Созданные ответы форума
-
Сообщения
-
Все сделала результата высылаю!!
ComboFix 09-11-20.02 — тимон 21.11.2009 10:32.1.4 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.3327.2754 [GMT 6:00]
Running from: c:documents and settingsтимонРабочий столComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:windowsALCMTR.EXE
c:windowssystem32driverspciide.sys
c:windowssystem32ieuinit.inf
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ASC3360PR
Service_asc3360pr((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.2009-11-20 15:01 . 2009-11-20 15:01
d
w- c:documents and settingsAll UsersApplication DataFreshGames
2009-11-20 14:59 . 2009-11-20 14:59
d
w- C:Games
2009-11-20 12:32 . 2009-11-20 12:34 5867704 —-a-w- c:documents and settingsтимонApplication DataOperaOperaprofilecache4temporary_downloadmagentsetup.exe
2009-11-20 11:47 . 2009-01-23 10:22 2929528 —-a-w- c:documents and settingsтимонApplication DataSimply Super SoftwareTrojan Removerlrg53.exe
2009-11-19 18:02 . 2009-11-19 18:02
d—h—w- c:windowsPIF
2009-11-19 18:02 . 2009-11-19 18:02
d
w- c:documents and settingsтимонApplication DataApple Computer
2009-11-19 17:57 . 2009-11-19 18:01
d
w- c:documents and settingsтимонApplication DataTeleca
2009-11-19 17:55 . 2009-11-19 17:55 2252 —-a-w- c:documents and settingsтимонApplication DataSimply Super SoftwareTrojan RemoverCLEANUP.BAT
2009-11-19 17:55 . 2009-01-23 10:22 2929528 —-a-w- c:documents and settingsтимонApplication DataSimply Super SoftwareTrojan Removerikv385.exe
2009-11-19 17:49 . 2009-11-19 17:57
dc—-w- c:windowssystem32DRVSTORE
2009-11-19 17:49 . 2009-11-19 17:49
d
w- c:documents and settingsтимонLocal SettingsApplication DataSony Ericsson
2009-11-19 17:48 . 2009-11-19 17:48
d
w- c:documents and settingsтимонApplication DataSony Ericsson
2009-11-19 17:48 . 2009-11-19 17:48
d
w- c:program filesCommon FilesSony Ericsson Shared
2009-11-19 17:48 . 2009-11-19 17:49
d
w- c:program filesCommon FilesTeleca Shared
2009-11-19 17:48 . 2009-11-19 17:48
d
w- c:program filesSony Ericsson
2009-11-19 17:46 . 2009-11-19 17:48
d
w- c:documents and settingsAll UsersApplication DataTeleca
2009-11-19 17:46 . 2009-11-19 17:48
d
w- c:documents and settingsAll UsersApplication DataSony Ericsson
2009-11-19 17:40 . 2009-11-19 17:40
d
w- c:documents and settingsтимонLocal SettingsApplication DataApple Computer
2009-11-19 17:33 . 2009-11-19 17:34
d
w- c:program filesQuickTime
2009-11-19 17:33 . 2009-11-19 17:33
d
w- c:program filesApple Software Update
2009-11-19 17:32 . 2009-11-19 17:33
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2009-11-19 17:27 . 2007-06-19 07:51 21928 —-a-r- c:windowssystem32driverss816nd5.sys
2009-11-19 17:27 . 2007-06-19 07:51 97704 —-a-r- c:windowssystem32driverss816unic.sys
2009-11-19 17:27 . 2007-06-19 07:51 9768 —-a-r- c:windowssystem32driverss816cr.sys
2009-11-19 17:26 . 2007-06-19 07:51 99112 —-a-r- c:windowssystem32driverss816mgmt.sys
2009-11-19 17:26 . 2007-06-19 07:51 97320 —-a-r- c:windowssystem32driverss816obex.sys
2009-11-19 17:25 . 2007-06-19 07:51 107304 —-a-r- c:windowssystem32driverss816mdm.sys
2009-11-19 17:25 . 2007-06-19 07:51 13864 —-a-r- c:windowssystem32driverss816mdfl.sys
2009-11-19 17:25 . 2007-06-19 07:51 11176 —-a-r- c:windowssystem32driverss816cmnt.sys
2009-11-19 17:25 . 2007-06-19 07:51 11176 —-a-r- c:windowssystem32driverss816cm.sys
2009-11-19 17:25 . 2007-06-19 07:51 11176 —-a-r- c:windowssystem32driverss816whnt.sys
2009-11-19 17:25 . 2007-06-19 07:51 11176 —-a-r- c:windowssystem32driverss816wh.sys
2009-11-19 17:25 . 2007-06-19 07:51 81832 —-a-r- c:windowssystem32driverss816bus.sys
2009-11-19 12:21 . 2009-11-19 12:21
d
w- c:documents and settingsAll UsersApplication DataEgoset
2009-11-19 06:07 . 2009-11-19 06:07
d
w- c:documents and settingsAll UsersApplication DataArise
2009-11-19 05:11 . 2009-11-19 05:11
d
w- C:skin
2009-11-19 05:11 . 2009-11-19 05:11
d
w- C:graphics
2009-11-19 05:04 . 2009-11-19 05:04
d
w- c:documents and settingsтимонApplication DataMalwarebytes
2009-11-19 05:04 . 2009-09-10 08:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-11-19 05:04 . 2009-11-19 05:04
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-11-19 05:04 . 2009-11-19 05:04
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-19 05:04 . 2009-09-10 08:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-11-19 04:44 . 2009-11-20 11:14
d
w- c:program filestrend micro
2009-11-19 04:44 . 2009-11-19 04:45
d
w- C:rsit
2009-11-19 04:15 . 2009-11-19 04:21
d
w- c:documents and settingsтимонDoctorWeb
2009-11-19 04:12 . 2008-12-01 11:10 98168 —-a-w- c:windowssystem32driversdwprot.sys
2009-11-19 04:12 . 2009-11-19 04:12
d
w- c:program filesCommon FilesDoctor Web
2009-11-19 04:12 . 2009-11-19 04:15
d
w- c:program filesDrWeb
2009-11-19 04:12 . 2009-11-19 04:12
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-11-19 03:55 . 2008-04-15 12:00 229439 -c—a-w- c:windowssystem32dllcachemultibox.dll
2009-11-19 03:54 . 2008-04-15 12:00 218112 -c—a-w- c:windowssystem32dllcachec_g18030.dll
2009-11-19 03:44 . 2008-04-15 12:00 24661 -c—a-w- c:windowssystem32dllcachespxcoins.dll
2009-11-19 03:44 . 2008-04-15 12:00 24661 —-a-w- c:windowssystem32spxcoins.dll
2009-11-19 03:44 . 2008-04-15 12:00 13312 -c—a-w- c:windowssystem32dllcacheirclass.dll
2009-11-19 03:44 . 2008-04-15 12:00 13312 —-a-w- c:windowssystem32irclass.dll
2009-11-18 19:34 . 2005-02-25 03:36 22752 —-a-w- c:windowssystem32spupdsvc.exe
2009-11-18 19:34 . 2009-11-19 03:13
d—h—w- c:windows$hf_mig$
2009-11-18 19:33 . 2009-11-18 19:33
d
w- c:program filesEffective Studios
2009-11-18 19:32 . 2009-11-18 19:32
d
w- c:windowsDownloaded Installations.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 04:36 . 2009-11-18 13:48
d
w- c:documents and settingsтимонApplication DatauTorrent
2009-11-21 04:07 . 2009-11-18 14:06
d
w- c:documents and settingsтимонApplication DataMra
2009-11-20 12:34 . 2009-11-18 14:06
d
w- c:program filesMail.Ru
2009-11-20 11:47 . 2009-11-18 14:27
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-11-19 17:40 . 2008-04-15 12:00 70134 —-a-w- c:windowssystem32perfc019.dat
2009-11-19 17:40 . 2008-04-15 12:00 432488 —-a-w- c:windowssystem32perfh019.dat
2009-11-19 04:50 . 2009-11-18 14:58
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-11-19 04:15 . 2009-11-18 11:04 12328 —-a-w- c:documents and settingsтимонLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-11-19 03:52 . 2009-11-18 10:23 23820 —-a-w- c:windowssystem32emptyregdb.dat
2009-11-18 15:02 . 2009-11-18 15:02
d
w- c:program filesOpera 10.10 Beta
2009-11-18 13:52 . 2009-11-18 13:52
d
w- c:documents and settingsтимонApplication DataYandex
2009-11-18 13:52 . 2009-11-18 13:52
d
w- c:program filesYandex
2009-11-18 13:52 . 2009-11-18 13:52
d
w- c:program filesuTorrent
2009-11-18 12:36 . 2009-11-18 12:36
d—h—w- c:program filesInstallShield Installation Information
2009-11-18 12:36 . 2009-11-18 12:36
d
w- c:program filesRealtek
2009-11-18 12:36 . 2009-11-18 12:36 315392 —-a-w- c:windowsHideWin.exe
2009-11-18 12:36 . 2009-11-18 10:33
d
w- c:program filesCommon FilesInstallShield
2009-11-18 12:16 . 2009-11-18 12:14
d
w- c:program filesTrojan Remover
2009-11-18 12:14 . 2009-11-18 12:14
d
w- c:documents and settingsтимонApplication DataSimply Super Software
2009-11-18 12:14 . 2009-11-18 12:14
d
w- c:documents and settingsAll UsersApplication DataSimply Super Software
2009-11-18 12:12 . 2009-11-18 11:37
d
w- c:documents and settingsтимонApplication DataWinamp
2009-11-18 12:09 . 2009-11-18 11:37
d
w- c:program filesWinamp
2009-11-18 11:46 . 2009-11-18 11:46
d
w- c:program filesNeroInstall.bak
2009-11-18 11:45 . 2009-11-18 11:45
d
w- c:documents and settingsтимонApplication DataNero
2009-11-18 11:43 . 2009-11-18 11:42
d
w- c:program filesCommon FilesNero
2009-11-18 11:42 . 2009-11-18 11:42
d
w- c:documents and settingsAll UsersApplication DataNero
2009-11-18 11:42 . 2009-11-18 11:42
d
w- c:program filesNero
2009-11-18 11:38 . 2009-11-18 11:38
d
w- c:program filesAskTBar
2009-11-18 11:02 . 2009-11-18 11:02
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-18 11:02 . 2009-11-18 10:56
d
w- c:program filesOpera
2009-11-18 10:56 . 2009-11-18 10:56 131072 —-a-r- c:documents and settingsтимонApplication DataMicrosoftInstaller{6C84349A-70B1-4BA4-9776-9DE24CA9EEB6}ARPPRODUCTICON.exe
2009-11-18 10:39 . 2009-11-18 10:26 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-11-18 10:38 . 2009-11-18 10:38 664 —-a-w- c:windowssystem32d3d9caps.dat
2009-11-18 10:35 . 2009-11-18 10:35
d
w- c:program filesAGEIA Technologies
2009-11-18 10:35 . 2009-11-18 10:35
d
w- c:program filesCommon FilesWise Installation Wizard
2009-11-18 10:33 . 2009-11-18 10:33
d
w- c:program filesMarvell
2009-11-18 10:33 . 2009-11-18 10:33
d
w- c:documents and settingsтимонApplication DataTMP
2009-11-18 10:27 . 2009-11-18 10:27
d
w- c:program filesmicrosoft frontpage
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{9CB65206-89C4-402c-BA80-02D8C59F9B1D}»= «c:program filesAskTBarSrchAstt1.binA5SRCHAS.DLL» [2009-11-18 57344][HKEY_CLASSES_ROOTclsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-02-28 1828136]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-11-18 289584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-25 13680640]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-02-28 648488]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-02-18 2295080]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-03-27 105984]
«TrojanScanner»=»c:program filesTrojan RemoverTrjscan.exe» [2009-01-01 1231752]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-25 86016]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [2008-12-17 697584]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2008-12-12 627952]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [2008-12-09 197896]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1381712]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-02-16 360448]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-06-13 528384]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-11-20 7975608]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-12-25 1727008]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2007-06-13 16377344][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«d:\Драйвера\Acer Drivers\!!!!!!!!!!!!!!!!!!LAN_Driver_Marvel_Ver.10.22.7.3\SetupYukonWinC_5X6N.exe»=
«c:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe»=
«c:\Program Files\Common Files\Nero\Lib\NeroCheck.exe»=
«c:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\Program Files\Winamp\winampa.exe»=
«c:\WINDOWS\system32\nwiz.exe»=
«c:\Program Files\Trojan Remover\sschk.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\Opera 10.10 Beta\opera.exe»=
«c:\nvidia\winxp\181.20\is\nvudisp.exe»=
«c:\nvidia\winxp\181.20\is\PhysX_8.10.13_SystemSoftware.exe»=
«c:\WINDOWS\SOUNDMAN.EXE»=
«c:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe»=
«c:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [19.11.2009 10:12 98168]
R2 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [17.10.2008 13:26 869688]
S2 SPIDER;SpIDer Guard File System Monitor;c:progra~1DrWebspider.sys [09.12.2008 13:28 268328]
S2 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [09.12.2008 13:28 197896]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32driverss816bus.sys [19.11.2009 23:25 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32driverss816mdfl.sys [19.11.2009 23:25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32driverss816mdm.sys [19.11.2009 23:25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss816mgmt.sys [19.11.2009 23:26 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32driverss816nd5.sys [19.11.2009 23:27 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32driverss816obex.sys [19.11.2009 23:26 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32driverss816unic.sys [19.11.2009 23:27 97704]— Other Services/Drivers In Memory —
*NewlyCreated* — ASC3360PR
.
Contents of the ‘Scheduled Tasks’ folder2009-11-20 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 09:42]
.
.
Supplementary Scan
.
uStart Page = mail.ru
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:program filesDrWebdrwebsp.dll
TCP: {34797C1B-ADED-4068-BFEB-E9BDD25452F5} = 212.94.96.124 212.94.96.70
.
— — — — ORPHANS REMOVED — — — —AddRemove-WordChallengeExtreme — d:игры установочные файлыWordChallengeExtremeUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 10:37
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(856)
c:program filesDrWebdrwebsp.dll
.
Other Running Processes
.
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32RUNDLL32.EXE
c:windowssystem32nvsvc32.exe
c:windowssystem32IoctlSvc.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:windowssystem32wscntfy.exe
c:program filesCommon FilesTeleca SharedGeneric.exe
c:program filesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2009-11-21 10:39 — machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 04:39Pre-Run: 2 312 781 824 байт свободно
Post-Run: 3 650 805 760 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — D49344F0B2D6EEAEC1107DCDC633E88D
