Созданные ответы форума
-
Сообщения
-
ComboFix 09-09-18.02 — Игорь 20.09.2009 18:49.1.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.2046.1477 [GMT 4:00]
Running from: c:documents and settingsИгорьРабочий столComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:recyclerS-1-5-21-1614895754-1078145449-682003330-1003
c:windowsa3kebook.ini
c:windowsakebook.ini
c:windowsANS2000.INI
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.2009-09-20 13:32 . 2009-09-20 13:33
d
w- c:program filesOpera
2009-09-20 12:20 . 2009-09-20 12:20
d-sh—w- c:documents and settingsИгорьIECompatCache
2009-09-19 18:32 . 2009-09-19 18:40
d
w- c:program filesWinGrub
2009-09-19 15:41 . 2009-09-19 15:41
d
w- c:program filesTrend Micro
2009-09-19 12:10 . 2009-09-19 12:10
d-sh—w- c:documents and settingsИгорьPrivacIE
2009-09-19 12:09 . 2009-09-19 12:09
d-sh—w- c:documents and settingsИгорьIETldCache
2009-09-19 12:05 . 2009-09-19 14:15
d
w- c:windowsie8updates
2009-09-19 12:04 . 2009-09-19 12:13
d
w- c:program filesYandex
2009-09-19 12:02 . 2009-09-19 12:04
dc-h—w- c:windowsie8
2009-09-19 12:00 . 2009-08-07 08:48 100352 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-09-19 12:00 . 2009-07-03 17:00 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-09-19 12:00 . 2009-07-03 17:00 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-09-18 13:50 . 2009-09-18 13:50
d
w- c:documents and settingsИгорьLocal SettingsApplication DataOpera
2009-09-18 08:56 . 2009-09-19 09:59
d
w- c:documents and settingsИгорьApplication DatauTorrent
2009-09-18 08:52 . 2009-09-18 08:56
d
w- c:documents and settingsИгорьLocal SettingsApplication DataTemp
2009-09-18 08:52 . 2009-09-18 09:15
d
w- c:documents and settingsИгорьLocal SettingsApplication DataGoogle
2009-09-18 08:52 . 2009-09-18 08:52
d
w- c:documents and settingsИгорьLocal SettingsApplication DataDeployment
2009-09-13 17:53 . 2009-09-13 17:53
d
w- c:documents and settingsИгорьLocal SettingsApplication DataMicrosoft Help
2009-09-13 17:53 . 2009-09-13 18:01
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-09-12 17:29 . 2009-09-12 17:29
d—a-w- c:program filesPicPick
2009-09-10 15:22 . 2009-09-18 06:28
d
w- c:documents and settingsИгорьApplication DataiSendSMS
2009-09-09 17:43 . 2009-09-13 15:43
d
w- c:documents and settingsAll UsersApplication DataNOS
2009-09-09 17:43 . 2009-09-09 17:43
d
w- c:program filesNOS
2009-09-05 14:32 . 2009-09-17 17:25
d
w- c:program filesVKontakteDJ
2009-08-23 10:06 . 2009-08-23 10:08
d
w- c:program filesThe KMPlayer
2009-08-22 10:17 . 2009-09-17 17:29
d
w- C:Music
2009-08-22 10:14 . 2009-09-05 14:30
d
w- c:program filesKontakteDJ.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 14:55 . 2009-07-19 19:47
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-09-20 14:53 . 2009-07-19 19:47 622624 —sha-w- c:windowssystem32driversfidbox2.dat
2009-09-20 14:53 . 2009-07-19 19:47 3208 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-20 14:53 . 2009-07-19 19:47 3028512 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-20 14:53 . 2009-07-19 19:47 24740 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-20 09:55 . 2009-07-19 19:14
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-09-20 05:11 . 2009-07-20 17:41
d
w- c:program filesDebugging Tools for Windows (x86)
2009-09-19 12:04 . 2009-07-19 18:46
d
w- c:documents and settingsИгорьApplication DataYandex
2009-09-18 09:26 . 2009-07-24 15:56
d
w- c:program filesWindows Live Safety Center
2009-09-18 08:57 . 2009-07-22 11:58
d
w- c:program filesuTorrent
2009-09-16 17:28 . 2009-08-13 07:44
d
w- c:program filesFlylinkDC++
2009-09-16 16:54 . 2009-07-22 18:55
d
w- c:program filesNeonHTML 4.3
2009-09-13 19:11 . 2009-07-19 18:46 20416 —-a-w- c:documents and settingsИгорьLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-12 14:42 . 2009-07-19 19:47 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-12 14:42 . 2009-07-19 19:47 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-02 16:59 . 2009-07-20 19:26
d
w- c:program filesICQ6.5
2009-08-30 17:49 . 2009-07-20 19:27
d
w- c:documents and settingsИгорьApplication DataICQ
2009-08-21 13:08 . 2009-08-21 13:08
d
w- c:documents and settingsAll UsersApplication DataFLEXnet
2009-08-21 13:02 . 2009-08-21 13:02
d
w- c:program filesBonjour
2009-08-21 13:02 . 2009-08-21 11:55
d
w- c:program filesCommon FilesAdobe
2009-08-21 12:55 . 2009-08-21 12:55
d
w- c:program filesCommon FilesMacrovision Shared
2009-08-15 11:46 . 2009-08-15 11:46 10 —-a-w- c:windowspopcinfo.dat
2009-08-14 13:36 . 2009-08-14 13:36
d
w- c:documents and settingsИгорьApplication DataNero
2009-08-11 19:18 . 2009-07-19 20:45
d
w- c:documents and settingsИгорьApplication DataDownload Master
2009-08-06 05:37 . 2009-07-19 20:45
d
w- c:program filesDownload Master
2009-08-05 09:08 . 1980-01-01 00:00 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-08-01 16:46 . 2008-01-24 12:18
d
w- c:program filesVIA
2009-07-26 14:33 . 2008-01-29 13:29 33808 —-a-w- c:windowssystem32driversklbg.sys
2009-07-20 16:43 . 1980-01-01 00:00 79946 —-a-w- c:windowssystem32perfc019.dat
2009-07-20 16:43 . 1980-01-01 00:00 475064 —-a-w- c:windowssystem32perfh019.dat
2009-07-17 18:57 . 1980-01-01 00:00 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 19:43 . 1980-01-01 00:00 286208 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-03 17:00 . 1980-01-01 00:00 915456 —-a-w- c:windowssystem32wininet.dll
2009-06-25 08:48 . 1980-01-01 00:00 59392 —-a-w- c:windowssystem32wdigest.dll
2009-06-25 08:48 . 1980-01-01 00:00 56320 —-a-w- c:windowssystem32secur32.dll
2009-06-25 08:48 . 1980-01-01 00:00 168448 —-a-w- c:windowssystem32schannel.dll
2009-06-25 08:48 . 1980-01-01 00:00 133632 —-a-w- c:windowssystem32msv1_0.dll
2009-06-25 08:48 . 1980-01-01 00:00 726528 —-a-w- c:windowssystem32lsasrv.dll
2009-06-25 08:48 . 1980-01-01 00:00 298496 —-a-w- c:windowssystem32kerberos.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-08-05 3777536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-01-24 8527872]
«HDAudDeck»=»c:program filesVIAVIAudioiHDADeckHDeck.exe» [2007-10-12 794624]
«SMSERIAL»=»c:program filesMotorolaSMSERIALsm56hlpr.exe» [2008-01-23 634880]
«SynTPStart»=»c:program filesSynapticsSynTPSynTPStart.exe» [2008-01-23 102400]
«BisonHK»=»c:windowsBisonCamBisonHK.exe» [2007-10-03 77824]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-07-21 208616]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-01-24 1626112]
«BluetoothAuthenticationAgent»=»bthprops.cpl» — c:windowssystem32bthprops.cpl [2004-08-18 110592][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HotKeyDriver.lnk — c:program filesHotKey_DriverHotKeyDriver.exe [2008-1-24 3461120]
Ralink Wireless Utility.lnk — c:program filesRALINKCommonRaUI.exe [2008-1-24 1114112][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 17:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [13.03.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [30.04.2008 17:06 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [24.01.2008 15:55 205184]
S3 getPlusHelper;getPlus(R) Helper;c:windowsSystem32svchost.exe -k getPlusHelper [01.01.1980 4:00 14336]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversrtl8187B.sys [18.04.2008 13:38 275712]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [17.10.2006 19:16 180608][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the ‘Scheduled Tasks’ folder2009-09-20 c:windowsTasksUser_Feed_Synchronization-{C93326B8-F3EF-4AEB-B915-104D6DF8B160}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 00:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/
uInternet Settings,ProxyOverride =
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
TCP: {312E19E9-AF64-4137-81F0-D2E346F17C2D} = 213.24.172.1,213.24.172.2
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 18:55
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HDAudDeck = c:program filesVIAVIAudioiHDADeckHDeck.exe 1????????????????????????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2216)
c:windowssystem32WININET.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesBonjourmDNSResponder.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:program filesSynapticsSynTPSynTPEnh.exe
c:windowssystem32wbemunsecapp.exe
.
**************************************************************************
.
Completion time: 2009-09-20 18:57 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 14:57Pre-Run: 110 618 382 336 байт свободно
Post-Run: 111 258 214 400 байт свободно189 — E O F — 2009-09-19 14:16
