Созданные ответы форума
-
Сообщения
-
Вроде помогло ^___^ Подожду всетаки до завтра и завтра напишу точно
Вот Лог:
ComboFix 09-10-05.01 — 123 07.10.2009 21:21.2.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.2046.1160 [GMT 3:00]
Running from: c:users123DesktopComboFix.exe
Command switches used :: c:users123DesktopCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Антивирус Касперского *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Антивирус Касперского *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Защитник Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FILE ::
«c:users123AppDataRoamingCMediaCMedia.dll»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:users123AppDataRoamingCMediaCMedia.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.2009-10-07 18:39 . 2009-10-07 18:40
d
w- c:users123AppDataLocaltemp
2009-10-07 18:39 . 2009-10-07 18:39
d
w- c:usersPublicAppDataLocaltemp
2009-10-07 18:39 . 2009-10-07 18:39
d
w- c:usersoemAppDataLocaltemp
2009-10-07 18:39 . 2009-10-07 18:39
d
w- c:usersDefaultAppDataLocaltemp
2009-10-06 15:34 . 2009-10-06 17:09
d
w- c:program filesVirus Removal Tool1
2009-10-06 15:32 . 2008-07-08 11:54 148496 —-a-w- c:windowssystem32drivers37990090.sys
2009-10-06 15:18 . 2009-10-06 15:25
d
w- c:program filesSpywareDetector
2009-10-05 20:16 . 2009-10-07 18:38
d
w- c:users123AppDataRoamingCMedia
2009-10-02 22:47 . 2009-10-01 07:29 195440
w- c:windowssystem32MpSigStub.exe
2009-09-18 14:29 . 2009-09-18 14:29
d
w- c:users123AppDataRoamingMalwarebytes
2009-09-18 14:29 . 2009-09-18 14:29
d
w- c:programdataMalwarebytes
2009-09-18 11:48 . 2009-09-18 14:11
dc—-w- c:windowssystem32DRVSTORE
2009-09-18 11:46 . 2009-09-18 14:12
d
w- c:programdataLavasoft
2009-09-18 11:46 . 2009-09-18 14:12
d
w- c:program filesLavasoft
2009-09-16 16:08 . 2009-09-16 16:08
d
w- c:program filesMicrosoft
2009-09-16 16:08 . 2009-09-16 16:08
d
w- c:program filesWindows Live SkyDrive
2009-09-14 20:04 . 1997-04-07 17:19 391680 —-a-w- c:windowssystem32I263_32.drv
2009-09-09 14:17 . 2005-01-01 09:43 4682 —-a-w- c:windowssystem32npptNT2.sys
2009-09-09 12:12 . 2009-10-07 06:51
d
w- c:program filesAion
2009-09-09 07:22 . 2009-09-09 07:22
d
w- c:users123AppDataLocalassembly
2009-09-09 07:03 . 2009-09-09 07:03
d
w- c:program filesNCsoft.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 18:40 . 2007-11-28 06:55 181161888 —sha-w- c:windowssystem32driversfidbox.dat
2009-10-07 18:09 . 2008-04-23 17:06
d
w- c:users123AppDataRoaminguTorrent
2009-10-07 09:09 . 2007-02-03 13:03
d
w- c:programdataKaspersky Lab
2009-10-07 06:51 . 2007-11-08 21:40
d—h—w- c:program filesInstallShield Installation Information
2009-10-07 06:34 . 2007-11-28 06:55 2282924 —sha-w- c:windowssystem32driversfidbox.idx
2009-10-05 19:53 . 2006-11-09 07:21 655978 —-a-w- c:windowssystem32perfh019.dat
2009-10-05 19:53 . 2006-11-09 07:21 125378 —-a-w- c:windowssystem32perfc019.dat
2009-10-04 18:37 . 2008-04-27 19:14
d
w- c:users123AppDataRoamingSkype
2009-10-03 14:46 . 2008-04-24 18:35
d
w- c:program filesFlashGet
2009-09-22 13:26 . 2007-11-28 06:56 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-22 13:26 . 2007-11-28 06:56 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-18 15:39 . 2008-04-26 22:16
d
w- c:program filesUnlocker
2009-09-17 22:54 . 2008-04-24 19:06
d
w- c:program filesMessenger Plus! Live
2009-09-16 16:09 . 2008-10-11 19:24
d
w- c:program filesMSN Messenger
2009-09-16 16:08 . 2008-04-24 18:51
d
w- c:program filesWindows Live
2009-09-14 20:04 . 2009-06-22 13:14
d
w- c:program filesK-Lite Codec Pack
2009-09-11 00:46 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2009-09-11 00:05 . 2008-12-21 13:25
d
w- c:programdataMicrosoft Help
2009-09-09 11:25 . 2007-11-28 06:58 91960 —-a-w- c:users123AppDataLocalGDIPFONTCACHEV1.DAT
2009-09-09 00:44 . 2008-04-23 17:27
d
w- c:program filesJava
2009-08-29 00:27 . 2009-09-02 20:23 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2009-08-23 12:13 . 2009-08-18 11:30 615424 —-a-w- c:windowssystem32themeui.dll
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Sidebar
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Journal
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Collaboration
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Calendar
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Photo Gallery
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Defender
2009-08-21 18:14 . 2009-08-21 18:09
d
w- c:program filesOpera
2009-08-16 15:08 . 2009-06-22 13:14 178176 —-a-w- c:windowssystem32unrar.dll
2009-08-14 16:27 . 2009-09-10 04:54 904776 —-a-w- c:windowssystem32driverstcpip.sys
2009-08-14 15:53 . 2009-09-10 04:54 17920 —-a-w- c:windowssystem32netevent.dll
2009-08-14 13:49 . 2009-09-10 04:54 9728 —-a-w- c:windowssystem32TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 04:54 17920 —-a-w- c:windowssystem32ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 04:54 11264 —-a-w- c:windowssystem32MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 04:54 27136 —-a-w- c:windowssystem32NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 04:54 8704 —-a-w- c:windowssystem32HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 04:54 19968 —-a-w- c:windowssystem32ARP.EXE
2009-08-14 13:49 . 2009-09-10 04:54 10240 —-a-w- c:windowssystem32finger.exe
2009-08-14 13:48 . 2009-09-10 04:54 30720 —-a-w- c:windowssystem32driverstcpipreg.sys
2009-08-14 13:48 . 2009-09-10 04:54 105984 —-a-w- c:windowssystem32netiohlp.dll
2009-08-12 19:38 . 2008-07-29 21:00
d
w- c:program filesGoogle
2009-08-07 16:51 . 2009-08-07 16:51 15308424 —-a-w- c:windowssystem32xlive.dll
2009-08-07 16:51 . 2009-08-07 16:51 13642888 —-a-w- c:windowssystem32xlivefnt.dll
2009-07-29 06:35 . 2009-06-22 13:14 2378752 —-a-w- c:windowssystem32x264vfw.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 —-a-w- c:windowssystem32sirenacm.dll
2009-07-25 02:23 . 2009-05-18 08:14 411368 —-a-w- c:windowssystem32deploytk.dll
2009-07-18 16:01 . 2009-07-29 12:35 78336 —-a-w- c:windowssystem32ieencode.dll
2009-07-18 11:35 . 2009-07-29 12:35 828416 —-a-w- c:windowssystem32wininet.dll
2009-07-17 13:54 . 2009-08-13 15:47 71680 —-a-w- c:windowssystem32atl.dll
2009-07-15 12:40 . 2009-08-13 15:47 8147456 —-a-w- c:windowssystem32wmploc.DLL
2009-07-15 12:39 . 2009-08-13 15:47 313344 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 15:47 4096 —-a-w- c:windowssystem32dxmasf.dll
2009-07-15 12:39 . 2009-08-13 15:47 7680 —-a-w- c:windowssystem32spwmp.dll
2009-07-14 00:15 . 2009-06-22 13:14 90112 —-a-w- c:windowssystem32dpl100.dll
2009-07-14 00:15 . 2009-06-22 13:14 685056 —-a-w- c:windowssystem32divx.dll
2009-07-11 19:01 . 2009-09-10 04:54 302592 —-a-w- c:windowssystem32wlansec.dll
2009-07-11 19:01 . 2009-09-10 04:54 293376 —-a-w- c:windowssystem32wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 04:54 513536 —-a-w- c:windowssystem32wlansvc.dll
2009-07-11 19:01 . 2009-09-10 04:54 65024 —-a-w- c:windowssystem32wlanapi.dll
2009-07-11 17:03 . 2009-09-10 04:54 127488 —-a-w- c:windowssystem32L2SecHC.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 —-a-w- c:program filesmozilla firefoxpluginslibdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 —-a-w- c:program filesmozilla firefoxpluginsssldivx.dll
.
Sigcheck
[-] 2009-08-23 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:windowsSystem32shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622eshsvcs.dll
[7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860eshsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-06_17.08.03 )))))))))))))))))))))))))))))))))))))))))
.
— 2007-01-31 13:59 . 2009-10-06 17:10 49820 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-01-31 13:59 . 2009-10-07 06:38 49820 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-28 07:00 . 2009-10-07 06:38 12938 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2278677267-3686950371-2634324683-1001_UserData.bin
+ 2007-11-28 06:52 . 2009-10-07 06:38 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2007-11-28 06:52 . 2009-10-06 17:10 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2007-11-28 06:52 . 2009-10-07 06:38 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2007-11-28 06:52 . 2009-10-06 17:10 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2007-11-28 06:52 . 2009-10-06 17:10 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2007-11-28 06:52 . 2009-10-07 06:38 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2009-10-06 17:07 . 2009-10-06 17:07 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-10-07 06:35 . 2009-10-07 06:35 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2009-10-06 17:07 . 2009-10-06 17:07 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-10-07 06:35 . 2009-10-07 06:35 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2006-11-02 13:05 . 2009-10-07 06:38 153044 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-19 125952]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-19 202240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-19 1008184]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2007-02-05 849280]
«itype»=»c:program filesMicrosoft IntelliType Proitype.exe» [2006-11-21 813912]
«HDAudDeck»=»c:program filesVIAVIAudioiVistaADeckHDAudioCPL.exe» [2007-08-29 1208320]
«Depo»=»c:windowssystem32DepoComputersQuestioning.exe» [2007-09-17 212992]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2008-03-28 413696]
«BigDog303″=»c:windowsVM303_STI.EXE» [2006-01-24 61440]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-06-18 271360]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-03-27 13687328]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-03-27 92704]
«VMSnap3″=»c:windowsVMSnap3.EXE» [2006-08-30 49152]
«Domino»=»c:windowsDomino.EXE» [2006-06-28 49152]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-07-25 149280][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-06-19 1241088][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«ConsentPromptBehaviorAdmin»= 0 (0x0)
«ConsentPromptBehaviorUser»= 0 (0x0)
«EnableInstallerDetection»= 0 (0x0)
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux»=wdmaud.drv[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):a2,69,a5,b7,e8,23,ca,01[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2278677267-3686950371-2634324683-1001]
«EnableNotificationsRef»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{82BEECA1-ACC2-4276-9A8C-8BB8772B0E3C}»= UDP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{9005AEFD-7C7F-447C-9607-226697FDF987}»= TCP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{7463360F-D596-4657-A358-BCC20B79ABF3}»= UDP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{38B44700-FF5A-4AEA-B1B7-A808688A97D6}»= TCP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«TCP Query User{AD82B6CE-0FC5-44D2-9259-81005B11BF06}c:\hl2.exe»= UDP:C:hl2.exe:hl2
«UDP Query User{7B3C2648-150E-4E5F-AE90-5A392085F4AF}c:\hl2.exe»= TCP:C:hl2.exe:hl2
«{B3B56536-BFDD-443D-B5A7-1C1A3E5D94A2}»= UDP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{ED4D1E7F-701D-4D9F-A598-5F92CFAEA631}»= TCP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{C8C1744E-BEC4-48D9-A19D-ED75C79981B6}»= UDP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{F71C9BA1-D035-41D3-B4F5-F88ADD33B75C}»= TCP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{39BFBAEA-03C2-4313-9A9D-675F6A235448}»= c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«{793F01FB-74A0-4467-9FC2-CB54CDF7E401}»= c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«TCP Query User{BCDCD977-5858-42B7-A493-A027E72BD8E7}c:\program files\utorrent\utorrent.exe»= Disabled:UDP:c:program filesutorrentutorrent.exe:uTorrent
«UDP Query User{C3B38917-18B7-4736-B6C4-C25E1137516B}c:\program files\utorrent\utorrent.exe»= Disabled:TCP:c:program filesutorrentutorrent.exe:uTorrent
«{FED3C91E-4A5B-4034-833E-BE5A7D98AE8F}»= UDP:c:program filesAkellaSacred 2 — Fallen Angelsystemsacred2.exe:Sacred 2
«{C9B317F3-5246-45D3-A9CC-D04488A96B62}»= TCP:c:program filesAkellaSacred 2 — Fallen Angelsystemsacred2.exe:Sacred 2
«TCP Query User{5183FC34-69C5-4B5B-B4B8-9615C0A1733F}c:\program files\skype\phone\skype.exe»= Disabled:UDP:c:program filesskypephoneskype.exe:Skype. Take a deep breath
«UDP Query User{3C2E0ABA-CBFE-4A82-A0F2-5418EFD3764D}c:\program files\skype\phone\skype.exe»= Disabled:TCP:c:program filesskypephoneskype.exe:Skype. Take a deep breath
«TCP Query User{6ECCCA2A-34F2-457D-B068-167A42E0C6FF}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{7E628F94-4030-42F0-8B8B-473C1EFAEF37}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{B87D1725-0AF2-4D31-B629-5A7906537FFF}c:\users\123\desktop\recieved files\emule-0.49b-xtreme-7.1-bin\emule.exe»= UDP:c:users123desktoprecieved filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«UDP Query User{F16578FB-E432-4B45-9980-59E33F589180}c:\users\123\desktop\recieved files\emule-0.49b-xtreme-7.1-bin\emule.exe»= TCP:c:users123desktoprecieved filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«TCP Query User{58B3B5A0-66AF-4745-9C4A-B17FB03DF1B0}c:\users\123\desktop\received files\emule-0.49b-xtreme-7.1-bin\emule.exe»= UDP:c:users123desktopreceived filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«UDP Query User{1985BA4D-44D6-41B4-92BF-74C519F29184}c:\users\123\desktop\received files\emule-0.49b-xtreme-7.1-bin\emule.exe»= TCP:c:users123desktopreceived filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«{E4E63533-D88E-4A29-9EAC-48CB51279AC2}»= UDP:c:program filesAkellaSacred 2 — Fallen Angelsystems2gs.exe:Sacred 2 Game Server
«{1339E391-0E86-485F-9361-5F4E7EC97346}»= TCP:c:program filesAkellaSacred 2 — Fallen Angelsystems2gs.exe:Sacred 2 Game Server
«TCP Query User{6A7FA3C8-925C-45CE-B0C2-A10E95336694}c:\program files\new\hl.exe»= UDP:c:program filesnewhl.exe:Half-Life Launcher
«UDP Query User{8E93516A-3C3F-409C-8DF2-20FE7B67DEBF}c:\program files\new\hl.exe»= TCP:c:program filesnewhl.exe:Half-Life Launcher
«TCP Query User{FDEBB5DC-7F0A-4A5C-995F-7B9DE9025787}c:\program files\counter-strike condition zero 1.2\hl.exe»= UDP:c:program filescounter-strike condition zero 1.2hl.exe:Half-Life Launcher
«UDP Query User{9F6EF3E3-C310-44B2-A1C4-2183479C4826}c:\program files\counter-strike condition zero 1.2\hl.exe»= TCP:c:program filescounter-strike condition zero 1.2hl.exe:Half-Life Launcher
«TCP Query User{44423BB2-BF63-4B7A-874F-20096F186F1A}c:\games\team fortress 2\hl2.exe»= UDP:c:gamesteam fortress 2hl2.exe:hl2
«UDP Query User{D709707C-CD88-479A-BD25-8E4B4660F434}c:\games\team fortress 2\hl2.exe»= TCP:c:gamesteam fortress 2hl2.exe:hl2
«{DBEEEF96-9826-4757-BDC5-BDFA690CE695}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{A8FD5760-A35B-4B2D-B8C3-DBC26A80F6E4}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{48F88388-1DBF-4D79-A5FD-ED04B86E9133}c:\program files\nokia\nokia software updater\nsu_ui_client.exe»= UDP:c:program filesnokianokia software updaternsu_ui_client.exe:Nokia Software Updater
«UDP Query User{E290FD94-7F95-4065-BFB7-2C0D8E8EF56E}c:\program files\nokia\nokia software updater\nsu_ui_client.exe»= TCP:c:program filesnokianokia software updaternsu_ui_client.exe:Nokia Software Updater
«TCP Query User{ABF2B06A-777E-4C80-A66B-64151DF5BD30}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe»= UDP:c:program filescommon filesnokiaservice layeransl_host_process.exe:Nokia Service Layer Host Process
«UDP Query User{36AFC63C-28CC-426A-A506-BCCD566ACC78}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe»= TCP:c:program filescommon filesnokiaservice layeransl_host_process.exe:Nokia Service Layer Host Process
«{4CBAF0CD-8C65-4BE8-B378-1540B144DE2A}»= Disabled:UDP:c:program filesSkypePhoneSkype.exe:Skype
«{53173330-A73A-4F89-A6DC-2BF6A125FC86}»= Disabled:TCP:c:program filesSkypePhoneSkype.exe:Skype
«TCP Query User{BBE325B2-9B95-4CEC-9F31-EFD216597ED0}c:\users\123\desktop\ratiomaster-1.7.4\ratiomaster-vs.exe»= UDP:c:users123desktopratiomaster-1.7.4ratiomaster-vs.exe:ratiomaster-vs.exe
«UDP Query User{4DD9A9B0-8A8C-4326-B7EC-E2A5ECE65325}c:\users\123\desktop\ratiomaster-1.7.4\ratiomaster-vs.exe»= TCP:c:users123desktopratiomaster-1.7.4ratiomaster-vs.exe:ratiomaster-vs.exe[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«k:\driver\usb\рЖСХКАЖРЌАМО»= k:driverusbрЖСХКАЖРЌАМО:*:Enabled:ServicesR1 is-O91ADdrv;is-O91ADdrv;c:windowsSystem32drivers37990090.sys [06.10.2009 18:32 148496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowsSystem32driversklim6.sys [25.01.2007 19:33 20760]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:windowsSystem32driversfetnd6v.sys [22.09.2008 3:20 43520]
S2 gupdate;gupdate; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowsSystem32driversnmwcdnsu.sys [19.03.2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowsSystem32driversnmwcdnsuc.sys [19.03.2009 14:48 8320]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service —> c:windowssystem32GameMon.des -service [?]
S3 vmfilter303;vmfilter303;c:windowsSystem32driversvmfilter303.sys [27.04.2008 22:09 428160]
.
Contents of the ‘Scheduled Tasks’ folder2009-10-07 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-12 19:38]2009-10-07 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-12 19:38]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet — c:program filesFlashGetjc_all.htm
IE: Download using FlashGet — c:program filesFlashGetjc_link.htm
IE: E&xport to Microsoft Excel — c:progra~1MI1933~1OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — component: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensions{ca8b7b3d-b6e6-438f-b935-601b3de48d66}platformWINNT_x86-msvccomponentsFFThrottle.dll
FF — component: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionsmoveplayer@movenetworks.complatformWINNT_x86-msvcpluginsnpmnqmp071301000019.dll
FF — plugin: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll
FF — plugin: c:users123AppDataRoamingMozillapluginsnpcoolirisplugin.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 21:39
Windows 6.0.6002 Service Pack 2 NTFSscanning hidden processes …
Шяяяvk [1702064961] 0x99040004
Шяяяvk [1702064961] 0xA2400000
scanning hidden autostart entries …HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HDAudDeck = c:program filesVIAVIAudioiVistaADeckHDAudioCPL.exe 1????????????????????????????????????????????????????????
BigDog303 = c:windowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)??????????@?@????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
Completion time: 2009-10-07 21:47
ComboFix-quarantined-files.txt 2009-10-07 18:47
ComboFix2.txt 2009-10-06 17:27Pre-Run: 116 769 771 520 байт свободно
Post-Run: 116 618 256 384 байт свободно280 — E O F — 2009-10-05 15:46
@Valeri wrote:
Здравствуйте, добро пожаловать на Spyware-ru форум.
Спасибо ^__^
Вот лог:
ComboFix 09-10-05.01 — 123 06.10.2009 19:43.1.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.2046.1106 [GMT 3:00]
Running from: c:users123DesktopComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Антивирус Касперского *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Антивирус Касперского *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Защитник Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:$recycle.binS-1-5-21-1405738138-2289347539-1057924998-500
c:$recycle.binS-1-5-21-153102868-3693135318-921088734-500
c:$recycle.binS-1-5-21-1648099811-246627023-2587818502-500
c:$recycle.binS-1-5-21-1691397623-2201577076-505587374-500
c:$recycle.binS-1-5-21-1772114262-1360999920-620721864-500
c:$recycle.binS-1-5-21-1853654912-365008194-1279622445-500
c:$recycle.binS-1-5-21-1869386534-2254367095-3945110160-500
c:$recycle.binS-1-5-21-203168575-1212697124-479606228-500
c:$recycle.binS-1-5-21-2152478756-3922319563-605102323-500
c:$recycle.binS-1-5-21-2491830286-607337906-305029218-500
c:$recycle.binS-1-5-21-2589120297-3309395610-3764323534-500
c:$recycle.binS-1-5-21-2623861358-102143816-1644023529-500
c:$recycle.binS-1-5-21-2703286045-1761956342-1102672868-500
c:$recycle.binS-1-5-21-2984956006-2339481881-1782170106-500
c:$recycle.binS-1-5-21-3106250216-2613901181-1345947890-500
c:$recycle.binS-1-5-21-3154338991-350946010-2519592564-500
c:$recycle.binS-1-5-21-3197467293-3468531898-4231332313-500
c:$recycle.binS-1-5-21-3638419973-2926469935-1625179899-500
c:$recycle.binS-1-5-21-3783375365-896004805-2589005050-500
c:$recycle.binS-1-5-21-384657882-4146746463-2088501110-500
c:$recycle.binS-1-5-21-3949978087-1409164705-2552012684-500
c:$recycle.binS-1-5-21-4256959862-3445402238-3180033593-500
c:$recycle.binS-1-5-21-876649235-2352594245-2618589158-500
c:$recycle.binS-1-5-21-957519118-2567105564-4123507885-1000
c:$recycle.binS-1-5-21-985097968-1196329334-3930429457-500
c:configS-1-5-21-1482476501-1644491937-682003330-1013
c:configS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
c:recyclerS-1-5-21-3622752701-9177906078-764410824-8356
c:recyclerS-1-5-21-3622752701-9177906078-764410824-8356Desktop.ini
c:recyclerS-1-5-21-3622752701-9177906078-764410824-8356sysdate.exe
C:System
c:systemS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
c:users123Half Life 2.Raising The Bar .pdf
c:windowsjestertb.dll
c:windowssystemSysSD.dll.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.2009-10-06 17:04 . 2009-10-06 17:08
d
w- c:users123AppDataLocaltemp
2009-10-06 17:04 . 2009-10-06 17:04
d
w- c:usersoemAppDataLocaltemp
2009-10-06 17:04 . 2009-10-06 17:04
d
w- c:usersDefaultAppDataLocaltemp
2009-10-06 15:34 . 2009-10-06 15:48
d
w- c:program filesVirus Removal Tool1
2009-10-06 15:32 . 2008-07-08 11:54 148496 —-a-w- c:windowssystem32drivers37990090.sys
2009-10-06 15:18 . 2009-10-06 15:25
d
w- c:program filesSpywareDetector
2009-10-05 20:16 . 2009-11-07 13:24
d
w- c:users123AppDataRoamingCMedia
2009-10-02 22:47 . 2009-10-01 07:29 195440
w- c:windowssystem32MpSigStub.exe
2009-09-30 23:11 . 2009-09-30 23:11 129024 —-a-w- C:__kb593834.exe
2009-09-18 14:29 . 2009-09-18 14:29
d
w- c:users123AppDataRoamingMalwarebytes
2009-09-18 14:29 . 2009-09-18 14:29
d
w- c:programdataMalwarebytes
2009-09-18 11:48 . 2009-09-18 14:11
dc—-w- c:windowssystem32DRVSTORE
2009-09-18 11:46 . 2009-09-18 14:12
d
w- c:programdataLavasoft
2009-09-18 11:46 . 2009-09-18 14:12
d
w- c:program filesLavasoft
2009-09-16 16:08 . 2009-09-16 16:08
d
w- c:program filesMicrosoft
2009-09-16 16:08 . 2009-09-16 16:08
d
w- c:program filesWindows Live SkyDrive
2009-09-14 20:04 . 1997-04-07 17:19 391680 —-a-w- c:windowssystem32I263_32.drv
2009-09-09 14:17 . 2005-01-01 09:43 4682 —-a-w- c:windowssystem32npptNT2.sys
2009-09-09 12:12 . 2009-09-27 12:58
d
w- c:program filesAion
2009-09-09 07:22 . 2009-09-09 07:22
d
w- c:users123AppDataLocalassembly
2009-09-09 07:03 . 2009-09-09 07:03
d
w- c:program filesNCsoft.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 17:08 . 2007-11-28 06:55 162143776 —sha-w- c:windowssystem32driversfidbox.dat
2009-10-06 17:06 . 2007-11-28 06:55 2172764 —sha-w- c:windowssystem32driversfidbox.idx
2009-10-06 15:52 . 2007-02-03 13:03
d
w- c:programdataKaspersky Lab
2009-10-05 20:20 . 2009-09-17 22:10 87379 —-a-w- c:users123AppDataRoamingfieryads.dat
2009-10-05 19:53 . 2006-11-09 07:21 655978 —-a-w- c:windowssystem32perfh019.dat
2009-10-05 19:53 . 2006-11-09 07:21 125378 —-a-w- c:windowssystem32perfc019.dat
2009-10-04 23:17 . 2008-04-23 17:06
d
w- c:users123AppDataRoaminguTorrent
2009-10-04 18:37 . 2008-04-27 19:14
d
w- c:users123AppDataRoamingSkype
2009-10-03 14:46 . 2008-04-24 18:35
d
w- c:program filesFlashGet
2009-09-22 13:26 . 2007-11-28 06:56 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-22 13:26 . 2007-11-28 06:56 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-18 15:39 . 2008-04-26 22:16
d
w- c:program filesUnlocker
2009-09-17 22:54 . 2008-04-24 19:06
d
w- c:program filesMessenger Plus! Live
2009-09-16 16:09 . 2008-10-11 19:24
d
w- c:program filesMSN Messenger
2009-09-16 16:08 . 2008-04-24 18:51
d
w- c:program filesWindows Live
2009-09-14 20:04 . 2009-06-22 13:14
d
w- c:program filesK-Lite Codec Pack
2009-09-11 00:46 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2009-09-11 00:05 . 2008-12-21 13:25
d
w- c:programdataMicrosoft Help
2009-09-09 12:12 . 2007-11-08 21:40
d—h—w- c:program filesInstallShield Installation Information
2009-09-09 11:25 . 2007-11-28 06:58 91960 —-a-w- c:users123AppDataLocalGDIPFONTCACHEV1.DAT
2009-09-09 00:44 . 2008-04-23 17:27
d
w- c:program filesJava
2009-08-29 00:27 . 2009-09-02 20:23 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2009-08-23 12:13 . 2009-08-18 11:30 615424 —-a-w- c:windowssystem32themeui.dll
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Sidebar
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Journal
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Collaboration
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Calendar
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Photo Gallery
2009-08-23 11:46 . 2006-11-02 12:37
d
w- c:program filesWindows Defender
2009-08-21 18:14 . 2009-08-21 18:09
d
w- c:program filesOpera
2009-08-16 15:08 . 2009-06-22 13:14 178176 —-a-w- c:windowssystem32unrar.dll
2009-08-14 16:27 . 2009-09-10 04:54 904776 —-a-w- c:windowssystem32driverstcpip.sys
2009-08-14 15:53 . 2009-09-10 04:54 17920 —-a-w- c:windowssystem32netevent.dll
2009-08-14 13:49 . 2009-09-10 04:54 9728 —-a-w- c:windowssystem32TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 04:54 17920 —-a-w- c:windowssystem32ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 04:54 11264 —-a-w- c:windowssystem32MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 04:54 27136 —-a-w- c:windowssystem32NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 04:54 8704 —-a-w- c:windowssystem32HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 04:54 19968 —-a-w- c:windowssystem32ARP.EXE
2009-08-14 13:49 . 2009-09-10 04:54 10240 —-a-w- c:windowssystem32finger.exe
2009-08-14 13:48 . 2009-09-10 04:54 30720 —-a-w- c:windowssystem32driverstcpipreg.sys
2009-08-14 13:48 . 2009-09-10 04:54 105984 —-a-w- c:windowssystem32netiohlp.dll
2009-08-12 19:38 . 2008-07-29 21:00
d
w- c:program filesGoogle
2009-08-08 00:02 . 2009-08-08 00:01
d
w- c:program filesMicrosoft Games for Windows — LIVE
2009-08-07 16:51 . 2009-08-07 16:51 15308424 —-a-w- c:windowssystem32xlive.dll
2009-08-07 16:51 . 2009-08-07 16:51 13642888 —-a-w- c:windowssystem32xlivefnt.dll
2009-07-29 06:35 . 2009-06-22 13:14 2378752 —-a-w- c:windowssystem32x264vfw.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 —-a-w- c:windowssystem32sirenacm.dll
2009-07-25 02:23 . 2009-05-18 08:14 411368 —-a-w- c:windowssystem32deploytk.dll
2009-07-18 16:01 . 2009-07-29 12:35 78336 —-a-w- c:windowssystem32ieencode.dll
2009-07-18 11:35 . 2009-07-29 12:35 828416 —-a-w- c:windowssystem32wininet.dll
2009-07-17 13:54 . 2009-08-13 15:47 71680 —-a-w- c:windowssystem32atl.dll
2009-07-15 12:40 . 2009-08-13 15:47 8147456 —-a-w- c:windowssystem32wmploc.DLL
2009-07-15 12:39 . 2009-08-13 15:47 313344 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 15:47 4096 —-a-w- c:windowssystem32dxmasf.dll
2009-07-15 12:39 . 2009-08-13 15:47 7680 —-a-w- c:windowssystem32spwmp.dll
2009-07-14 00:15 . 2009-06-22 13:14 90112 —-a-w- c:windowssystem32dpl100.dll
2009-07-14 00:15 . 2009-06-22 13:14 685056 —-a-w- c:windowssystem32divx.dll
2009-07-11 19:01 . 2009-09-10 04:54 302592 —-a-w- c:windowssystem32wlansec.dll
2009-07-11 19:01 . 2009-09-10 04:54 293376 —-a-w- c:windowssystem32wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 04:54 513536 —-a-w- c:windowssystem32wlansvc.dll
2009-07-11 19:01 . 2009-09-10 04:54 65024 —-a-w- c:windowssystem32wlanapi.dll
2009-07-11 17:03 . 2009-09-10 04:54 127488 —-a-w- c:windowssystem32L2SecHC.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 —-a-w- c:program filesmozilla firefoxpluginslibdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 —-a-w- c:program filesmozilla firefoxpluginsssldivx.dll
.
Sigcheck
[-] 2009-08-23 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:windowsSystem32shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622eshsvcs.dll
[7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:windowswinsxsx86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860eshsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCMedia]
@=»{6B830884-20E3-4AB6-B672-2629F0F72071}»
[HKEY_CLASSES_ROOTCLSID{6B830884-20E3-4AB6-B672-2629F0F72071}]
2009-10-05 20:17 750592 —-a-w- c:users123AppDataRoamingCMediaCMedia.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-19 125952]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-19 202240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-19 1008184]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2007-02-05 849280]
«itype»=»c:program filesMicrosoft IntelliType Proitype.exe» [2006-11-21 813912]
«HDAudDeck»=»c:program filesVIAVIAudioiVistaADeckHDAudioCPL.exe» [2007-08-29 1208320]
«Depo»=»c:windowssystem32DepoComputersQuestioning.exe» [2007-09-17 212992]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2008-03-28 413696]
«BigDog303″=»c:windowsVM303_STI.EXE» [2006-01-24 61440]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-06-18 271360]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-03-27 13687328]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-03-27 92704]
«VMSnap3″=»c:windowsVMSnap3.EXE» [2006-08-30 49152]
«Domino»=»c:windowsDomino.EXE» [2006-06-28 49152]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-07-25 149280]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 6.0avp.exe» [2007-03-06 200768][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-06-19 1241088][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«ConsentPromptBehaviorAdmin»= 0 (0x0)
«ConsentPromptBehaviorUser»= 0 (0x0)
«EnableInstallerDetection»= 0 (0x0)
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux»=wdmaud.drv[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):a2,69,a5,b7,e8,23,ca,01[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2278677267-3686950371-2634324683-1001]
«EnableNotificationsRef»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{82BEECA1-ACC2-4276-9A8C-8BB8772B0E3C}»= UDP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{9005AEFD-7C7F-447C-9607-226697FDF987}»= TCP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{7463360F-D596-4657-A358-BCC20B79ABF3}»= UDP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{38B44700-FF5A-4AEA-B1B7-A808688A97D6}»= TCP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«TCP Query User{AD82B6CE-0FC5-44D2-9259-81005B11BF06}c:\hl2.exe»= UDP:C:hl2.exe:hl2
«UDP Query User{7B3C2648-150E-4E5F-AE90-5A392085F4AF}c:\hl2.exe»= TCP:C:hl2.exe:hl2
«{B3B56536-BFDD-443D-B5A7-1C1A3E5D94A2}»= UDP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{ED4D1E7F-701D-4D9F-A598-5F92CFAEA631}»= TCP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{C8C1744E-BEC4-48D9-A19D-ED75C79981B6}»= UDP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{F71C9BA1-D035-41D3-B4F5-F88ADD33B75C}»= TCP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{39BFBAEA-03C2-4313-9A9D-675F6A235448}»= c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«{793F01FB-74A0-4467-9FC2-CB54CDF7E401}»= c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«TCP Query User{BCDCD977-5858-42B7-A493-A027E72BD8E7}c:\program files\utorrent\utorrent.exe»= Disabled:UDP:c:program filesutorrentutorrent.exe:uTorrent
«UDP Query User{C3B38917-18B7-4736-B6C4-C25E1137516B}c:\program files\utorrent\utorrent.exe»= Disabled:TCP:c:program filesutorrentutorrent.exe:uTorrent
«{FED3C91E-4A5B-4034-833E-BE5A7D98AE8F}»= UDP:c:program filesAkellaSacred 2 — Fallen Angelsystemsacred2.exe:Sacred 2
«{C9B317F3-5246-45D3-A9CC-D04488A96B62}»= TCP:c:program filesAkellaSacred 2 — Fallen Angelsystemsacred2.exe:Sacred 2
«TCP Query User{5183FC34-69C5-4B5B-B4B8-9615C0A1733F}c:\program files\skype\phone\skype.exe»= Disabled:UDP:c:program filesskypephoneskype.exe:Skype. Take a deep breath
«UDP Query User{3C2E0ABA-CBFE-4A82-A0F2-5418EFD3764D}c:\program files\skype\phone\skype.exe»= Disabled:TCP:c:program filesskypephoneskype.exe:Skype. Take a deep breath
«TCP Query User{6ECCCA2A-34F2-457D-B068-167A42E0C6FF}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{7E628F94-4030-42F0-8B8B-473C1EFAEF37}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{B87D1725-0AF2-4D31-B629-5A7906537FFF}c:\users\123\desktop\recieved files\emule-0.49b-xtreme-7.1-bin\emule.exe»= UDP:c:users123desktoprecieved filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«UDP Query User{F16578FB-E432-4B45-9980-59E33F589180}c:\users\123\desktop\recieved files\emule-0.49b-xtreme-7.1-bin\emule.exe»= TCP:c:users123desktoprecieved filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«TCP Query User{58B3B5A0-66AF-4745-9C4A-B17FB03DF1B0}c:\users\123\desktop\received files\emule-0.49b-xtreme-7.1-bin\emule.exe»= UDP:c:users123desktopreceived filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«UDP Query User{1985BA4D-44D6-41B4-92BF-74C519F29184}c:\users\123\desktop\received files\emule-0.49b-xtreme-7.1-bin\emule.exe»= TCP:c:users123desktopreceived filesemule-0.49b-xtreme-7.1-binemule.exe:emule.exe
«{E4E63533-D88E-4A29-9EAC-48CB51279AC2}»= UDP:c:program filesAkellaSacred 2 — Fallen Angelsystems2gs.exe:Sacred 2 Game Server
«{1339E391-0E86-485F-9361-5F4E7EC97346}»= TCP:c:program filesAkellaSacred 2 — Fallen Angelsystems2gs.exe:Sacred 2 Game Server
«TCP Query User{6A7FA3C8-925C-45CE-B0C2-A10E95336694}c:\program files\new\hl.exe»= UDP:c:program filesnewhl.exe:Half-Life Launcher
«UDP Query User{8E93516A-3C3F-409C-8DF2-20FE7B67DEBF}c:\program files\new\hl.exe»= TCP:c:program filesnewhl.exe:Half-Life Launcher
«TCP Query User{FDEBB5DC-7F0A-4A5C-995F-7B9DE9025787}c:\program files\counter-strike condition zero 1.2\hl.exe»= UDP:c:program filescounter-strike condition zero 1.2hl.exe:Half-Life Launcher
«UDP Query User{9F6EF3E3-C310-44B2-A1C4-2183479C4826}c:\program files\counter-strike condition zero 1.2\hl.exe»= TCP:c:program filescounter-strike condition zero 1.2hl.exe:Half-Life Launcher
«TCP Query User{44423BB2-BF63-4B7A-874F-20096F186F1A}c:\games\team fortress 2\hl2.exe»= UDP:c:gamesteam fortress 2hl2.exe:hl2
«UDP Query User{D709707C-CD88-479A-BD25-8E4B4660F434}c:\games\team fortress 2\hl2.exe»= TCP:c:gamesteam fortress 2hl2.exe:hl2
«{DBEEEF96-9826-4757-BDC5-BDFA690CE695}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{A8FD5760-A35B-4B2D-B8C3-DBC26A80F6E4}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{48F88388-1DBF-4D79-A5FD-ED04B86E9133}c:\program files\nokia\nokia software updater\nsu_ui_client.exe»= UDP:c:program filesnokianokia software updaternsu_ui_client.exe:Nokia Software Updater
«UDP Query User{E290FD94-7F95-4065-BFB7-2C0D8E8EF56E}c:\program files\nokia\nokia software updater\nsu_ui_client.exe»= TCP:c:program filesnokianokia software updaternsu_ui_client.exe:Nokia Software Updater
«TCP Query User{ABF2B06A-777E-4C80-A66B-64151DF5BD30}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe»= UDP:c:program filescommon filesnokiaservice layeransl_host_process.exe:Nokia Service Layer Host Process
«UDP Query User{36AFC63C-28CC-426A-A506-BCCD566ACC78}c:\program files\common files\nokia\service layer\a\nsl_host_process.exe»= TCP:c:program filescommon filesnokiaservice layeransl_host_process.exe:Nokia Service Layer Host Process
«{4CBAF0CD-8C65-4BE8-B378-1540B144DE2A}»= Disabled:UDP:c:program filesSkypePhoneSkype.exe:Skype
«{53173330-A73A-4F89-A6DC-2BF6A125FC86}»= Disabled:TCP:c:program filesSkypePhoneSkype.exe:Skype[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«k:\driver\usb\рЖСХКАЖРЌАМО»= k:driverusbрЖСХКАЖРЌАМО:*:Enabled:ServicesR1 is-O91ADdrv;is-O91ADdrv;c:windowsSystem32drivers37990090.sys [06.10.2009 18:32 148496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowsSystem32driversklim6.sys [25.01.2007 19:33 20760]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:windowsSystem32driversfetnd6v.sys [22.09.2008 3:20 43520]
S2 gupdate;gupdate; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowsSystem32driversnmwcdnsu.sys [19.03.2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowsSystem32driversnmwcdnsuc.sys [19.03.2009 14:48 8320]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service —> c:windowssystem32GameMon.des -service [?]
S3 vmfilter303;vmfilter303;c:windowsSystem32driversvmfilter303.sys [27.04.2008 22:09 428160]
.
Contents of the ‘Scheduled Tasks’ folder2009-10-06 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-12 19:38]2009-10-06 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-08-12 19:38]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet — c:program filesFlashGetjc_all.htm
IE: Download using FlashGet — c:program filesFlashGetjc_link.htm
IE: E&xport to Microsoft Excel — c:progra~1MI1933~1OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — component: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensions{ca8b7b3d-b6e6-438f-b935-601b3de48d66}platformWINNT_x86-msvccomponentsFFThrottle.dll
FF — component: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionsmoveplayer@movenetworks.complatformWINNT_x86-msvcpluginsnpmnqmp071301000019.dll
FF — plugin: c:users123AppDataRoamingMozillaFirefoxProfiles31bzlutg.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll
FF — plugin: c:users123AppDataRoamingMozillapluginsnpcoolirisplugin.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-RocketDock — c:program filesRocketDockRocketDock.exe
HKCU-Run-PlayNC Launcher — (no file)
HKLM-Run-Unattend0000000001{DCB591E5-128E-42A2-BD92-472C52E55DF5} — c:sysprepUser.exe
AddRemove-sXe_Injected — c:users123DesktopGamessXe Injecteduninstall.exe
AddRemove-Vit XP Tweak — j:vit xp tweak 4.2Uninstall.exe
AddRemove-AirXonix_is1 — c:program filesAirXonixunins000.exe
AddRemove-Alzey_is1 — c:program filesAlzeyunins000.exe
AddRemove-SuperTux_is1 — c:program filesSuperTuxunins000.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 20:07
Windows 6.0.6002 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HDAudDeck = c:program filesVIAVIAudioiVistaADeckHDAudioCPL.exe 1????????????????????????????????????????????????????????
BigDog303 = c:windowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)??????????@?@????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(944)
c:users123AppDataRoamingCMediaCMedia.dll
c:program filesNokiaNokia PC Suite 6PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 6PCSCM.dll
c:program filesNokiaNokia PC Suite 6LangPhoneBrowser_eng.nlr
c:program filesNokiaNokia PC Suite 6ResourcePhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:windowsSystem32nvvsvc.exe
c:windowsSystem32audiodg.exe
c:windowsSystem32rundll32.exe
c:program filesBonjourmDNSResponder.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowsSystem32WUDFHost.exe
c:windowsSystem32rundll32.exe
c:windowsehomeehmsas.exe
c:windowsSystem32wbemunsecapp.exe
c:program filesWindows Media Playerwmpnetwk.exe
c:program filesWindows Media Playerwmplayer.exe
.
**************************************************************************
.
Completion time: 2009-10-06 20:27 — machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 17:26Pre-Run: 90 238 390 272 байт свободно
Post-Run: 94 030 565 376 байт свободно346 — E O F — 2009-10-05 15:46
