Созданные ответы форума
-
Сообщения
-
Сделал то что вы сказали. Вот резултат:
ComboFix 08-10-19.04 — 123 2008-10-20 17:21:13.3 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.703 [GMT 4:00]
Running from: D:ComboFix.exe
Command switches used :: D:CFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.2008-10-19 19:36 . 2008-10-19 19:36
d
C:backups
2008-10-19 19:17 . 2008-10-19 19:20 716,272 —a
C:WINDOWSsystem32driverssptd.sys
2008-10-19 09:36 . 2008-10-19 09:36 396,288 —a
C:HijackThis.exe
2008-10-18 22:44 . 2008-10-18 22:44d
C:WINDOWSsystem32Kaspersky Lab
2008-10-18 22:35 . 2008-10-18 22:35d
C:Documents and Settings123Contacts
2008-10-18 22:33 . 2008-10-18 22:33d
C:Program FilesWindows Live Toolbar
2008-10-18 22:28 . 2008-10-18 22:28d
C:Program FilesWindows Live
2008-10-18 22:28 . 2008-10-18 22:28d—hs—- C:Program FilesCommon FilesWindowsLiveInstaller
2008-10-18 22:28 . 2008-10-18 22:28d
C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-10-18 22:20 . 2008-10-18 22:20d
C:Downloads
2008-10-18 21:36 . 2008-10-18 21:36 29 —a
C:WINDOWSKKERIM.RT
2008-10-18 21:03 . 2008-10-18 21:03d
C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-18 21:03 . 2008-10-18 21:03d
C:Documents and Settings123Application DataMalwarebytes
2008-10-18 16:21 . 2008-10-18 16:21d
C:Documents and SettingsAll UsersApplication DataSolt Lake Software
2008-10-18 15:53 . 2008-08-14 17:47 2,182,144
C:WINDOWSsystem32dllcachentoskrnl.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,138,112
C:WINDOWSsystem32dllcachentkrnlmp.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,059,520
C:WINDOWSsystem32dllcachentkrnlpa.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,017,792
C:WINDOWSsystem32dllcachentkrpamp.exe
2008-10-18 12:21 . 2008-07-18 22:07 210,976 —a
C:WINDOWSsystem32muweb.dll
2008-10-18 12:21 . 2008-07-18 22:07 29,728 —a
C:WINDOWSsystem32mucltui.dll.mui
2008-10-18 12:20 . 2008-07-18 22:07 270,880 —a
C:WINDOWSsystem32mucltui.dll
2008-10-17 19:17 . 2008-10-17 19:17d
C:WINDOWSsystem32athan
2008-10-17 19:17 . 2008-10-18 19:29 737,280 —a
C:WINDOWSiun6002.exe
2008-10-15 16:15 . 2008-10-15 16:15d
C:Documents and SettingsAll UsersApplication DataCreative
2008-10-15 11:37 . 2003-06-12 23:25 7,062 —a
C:WINDOWSsystem32audiopid.vxd
2008-10-15 11:36 . 2008-10-15 11:36d
C:Documents and Settings123Application DataCreative
2008-10-15 11:31 . 2008-10-15 11:31d
C:WINDOWSCtDrvInstall
2008-10-15 11:30 . 1998-10-29 16:45 306,688 —a
C:WINDOWSIsUninst.exe
2008-10-15 11:29 . 2008-10-15 11:29d
C:Program FilesCreative
2008-10-14 14:31 . 2008-10-19 00:15 10 —a
C:WINDOWSpopcinfo.dat
2008-10-14 14:24 . 2008-10-14 14:24 14,622 —a
C:WINDOWSsystem32muzika.xm
2008-10-14 14:23 . 2008-10-14 14:23d
C:Program FilesFlashGet
2008-10-14 14:21 . 2008-10-14 14:21d
C:Program FilesOpera
2008-10-14 14:19 . 2003-10-28 14:02 20,016
C:WINDOWSsystem32driverspxhelp20.sys
2008-10-14 14:18 . 2008-10-14 14:18d
C:Program FilesWinamp
2008-10-14 14:18 . 2008-10-18 21:30 155 —a
C:WINDOWSwinamp.ini
2008-10-06 07:37 . 2008-10-06 07:37d
C:Documents and Settings123Application Datadxdlls
2008-10-01 08:09 . 2008-10-01 08:09d
C:Program FilesCommon FilesReal
2008-09-30 22:53 . 2008-09-30 22:53d
C:Program FilesCommon FilesEZB Systems
2008-09-30 03:02 . 2008-06-14 21:59 272,512
C:WINDOWSsystem32driversbthport.sys
2008-09-30 03:02 . 2008-06-14 21:59 272,512
C:WINDOWSsystem32dllcachebthport.sys
2008-09-30 01:51 . 2008-09-30 01:51d
C:Documents and Settings123Application DataEltima Software
2008-09-29 22:49 . 2008-09-29 22:49d
C:Program FilesCommon FilesAdobe AIR
2008-09-29 22:46 . 2008-09-29 22:46d
C:Program FilesCommon FilesAdobe
2008-09-29 22:05 . 2008-09-29 22:05d
C:Program FilesMyCentria
2008-09-29 21:59 . 2008-09-29 21:59d
C:Documents and SettingsAll UsersApplication DataYahoo! Companion
2008-09-29 21:59 . 2008-09-29 21:59d
C:Documents and Settings123Application DataYahoo!
2008-09-29 21:56 . 2008-09-29 21:56d
C:Program FilesYahoo!
2008-09-29 20:15 . 2008-09-29 20:15d
C:Program FilesOJOsoft
2008-09-29 20:15 . 2008-09-29 20:15d
C:Program FilesCommon FilesCommon Share
2008-09-29 19:41 . 2005-01-12 18:56 335,872 —a
C:WINDOWSsystem32m4atag.dll
2008-09-29 17:26 . 2008-09-29 17:26 0 —a
C:WINDOWSnsreg.dat
2008-09-29 14:59 . 2008-09-29 14:59 106 —a
C:WINDOWSsystem32BIN_STRSBW.SPT
2008-09-29 14:55 . 2008-09-29 14:55d—h
C:WINDOWS$hf_mig$
2008-09-28 22:44 . 2008-09-28 22:44d
C:Documents and Settings123Application DataskypePM
2008-09-28 22:44 . 2008-09-28 22:44 56 —ah
C:WINDOWSsystem32ezsidmv.dat
2008-09-28 22:39 . 2008-09-28 22:39d
C:Program FilesSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Program FilesCommon FilesSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Documents and SettingsAll UsersApplication DataSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Documents and Settings123Application DataSkype
2008-09-28 20:18 . 2008-09-28 20:18d
C:Program FilesReal
2008-09-28 19:07 . 2008-09-28 19:07d
C:Documents and Settings123Application DatauTorrent
2008-09-28 17:32 . 2008-09-28 17:32d
C:Program FilesCrawler
2008-09-28 16:36 . 2008-09-28 16:36d
C:Program FilesRambler Assistant
2008-09-28 16:36 . 2008-09-28 16:36d
C:Documents and Settings123Application Datarambler.ru
2008-09-28 16:35 . 2008-09-28 16:35d
C:Documents and Settings123Application DataICQ
2008-09-28 16:13 . 2008-09-28 16:13d—s—- C:Documents and Settings123UserData
2008-09-28 14:00 . 2008-09-28 14:00d
C:Program FilesKaspersky Lab
2008-09-28 14:00 . 2008-09-28 14:00d
C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-09-28 14:00 . 2008-09-28 14:14 96,976 —a
C:WINDOWSsystem32driversklin.dat
2008-09-28 14:00 . 2008-09-28 14:00 87,855 —a
C:WINDOWSsystem32driversklick.dat
2008-09-28 14:00 . 2008-10-20 11:48 32 —ahs—- C:WINDOWSsystem32driversfidbox2.idx
2008-09-28 14:00 . 2008-10-20 11:48 32 —ahs—- C:WINDOWSsystem32driversfidbox2.dat
2008-09-28 14:00 . 2008-10-20 11:48 32 —ahs—- C:WINDOWSsystem32driversfidbox.idx
2008-09-28 14:00 . 2008-10-20 11:48 32 —ahs—- C:WINDOWSsystem32driversfidbox.dat
2008-09-28 13:58 . 2008-09-28 13:58d
C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2008-09-28 13:57 . 2008-09-28 13:57d
C:Documents and Settings123Application DataFLVPlayer4Free.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 08:55
d
w C:Program FilesNetWaiting
2008-09-28 08:48
d
w C:Documents and Settings123Application DataInstallShield
2008-09-28 08:47
d
w C:Program FilesCONEXANT
2008-09-28 08:46
d—h—w C:Program FilesInstallShield Installation Information
2008-09-28 08:46
d
w C:Program FilesHewlett-Packard
2008-09-28 08:46
d
w C:Program FilesCommon FilesInstallShield
2008-09-28 08:44
d
w C:Program FilesIntel
2008-09-28 08:31
d
w C:Program FilesGoogle
2008-09-28 08:31
d
w C:Documents and SettingsAll UsersApplication DataStorm
2008-09-28 08:31
d
w C:Documents and Settings123Application DataApplication Data
2008-09-28 08:25
d
w C:Program FilesStormII
2008-09-28 08:13
d
w C:Program Filesmicrosoft frontpage
2008-09-28 07:03
d
w C:Program FilesMicrosoft.NET
2008-09-15 15:41 1,846,144 —-a-w C:WINDOWSsystem32win32k.sys
2008-09-15 15:41 1,846,144 —-a-w C:WINDOWSsystem32dllcachewin32k.sys
2008-08-28 10:04 333,056 —-a-w C:WINDOWSsystem32driverssrv.sys
2008-08-28 10:04 333,056 —-a-w C:WINDOWSsystem32dllcachesrv.sys
2008-08-19 09:30 18,432 —-a-w C:WINDOWSsystem32dllcacheiedw.exe
2008-08-14 13:47 2,138,112 —-a-w C:WINDOWSsystem32ntoskrnl.exe
2008-08-14 13:47 2,017,792 —-a-w C:WINDOWSsystem32ntkrnlpa.exe
2008-08-14 09:51 138,368 —-a-w C:WINDOWSsystem32dllcacheafd.sys
2008-07-29 16:21 218,376 —-a-w C:WINDOWSsystem32klogon.dll
.
Sigcheck
2004-09-17 12:16 503808 a975a70fcefe2a224412214320c89ded C:WINDOWSsystem32winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-20_ 1.28.16.21 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-10-19 21:18:52 40,326 —-a-w C:WINDOWSsystem32perfc009.dat
+ 2008-10-20 13:15:18 40,326 —-a-w C:WINDOWSsystem32perfc009.dat
— 2008-10-19 21:18:52 49,750 —-a-w C:WINDOWSsystem32perfc019.dat
+ 2008-10-20 13:15:18 49,750 —-a-w C:WINDOWSsystem32perfc019.dat
— 2008-10-19 21:18:52 311,938 —-a-w C:WINDOWSsystem32perfh009.dat
+ 2008-10-20 13:15:18 311,938 —-a-w C:WINDOWSsystem32perfh009.dat
— 2008-10-19 21:18:52 346,690 —-a-w C:WINDOWSsystem32perfh019.dat
+ 2008-10-20 13:15:18 346,690 —-a-w C:WINDOWSsystem32perfh019.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2004-08-17 15360]
«swg»=»C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-09-29 68856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-09-18 141848]
«HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-09-18 166424]
«Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-09-18 137752]
«V0330Mon.exe»=»C:WINDOWSV0330Mon.exe» [2007-04-30 32768]
«Athan»=»D:AthanAthan.exe» [2006-05-23 974848]
«AVP»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2008-07-29 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
—a
2008-06-12 02:38 34672 C:Program FilesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
—a
2008-09-29 14:32 68856 C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\StormII\Storm.exe»=
«C:\Program Files\StormII\stormliv.exe»=
«D:\ICQ6\ICQ.exe»=
«C:\Program Files\Messenger\msmsgs.exe»=
«D:\uTorrent.exe»=
«C:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«C:\Program Files\Windows Live\Messenger\livecall.exe»=
«D:\SKYPE\Phone\Skype.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;C:WINDOWSsystem32driversklbg.sys [2008-01-29 32784]
R2 ccosm;Contrl Center of Storm Media;C:Program FilesStormIIstormliv.exe [2008-03-11 473184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 V0330VID;WebCam Vista/Live! Cam Chat;C:WINDOWSsystem32DRIVERSV0330Vid.sys [2007-08-08 157696]
.
Contents of the ‘Scheduled Tasks’ folder2008-10-20 C:WINDOWSTasksПроверка обновлений для Windows Live Toolbar.job
— C:Program FilesWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AlcoholAutomount — D:Alcohol 120% 1.9.7.6022Alcohol 120axcmd.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 17:22:36
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-10-20 17:23:11
ComboFix-quarantined-files.txt 2008-10-20 13:23:10
ComboFix2.txt 2008-10-19 21:28:44Pre-Run: 2 594 652 160 байт свободно
Post-Run: 2,605,973,504 байт свободно186 — E O F — 2008-10-19 05:27:44
Скачаль combofix и это результат его работы :
ComboFix 08-10-19.04 — 123 2008-10-20 1:21:01.2 — FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.697 [GMT 4:00]
Running from: D:ComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run
.
C:WINDOWSwiaservb.log.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.2008-10-19 19:36 . 2008-10-19 19:36
d
C:backups
2008-10-19 19:17 . 2008-10-19 19:20 716,272 —a
C:WINDOWSsystem32driverssptd.sys
2008-10-19 09:36 . 2008-10-19 09:36 396,288 —a
C:HijackThis.exe
2008-10-18 22:44 . 2008-10-18 22:44d
C:WINDOWSsystem32Kaspersky Lab
2008-10-18 22:35 . 2008-10-18 22:35d
C:Documents and Settings123Contacts
2008-10-18 22:33 . 2008-10-18 22:33d
C:Program FilesWindows Live Toolbar
2008-10-18 22:28 . 2008-10-18 22:28d
C:Program FilesWindows Live
2008-10-18 22:28 . 2008-10-18 22:28d—hs—- C:Program FilesCommon FilesWindowsLiveInstaller
2008-10-18 22:28 . 2008-10-18 22:28d
C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-10-18 22:20 . 2008-10-18 22:20d
C:Downloads
2008-10-18 21:36 . 2008-10-18 21:36 29 —a
C:WINDOWSKKERIM.RT
2008-10-18 21:03 . 2008-10-18 21:03d
C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-18 21:03 . 2008-10-18 21:03d
C:Documents and Settings123Application DataMalwarebytes
2008-10-18 16:21 . 2008-10-18 16:21d
C:Documents and SettingsAll UsersApplication DataSolt Lake Software
2008-10-18 15:53 . 2008-08-14 17:47 2,182,144
C:WINDOWSsystem32dllcachentoskrnl.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,138,112
C:WINDOWSsystem32dllcachentkrnlmp.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,059,520
C:WINDOWSsystem32dllcachentkrnlpa.exe
2008-10-18 15:53 . 2008-08-14 17:47 2,017,792
C:WINDOWSsystem32dllcachentkrpamp.exe
2008-10-18 12:21 . 2008-07-18 22:07 210,976 —a
C:WINDOWSsystem32muweb.dll
2008-10-18 12:21 . 2008-07-18 22:07 29,728 —a
C:WINDOWSsystem32mucltui.dll.mui
2008-10-18 12:20 . 2008-07-18 22:07 270,880 —a
C:WINDOWSsystem32mucltui.dll
2008-10-17 19:17 . 2008-10-17 19:17d
C:WINDOWSsystem32athan
2008-10-17 19:17 . 2008-10-18 19:29 737,280 —a
C:WINDOWSiun6002.exe
2008-10-15 16:15 . 2008-10-15 16:15d
C:Documents and SettingsAll UsersApplication DataCreative
2008-10-15 11:37 . 2003-06-12 23:25 7,062 —a
C:WINDOWSsystem32audiopid.vxd
2008-10-15 11:36 . 2008-10-15 11:36d
C:Documents and Settings123Application DataCreative
2008-10-15 11:31 . 2008-10-15 11:31d
C:WINDOWSCtDrvInstall
2008-10-15 11:30 . 1998-10-29 16:45 306,688 —a
C:WINDOWSIsUninst.exe
2008-10-15 11:29 . 2008-10-15 11:29d
C:Program FilesCreative
2008-10-14 14:31 . 2008-10-19 00:15 10 —a
C:WINDOWSpopcinfo.dat
2008-10-14 14:24 . 2008-10-14 14:24 14,622 —a
C:WINDOWSsystem32muzika.xm
2008-10-14 14:23 . 2008-10-14 14:23d
C:Program FilesFlashGet
2008-10-14 14:21 . 2008-10-14 14:21d
C:Program FilesOpera
2008-10-14 14:19 . 2003-10-28 14:02 20,016
C:WINDOWSsystem32driverspxhelp20.sys
2008-10-14 14:18 . 2008-10-14 14:18d
C:Program FilesWinamp
2008-10-14 14:18 . 2008-10-18 21:30 155 —a
C:WINDOWSwinamp.ini
2008-10-06 07:37 . 2008-10-06 07:37d
C:Documents and Settings123Application Datadxdlls
2008-10-01 08:09 . 2008-10-01 08:09d
C:Program FilesCommon FilesReal
2008-09-30 22:53 . 2008-09-30 22:53d
C:Program FilesCommon FilesEZB Systems
2008-09-30 03:02 . 2008-06-14 21:59 272,512
C:WINDOWSsystem32driversbthport.sys
2008-09-30 03:02 . 2008-06-14 21:59 272,512
C:WINDOWSsystem32dllcachebthport.sys
2008-09-30 01:51 . 2008-09-30 01:51d
C:Documents and Settings123Application DataEltima Software
2008-09-29 22:49 . 2008-09-29 22:49d
C:Program FilesCommon FilesAdobe AIR
2008-09-29 22:46 . 2008-09-29 22:46d
C:Program FilesCommon FilesAdobe
2008-09-29 22:05 . 2008-09-29 22:05d
C:Program FilesMyCentria
2008-09-29 21:59 . 2008-09-29 21:59d
C:Documents and SettingsAll UsersApplication DataYahoo! Companion
2008-09-29 21:59 . 2008-09-29 21:59d
C:Documents and Settings123Application DataYahoo!
2008-09-29 21:56 . 2008-09-29 21:56d
C:Program FilesYahoo!
2008-09-29 20:15 . 2008-09-29 20:15d
C:Program FilesOJOsoft
2008-09-29 20:15 . 2008-09-29 20:15d
C:Program FilesCommon FilesCommon Share
2008-09-29 19:41 . 2005-01-12 18:56 335,872 —a
C:WINDOWSsystem32m4atag.dll
2008-09-29 17:26 . 2008-09-29 17:26 0 —a
C:WINDOWSnsreg.dat
2008-09-29 14:59 . 2008-09-29 14:59 106 —a
C:WINDOWSsystem32BIN_STRSBW.SPT
2008-09-29 14:55 . 2008-09-29 14:55d—h
C:WINDOWS$hf_mig$
2008-09-28 22:44 . 2008-09-28 22:44d
C:Documents and Settings123Application DataskypePM
2008-09-28 22:44 . 2008-09-28 22:44 56 —ah
C:WINDOWSsystem32ezsidmv.dat
2008-09-28 22:39 . 2008-09-28 22:39d
C:Program FilesSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Program FilesCommon FilesSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Documents and SettingsAll UsersApplication DataSkype
2008-09-28 22:39 . 2008-09-28 22:39d
C:Documents and Settings123Application DataSkype
2008-09-28 20:18 . 2008-09-28 20:18d
C:Program FilesReal
2008-09-28 19:07 . 2008-09-28 19:07d
C:Documents and Settings123Application DatauTorrent
2008-09-28 17:32 . 2008-09-28 17:32d
C:Program FilesCrawler
2008-09-28 16:36 . 2008-09-28 16:36d
C:Program FilesRambler Assistant
2008-09-28 16:36 . 2008-09-28 16:36d
C:Documents and Settings123Application Datarambler.ru
2008-09-28 16:35 . 2008-09-28 16:35d
C:Documents and Settings123Application DataICQ
2008-09-28 16:13 . 2008-09-28 16:13d—s—- C:Documents and Settings123UserData
2008-09-28 14:00 . 2008-09-28 14:00d
C:Program FilesKaspersky Lab
2008-09-28 14:00 . 2008-09-28 14:00d
C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-09-28 14:00 . 2008-09-28 14:14 96,976 —a
C:WINDOWSsystem32driversklin.dat
2008-09-28 14:00 . 2008-09-28 14:00 87,855 —a
C:WINDOWSsystem32driversklick.dat
2008-09-28 14:00 . 2008-10-20 01:26 32 —ahs—- C:WINDOWSsystem32driversfidbox2.idx
2008-09-28 14:00 . 2008-10-20 01:26 32 —ahs—- C:WINDOWSsystem32driversfidbox2.dat
2008-09-28 14:00 . 2008-10-20 01:26 32 —ahs—- C:WINDOWSsystem32driversfidbox.idx
2008-09-28 14:00 . 2008-10-20 01:26 32 —ahs—- C:WINDOWSsystem32driversfidbox.dat
2008-09-28 13:58 . 2008-09-28 13:58d
C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2008-09-28 13:57 . 2008-09-28 13:57d
C:Documents and Settings123Application DataFLVPlayer4Free.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 08:55
d
w C:Program FilesNetWaiting
2008-09-28 08:48
d
w C:Documents and Settings123Application DataInstallShield
2008-09-28 08:47
d
w C:Program FilesCONEXANT
2008-09-28 08:46
d—h—w C:Program FilesInstallShield Installation Information
2008-09-28 08:46
d
w C:Program FilesHewlett-Packard
2008-09-28 08:46
d
w C:Program FilesCommon FilesInstallShield
2008-09-28 08:44
d
w C:Program FilesIntel
2008-09-28 08:31
d
w C:Program FilesGoogle
2008-09-28 08:31
d
w C:Documents and SettingsAll UsersApplication DataStorm
2008-09-28 08:31
d
w C:Documents and Settings123Application DataApplication Data
2008-09-28 08:25
d
w C:Program FilesStormII
2008-09-28 08:13
d
w C:Program Filesmicrosoft frontpage
2008-09-28 07:03
d
w C:Program FilesMicrosoft.NET
2008-09-15 15:41 1,846,144 —-a-w C:WINDOWSsystem32win32k.sys
2008-09-15 15:41 1,846,144 —-a-w C:WINDOWSsystem32dllcachewin32k.sys
2008-08-28 10:04 333,056 —-a-w C:WINDOWSsystem32driverssrv.sys
2008-08-28 10:04 333,056 —-a-w C:WINDOWSsystem32dllcachesrv.sys
2008-08-19 09:30 18,432 —-a-w C:WINDOWSsystem32dllcacheiedw.exe
2008-08-14 13:47 2,138,112 —-a-w C:WINDOWSsystem32ntoskrnl.exe
2008-08-14 13:47 2,017,792 —-a-w C:WINDOWSsystem32ntkrnlpa.exe
2008-08-14 09:51 138,368 —-a-w C:WINDOWSsystem32dllcacheafd.sys
2008-07-29 16:21 218,376 —-a-w C:WINDOWSsystem32klogon.dll
2008-07-19 05:08 719,872 —-a-w C:WINDOWSsystem32devil.dll
2008-07-19 05:08 351,744 —-a-w C:WINDOWSsystem32avisynth.dll
.
Sigcheck
2004-09-17 12:16 503808 a975a70fcefe2a224412214320c89ded C:WINDOWSsystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2004-08-17 15360]
«swg»=»C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-09-29 68856]
«AlcoholAutomount»=»D:Alcohol 120% 1.9.7.6022Alcohol 120axcmd.exe» [2007-12-22 221568][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-09-18 141848]
«HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-09-18 166424]
«Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-09-18 137752]
«V0330Mon.exe»=»C:WINDOWSV0330Mon.exe» [2007-04-30 32768]
«Athan»=»D:AthanAthan.exe» [2006-05-23 974848]
«AVP»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2008-07-29 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
—a
2008-06-12 02:38 34672 C:Program FilesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
—a
2008-09-29 14:32 68856 C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\StormII\Storm.exe»=
«C:\Program Files\StormII\stormliv.exe»=
«D:\ICQ6\ICQ.exe»=
«C:\Program Files\Messenger\msmsgs.exe»=
«D:\uTorrent.exe»=
«C:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«C:\Program Files\Windows Live\Messenger\livecall.exe»=
«D:\SKYPE\Phone\Skype.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;C:WINDOWSsystem32driversklbg.sys [2008-01-29 32784]
R2 ccosm;Contrl Center of Storm Media;C:Program FilesStormIIstormliv.exe [2008-03-11 473184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 V0330VID;WebCam Vista/Live! Cam Chat;C:WINDOWSsystem32DRIVERSV0330Vid.sys [2007-08-08 157696][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f4623ea0-9357-11dd-a8a3-001cbf8ca5a5}]
ShellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
Contents of the ‘Scheduled Tasks’ folder2008-10-19 C:WINDOWSTasksПроверка обновлений для Windows Live Toolbar.job
— C:Program FilesWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20]
.
.
Supplementary Scan
.
FireFox -: Profile — C:Documents and Settings123Application DataMozillaFirefoxProfileslb4yf04o.default
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 01:26:57
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
C:WINDOWSSYSTEM32IGFXSRVC.EXE
C:WINDOWSsystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-20 1:28:42 — machine was rebooted [123]
ComboFix-quarantined-files.txt 2008-10-19 21:28:38Pre-Run: 2,709,258,240 байт свободно
Post-Run: 2,653,159,424 байт свободно195 — E O F — 2008-10-19 05:27:44
