Созданные ответы форума
-
Сообщения
-
НЕ помещается отчет в сообщение.
ничего если я кинула его на ifolder?
Если что, я его перезалью куда Вам удобноСсылка на скачивание отчета combofix http://ifolder.ru/13325795
Спасибо за ответ. Сделала все как Вы говорили.
Не так давно обновила винду, и после этого срывов интеренета вроде не наблюдалось. Но все равно решиа сделать так как вы советовалиComboFix 09-07-19.04 — Olko 20.07.2009 10:46.1.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.766.293 [GMT 4:00]
Running from: c:downloadsПрограммыComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Антивирус Касперского *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney Advisortbhelper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll.
((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.2009-07-19 06:18 . 2009-07-19 06:18
d
w- c:documents and settingsOlkoLocal SettingsApplication DataACD Systems
2009-07-19 06:18 . 2009-07-19 06:18
d
w- c:documents and settingsOlkoApplication DataACD Systems
2009-07-19 06:16 . 2009-07-19 06:16
d
w- c:documents and settingsAll UsersApplication DataACD Systems
2009-07-19 06:16 . 2009-07-19 06:16
d
w- c:program filesCommon FilesACD Systems
2009-07-19 06:16 . 2009-07-19 06:16
d
w- c:program filesACD Systems
2009-06-22 16:56 . 2009-06-22 16:56
d
w- c:documents and settingsOlkoLocal SettingsApplication DataAhead.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 06:52 . 2009-04-22 16:14
d
w- c:documents and settingsOlkoApplication DatauTorrent
2009-07-20 06:52 . 2009-04-07 16:10 20763936 —-a-w- c:windowssystem32driversfidbox.dat
2009-07-20 06:52 . 2009-04-07 16:10 761120 —-a-w- c:windowssystem32driversfidbox2.dat
2009-07-20 06:50 . 2009-04-07 16:10 74444 —-a-w- c:windowssystem32driversfidbox2.idx
2009-07-20 06:50 . 2009-04-07 16:10 281156 —-a-w- c:windowssystem32driversfidbox.idx
2009-07-20 06:32 . 2009-04-07 16:10
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-14 09:12 . 2009-04-05 09:34
d
w- c:program filesDownload Master
2009-07-13 11:59 . 2009-04-03 15:49 176264 —-a-w- c:documents and settingsOlkoLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-10 18:59 . 2009-04-03 15:38
d—h—w- c:program filesInstallShield Installation Information
2009-07-09 17:48 . 2009-04-03 16:55
d
w- c:documents and settingsOlkoApplication DataMra
2009-06-26 06:24 . 2009-04-03 16:47
d
w- c:program filesTotal Commander
2009-06-19 16:31 . 2009-06-19 16:31
d
w- c:program filesAlcohol Soft
2009-06-19 16:16 . 2009-06-19 16:16 721904
w- c:windowssystem32driverssptd.sys
2009-06-19 14:46 . 2009-04-18 05:50
d
w- c:program filesMouse Driver
2009-06-19 14:42 . 2009-04-06 18:24
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-06-19 14:32 . 2009-04-07 16:22
d
w- c:program filesABBYY Lingvo 12
2009-06-14 10:02 . 2009-06-14 10:02 112144 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321X86kl1.sys
2009-06-14 10:02 . 2009-06-14 10:02 144400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321X64kl1.sys
2009-06-14 10:02 . 2009-06-14 10:02 25104 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321ushata.dll
2009-06-14 10:02 . 2009-06-14 10:01 772624 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321updater.dll
2009-06-14 10:01 . 2009-06-14 10:01 195344 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321klif.sys
2009-06-14 10:01 . 2009-06-14 10:01 109072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321dnsq.dll
2009-06-14 10:01 . 2009-06-14 10:01 150032 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321diffs.dll
2009-06-14 10:01 . 2009-06-14 10:00 354832 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.1.321ckahum.dll
2009-06-14 10:00 . 2009-06-14 10:00 112144 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119X86kl1.sys
2009-06-14 10:00 . 2009-06-14 10:00 144400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119X64kl1.sys
2009-06-14 10:00 . 2009-06-14 09:59 682512 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119updater.dll
2009-06-14 09:59 . 2009-06-14 09:59 87304 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119libola.dll
2009-06-14 09:59 . 2009-06-14 09:58 194320 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119klif.sys
2009-06-14 09:58 . 2009-06-14 09:58 150032 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119diffs.dll
2009-06-14 09:58 . 2009-06-14 09:58 342544 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav67.0.0.119ckahum.dll
2009-06-14 09:58 . 2009-06-14 09:58 148496 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.3.830X86klif.sys
2009-06-14 09:58 . 2009-06-14 09:58 202768 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.3.830X64klif.sys
2009-06-14 09:58 . 2009-06-14 09:58 144400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.3.830X64kl1.sys
2009-06-14 09:58 . 2009-06-14 09:58 173072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.3.830X64scrchpg.dll
2009-06-14 09:57 . 2009-06-14 09:57 120336 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678X86klif.sys
2009-06-14 09:57 . 2009-06-14 09:57 160272 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678X64klif.sys
2009-06-14 09:57 . 2009-06-14 09:57 112144 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678X86kl1.sys
2009-06-14 09:57 . 2009-06-14 09:57 144400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678X64kl1.sys
2009-06-14 09:57 . 2009-06-14 09:57 686704 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678updater.dll
2009-06-14 09:57 . 2009-06-14 09:57 168568 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678X64scrchpg.dll
2009-06-14 09:56 . 2009-06-14 09:56 187168 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678klif.sys
2009-06-14 09:56 . 2009-06-14 09:56 45168 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678fssync.dll
2009-06-14 09:56 . 2009-06-14 09:56 338544 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678ckahum.dll
2009-06-14 09:55 . 2009-06-14 09:55 211568 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678avp.exe
2009-06-14 09:55 . 2009-06-14 09:54 282732 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.1.411prloader.dll
2009-06-14 09:54 . 2009-06-14 09:54 36906 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.1.411fssync.dll
2009-05-30 12:03 . 2009-05-29 15:35
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-05-30 11:51 . 2009-05-29 16:59
d
w- c:documents and settingsOlkoApplication DataWebMoney
2009-05-29 15:36 . 2009-05-29 15:33
d
w- c:program filesWebMoney
2009-05-29 15:36 . 2009-05-29 15:35
d
w- c:program filesWebMoney Agent
2009-05-20 16:14 . 2009-04-07 16:10 94643 —-a-w- c:windowssystem32driversklick.dat
2009-05-20 16:14 . 2009-04-07 16:10 105395 —-a-w- c:windowssystem32driversklin.dat
2009-05-06 06:56 . 2009-05-07 06:53 38200 —-a-w- c:documents and settingsOlkoApplication DataMacromediaFlash Playerwww.macromedia.combinairappinstallerairappinstaller.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2006-03-02 15360]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-07-08 3777536]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-04-24 203928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«EDS»=»c:program filesSamsungSamsung EDSEDSAgent.exe» [2007-01-11 634880]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2005-12-07 761947]
«Share-to-Web Namespace Daemon»=»c:program filesHewlett-PackardHP Share-to-Webhpgs2wnd.exe» [2002-04-17 69632]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-03-27 593920]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Adobe Photo Downloader»=»c:program filesAdobePhotoshop Elements 5.0apdproxy.exe» [2006-09-14 61440]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-04-10 37888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-07-09 7975608]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe» [2009-04-09 231952]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2006-11-14 16270848]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2006-05-16 2879488]
«AGRSMMSG»=»AGRSMMSG.exe» — c:windowsAGRSMMSG.exe [2006-08-30 89542][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2006-03-02 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«e:\Проги\utorrent.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5579:TCP»= 5579:TCP:iihdocpR3 DNSeFilter;DNSeFilter;c:windowssystem32driversSamsungEDS.SYS [12.10.2006 12:12 28160]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [30.05.2007 17:49 24344]
S2 akdpcvu;Network System;c:windowssystem32svchost.exe -k netsvcs [02.03.2006 16:00 14336]
S2 sstrcznk;Security Server;c:windowssystem32svchost.exe -k netsvcs [02.03.2006 16:00 14336]
S3 llezgfmz;llezgfmz;??c:windowssystem3220.tmp —> c:windowssystem3220.tmp [?]
S3 nhqiqqac;nhqiqqac;??c:windowssystem321.tmp —> c:windowssystem321.tmp [?]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ckpcx
dxpxshdj
akdpcvu
sstrcznk
bycapym
.
— — — — ORPHANS REMOVED — — — —BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll.
Supplementary Scan
.
uStart Page = hxxp://shkola.edu.ru/
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 10:52
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1076)
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll
c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsadialhk.dll— — — — — — — > ‘explorer.exe'(1748)
c:program filesPunto Switcherpshook.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:program filesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:windowssystem32ati2evxx.exe
c:program filesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32wdfmgr.exe
c:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
c:program filesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe
c:program filesTotal CommanderTotalcmd.exe
c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
e:c:Program FilesCommon FilesTeleca SharedGeneric.exe
c:program filesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2009-07-20 10:55 — machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 06:55Pre-Run: 4 026 441 728 байт свободно
Post-Run: 5 439 254 528 байт свободно201
