Созданные ответы форума
-
Сообщения
-
И еще одно.
Теперь уже выскакивает следующее сообщение, которого небыло раньше:
Generic Host Process for Win32 Services — обнаружена ошибка. Приложение будет закрыто. Приносим извинения за неудобства.
При нажатии на кнопку “Не отправлять” интернет-соединение прекращает работать и отрубаются звуковые драйвера.Здравствуйте, проверил программой Combofix так как было сказано выше, а итоге получил следующий лог файл:
ComboFix 09-11-14.03 — ADMINISTRATOR 14.11.2009 20:25..2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1499 [GMT 2:00]
Running from: c:documents and settingsADMINISTRATORРабочий столComboFix.exe
Command switches used :: c:documents and settingsADMINISTRATORРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: avast! antivirus 4.8.1356 [VPS 091114-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.2009-11-14 14:54 . 2009-11-14 14:54
d
w- C:rsit
2009-11-14 14:54 . 2009-11-14 14:54
d
w- c:program filestrend micro
2009-11-13 17:14 . 2009-09-15 11:54 52368 —-a-w- c:windowssystem32driversaswTdi.sys
2009-11-13 17:14 . 2009-09-15 11:54 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-11-13 17:14 . 2009-09-15 11:53 27408 —-a-w- c:windowssystem32driversaavmker4.sys
2009-11-13 17:14 . 2009-09-15 11:56 93424 —-a-w- c:windowssystem32driversaswmon.sys
2009-11-13 17:14 . 2009-09-15 11:56 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-11-13 17:14 . 2009-09-15 11:55 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-11-13 17:14 . 2009-09-15 11:55 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-11-13 17:14 . 2009-09-15 11:53 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-11-13 17:14 . 2009-09-15 11:59 1279968 —-a-w- c:windowssystem32aswBoot.exe
2009-11-13 17:14 . 2003-03-18 21:20 1060864 —-a-w- c:windowssystem32MFC71.dll
2009-11-13 17:14 . 2003-03-18 20:14 499712 —-a-w- c:windowssystem32MSVCP71.dll
2009-11-13 17:14 . 2009-11-13 17:14
d
w- c:program filesAlwil Software
2009-11-13 12:59 . 2009-11-13 13:00
d
w- c:program filesCommon FilesAdobe
2009-11-11 21:20 . 2009-11-11 21:20
d
w- c:documents and settingsADMINISTRATORDoctorWeb
2009-11-10 16:38 . 2009-11-10 16:41
d
w- c:program filesElcomSoft
2009-11-10 11:35 . 2006-10-26 17:56 32592 —-a-w- c:windowssystem32msonpmon.dll
2009-11-10 11:35 . 2009-11-10 11:35
d
w- c:program filesMicrosoft Works
2009-11-10 11:35 . 2009-11-10 11:35
d
w- c:program filesMSBuild
2009-11-10 11:34 . 2009-11-10 11:34
d
w- c:program filesMicrosoft.NET
2009-11-10 11:33 . 2009-11-10 11:33
d
w- c:program filesMicrosoft Visual Studio 8
2009-11-10 11:32 . 2009-11-10 11:34
d
w- c:windowsSHELLNEW
2009-11-10 11:31 . 2009-11-10 11:31
d
w- c:documents and settingsADMINISTRATORLocal SettingsApplication DataMicrosoft Help
2009-11-10 11:31 . 2009-11-10 11:39
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-11-10 11:30 . 2009-11-10 11:30
d
r- C:MSOCache
2009-11-07 22:04 . 1998-09-02 08:28 38160 —-a-w- c:windowssystem32LMRTREND.dll
2009-11-07 22:04 . 1998-08-27 04:51 182032 —-a-w- c:windowssystem32dxtmsft3.dll
2009-11-07 22:04 . 1998-09-02 08:28 63488 —-a-w- c:windowssystem32unam4ie.exe
2009-11-07 22:04 . 2009-11-07 22:04 4608 —-a-w- c:windowssystem32w95inf32.dll
2009-11-07 22:04 . 2009-11-07 22:04 2272 —-a-w- c:windowssystem32w95inf16.dll
2009-11-07 22:04 . 1998-09-02 08:02 194320 —-a-w- c:windowssystem32qcut.dll
2009-11-07 22:04 . 1998-08-17 09:21 10240 —-a-w- c:windowssystem32vidx16.dll
2009-11-07 22:04 . 1998-08-17 09:21 11776 —-a-w- c:windowssystem32mciqtz.drv
2009-11-06 16:49 . 2009-11-06 16:49
d
w- c:documents and settingsADMINISTRATORLocal SettingsApplication DataThinstall
2009-11-04 20:08 . 2009-11-04 20:08
d
w- c:program filesAlcohol Soft
2009-11-04 20:06 . 2009-11-04 20:06 685816 —-a-w- c:windowssystem32driverssptd.sys
2009-11-04 15:26 . 2007-04-04 16:55 261480 —-a-w- c:windowssystem32xactengine2_7.dll
2009-11-04 14:40 . 2009-11-04 14:40
d
w- c:program filesWMV9_VCM
2009-10-25 10:51 . 2009-10-25 10:51
d
w- c:program filesICQ6Toolbar
2009-10-25 10:51 . 2009-10-25 10:51
d
w- c:documents and settingsAll UsersApplication DataICQ
2009-10-25 10:50 . 2009-10-27 20:33
d
w- c:documents and settingsADMINISTRATORApplication DataICQ
2009-10-25 10:50 . 2009-10-25 11:16
d
w- c:program filesICQ6.5.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 18:27 . 2008-04-15 12:00 70336 —-a-w- c:windowssystem32perfc019.dat
2009-11-14 18:27 . 2008-04-15 12:00 432796 —-a-w- c:windowssystem32perfh019.dat
2009-11-13 12:59 . 2009-10-22 17:07
d—h—w- c:program filesInstallShield Installation Information
2009-11-11 14:23 . 2009-10-22 17:33
d
w- c:documents and settingsAll UsersApplication DataAvira
2009-11-11 08:51 . 2009-10-22 16:55 68456 —-a-w- c:documents and settingsADMINISTRATORLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-10-31 16:07 . 2009-10-22 17:28
d
w- c:program filesOpera
2009-10-27 19:16 . 2009-10-27 19:16
d
w- c:program filesK-Lite Codec Pack
2009-10-22 19:05 . 2009-10-22 19:05
d
w- c:program filesMarvell
2009-10-22 19:03 . 2009-10-22 19:03
d
w- c:program filesRealtek
2009-10-22 19:03 . 2009-10-22 19:03 315392 —-a-w- c:windowsHideWin.exe
2009-10-22 18:53 . 2009-10-22 18:53
d
w- c:program filesIntel
2009-10-22 18:51 . 2009-10-22 18:48
d
w- c:documents and settingsADMINISTRATORApplication DataWinamp
2009-10-22 18:48 . 2009-10-22 18:48
d
w- c:program filesWinamp
2009-10-22 17:14 . 2009-10-22 17:14
d
w- c:documents and settingsAll UsersApplication DataATI
2009-10-22 17:14 . 2009-10-22 17:14
d
w- c:documents and settingsADMINISTRATORApplication DataATI
2009-10-22 17:14 . 2009-10-22 17:14 0 —-a-w- c:windowsativpsrm.bin
2009-10-22 17:12 . 2009-10-22 17:07
d
w- c:program filesATI Technologies
2009-10-22 17:10 . 2009-10-22 17:10 9158 —-a-r- c:documents and settingsADMINISTRATORApplication DataMicrosoftInstaller{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}ARPPRODUCTICON.exe
2009-10-22 17:10 . 2009-10-22 17:10
d
w- c:program filesCommon FilesATI Technologies
2009-10-22 17:07 . 2009-10-22 17:06
d
w- c:program filesCommon FilesInstallShield
2009-10-22 16:58 . 2009-10-25 16:24 190186 —-a-w- c:windowspchealthhelpctrConfigCacheProfessional_32_1049.dat
2009-10-22 16:57 . 2009-10-22 16:41 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-10-22 16:42 . 2009-10-22 16:42
d
w- c:program filesmicrosoft frontpage
2009-10-22 16:39 . 2009-10-22 16:39 22564 —-a-w- c:windowssystem32emptyregdb.dat
2009-10-22 16:38 . 2009-10-22 16:38
d
w- c:program filesWindows Media Connect 2
.
Sigcheck
[-] 2008-10-21 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys[-] 2008-10-21 . 5176457636696D5A535D297B26A4F7FE . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-03 36352]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-09-15 81000]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2008-05-16 16862720][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-10-21 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2009-11-13 113664][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *aswBoot.exe /M:13077a09deb7[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1520:TCP»= 1520:TCP:ywmegvR0 mv61xx;mv61xx;c:windowssystem32driversmv61xx.sys [24.06.2008 0:21 150568]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [13.11.2009 19:14 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [13.11.2009 19:14 20560]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [25.10.2009 12:51 222968]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:windowssystem32driversl1e51x86.sys [22.10.2009 21:05 36864]
S2 qcqrkwo;Installer Update;c:windowssystem32svchost.exe -k netsvcs [15.04.2008 14:00 14336]— Other Services/Drivers In Memory —
*NewlyCreated* — MBR
*NewlyCreated* — PROCEXP113
*Deregistered* — mbr
*Deregistered* — PROCEXP113HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
qcqrkwo
.
.
Supplementary Scan
.
uStart Page = hxxp://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {6F16F3E8-9C0C-486C-8E02-0AA17ACEE274} = 172.16.50.254
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 20:27
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89DFE8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netatapi.sys @ 0x0 0x0 bytes
Driveratapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9E12B40 atapi.sys
Driveratapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9E12B40 atapi.sys
Driveratapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9E12B40 atapi.sys
Driveratapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9E12B40 atapi.sys
Driveratapi [ IRP_MJ_POWER ] 0xA73C != 0xB9E12B40 atapi.sys
Driveratapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9E12B40 atapi.sys
Driveratapi IRP hooks detected !**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesqcqrkwo]
«ServiceDll»=»c:windowssystem32vslpufe.dll»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(840)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(3824)
c:windowssystem32msi.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Completion time: 2009-11-14 20:28
ComboFix-quarantined-files.txt 2009-11-14 18:28Pre-Run: 60 157 612 032 байт свободно
Post-Run: 60 181 790 720 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — F58285487C733F621CE11A07EABFD906
