Созданные ответы форума
-
Сообщения
-
Да, Valeri , спасибо огромное. Кстати, авторы этой гадости предлагают желающим подзаработать на своих технологиях….
А не опасно в открытый доступ выкладывать сведения о структуре «documents and settings» и логинах?
Кто-то ведь скачивал 23 раза предыдущий ComboFix.txt…
а также что имеется
e:program filesWebMoney Advisorwmadvisor.dll
и
e:program filesWebMoney Agentwmagent.exe
??? Впрочем, денег там все равно нет ;..(
Итак, вот новый ComboFix.txt. Спасибо!ComboFix 09-03-13.02 — Папа 2009-03-16 21:34:09.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.511.180 [GMT 3:00]
Running from: e:documents and settingsПапа.ALIENXРабочий столComboFix.exe
Command switches used :: e:documents and settingsПапа.ALIENXРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.e:program filesCommon Files{6EA9B29A-C801-4F76-805F-E41ACF9ED16Z}
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files08da385f6f4667375d442348bba80c6c
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files0e7781f0ca53bc152a31af7b82ae7d83
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files0fb212839b7deb73ad6dff1d42cff84c
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files1d64880011322cd35659bb83ddc56126
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files276838a27c528e2c46da4fc5e2ba9e42
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files3a73b7ca74d3f053dbca00e73b029e99
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files414844d7c19ebfb3336e77fa2bdd9828
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files433eb45966f422319d02c6ea37ff61fe
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files45b05ac2b15128fd57516ca6d58cec60
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files496213329e42c2f82e56c393d9bafc32
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files49a9504fcce81459659907c4a2a291a2
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files4f84251ffc82e3db8c3da711bb145c49
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files5068f8df7f980532b54f1d5148b66805
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files50abc4cda14b98e6ba4d9b140524a000
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files5b2e57163fefcee7a9c283f1cf2e6849
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files5f0649bd506727f566301a9281eb1762
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files67aceb376c38b90a23ceff9bf89479f4
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files6f03a243127d4e8d08e3845f490c99f2
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files7390019f33303a7ecf10cf123c502789
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files78bad17f6c9d35a9ed4b0abe4a74b973
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files844f77e9951de436f9260a3efbd38751
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files8a265ecbf3d2da158e6d65b9ae486032
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files8b979a65049410af3494b2f32b706c56
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files9709cad0f8a9558bae32ecd8f7031749
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files971a6339ef1833d686cd7f3ef540ead8
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files99baf1bc3fff1d8025a4b42a29dadbc3
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files9dfc59bd6f1e6e23b311e7bfbcc72fd6
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa1fecb5e2b697816b06367222a8f1008
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa298cc5a2bd7a07449333c95b1c9b595
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa63a9ca649ce9033965da1cb540fd755
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesacb26b232434513c063a26827226c270
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesadbde66229a95c86d9e83854cb94f283
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb31f192cff5724fbac7731f69e71cc4f
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb401d310ef4f5514989c1633594a807e
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb7a42dd615cd05cd91e51c37943b6015
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesbd0d6be0a1ca9dd8c3155eec815f4efd
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc18563cf1a0676e07bb903615e146ab6
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc2cb3a8dc36c4398d360e5724076c8a3
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filese30834f0465ede97cbcc02efa49b7cc0
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesf27550996c421efb58bbe5a7da01785d
e:temp{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesf4bd2fae1a9757aee19956007fcf9620
e:tempWPDNSE.
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.2009-03-16 21:37 . 2009-03-16 21:37 53,248 —a
e:tempcatchme.dll
2009-03-16 18:57 . 2009-03-16 18:58d
e:temphsperfdata_Папа
2009-03-16 00:25 . 2009-03-16 00:29d
e:tempVPMECTMP
2009-03-15 23:59 . 2009-03-16 00:32d
e:tempaudacity_1_3_temp
2009-03-14 23:26 . 2009-03-16 21:37d
e:tempRar$EX12.735
2009-03-14 21:16 . 2009-03-14 21:16d
e:temphsperfdata_Инна
2009-03-14 19:40 . 2009-03-16 21:37d
e:temp{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
2009-03-12 22:34 . 2009-03-14 20:23d
e:program filesWindows Live Safety Center
2009-03-12 22:30 . 2009-03-12 22:30d
e:program filesMicrosoft Silverlight
2009-03-05 13:04 . 2009-03-05 13:04d
e:program filesVKLife
2009-03-02 02:09 . 2009-03-02 02:09d
e:program filesImagenomic
2009-02-28 23:14 . 2009-02-28 23:16 7,774,912 —a
e:program filesFirefox Setup 3.0.6.exe
2009-02-26 15:35 . 2007-08-24 15:06 110,592 —a
e:windows.0system32TG_DUMP0708.DLL
2009-02-26 15:35 . 2007-09-17 14:38 102,400 —a
e:windows.0system32TG_VIEW0607.DLL
2009-02-26 15:35 . 2007-09-17 14:38 90,112 —a
e:windows.0system32TG_SYNC.DLL
2009-02-24 00:40 . 2009-02-24 00:40d—hs—- e:documents and settingsПапа.ALIENXIECompatCache
2009-02-24 00:40 . 2009-02-24 00:40d—hs—- e:documents and settingsПапа.ALIENXIECompatCache
2009-02-24 00:39 . 2009-02-24 00:39d—hs—- e:documents and settingsПапа.ALIENXPrivacIE
2009-02-24 00:39 . 2009-02-24 00:39d—hs—- e:documents and settingsПапа.ALIENXPrivacIE
2009-02-24 00:38 . 2009-02-24 00:38d—hs—- e:documents and settingsПапа.ALIENXIETldCache
2009-02-24 00:38 . 2009-02-24 00:38d—hs—- e:documents and settingsПапа.ALIENXIETldCache
2009-02-24 00:08 . 2009-02-24 00:10d
e:windows.0ServicePackFiles
2009-02-24 00:06 . 2006-12-29 00:31 19,569 —a
e:windows.0003043_.tmp
2009-02-23 22:45 . 2009-02-23 22:45d
e:documents and settingsАдминистратор.ALIENXApplication DataMathsoft
2009-02-23 20:13 . 2009-02-23 20:13d
e:program filestrend micro
2009-02-23 19:33 . 2009-02-23 19:33d
e:windows.0system32xircom
2009-02-23 19:33 . 2009-02-23 19:33d
e:windows.0srchasst
2009-02-23 19:33 . 2009-02-23 19:33d
e:program filesmicrosoft frontpage
2009-02-23 18:06 . 2009-02-23 18:06d—hs—- e:documents and settingsАдминистратор.ALIENXIECompatCache
2009-02-23 18:06 . 2009-02-23 18:06d—hs—- e:documents and settingsАдминистратор.ALIENXIECompatCache
2009-02-23 18:05 . 2009-02-23 18:05d—hs—- e:documents and settingsАдминистратор.ALIENXPrivacIE
2009-02-23 18:05 . 2009-02-23 18:05d—hs—- e:documents and settingsАдминистратор.ALIENXPrivacIE
2009-02-23 18:05 . 2009-02-23 18:05d—hs—- e:documents and settingsАдминистратор.ALIENXIETldCache
2009-02-23 18:05 . 2009-02-23 18:05d—hs—- e:documents and settingsАдминистратор.ALIENXIETldCache
2009-02-23 17:16 . 2009-02-23 17:16d
e:program filesMyFree Codec
2009-02-23 17:15 . 2009-02-23 17:15d—h
e:windows.0PIF
2009-02-23 16:20 . 2008-08-14 16:26 2,190,976
e:windows.0system32dllcachentoskrnl.exe
2009-02-23 16:20 . 2008-08-14 16:26 2,147,328
e:windows.0system32dllcachentkrnlmp.exe
2009-02-23 16:20 . 2008-08-14 16:26 2,067,840
e:windows.0system32dllcachentkrnlpa.exe
2009-02-23 16:20 . 2008-08-14 16:26 2,025,984
e:windows.0system32dllcachentkrpamp.exe
2009-02-23 16:20 . 2009-02-09 17:07 1,846,912
e:windows.0system32dllcachewin32k.sys
2009-02-23 16:16 . 2008-10-24 14:21 455,296
e:windows.0system32dllcachemrxsmb.sys
2009-02-23 16:16 . 2008-12-11 13:57 333,952
e:windows.0system32dllcachesrv.sys
2009-02-23 16:15 . 2008-09-04 20:17 1,106,944
e:windows.0system32dllcachemsxml3.dll
2009-02-23 16:15 . 2008-10-15 19:37 337,408
e:windows.0system32dllcachenetapi32.dll
2009-02-23 16:15 . 2008-10-03 13:04 247,326
e:windows.0system32dllcachestrmdll.dll
2009-02-23 15:24 . 2009-02-23 15:24 518 —a
e:windows.0system32wul.cfg
2009-02-23 15:19 . 2008-10-16 14:06 268,648 —a
e:windows.0system32mucltui.dll
2009-02-23 15:19 . 2008-10-16 14:06 27,496 —a
e:windows.0system32mucltui.dll.mui
2009-02-23 14:40 . 2009-02-23 14:40d
e:documents and settingsАдминистратор.ALIENXApplication DataChemTable Software
2009-02-23 14:38 . 2009-02-23 17:17d
e:program filesReg Organizer
2009-02-23 13:58 . 2009-02-23 13:58d
e:documents and settingsАдминистратор.ALIENXApplication DataOpera
2009-02-23 12:21 . 2009-02-23 12:21d—hs—- e:documents and settingsИнна.ALIENXIECompatCache
2009-02-23 12:21 . 2009-02-23 12:21d—hs—- e:documents and settingsИнна.ALIENXIECompatCache
2009-02-23 12:20 . 2009-02-23 12:20d—hs—- e:documents and settingsИнна.ALIENXPrivacIE
2009-02-23 12:20 . 2009-02-23 12:20d—hs—- e:documents and settingsИнна.ALIENXPrivacIE
2009-02-23 12:19 . 2009-02-23 12:19d—hs—- e:documents and settingsИнна.ALIENXIETldCache
2009-02-23 12:19 . 2009-02-23 12:19d—hs—- e:documents and settingsИнна.ALIENXIETldCache
2009-02-22 23:29 . 2009-02-22 23:29d
e:windows.0ie8updates
2009-02-22 23:27 . 2009-02-23 17:53d—h-c— e:windows.0ie8
2009-02-22 23:25 . 2009-01-11 08:00 79,360
e:windows.0system32dllcacheiecompat.dll
2009-02-21 21:01 . 2008-10-16 14:08 27,672 —a
e:windows.0system32wuapi.dll.mui
2009-02-21 20:51 . 2009-02-22 22:52 10 —a
e:windows.0system32pup.dz
2009-02-21 20:51 . 2009-02-21 20:51 10 —a
e:windows.0system32cup.dz.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 18:32
d
w e:program filesSymantec AntiVirus
2009-03-16 18:00
d
w e:program filesChameleon Clock
2009-03-16 16:03 3,140 —sha-w e:documents and settingsAll Users.WINDOWS.0Application DataKGyGaAvL.sys
2009-03-15 21:32
d
w e:documents and settingsИнна.ALIENXApplication DataAudacity
2009-03-14 18:36
d
w e:program filesICQ6.5
2009-03-14 17:46
d
w e:documents and settingsИнна.ALIENXApplication DataQIP.Online
2009-03-13 13:43
d
w e:documents and settingsAll Users.WINDOWS.0Application DataATI MMC
2009-03-13 09:40
d
w e:program filesDC++
2009-03-12 17:59
d
w e:program filesOpera
2009-03-11 07:06
d
w e:documents and settingsAll Users.WINDOWS.0Application DataMicrosoft Help
2009-03-05 10:04
d
w e:documents and settingsИнна.ALIENXApplication DataVKLife
2009-02-23 14:16
d
w e:program filesWinamp Toolbar
2009-02-23 14:16
d
w e:program filesWinamp Remote
2009-02-23 14:16
d
w e:program filesQIP Infium
2009-02-23 14:16
d
w e:program filesAll Sound Recorder XP
2009-02-23 14:15
d—h—w e:program filesInstallShield Installation Information
2009-02-23 14:15
d
w e:program filesQIP
2009-02-23 14:15
d
w e:program filesMathcad
2009-02-23 14:12
d
w e:program filesWinamp
2009-02-09 14:07 1,846,912 —-a-w e:windows.0system32win32k.sys
2009-01-28 18:24
d
w e:documents and settingsAll Users.WINDOWS.0Application DataOrbNetworks
2009-01-28 18:21
d
w e:documents and settingsAll Users.WINDOWS.0Application DataWinamp Toolbar
2009-01-14 23:17 636,264 —-a-w e:windows.0system32dllcacheiexplore.exe
2009-01-14 23:17 392,040 —-a-w e:windows.0system32dllcacheiedkcs32.dll
2009-01-14 23:13 5,888,512 —-a-w e:windows.0system32dllcachemshtml.dll
2009-01-14 23:12 10,963,968 —-a-w e:windows.0system32dllcacheieframe.dll
2009-01-14 23:06 236,544 —-a-w e:windows.0system32dllcachewebcheck.dll
2009-01-14 23:06 105,984 —-a-w e:windows.0system32dllcacheurl.dll
2009-01-14 23:06 1,182,720 —-a-w e:windows.0system32dllcacheurlmon.dll
2009-01-14 23:05 911,872 —-a-w e:windows.0system32wininet.dll
2009-01-14 23:05 911,872 —-a-w e:windows.0system32dllcachewininet.dll
2009-01-14 23:05 43,008 —-a-w e:windows.0system32licmgr10.dll
2009-01-14 23:05 43,008 —-a-w e:windows.0system32dllcachelicmgr10.dll
2009-01-14 23:05 193,536 —-a-w e:windows.0system32dllcachemsrating.dll
2009-01-14 23:05 109,056 —-a-w e:windows.0system32dllcacheoccache.dll
2009-01-14 23:04 755,200 —-a-w e:windows.0system32dllcacheVGX.dll
2009-01-14 23:04 25,600 —-a-w e:windows.0system32dllcachejsproxy.dll
2009-01-14 23:04 18,944 —-a-w e:windows.0system32dllcachecorpol.dll
2009-01-14 23:04 18,944 —-a-w e:windows.0system32corpol.dll
2009-01-14 23:02 611,840 —-a-w e:windows.0system32dllcachemstime.dll
2009-01-14 23:02 593,920 —-a-w e:windows.0system32dllcachemsfeeds.dll
2009-01-14 23:02 1,975,296 —-a-w e:windows.0system32dllcacheiertutil.dll
2009-01-14 23:01 66,560 —-a-w e:windows.0system32dllcachemshtmled.dll
2009-01-14 23:01 59,904 —-a-w e:windows.0system32dllcacheicardie.dll
2009-01-14 23:01 54,272 —-a-w e:windows.0system32dllcachemsfeedsbs.dll
2009-01-14 23:01 46,592 —-a-w e:windows.0system32dllcachepngfilt.dll
2009-01-14 23:01 348,160 —-a-w e:windows.0system32dllcachedxtmsft.dll
2009-01-14 23:01 34,304 —-a-w e:windows.0system32imgutil.dll
2009-01-14 23:01 34,304 —-a-w e:windows.0system32dllcacheimgutil.dll
2009-01-14 23:01 216,064 —-a-w e:windows.0system32dllcachedxtrans.dll
2009-01-14 23:01 183,808 —-a-w e:windows.0system32dllcacheiepeers.dll
2009-01-14 23:00 48,128 —-a-w e:windows.0system32mshtmler.dll
2009-01-14 23:00 48,128 —-a-w e:windows.0system32dllcachemshtmler.dll
2009-01-14 23:00 45,568 —-a-w e:windows.0system32mshta.exe
2009-01-14 23:00 45,568 —-a-w e:windows.0system32dllcachemshta.exe
2009-01-14 22:53 68,608 —-a-w e:windows.0system32dllcachehmmapi.dll
2009-01-14 22:50 156,160 —-a-w e:windows.0system32msls31.dll
2009-01-14 22:50 156,160 —-a-w e:windows.0system32dllcachemsls31.dll
2009-01-14 22:35 445,440 —-a-w e:windows.0system32dllcacheieapfltr.dll
2009-01-03 20:48 77,824 —-atw e:windows.0system32DRWEBSP.DLL
2008-12-24 09:02 1,868,740 —-a-w e:program filesqip8080.exe
2008-12-22 09:34 4,535,791 —-a-w e:program filesqipinfium9020.exe
2008-12-20 23:48 132,608
w e:windows.0system32dllcacheextmgr.dll
2008-12-19 09:41 13,824
w e:windows.0system32dllcacheieudinit.exe
2008-12-16 18:58 216,064 —-a-w e:windows.0iun3405.exe
2008-10-24 17:39 16,176 —-a-w e:documents and settingsПапа.ALIENXApplication Datastat.dat
2008-10-24 16:40 800 —-a-w e:documents and settingsПапа.ALIENXApplication Datatema.dat
2008-09-10 18:08 8 —sh—r e:documents and settingsAll Users.WINDOWS.0Application Data88535F3287.sys
2008-05-22 19:57 15,241,880 —-a-w e:documents and settingsИнна.ALIENXinstall_rambler_icq6.exe
2008-05-22 19:57 15,241,880 —-a-w e:documents and settingsИнна.ALIENXinstall_rambler_icq6.exe
2008-04-25 17:11 3,945,976 —-a-w e:documents and settingsИнна.ALIENXmagentsetup.exe
2008-04-25 17:11 3,945,976 —-a-w e:documents and settingsИнна.ALIENXmagentsetup.exe
2008-04-10 12:35 3,026,030 —-a-w e:documents and settingsИнна.ALIENXaudacity-win-1.3.4.exe
2008-04-10 12:35 3,026,030 —-a-w e:documents and settingsИнна.ALIENXaudacity-win-1.3.4.exe
2007-12-28 03:32 991,232 —-a-w e:windows.0infsyssbck.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-09-05 15:42 2409472 —a
e:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «e:program filesWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «e:program filesWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»e:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«ATI Launchpad»=»e:program filesATI Multimediamainlaunchpd.exe» [2006-10-31 102400]
«ATI DeviceDetect»=»e:program filesATI MultimediamainATIDtct.EXE» [2006-10-31 57344]
«ctfmon.exe»=»e:windows.0system32ctfmon.exe» [2008-04-14 15360]
«NCLaunch»=»e:windows.0NCLAUNCH.EXe» [2008-09-09 40960]
«H/PC Connection Agent»=»e:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«HomeAlarm»=»e:program filesChameleon ClockChamClock.exe» [2004-10-07 643072][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccApp»=»e:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»e:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«LiveMonitor»=»e:program filesMSILive Update 3LMonitor.exe» [2008-04-30 498176]
«HP Component Manager»=»e:program filesHPhpcoretechhpcmpmgr.exe» [2004-05-12 241664]
«wmagent.exe»=»e:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«SoundMan»=»SOUNDMAN.EXE» [2006-11-17 e:windows.0soundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»e:windows.0system32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«nltide_3″=»advpack.dll» [2009-01-15 e:windows.0system32advpack.dll]
«IE7_012″=»advpack.dll» [2009-01-15 e:windows.0system32advpack.dll]e:documents and settings€ .ALIENXѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — e:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-07 101440][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableCAD»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{88485281-8b4b-4f8d-9ede-82e29a064277}»= «e:progra~1MarkAnyCONTEN~1MACSMA~1.DLL» [2004-11-23 192512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=prio.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.DVSD»= pdvcodec.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«srservice»=2 (0x2)
«wuauserv»=2 (0x2)
«Schedule»=2 (0x2)
«seclogon»=2 (0x2)
«Dhcp»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«e:\Program Files\QIP\qip.exe»=
«e:\Program Files\DC++\DCPlusPlus.exe»=
«e:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«e:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«e:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«e:program filesMicrosoft ActiveSyncrapimgr.exe»= e:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«e:program filesMicrosoft ActiveSyncwcescomm.exe»= e:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«e:program filesMicrosoft ActiveSyncWCESMgr.exe»= e:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«e:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe»=
«e:\Program Files\WebMoney\WebMoney.exe»=
«e:\Program Files\ICQ6.5\ICQ.exe»=
«e:\WINDOWS.0\system32\muzapp.exe»=
«e:\Program Files\QIP Infium\infium.exe»=
«e:\Program Files\Winamp Remote\bin\Orb.exe»=
«e:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«e:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:windows.0system32driversnvcchflt.sys [2008-06-23 16640]
R1 appdrv01;Application Driver (01);e:windows.0system32driversappdrv01.sys [2008-12-15 2915944]
R1 Prio;Prio;e:windows.0system32driversprio.sys [2007-09-11 34064]
R2 ICQ Service;ICQ Service;e:program filesICQ6ToolbarICQ Service.exe [2008-12-09 222456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2009-02-27 101936]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);e:windows.0system32driversRMSPPPOE.SYS [2008-04-06 31424]
S2 appdrvrem01;Application Driver Auto Removal Service (01);e:windows.0System32appdrvrem01.exe svc —> e:windows.0System32appdrvrem01.exe svc [?]
S3 InfoViewDriver;InfoViewDriver;e:program filesMSIInfoViewInfoView.sys [2008-06-22 10374]
S3 SavRoam;SAVRoam;e:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«e:windows.0system32rundll32.exe» «e:windows.0system32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-02-23 e:windows.0TasksUser_Feed_Synchronization-{24C5D872-E482-4ED8-AF11-6DD1A94948AB}.job
— e:windows.0system32msfeedssync.exe [2009-01-15 02:01]2009-03-12 e:windows.0TasksUser_Feed_Synchronization-{EB0AA999-E929-41D1-A2C2-D2750220244C}.job
— e:windows.0system32msfeedssync.exe [2009-01-15 02:01]
.
— — — — ORPHANS REMOVED — — — —Toolbar-ITBar7Position — (no file)
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Экспорт в Microsoft Excel — e:program filesMicrosoft OfficeOffice12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — e:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — e:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — e:program filesDownload Masterdmaster.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — e:program filesWebMoney Advisorwmadvisor.dll
TCP: {43138062-A07D-478C-BBA5-D2501A8F6F30} = 89.250.0.2,89.250.1.2
Handler: jpip — {B92DD248-E3D5-4A92-B311-C9B841681455} — e:program filesLizardTechExpress Viewexpressview.dll
Handler: sidlet — {B92DD248-E3D5-4A92-B311-C9B841681455} — e:program filesLizardTechExpress Viewexpressview.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 21:37:43
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1256)
e:program filesPrioprio.dll
e:windows.0system32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1312)
e:program filesPrioprio.dll
.
Completion time: 2009-03-16 21:39:00
ComboFix-quarantined-files.txt 2009-03-16 18:38:52
ComboFix2.txt 2009-03-14 16:37:41Pre-Run: 40 795 131 904 байт свободно
Post-Run: 40,813,420,544 байт свободно348 — E O F — 2009-03-11 07:07:22
