Созданные ответы форума
-
Сообщения
-
ComboFix 09-08-03.03 — User 04.08.2009 0:51.5.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.511.204 [GMT 4:00]
Running from: c:docume~1UserDesktopComboFix.exe
Command switches used :: c:documents and settingsUserDesktopCFScript.txt
AV: Антивирусная система Eset NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
«c:program filesAdobeadrouter.dll»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesAdobeadrouter.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.2009-08-02 06:16 . 2009-08-02 12:37
d
w- c:program filestrend micro
2009-08-02 06:16 . 2009-08-02 06:17
d
w- C:rsit
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:documents and settingsUserApplication DataMalwarebytes
2009-08-01 23:05 . 2009-07-13 09:36 38160 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-08-01 23:05 . 2009-07-13 09:36 19096 —-a-w- c:windowssystem32driversmbam.sys
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-07-28 09:08 . 2009-07-24 06:20 150768 —-a-w- c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 11:02 . 2006-12-27 19:56
d
w- c:documents and settingsUserApplication DatauTorrent
2009-08-02 19:53 . 2008-08-28 10:38
d
w- c:program filesGoogle
2009-07-31 08:53 . 2006-12-26 14:48
d—h—w- c:program filesInstallShield Installation Information
2009-07-28 09:08 . 2007-01-08 18:57
d
w- c:program filesQIP
2009-06-29 16:12 . 2004-08-03 20:56 827392 —-a-w- c:windowssystem32wininet.dll
2009-06-29 16:12 . 2004-08-03 20:56 78336 —-a-w- c:windowssystem32ieencode.dll
2009-06-29 16:12 . 2004-08-03 20:56 17408 —-a-w- c:windowssystem32corpol.dll
2009-06-26 12:20 . 2009-06-26 12:11
d
w- c:documents and settingsUserApplication DataDAEMON Tools Lite
2009-06-26 12:19 . 2009-06-26 12:19
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-06-26 12:19 . 2009-06-26 12:17
d
w- c:program filesDAEMON Tools Lite
2009-06-26 12:18 . 2009-06-26 12:18
d
w- c:documents and settingsUserApplication DataYandex
2009-06-26 12:18 . 2009-06-26 12:18
d
w- c:program filesCommon FilesYandex
2009-06-26 12:11 . 2006-12-28 16:18 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-06-16 14:36 . 2004-08-03 20:56 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-03 19:09 . 2004-08-03 20:56 1291264 —-a-w- c:windowssystem32quartz.dll
2009-05-07 15:32 . 2004-08-03 20:56 345600 —-a-w- c:windowssystem32localspl.dll
2007-01-24 13:47 . 2006-12-27 18:44 52858 —-a-w- c:program filesuninstal.log
2009-07-22 09:22 . 2008-08-31 01:54 134648 —-a-w- c:program filesmozilla firefoxcomponentsbrwsrcmp.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}»= «c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-07-24 150768][HKEY_CLASSES_ROOTclsid{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 06:20 150768 —-a-w- c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-10-09 139264]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2006-01-24 1363968]
«Orb»=»c:program filesWinamp RemotebinOrbTray.exe» [2007-10-23 360448]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-20 479496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windowssystem32dumprep 0 -u» [X]
«HTpatch»=»c:windowshtpatch.exe» [2002-10-30 28672]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2006-12-27 917504]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-07-31 3110392]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2006-02-18 49152]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-01-23 223232]
«USB Storage Toolbox»=»c:windowsUMStorRes.EXE» [2005-09-14 65536]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-03-27 53248]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«NvMediaCenter»=»NvMCTray.dll» — c:windowssystem32nvmctray.dll [2006-10-22 86016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-11-09 1634304]c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2006-12-26 113664]
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2006-2-19 288472]
Ѓлбвал© § ЇгбЄ HP Photosmart Premier.lnk — c:program filesHPDigital Imagingbinhpqthb08.exe [2006-2-10 73728]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32vksaver.dll[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Live for Speed S2\LFS.exe»=
«c:\Program Files\Counter-Strike\hl.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\WINDOWS\system32\dplaysvr.exe»=
«c:\Documents and Settings\User\Desktop\samp01b-server\samp-server.exe»=
«d:\Documents and Settings\Администратор\Рабочий стол\dick\rmDC++\rmDC++0.403D[1]\rmDC++0.403D[1]\rmDC.exe»=
«c:\Program Files\Petabyte.Ru\StrongDc2\StrongDC.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«d:\! Василий !\Закачки\NEED FOR SPEED UNDERGROUND 2\speed2.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\QIP\Users\237455674\RcvdFiles\461627711_Жендос\TeamViewer\TeamViewer.exe»=R2 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [14.03.2007 16:28 71616]
R2 stremu;stremu;c:windowssystem32driversstremu.sys [14.03.2007 16:29 19968]
.
.
Supplementary Scan
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &ICQ Toolbar Search — c:program filesICQToolbartoolbaru.dll/SEARCH.HTML
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/SEARCH.HTM
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/TRANSLATE.HTM
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: imon.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesk275923d.default
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://rambler.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 00:57
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HTpatch = c:windowshtpatch.exe?owsCurrentVersionRun??????/??Z???????Z???Z???????????????????Z???Z?D?????Z$??????Z????????????S??Z????????m??Z???w????(???{??w???w???????w???w???Z????????d???b6?Z%??Z???Z????»??ZA??Z???Z.??wZ??Z?3?Z?3?Z????st.I???????Z????d???0=?Z?K?Zscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1844237615-1993962763-839522115-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(576)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2009-08-03 1:00
ComboFix-quarantined-files.txt 2009-08-03 21:00
ComboFix2.txt 2009-08-03 06:56
ComboFix3.txt 2009-08-02 20:53
ComboFix4.txt 2009-08-02 20:19
ComboFix5.txt 2009-08-03 20:51Pre-Run: 2 019 975 168 bytes free
Post-Run: 1 999 351 808 байт свободно182 — E O F — 2009-07-29 05:50
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Я так понимаю что программа Recovery console не установилась, я думаю проблема в том, что когда я перетаскиваю образ установочного диска на иконку программы Combofix, то запускается сам Combofix, а не устанавливается автоматически Recovery console. Как решить эту проблему помогите пожалуйста?ComboFix 09-08-01.09 — User 03.08.2009 0:11.2.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.511.204 [GMT 4:00]
Running from: c:documents and settingsUserDesktopComboFix.exe
AV: Антивирусная система Eset NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.2009-08-02 06:16 . 2009-08-02 12:37
d
w- c:program filestrend micro
2009-08-02 06:16 . 2009-08-02 06:17
d
w- C:rsit
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:documents and settingsUserApplication DataMalwarebytes
2009-08-01 23:05 . 2009-07-13 09:36 38160 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-08-01 23:05 . 2009-07-13 09:36 19096 —-a-w- c:windowssystem32driversmbam.sys
2009-08-01 23:05 . 2009-08-01 23:05
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-07-28 09:08 . 2009-07-24 06:20 150768 —-a-w- c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 19:53 . 2008-08-28 10:38
d
w- c:program filesGoogle
2009-08-02 19:29 . 2006-12-27 19:56
d
w- c:documents and settingsUserApplication DatauTorrent
2009-07-31 08:53 . 2006-12-26 14:48
d—h—w- c:program filesInstallShield Installation Information
2009-07-28 09:08 . 2007-01-08 18:57
d
w- c:program filesQIP
2009-06-29 16:12 . 2004-08-03 20:56 827392 —-a-w- c:windowssystem32wininet.dll
2009-06-29 16:12 . 2004-08-03 20:56 78336 —-a-w- c:windowssystem32ieencode.dll
2009-06-29 16:12 . 2004-08-03 20:56 17408 —-a-w- c:windowssystem32corpol.dll
2009-06-26 12:20 . 2009-06-26 12:11
d
w- c:documents and settingsUserApplication DataDAEMON Tools Lite
2009-06-26 12:19 . 2009-06-26 12:19
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-06-26 12:19 . 2009-06-26 12:17
d
w- c:program filesDAEMON Tools Lite
2009-06-26 12:18 . 2009-06-26 12:18
d
w- c:documents and settingsUserApplication DataYandex
2009-06-26 12:18 . 2009-06-26 12:18
d
w- c:program filesCommon FilesYandex
2009-06-26 12:11 . 2006-12-28 16:18 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-06-16 14:36 . 2004-08-03 20:56 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-03 19:09 . 2004-08-03 20:56 1291264 —-a-w- c:windowssystem32quartz.dll
2009-05-07 15:32 . 2004-08-03 20:56 345600 —-a-w- c:windowssystem32localspl.dll
2007-01-24 13:47 . 2006-12-27 18:44 52858 —-a-w- c:program filesuninstal.log
2009-07-22 09:22 . 2008-08-31 01:54 134648 —-a-w- c:program filesmozilla firefoxcomponentsbrwsrcmp.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}»= «c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-07-24 150768][HKEY_CLASSES_ROOTclsid{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 06:20 150768 —-a-w- c:documents and settingsUserApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdRouter]
@=»{E2085722-3AC0-4411-A14B-906AFE1A75C4}»
[HKEY_CLASSES_ROOTCLSID{E2085722-3AC0-4411-A14B-906AFE1A75C4}]
2009-07-30 10:57 98304 —-a-w- c:program filesAdobeadrouter.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-10-09 139264]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2006-01-24 1363968]
«Orb»=»c:program filesWinamp RemotebinOrbTray.exe» [2007-10-23 360448]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-20 479496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windowssystem32dumprep 0 -u» [X]
«HTpatch»=»c:windowshtpatch.exe» [2002-10-30 28672]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2006-12-27 917504]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-07-31 3110392]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2006-02-18 49152]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-01-23 223232]
«USB Storage Toolbox»=»c:windowsUMStorRes.EXE» [2005-09-14 65536]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-03-27 53248]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«NvMediaCenter»=»NvMCTray.dll» — c:windowssystem32nvmctray.dll [2006-10-22 86016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-11-09 1634304]c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2006-12-26 113664]
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2006-2-19 288472]
Ѓлбвал© § ЇгбЄ HP Photosmart Premier.lnk — c:program filesHPDigital Imagingbinhpqthb08.exe [2006-2-10 73728]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32vksaver.dll[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Live for Speed S2\LFS.exe»=
«c:\Program Files\Counter-Strike\hl.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\WINDOWS\system32\dplaysvr.exe»=
«c:\Documents and Settings\User\Desktop\samp01b-server\samp-server.exe»=
«d:\Documents and Settings\Администратор\Рабочий стол\dick\rmDC++\rmDC++0.403D[1]\rmDC++0.403D[1]\rmDC.exe»=
«c:\Program Files\Petabyte.Ru\StrongDc2\StrongDC.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«d:\! Василий !\Закачки\NEED FOR SPEED UNDERGROUND 2\speed2.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\QIP\Users\237455674\RcvdFiles\461627711_Жендос\TeamViewer\TeamViewer.exe»=R2 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [14.03.2007 16:28 71616]
R2 stremu;stremu;c:windowssystem32driversstremu.sys [14.03.2007 16:29 19968]
.
.
Supplementary Scan
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &ICQ Toolbar Search — c:program filesICQToolbartoolbaru.dll/SEARCH.HTML
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/SEARCH.HTM
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/TRANSLATE.HTM
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: imon.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesk275923d.default
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://rambler.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 00:16
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HTpatch = c:windowshtpatch.exe?owsCurrentVersionRun??????/??Z???????Z???Z???????????????????Z???Z?D?????Z$??????Z????????????S??Z????????m??Z???w????(???{??w???w???????w???w???Z????????d???b6?Z%??Z???Z????»??ZA??Z???Z.??wZ??Z?3?Z?3?Z????st.I???????Z????d???0=?Z?K?Zscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1844237615-1993962763-839522115-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(580)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2428)
c:windowssystem32WININET.dll
c:program filesAdobeadrouter.dll
c:windowssystem32ieframe.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowssystem32mshtml.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-08-02 0:19
ComboFix-quarantined-files.txt 2009-08-02 20:18
ComboFix2.txt 2009-08-02 20:07Pre-Run: 2 143 600 640 bytes free
Post-Run: 2 121 527 296 байт свободно183 — E O F — 2009-07-29 05:50
