Созданные ответы форума
-
Сообщения
-
Прошу прощения.
ComboFix 09-08-10.06 — Admin 15.08.2009 0:20.3.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.624 [GMT 6:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FILE ::
«c:program filesAdobeadrouter.dll»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesAdobeadrouter.dll
J:Autorun.inf.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.2009-08-13 03:32 . 2009-08-13 03:32
d—h—w- c:windowsPIF
2009-08-10 08:15 . 2009-08-10 08:15
d
w- C:rsit
2009-08-10 07:10 . 2009-08-10 08:15
d
w- c:program filestrend micro
2009-08-04 10:16 . 2009-08-04 10:16
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2009-08-03 10:09 . 2009-08-03 10:09
d
w- c:program filesuTorrent
2009-08-03 10:07 . 2009-08-04 15:17
d
w- c:documents and settingsAdminApplication DatauTorrent.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:02 . 2008-12-19 17:58
d
w- c:program filesAccords Client Retail
2009-08-10 07:05 . 2008-04-15 12:00 85110 —-a-w- c:windowssystem32perfc019.dat
2009-08-10 07:05 . 2008-04-15 12:00 487794 —-a-w- c:windowssystem32perfh019.dat
2009-08-10 06:55 . 2009-01-31 07:26
d
w- c:program filesGoogle
2009-08-04 10:16 . 2009-05-19 14:06
d
w- c:program filesOpera
2009-07-31 18:56 . 2008-12-16 15:05
d
w- c:program filesUPSMON
2009-07-28 17:35 . 2008-12-16 13:10
d
w- c:program filesUnlocker
2009-07-28 16:30 . 2008-12-16 13:13
d
w- c:program filesDownload Master
.
Sigcheck
[-] 2008-06-21 04:49 579072 23B7D3F3F5EC8FEEA75EC381C71CBD5E c:windowssystem32user32.dll[-] 2008-06-21 04:49 952320 61504A92B0FDE8BF5EC7356ED104D78E c:windowssystem32wininet.dll
[-] 2008-06-21 04:45 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windowssystem32driverstcpip.sys
[-] 2008-06-21 04:47 1721344 DBE9BB4018832ED71BC288B2A38F225B c:windowsexplorer.exe
[-] 2008-06-21 04:47 30208 53DB04AA692F9E906E46127AB7E83252 c:windowssystem32ctfmon.exe
[-] 2008-06-21 04:49 80728 D1E6FF38AD08A56D55A422D3D08DF22D c:windowssystem32wuauclt.exe
[-] 2008-06-21 04:47 855040 CA792486C7394AA67230567EE54422D8 c:windowssystem32comres.dll
[-] 2008-06-21 04:50 1571840 8A76B647BF35E4C8230F69FAADABD977 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«LClock»=»c:program filesLClockLClock.exe» [2007-12-14 86016]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-07-08 3777536]
«DAEMON Tools Pro Agent»=»c:program filesDAEMON Tools ProDTProAgent.exe» [2007-09-06 136136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«VolPanel»=»c:program filesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe» [2006-07-28 122880]
«UPSMON»=»c:program filesUPSMONUPSMON.exe» [2004-11-26 429568]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-16 949376]
«mouseElf»=»c:progra~1GENIUS~1GNETMOUS.EXE» [2003-05-13 163840]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-05-12 454656]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-11-03 779776]
«P17Helper»=»SPIRun.dll» — c:windowssystem32SPIRun.dll [2006-07-03 10752]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-12-05 1626112][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2008-06-21 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-06-21 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Nokia Ovi Suite.lnk — c:program filesNokiaOviSuiteRunLauncher.exe [2008-11-28 946176]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [16.12.2008 21:19 15424]
R3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [16.12.2008 20:54 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [16.12.2008 20:54 643200]
R3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [16.12.2008 20:54 103366]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1AdminLOCALS~1TempDJT199.tmp —> c:docume~1AdminLOCALS~1TempDJT199.tmp [?]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
TCP: {007C8006-D8D7-422F-BAB4-686569179E38} = 217.20.80.40 212.96.192.1
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 00:28
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1AdminLOCALS~1TempDJT199.tmp»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(820)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(876)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2900)
c:program filesAd MuncherAM28140.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:progra~1GENIUS~1WhoRU.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:program filesLClockLC.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Other Running Processes
.
c:windowssystem32CTSVCCDA.EXE
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesEsetnod32krn.exe
c:windowssystem32nvsvc32.exe
c:program filesUPSMONUPSMON_Service.exe
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
.
**************************************************************************
.
Completion time: 2009-08-14 0:32 — machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 18:32
ComboFix2.txt 2009-08-14 03:55
ComboFix3.txt 2009-08-10 06:58Pre-Run: 1 069 330 432 байт свободно
Post-Run: 1 032 900 608 байт свободно168
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
TCP: {007C8006-D8D7-422F-BAB4-686569179E38} = 217.20.80.40 212.96.192.1
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 00:28
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1AdminLOCALS~1TempDJT199.tmp»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(820)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(876)
c:windowssystem32SETUPAPI.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2900)
c:program filesAd MuncherAM28140.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:progra~1GENIUS~1WhoRU.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:program filesLClockLC.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Other Running Processes
.
c:windowssystem32CTSVCCDA.EXE
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesEsetnod32krn.exe
c:windowssystem32nvsvc32.exe
c:program filesUPSMONUPSMON_Service.exe
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
.
**************************************************************************
.
Completion time: 2009-08-14 0:32 — machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 18:32
ComboFix2.txt 2009-08-14 03:55
ComboFix3.txt 2009-08-10 06:58Pre-Run: 1 069 330 432 байт свободно
Post-Run: 1 032 900 608 байт свободно168
Вроде бы прекратилось. Только не сглазить. Спасибо вам, мастера. За сайт и квалифицированную помощь. Только 1 вопрос. Как удалить программу — RSIT?
К сожалению, банеры остались.
ComboFix 09-08-10.06 — Admin 14.08.2009 9:49.2.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.650 [GMT 6:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.2009-08-13 03:32 . 2009-08-13 03:32
d—h—w- c:windowsPIF
2009-08-10 08:15 . 2009-08-10 08:15
d
w- C:rsit
2009-08-10 07:10 . 2009-08-10 08:15
d
w- c:program filestrend micro
2009-08-04 10:16 . 2009-08-04 10:16
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2009-08-03 10:09 . 2009-08-03 10:09
d
w- c:program filesuTorrent
2009-08-03 10:07 . 2009-08-04 15:17
d
w- c:documents and settingsAdminApplication DatauTorrent.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:02 . 2008-12-19 17:58
d
w- c:program filesAccords Client Retail
2009-08-10 07:05 . 2008-04-15 12:00 85110 —-a-w- c:windowssystem32perfc019.dat
2009-08-10 07:05 . 2008-04-15 12:00 487794 —-a-w- c:windowssystem32perfh019.dat
2009-08-10 06:55 . 2009-01-31 07:26
d
w- c:program filesGoogle
2009-08-04 10:16 . 2009-05-19 14:06
d
w- c:program filesOpera
2009-07-31 18:56 . 2008-12-16 15:05
d
w- c:program filesUPSMON
2009-07-28 17:35 . 2008-12-16 13:10
d
w- c:program filesUnlocker
2009-07-28 16:30 . 2008-12-16 13:13
d
w- c:program filesDownload Master
.
Sigcheck
[-] 2008-06-21 04:49 579072 23B7D3F3F5EC8FEEA75EC381C71CBD5E c:windowssystem32user32.dll[-] 2008-06-21 04:49 952320 61504A92B0FDE8BF5EC7356ED104D78E c:windowssystem32wininet.dll
[-] 2008-06-21 04:45 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windowssystem32driverstcpip.sys
[-] 2008-06-21 04:47 1721344 DBE9BB4018832ED71BC288B2A38F225B c:windowsexplorer.exe
[-] 2008-06-21 04:47 30208 53DB04AA692F9E906E46127AB7E83252 c:windowssystem32ctfmon.exe
[-] 2008-06-21 04:49 80728 D1E6FF38AD08A56D55A422D3D08DF22D c:windowssystem32wuauclt.exe
[-] 2008-06-21 04:47 855040 CA792486C7394AA67230567EE54422D8 c:windowssystem32comres.dll
[-] 2008-06-21 04:50 1571840 8A76B647BF35E4C8230F69FAADABD977 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdRouter]
@=»{E2085722-3AC0-4411-A14B-906AFE1A75C4}»
[HKEY_CLASSES_ROOTCLSID{E2085722-3AC0-4411-A14B-906AFE1A75C4}]
2009-08-03 10:24 98304 —-a-w- c:program filesAdobeadrouter.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«LClock»=»c:program filesLClockLClock.exe» [2007-12-14 86016]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-07-08 3777536]
«DAEMON Tools Pro Agent»=»c:program filesDAEMON Tools ProDTProAgent.exe» [2007-09-06 136136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«VolPanel»=»c:program filesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe» [2006-07-28 122880]
«UPSMON»=»c:program filesUPSMONUPSMON.exe» [2004-11-26 429568]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-16 949376]
«mouseElf»=»c:progra~1GENIUS~1GNETMOUS.EXE» [2003-05-13 163840]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-05-12 454656]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-11-03 779776]
«P17Helper»=»SPIRun.dll» — c:windowssystem32SPIRun.dll [2006-07-03 10752]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-12-05 1626112][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2008-06-21 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-06-21 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Nokia Ovi Suite.lnk — c:program filesNokiaOviSuiteRunLauncher.exe [2008-11-28 946176]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [16.12.2008 21:19 15424]
R3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [16.12.2008 20:54 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [16.12.2008 20:54 643200]
R3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [16.12.2008 20:54 103366]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1AdminLOCALS~1TempDJT199.tmp —> c:docume~1AdminLOCALS~1TempDJT199.tmp [?]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
TCP: {007C8006-D8D7-422F-BAB4-686569179E38} = 217.20.80.40 212.96.192.1
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 09:52
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1AdminLOCALS~1TempDJT199.tmp»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1801674531-2000478354-1606980848-500SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{7CC4705F-4FBF-DD7D-7F16-5C665865A813}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
«jaepaaneaapbiiiaadfg»=hex:62,61,61,66,00,f8
«jaepaaneaapbiiiaadbg»=hex:62,61,61,66,00,f8
«iaemmfgooejfoiipad»=hex:6b,61,62,66,69,6b,6d,6f,68,6f,66,70,66,61,69,6c,66,6a,
67,6a,6c,66,00,00
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(868)
c:windowssystem32setupapi.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2376)
c:program filesAd MuncherAM28140.dll
c:windowssystem32COMRes.dll
c:program filesAdobeadrouter.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:progra~1GENIUS~1WhoRU.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:program filesLClockLC.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
c:windowssystem32msls31.dll
.
Completion time: 2009-08-14 9:55
ComboFix-quarantined-files.txt 2009-08-14 03:55
ComboFix2.txt 2009-08-10 06:58Pre-Run: 1 106 849 792 байт свободно
Post-Run: 1 069 682 688 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /fastdetect171
