SPYWARE-RU.COM

Созданные ответы форума

Просмотр 1 сообщения - с 1 по 1 (всего 1)

Автор

Сообщения
14 марта, 2009 в 11:44 пп в ответ на: баннер с просьбой смс 444848 #22672
krot
Participant
- Темы:1
- Сообщений:2
ComboFix 09-03-13.02 — Администратор 2009-03-15 3:42:20.7 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2047.1692 [GMT 3:00]
Running from: c:downloadsПрограммыComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 01:03 . 2009-03-15 01:03 d

c:documents and settingsAll UsersApplication DataTuneUp Software
2009-03-15 01:03 . 2009-03-15 01:03 d

c:documents and settingsАдминистраторApplication DataTuneUp Software
2009-03-15 00:46 . 2009-03-15 00:46 360,192 —a

c:windows.0system32TuneUpDefragService.exe
2009-03-15 00:39 . 2009-03-15 00:39 147,456 —a

c:documents and settingsАдминистраторApplication Datawinsvc.exe
2009-03-15 00:39 . 2009-03-15 00:39 10 —a

c:documents and settingsАдминистраторApplication Datamsbios.dat
2009-03-04 16:37 . 2008-12-29 11:30 4,224 —a

c:windows.0system32driversNVStrap.sys
2009-03-04 16:25 . 2009-03-04 16:26 d

c:program filesRivaTuner v2.22
2009-02-27 22:28 . 2009-02-27 22:28 3,419,752 —a

c:windows.0system32driversappdrv01.sys
2009-02-27 22:28 . 2009-02-27 22:28 304,528 —a

c:windows.0system32appdrvrem01.exe
2009-02-26 17:05 . 2009-02-26 17:05 d

c:windows.074224F8D4A1748169EDB7BB854DE532C.TMP
2009-02-23 14:50 . 2009-02-23 14:50 d

c:documents and settingsАдминистраторApplication DataAvira
2009-02-19 10:46 . 2009-02-19 10:46 d

c:program filesAvira
2009-02-19 10:46 . 2009-02-19 10:47 d

c:documents and settingsAll UsersApplication DataAvira
2009-02-17 20:58 . 2009-02-17 22:19 d

c:program filesxStarter
2009-02-17 20:58 . 2009-02-17 20:58 d

c:documents and settingsAll UsersApplication DataxStarter
2009-02-17 18:39 . 2009-02-17 18:39 d

c:program filesCommon FilesYandex
2009-02-17 18:39 . 2009-03-15 02:27 d

c:documents and settingsАдминистраторApplication DataMozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 00:15

d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-10 03:06

d

w c:documents and settingsАдминистраторApplication DatauTorrent
2009-03-06 18:00

d

w c:program filesCommon FilesWise Installation Wizard
2009-03-04 11:47

d

w c:documents and settingsАдминистраторApplication DataSmart Mod Manager
2009-02-17 19:18

d

w c:documents and settingsАдминистраторApplication DataYandex
2009-02-17 18:30

d

w c:program filesdoc
2009-02-17 15:39

d

w c:program filesYandex
2009-02-14 11:08

d

w c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-02-12 14:55

d

w c:program filesIDDK
2009-02-11 17:42

d—h—w c:program filesInstallShield Installation Information
2009-02-10 20:44

d

w c:program filesKM-Software
2009-02-09 10:29 77,824 —-a-w c:windows.0SOUNDMAN.EXE
2009-02-09 10:29 57,344 —-a-w c:windows.0ALCMTR.EXE
2009-02-09 10:29 528,384

r c:windows.0RtlExUpd.dll
2009-02-09 10:29 32,768 —-a-w c:windows.0hh.exe
2009-02-09 10:29 319,488 —-a-w c:windows.0HideWin.exe
2009-02-09 10:29 1,826,816 —-a-w c:windows.0SkyTel.exe
2009-02-09 10:29 1,200,128 —-a-w c:windows.0RtlUpd.exe
2009-02-09 10:26 44,650,496 —-a-w c:program fileskis.ru.msi
2009-02-09 10:26 159,744 —-a-w c:program filesfrapslcd.dll
2009-02-05 20:58

d

w c:program filesProcess Killer
2009-02-05 18:06 34,561 —-a-w c:program filesuninstall.exe
2009-02-05 18:06

d

w c:program filesHELP
2009-02-05 09:34

d

w c:program filesSmart Mod Manager
2009-02-03 16:55

d

w c:documents and settingsAll UsersApplication DataESET
2009-02-02 12:22

d

w c:program filesmicrosoft frontpage
2009-01-30 14:16

d

w c:program filesDownload Master
2009-01-30 11:11

d

w c:program filesConexant
2009-01-29 15:42

d

w c:documents and settingsАдминистраторApplication DataDownload Master
2009-01-29 12:45

d

w c:program filesOperaAC
2009-01-29 07:50

d

w c:program filesAGEIA Technologies
2009-01-28 20:47

d

w c:program filesuTorrent
2009-01-28 16:12

d

w c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-27 18:24

d

w c:program filesCommon FilesAdobe
2009-01-26 16:24 41,888 —-a-w c:windows.0system32driversOreans.sys
2009-01-24 10:52

d

w c:program filesKnowing
2009-01-22 15:00 1,226 —-a-w c:program filessetup.reg
2009-01-20 14:49

d

w c:program filesMicrosoft.NET
2009-01-20 14:36

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-19 10:26

d

w c:documents and settingsАдминистраторApplication DataInterTrust
2009-01-19 09:34

d

w c:program filesPowerQuest
2009-01-19 09:28

d

w c:program filesCommon FilesInstallShield
2009-01-18 20:56

d

w c:program filesAIMP2
2009-01-18 20:00

d

w c:documents and settingsАдминистраторApplication DataAhead
2009-01-18 19:43

d

w c:program filesCyberLink
2009-01-18 18:09

d

w c:documents and settingsАдминистраторApplication DataCyberLink
2009-01-18 15:46

d

w c:program filesTotal Commander
2009-01-18 15:43

d

w c:program filesK-Lite Codec Pack
2009-01-18 15:42

d

w c:documents and settingsAll UsersApplication DataCyberLink
2009-01-18 15:41

d

w c:program filesThe KMPlayer
2009-01-18 15:40

d

w c:program filesCommon FilesAhead
2009-01-18 15:40

d

w c:program filesAhead
2009-01-18 15:39

d

w c:program files7-Zip
2009-01-18 15:30

d

w c:program filesRealtek
2009-01-18 15:27

d

w c:program filesAMD
2009-01-18 15:26

d

w c:documents and settingsАдминистраторApplication DataInstallShield
2009-01-18 15:21

d

w c:program filesVistaDrive
2009-01-18 15:20

d

w c:program filesWindows Media Connect 2
2009-01-18 15:19

d

w c:program filesMSXML 6.0
2009-01-18 15:19

d

w c:program filesMSXML 4.0
2009-01-18 15:19

d

w c:program filesmsi InstallSource MSXML
2009-01-07 08:28 453,152 —-a-w c:windows.0system32NVUNINST.EXE
2009-01-03 13:21 15,706 —-a-w c:program fileschanges.txt
2009-01-03 08:10 1,031,848 —-a-w c:program filesfraps.exe
2009-01-03 08:09 74,920 —-a-w c:program filesfraps64.dat
2009-01-03 08:07 188,416 —-a-w c:program filesfraps.dll
2009-01-03 08:06 128,512 —-a-w c:program filesfraps64.dll
2009-01-01 12:58 1,852 —-a-w c:program filesREADME.HTM
2008-11-14 09:55 35,185 —-a-w c:program filesrelease_notes_kis8.0cf2_ru.html
2008-11-14 09:54 43,263 —-a-w c:program filesrelease_notes_kav8.0cf2_ru.html
2008-11-11 17:10 40,286,720 —-a-w c:program fileskav.ru.msi
.

Sigcheck

2007-08-30 15:23 578560 5231f1983829611637e9493105e84751 c:windows.0system32user32.dll

2007-08-30 15:23 758272 4929cac8ed3614d7eff091b1a7cde1d1 c:windows.0system32wininet.dll

2007-08-30 15:41 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:windows.0system32driverstcpip.sys

2007-08-30 15:48 1997312 101b4dc2964155ae5d198fcb0e819c4c c:windows.0system32ntkrnlpa.exe

2009-02-09 13:30 2117632 01746202c3561fefb9f41bc0d00a278a c:windows.0system32ntoskrnl.exe

2007-08-30 15:20 1608704 8c46dfaa76035e41553fa1d04029dc69 c:windows.0explorer.exe

2007-08-30 15:23 80216 a83bc7428b5b0349df0396a0945338a1 c:windows.0system32wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-15_ 1.47.02.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 11:09:44 92,696

w c:windows.0SoftwareDistributionSelfUpdateDefaultcdm.dll
+ 2008-10-16 11:12:24 202,776 —-a-w c:windows.0system32dllcachewuweb.dll
— 2007-07-30 16:18:34 207,736 —-a-w c:windows.0system32muweb.dll
+ 2008-10-16 11:07:48 208,744 —-a-w c:windows.0system32muweb.dll
— 2009-03-14 22:11:24 58,306 —-a-w c:windows.0system32perfc009.dat
+ 2009-03-14 23:46:22 58,306 —-a-w c:windows.0system32perfc009.dat
— 2009-03-14 22:11:24 69,598 —-a-w c:windows.0system32perfc019.dat
+ 2009-03-14 23:46:22 69,598 —-a-w c:windows.0system32perfc019.dat
— 2009-03-14 22:11:24 392,826 —-a-w c:windows.0system32perfh009.dat
+ 2009-03-14 23:46:22 392,826 —-a-w c:windows.0system32perfh009.dat
— 2009-03-14 22:11:24 433,234 —-a-w c:windows.0system32perfh019.dat
+ 2009-03-14 23:46:22 433,234 —-a-w c:windows.0system32perfh019.dat
— 2007-08-29 12:48:08 203,096 —-a-w c:windows.0system32wuweb.dll
+ 2008-10-16 11:12:24 202,776 —-a-w c:windows.0system32wuweb.dll
— 2009-03-14 22:46:28 53,248 —-a-w c:windows.0tempcatchme.dll
+ 2009-03-15 00:42:46 53,248 —-a-w c:windows.0tempcatchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-15 1561864]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-15 1561864]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-09-01 479496]
«Fraps»=»c:program filesFRAPS.EXE» [2009-01-03 1031848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«DSLSTATEXE»=»c:program filesConexantAdsldslstat.exe» [2006-09-18 376832]
«Process Killer»=»c:program filesProcess Killerprkiller.exe» [2005-07-30 38400]
«NvCplDaemon»=»c:windows.0system32NvCpl.dll» [2009-01-15 13680640]
«NvMediaCenter»=»c:windows.0system32NvMcTray.dll» [2009-01-15 86016]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe» [2008-06-12 266497]
«nwiz»=»nwiz.exe» [2009-01-15 c:windows.0system32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2004-08-18 c:windows.0system32advpack.dll]

c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Acro.lnk — c:documents and settingsЂ¤¬ЁЁбва в®аApplication Datawinsvc.exe [2009-03-15 147456]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Synchronizer.lnk — c:program filesAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableStatusMessages»= 1 (0x1)
«SynchronousMachineGroupPolicy»= 1 (0x1)
«SynchronousUserGroupPolicy»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStrCmpLogical»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMBalloonTip»= 0 (0x0)
«MemCheckBoxInRunDlg»= 0 (0x0)
«NoResolveTrack»= 0 (0x0)
«NoWelcomeScreen»= 0 (0x0)
«NoRecentDocsNetHood»= 0 (0x0)
«ForceClassicControlPanel»= 0 (0x0)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«StartMenuLogoff»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableNotifications»= 1 (0x1)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«w:\Games\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«w:\Games\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=

R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);c:windows.0system32driverspe3ajtsc.sys [2007-08-15 64640]
R0 ps7ajtsc;Stalker (Pro) Synchronization Driver (ps7ajtsc);c:windows.0system32driversps7ajtsc.sys [2007-08-15 68744]
R0 sfdrv02;FrontLine Environment Driver (v2);c:windows.0system32driverssfdrv02.sys [2006-09-11 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:windows.0system32driverssfsync05.sys [2006-11-03 61312]
R1 appdrv01;Application Driver (01);c:windows.0system32driversappdrv01.sys [2009-02-27 3419752]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2009-02-19 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition Premiumavwebgrd.exe [2009-02-19 258305]
R2 AVEService;Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты);c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2009-02-19 41217]
S0 NVStrap;NVStrap;c:windows.0system32driversNVStrap.sys [2009-03-04 4224]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windows.0System32appdrvrem01.exe svc —> c:windows.0System32appdrvrem01.exe svc [?]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);c:windows.0system32pr2ajtsc.exe svc —> c:windows.0system32pr2ajtsc.exe svc [?]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windows.0system32sfrem02.exe svc —> c:windows.0system32sfrem02.exe svc [?]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.yandex.ru/?clid=40316
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: avsda.dll
TCP: {1123F057-66F0-46DE-A0BF-169B5B13F496} = 217.14.196.210
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=43914
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=43912&yasoft=barff&text=
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaACprogrampluginsnpdsplay.dll
FF — plugin: c:program filesOperaACprogrampluginsnpmeadax.dll
FF — plugin: c:program filesOperaACprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaACprogrampluginsnprpjplug.dll
FF — plugin: c:program filesOperaACprogrampluginsNPSWF32.dll
FF — plugin: c:program filesOperaACprogrampluginsnpwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 03:42:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(904)
c:windows.0system32SETUPAPI.dll
c:windows.0system32CLBCATQ.DLL

— — — — — — — > ‘lsass.exe'(1024)
c:windows.0system32setupapi.dll
c:windows.0system32avsda.dll
.
Completion time: 2009-03-15 3:43:14
ComboFix-quarantined-files.txt 2009-03-15 00:43:13
ComboFix2.txt 2009-03-15 00:40:39
ComboFix3.txt 2009-03-15 00:16:55
ComboFix4.txt 2009-03-14 23:40:16
ComboFix5.txt 2009-03-15 00:42:16

Pre-Run: 13 814 046 720 байт свободно
Post-Run: 13,806,600,192 байт свободно
Автор

Сообщения

Просмотр 1 сообщения - с 1 по 1 (всего 1)

krot

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Как сбросить настройки Firefox (Инструкция)

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Удалить вирус, всплывающие окна и рекламу в Mac OS X

Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)

Нет доступа в интернет после удаления вируса — Как восстановить

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки