Созданные ответы форума
-
Сообщения
-
помогло, баннера нет, спасибо, надо ли что-то еще сделать?
ComboFix 08-12-28.04 — StreletsCom 2008-12-30 22:16:34.3 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.758.402 [GMT 3:00]
Running from: c:documents and settingsStreletsComРабочий столComboFix.exe
Command switches used :: c:documents and settingsStreletsComРабочий столCFScript
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
* Created a new restore pointFILE ::
c:windowssystem32lvelib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsStreletsComLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowssystem32lvelib.dll.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.2008-12-17 21:59 . 2008-12-17 21:59
d
c:program filesLizardTech
2008-11-21 22:22 . 2008-11-21 22:22d
c:program filesCommon FilesLenovo
2008-11-14 20:43 . 2008-09-04 20:17 1,106,944
c:windowssystem32dllcachemsxml3.dll
2008-11-14 20:37 . 2008-10-24 14:21 455,296
c:windowssystem32dllcachemrxsmb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 19:24
d
w c:documents and settingsStreletsComApplication DataSkype
2008-12-30 17:24
d
w c:documents and settingsStreletsComApplication DataskypePM
2008-12-29 19:28
d
w c:program filesWinamp
2008-12-29 19:12
d
w c:program filesQIP
2008-12-28 07:59
d—h—w c:program filesInstallShield Installation Information
2008-12-28 07:59
d
w c:documents and settingsStreletsComApplication Datablaxxun interactive
2008-11-21 19:22
d
w c:program filesLenovo
2008-09-14 08:21 18,312 —-a-w c:documents and settingsStreletsComApplication DataGDIPFONTCACHEV1.DAT
2007-05-06 20:04 92,064 —-a-w c:documents and settingsStreletsCommqdmmdm.sys
2007-05-06 20:04 9,232 —-a-w c:documents and settingsStreletsCommqdmmdfl.sys
2007-05-06 20:04 79,328 —-a-w c:documents and settingsStreletsCommqdmserd.sys
2007-05-06 20:04 66,656 —-a-w c:documents and settingsStreletsCommqdmbus.sys
2007-05-06 20:04 6,208 —-a-w c:documents and settingsStreletsCommqdmcmnt.sys
2007-05-06 20:04 5,936 —-a-w c:documents and settingsStreletsCommqdmwhnt.sys
2007-05-06 20:04 4,048 —-a-w c:documents and settingsStreletsCommqdmcr.sys
2007-05-06 20:04 25,600 —-a-w c:documents and settingsStreletsComusbsermptxp.sys
2007-05-06 20:04 22,768 —-a-w c:documents and settingsStreletsComusbsermpt.sys
2006-04-08 09:37 2,828 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((( snapshot@2008-12-28_11.46.36.91 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-03-31 13:10:04 23,720 —-a-w c:windowssystem32driversibmpmdrv.sys
+ 2008-08-08 12:36:26 23,720 —-a-w c:windowssystem32driversibmpmdrv.sys
— 2008-03-31 13:10:40 36,640 —-a-w c:windowssystem32ibmpmsvc.exe
+ 2008-08-08 12:37:04 41,248 —-a-w c:windowssystem32ibmpmsvc.exe
+ 2008-03-31 13:10:04 23,720 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86ibmpmdrv.sys
+ 2008-03-31 13:10:40 36,640 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86ibmpmsvc.exe
+ 2008-03-31 13:10:46 35,104 —-a-w c:windowssystem32ReinstallBackups0016DriverFilesx86tpinspm.dll
— 2008-03-31 13:10:46 35,104 —-a-w c:windowssystem32tpinspm.dll
+ 2008-08-08 12:37:08 35,104 —-a-w c:windowssystem32tpinspm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Beeline GPRS Explorer»=»c:program filesBeelineGPRS Explorergprsexpl.exe» [2006-07-25 753512]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TrackPointSrv»=»c:program filesLenovoTrackPointtp4serv.exe» [2008-03-04 92960]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2004-07-30 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2004-07-30 118784]
«TPKMAPHELPER»=»c:program filesThinkPadUtilitiesTpKmapAp.exe» [2007-01-09 868352]
«EZEJMNAP»=»c:progra~1ThinkPadUTILIT~1EzEjMnAp.Exe» [2008-06-05 242976]
«IBMPRC»=»c:ibmtoolsUTILSibmprc.exe» [2004-03-19 90112]
«BMMGAG»=»c:progra~1ThinkPadUTILIT~1pwrmonit.dll» [2004-07-29 110592]
«BMMLREF»=»c:program filesThinkPadUtilitiesBMMLREF.EXE» [2004-07-29 20480]
«BMMMONWND»=»c:progra~1ThinkPadUTILIT~1BatInfEx.dll» [2004-07-29 395776]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«LingvoTraining»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» [2004-10-09 1159168]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2004-06-16 110592]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2004-06-16 512000]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2005-10-06 122940]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«ACWLIcon»=»c:program filesThinkPadConnectUtilitiesACWLIcon.exe» [2008-08-15 143360]
«TPHOTKEY»=»c:progra~1LenovoPkgMgrHOTKEYTPHKMGR.exe» [2006-10-02 94208]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-08-02 266497]
«LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [2008-08-14 565008]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-08-14 2407184]
«TVT Scheduler Proxy»=»c:program filesCommon FilesLenovoSchedulerscheduler_proxy.exe» [2008-03-04 487424]
«S3TRAY2″=»S3Tray2.exe» [2001-10-12 c:windowssystem32S3Tray2.exe]
«TP4EX»=»tp4ex.exe» [2005-10-17 c:windowssystem32TP4EX.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 581693]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-02-28 45056][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
2008-08-15 20:37 32768 c:program filesThinkPadConnectUtilitiesACNotify.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytpfnf2]
2005-07-05 23:45 28672 c:windowssystem32notifyf2.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
2005-11-30 20:16 24576 c:windowssystem32tphklock.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.imc»= imc32.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli pwdmon ACGina[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%ProgramFiles%\IBM\Updater\jre\bin\java.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\ICQ\Icq.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\wuauclt1.exe»=
«c:\WINDOWS\system32\wupdmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Motorola\Software Update\msu.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Games\WORMS2\START.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\StarDC++\StarDC++.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 ANC;ANC;c:windowssystem32driversANC.SYS [2007-12-03 11520]
R1 IBMTPCHK;IBMTPCHK;??c:windowssystem32DriversIBMBLDID.sys [2007-12-03 4224]
R1 TPPWR;TPPWR;c:windowssystem32driversTppwr.sys [2005-07-05 16384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2007-11-12 20:50:40 13560]
R2 ibmfilter;ibmfilter;??c:windowssystem32driversibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:windowssystem32DRIVERStp4track.sys [1980-01-01 22568]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2007-09-01 17920]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2007-09-01 7680]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32DRIVERSmotodrv.sys [2007-09-01 42112]
S3 WSIMD;wsimd Service;c:windowssystem32DRIVERSwsimd.sys [2007-02-27 54432][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{13335ce0-7483-11da-b064-000ae4344e64}]
ShellAutoRuncommand — E:
.
Contents of the ‘Scheduled Tasks’ folder2006-05-04 c:windowsTasksBMMTask.job
— c:progra~1ThinkPadUTILIT~1BMMTASK.EXE [2004-07-29 12:37]2005-11-24 c:windowsTasksНапоминание о регистрации 1.job
— c:windowssystem32OOBEoobebaln.exe [2008-04-14 19:11]
.
— — — — ORPHANS REMOVED — — — —BHO-{DA12E469-0694-4A98-859A-723964A5BECD} — c:windowssystem32lvelib.dll
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
FF — ProfilePath — c:documents and settingsStreletsComApplication DataMozillaFirefoxProfilesqe61flcd.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:22:48
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:program filesThinkPadConnectUtilitiesACNotify.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:windowssystem32tphklock.dll— — — — — — — > ‘lsass.exe'(868)
c:program filesThinkPadConnectUtilitiesACGina.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACON.dll
c:program filesThinkPadConnectUtilitiesAcPrfMgr.dll
c:program filesThinkPadConnectUtilitiesAcCryptHlpr.dll
c:program filesThinkPadConnectUtilitiesACTurinSupport.dll
c:program filesThinkPadConnectUtilitiesAcSmBiosHelper.dll
c:program filesThinkPadConnectUtilitiesAcAdaptersInfo.dll
.
Other Running Processes
.
c:windowssystem32ibmpmsvc.exe
c:windowssystem32S24EvMon.exe
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
c:windowssystem32acs.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:program filesWIDCOMMc:program filesIntelWirelessBinEvtEng.exe
c:program filesIBMIBM Rapid Restore Ultrarrpcsb.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:windowssystem32RegSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
c:windowssystem32TpKmpSvc.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLenovoSchedulertvtsched.exe
c:windowssystem32searchindexer.exe
c:program filesThinkPadUtilitiesEZEJMNAP.EXE
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesThinkPadConnectUtilitiesAcSvc.exe
c:program filesLenovoPkgMgrHOTKEYTPHKMGR.exe
c:program filesLenovoPkgMgrHOTKEY_1TpScrex.exe
c:program filesLenovoPkgMgrHOTKEYTPONSCR.exe
c:program filesLenovoSystem UpdateSUService.exe
c:program filesWIDCOMMc:program filesCommon FilesSymantec SharedSecurity Centersymwsc.exe
c:program filesThinkPadConnectUtilitiesSvcGuiHlpr.exe
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-30 22:26:59 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 19:26:55
ComboFix2.txt 2008-12-29 18:58:46
ComboFix3.txt 2008-12-28 08:47:20Pre-Run: 17 575 825 408 байт свободно
Post-Run: 17,513,930,752 байт свободно265 — E O F — 2008-12-22 20:21:29
кстати еще один момент, если запускать IE без надстроект, то это баннера нет.. может как-то поможет.
Спасибо за ответ. Сделал как описали выше, но баннер на месте.. вот лог:
ComboFix 08-12-28.04 — StreletsCom 2008-12-29 21:47:27.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.758.403 [GMT 3:00]
Running from: c:documents and settingsStreletsComРабочий столУдаление всплывающих окон, системные файлыComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsStreletsComLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsStreletsComLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.2008-12-17 21:59 . 2008-12-17 21:59
d
c:program filesLizardTech.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 18:56
d
w c:documents and settingsStreletsComApplication DataSkype
2008-12-29 18:37
d
w c:documents and settingsStreletsComApplication DataskypePM
2008-12-28 07:59
d—h—w c:program filesInstallShield Installation Information
2008-12-28 07:59
d
w c:documents and settingsStreletsComApplication Datablaxxun interactive
2008-12-13 06:39 3,593,216 —-a-w c:windowssystem32dllcachemshtml.dll
2008-11-21 19:22
d
w c:program filesLenovo
2008-11-21 19:22
d
w c:program filesCommon FilesLenovo
2008-11-11 18:59 328,704 —-a-w c:windowssystem32lvelib.dll
2008-10-24 11:21 455,296
w c:windowssystem32dllcachemrxsmb.sys
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-23 12:42 286,720
w c:windowssystem32dllcachegdi32.dll
2008-10-16 13:16 70,656
w c:windowssystem32dllcacheie4uinit.exe
2008-10-16 13:11 13,824
w c:windowssystem32dllcacheieudinit.exe
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 202,776 —-a-w c:windowssystem32dllcachewuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32dllcachewuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32dllcachewuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32dllcachewucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32dllcachecdm.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 51,224 —-a-w c:windowssystem32dllcachewuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32dllcachewups.dll
2008-10-15 16:37 337,408
w c:windowssystem32dllcachenetapi32.dll
2008-10-15 07:06 633,632
w c:windowssystem32dllcacheiexplore.exe
2008-10-15 07:04 161,792
w c:windowssystem32dllcacheieakui.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-10-03 10:04 247,326
w c:windowssystem32dllcachestrmdll.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-14 08:21 18,312 —-a-w c:documents and settingsStreletsComApplication DataGDIPFONTCACHEV1.DAT
2007-05-06 20:04 92,064 —-a-w c:documents and settingsStreletsCommqdmmdm.sys
2007-05-06 20:04 9,232 —-a-w c:documents and settingsStreletsCommqdmmdfl.sys
2007-05-06 20:04 79,328 —-a-w c:documents and settingsStreletsCommqdmserd.sys
2007-05-06 20:04 66,656 —-a-w c:documents and settingsStreletsCommqdmbus.sys
2007-05-06 20:04 6,208 —-a-w c:documents and settingsStreletsCommqdmcmnt.sys
2007-05-06 20:04 5,936 —-a-w c:documents and settingsStreletsCommqdmwhnt.sys
2007-05-06 20:04 4,048 —-a-w c:documents and settingsStreletsCommqdmcr.sys
2007-05-06 20:04 25,600 —-a-w c:documents and settingsStreletsComusbsermptxp.sys
2007-05-06 20:04 22,768 —-a-w c:documents and settingsStreletsComusbsermpt.sys
2006-04-08 09:37 2,828 —sha-w c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{DA12E469-0694-4A98-859A-723964A5BECD}]
2008-11-11 21:59 328704 —a
c:windowssystem32lvelib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Beeline GPRS Explorer»=»c:program filesBeelineGPRS Explorergprsexpl.exe» [2006-07-25 753512]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TrackPointSrv»=»c:program filesLenovoTrackPointtp4serv.exe» [2008-03-04 92960]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2004-07-30 155648]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2004-07-30 118784]
«TPKMAPHELPER»=»c:program filesThinkPadUtilitiesTpKmapAp.exe» [2007-01-09 868352]
«EZEJMNAP»=»c:progra~1ThinkPadUTILIT~1EzEjMnAp.Exe» [2008-06-05 242976]
«IBMPRC»=»c:ibmtoolsUTILSibmprc.exe» [2004-03-19 90112]
«BMMGAG»=»c:progra~1ThinkPadUTILIT~1pwrmonit.dll» [2004-07-29 110592]
«BMMLREF»=»c:program filesThinkPadUtilitiesBMMLREF.EXE» [2004-07-29 20480]
«BMMMONWND»=»c:progra~1ThinkPadUTILIT~1BatInfEx.dll» [2004-07-29 395776]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«LingvoTraining»=»c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» [2004-10-09 1159168]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2004-06-16 110592]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2004-06-16 512000]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2005-10-06 122940]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«ACWLIcon»=»c:program filesThinkPadConnectUtilitiesACWLIcon.exe» [2008-08-15 143360]
«TPHOTKEY»=»c:progra~1LenovoPkgMgrHOTKEYTPHKMGR.exe» [2006-10-02 94208]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-08-02 266497]
«LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [2008-08-14 565008]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-08-14 2407184]
«TVT Scheduler Proxy»=»c:program filesCommon FilesLenovoSchedulerscheduler_proxy.exe» [2008-03-04 487424]
«S3TRAY2″=»S3Tray2.exe» [2001-10-12 c:windowssystem32S3Tray2.exe]
«TP4EX»=»tp4ex.exe» [2005-10-17 c:windowssystem32TP4EX.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsStreletsComѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-11-26 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 581693]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-02-28 45056][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
2008-08-15 20:37 32768 c:program filesThinkPadConnectUtilitiesACNotify.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytpfnf2]
2005-07-05 23:45 28672 c:windowssystem32notifyf2.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
2005-11-30 20:16 24576 c:windowssystem32tphklock.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.imc»= imc32.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli pwdmon ACGina[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%ProgramFiles%\IBM\Updater\jre\bin\java.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\ICQ\Icq.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\wuauclt1.exe»=
«c:\WINDOWS\system32\wupdmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Motorola\Software Update\msu.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Games\WORMS2\START.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\StarDC++\StarDC++.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 ANC;ANC;c:windowssystem32driversANC.SYS [2007-12-03 11520]
R1 IBMTPCHK;IBMTPCHK;??c:windowssystem32DriversIBMBLDID.sys [2007-12-03 4224]
R1 TPPWR;TPPWR;c:windowssystem32driversTppwr.sys [2005-07-05 16384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2007-11-12 20:50:40 13560]
R2 ibmfilter;ibmfilter;??c:windowssystem32driversibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:windowssystem32DRIVERStp4track.sys [1980-01-01 22568]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2007-09-01 17920]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2007-09-01 7680]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32DRIVERSmotodrv.sys [2007-09-01 42112]
S3 WSIMD;wsimd Service;c:windowssystem32DRIVERSwsimd.sys [2007-02-27 54432][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{13335ce0-7483-11da-b064-000ae4344e64}]
ShellAutoRuncommand — E:
.
Contents of the ‘Scheduled Tasks’ folder2006-05-04 c:windowsTasksBMMTask.job
— c:progra~1ThinkPadUTILIT~1BMMTASK.EXE [2004-07-29 12:37]2005-11-24 c:windowsTasksНапоминание о регистрации 1.job
— c:windowssystem32OOBEoobebaln.exe [2008-04-14 19:11]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
FF — ProfilePath — c:documents and settingsStreletsComApplication DataMozillaFirefoxProfilesqe61flcd.default
FF — prefs.js: browser.startup.homepage — about:blank
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 21:53:57
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:program filesThinkPadConnectUtilitiesACNotify.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:windowssystem32tphklock.dll— — — — — — — > ‘lsass.exe'(868)
c:program filesThinkPadConnectUtilitiesACGina.dll
c:program filesThinkPadConnectUtilitiesACHelper.dll
c:program filesThinkPadConnectUtilitiesAcSvcStub.dll
c:program filesThinkPadConnectUtilitiesAcLocSettings.dll
c:program filesThinkPadConnectUtilitiesACON.dll
c:program filesThinkPadConnectUtilitiesAcPrfMgr.dll
c:program filesThinkPadConnectUtilitiesAcCryptHlpr.dll
c:program filesThinkPadConnectUtilitiesACTurinSupport.dll
c:program filesThinkPadConnectUtilitiesAcSmBiosHelper.dll
c:program filesThinkPadConnectUtilitiesAcAdaptersInfo.dll
.
Other Running Processes
.
c:windowssystem32ibmpmsvc.exe
c:windowssystem32S24EvMon.exe
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
c:windowssystem32acs.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:program filesWIDCOMMc:program filesIntelWirelessBinEvtEng.exe
c:program filesIBMIBM Rapid Restore Ultrarrpcsb.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:windowssystem32RegSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
c:windowssystem32TpKmpSvc.exe
c:program filesCommon FilesLenovoSchedulertvtsched.exe
c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
c:windowssystem32searchindexer.exe
c:program filesThinkPadConnectUtilitiesAcSvc.exe
c:program filesLenovoSystem UpdateSUService.exe
c:program filesCommon FilesSymantec SharedSecurity Centersymwsc.exe
c:program filesThinkPadUtilitiesEZEJMNAP.EXE
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:program filesLenovoPkgMgrHOTKEYTPHKMGR.exe
c:program filesLenovoPkgMgrHOTKEY_1TpScrex.exe
c:program filesLenovoPkgMgrHOTKEYTPONSCR.exe
c:program filesWIDCOMMc:program filesDigital Line DetectDLG.exe
c:program filesThinkPadConnectUtilitiesSvcGuiHlpr.exe
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-29 21:58:44 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 18:58:39
ComboFix2.txt 2008-12-28 08:47:20Pre-Run: 1 108 475 904 байт свободно
Post-Run: 1,047,359,488 байт свободно273 — E O F — 2008-12-22 20:21:29
