22:07 . 2008-12-07 22:07 113 —a
c:windowsbkg.ini
2008-12-07 18:41 . 2008-12-07 18:51 13,030 —a
C:PDOXUSRS.NET.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 16:56
d—h—w c:program filesInstallShield Installation Information
2008-12-19 13:16
d
w c:program filesCommon FilesInstallShield
2008-12-11 15:12
d
w c:program filesESET
2008-12-11 14:29
d
w c:program filesMail.Ru
2008-12-07 18:04
d
w c:documents and settingsМаринаApplication DataMra
2008-11-25 17:11
d
w c:program filesWinamp
2008-11-23 17:34 316,416 —-a-w c:windowssystem32eihlib.dll
2008-11-23 17:34 315,904 —-a-w c:windowssystem32nuplib.dll
2008-11-08 21:05
d
w c:program filesCorbinaShadowDC
2008-10-23 13:01 283,648 —-a-w c:windowssystem32gdi32.dll
2008-10-16 20:33 826,368 —-a-w c:windowssystem32wininet.dll
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-03 10:17 247,326 —-a-w c:windowssystem32strmdll.dll
2005-03-02 05:19 31,304 -c—a-w c:documents and settingsOvchinnikovaApplication DataGDIPFONTCACHEV1.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 —a
c:program filesAskBarDisbarbinaskBar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{92B9DADB-7736-448E-82DD-60EE9EF1524C}]
2008-11-23 20:34 316416 —a
c:windowssystem32eihlib.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{D898D4FA-DA7F-49A9-AF9F-108E12362751}]
2008-11-23 20:34 315904 —a
c:windowssystem32nuplib.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3041d03e-fd4b-44e0-b742-2d9b88305f98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-07-17 279944][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3041D03E-FD4B-44E0-B742-2D9B88305F98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-07-17 279944][HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 40048]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-11 4428472]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2004-12-20 33792]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-11 949376]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-09-28 185896]
«OpwareSE4″=»c:program filesScanSoftOmniPageSE4.0OpwareSE4.exe» [2006-10-11 75304]
«ScanSoft OmniPage SE 4.0-reminder»=»c:program filesScanSoftOmniPageSE4.0EregEreg.exe» [2006-09-26 1410600]
«XP-F2A0D02D»=»c:windowssystem32XP-F2A0D02D.EXE» [2008-12-29 1501856][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settingsЊ аЁ ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
цццццц.lnk — c:windowssystem32XP-F2A0D02D.EXE [2008-12-29 1501856][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«nosimplestartmenu»= 0 (0x0)
«norecentdochistory»= 0 (0x0)
«maxrecentdocs»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\CorbinaShadowDC\CorbinaShadowDC.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«e:\игры\ICQ6\ICQ.exe»=R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-12-11 15424]
R3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance;c:program filesFirebirdFirebird_2_0binfbserver.exe -s —> c:program filesFirebirdFirebird_2_0binfbserver.exe -s [?]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance;c:program filesFirebirdFirebird_2_0binfbguard.exe -s —> c:program filesFirebirdFirebird_2_0binfbguard.exe -s [?]*Newly Created Service* — PROCEXP90
.
.
Supplementary Scan
.
uStart Page = http://www.mail.ru
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:windowssystem32imon.dll
TCP: {C8C96142-FE4D-47AC-A3B5-0CDB470BE4C3} = 213.234.192.7 85.21.192.5
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 23:13:28
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(564)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-01-03 23:15:03
ComboFix-quarantined-files.txt 2009-01-03 20:14:55Pre-Run: 310,751,232 байт свободно
Post-Run: 330,461,184 байт свободно248 — E O F — 2008-12-23 10:48:16
