Созданные ответы форума
-
Сообщения
-
MBAM лог чист… Не верю!
Остаётся упасть в ноги и благодарить — СПАСИБО!!!
(Благодарность можно подкрепить парой-тройкой баксов?)ComboFix 08-12-07.04 — Евген 2008-12-09 20:23:14.3 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.380 [GMT 7:00]
Running from: c:documents and settingsЕвгенРабочий столComboFix.exe
Command switches used :: c:documents and settingsЕвгенРабочий столCFScript
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32atipdsx.dll
c:windowssystem32driverswxzmfyzt.dat
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32atipdsx.dll
c:windowssystem32driverswxzmfyzt.dat.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_FYCHTGTY
Service_fychtgty((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.2008-12-09 05:49 . 2008-12-09 05:49
d
c:program filesSailcut CAD
2008-12-08 13:24 . 2008-12-08 13:24d
c:documents and settingsЕвгенApplication DataWinRAR
2008-12-08 01:22 . 2008-12-08 01:22d
c:program filesRadikal
2008-12-04 21:03 . 2008-12-04 21:04d
c:program filesPhun
2008-12-04 14:57 . 2008-12-04 14:57d
c:program filesATI Technologies
2008-12-03 15:34 . 2008-12-03 15:35d
c:documents and settingsЕвген.housecall6.6
2008-12-03 15:34 . 2008-12-03 15:35d
c:documents and settingsЕвген.housecall6.6
2008-12-03 15:06 . 2008-12-03 15:06d
c:windowsSun
2008-12-03 15:06 . 2008-12-03 15:06d
c:program filesJava
2008-12-03 15:06 . 2008-12-03 15:06 410,984 —a
c:windowssystem32deploytk.dll
2008-12-03 15:06 . 2008-12-03 15:06 73,728 —a
c:windowssystem32javacpl.cpl
2008-12-03 14:49 . 2008-12-03 14:49d
c:documents and settingsЕвгенApplication DataSun
2008-12-03 14:37 . 2008-12-04 14:47 10 —a
c:windowsWININIT.INI
2008-12-02 14:24 . 2008-12-02 14:24d
c:documents and settingsЕвгенApplication DataUniblue
2008-12-02 14:17 . 2008-12-02 14:17d—h
c:documents and settingsAll UsersApplication Data~0
2008-12-02 01:21 . 2008-12-02 01:21d
c:documents and settingsЕвгенApplication Datavlc
2008-12-02 01:21 . 2008-12-02 01:21d
c:documents and settingsЕвгенApplication Datadvdcss
2008-12-02 01:05 . 2008-12-02 01:05d
c:program filesVideoLAN
2008-12-01 09:11 . 2008-12-09 11:16 54,156 —ah
c:windowsQTFont.qfn
2008-12-01 09:11 . 2008-12-01 09:11 1,409 —a
c:windowsQTFont.for
2008-11-29 12:08 . 2008-11-29 12:08d
c:program filesuTorrent
2008-11-29 12:08 . 2008-11-29 12:08d
c:documents and settingsЕвгенApplication DatauTorrent
2008-11-26 15:37 . 2008-11-26 15:37d
c:program filesSSC Service Utility
2008-11-25 16:57 . 2008-11-25 16:57d
c:program filesProfiliV2
2008-11-23 21:14 . 2008-11-23 21:14d
c:windowssystem32Новая папка
2008-11-21 10:42 . 2008-11-21 10:54 10,677 —a
c:windowscoolkb2k.ini
2008-11-21 10:42 . 2008-11-21 10:46 2,233 —a
c:windowscoolmp3.ini
2008-11-21 10:42 . 2008-11-21 10:42 29 —a
c:windowswordpad.ini
2008-11-21 10:42 . 2008-11-21 10:54 0 —a
c:windowsCOOLSYS.INI
2008-11-21 10:41 . 2008-11-21 10:41 29 —a
c:windowswinzip32.ini
2008-11-21 10:23 . 2008-11-21 10:23d
c:program filesCool2000
2008-11-21 10:23 . 2008-11-21 10:54 5,718 —a
c:windowsCOOL.INI
2008-11-21 10:22 . 2008-11-21 10:22 129 —a
c:windowsEDITPRO.INI
2008-11-21 10:20 . 1998-04-30 14:56 129,024 —a
c:windowsUNWISE.EXE
2008-11-21 09:12 . 2008-11-21 09:12d
c:program filesDjVi
2008-11-20 20:42 . 2008-11-20 20:42d
c:documents and settingsЕвгенApplication DataGoogle
2008-11-20 20:41 . 2008-11-20 20:41d
c:program filesGoogle
2008-11-20 09:53 . 2008-11-20 09:53d
c:program filesAlwil Software
2008-11-17 22:19 . 2008-11-17 22:19d
c:program filesMSXML 4.0
2008-11-17 10:29 . 2001-09-07 12:41 290,816 —a
c:windowssystem32WINHTTP5.DLL
2008-11-17 10:29 . 2001-05-18 16:42 122,880 —a
c:windowssystem32PTZAD_DeltaDome_II_422.drv
2008-11-17 10:29 . 2001-03-05 17:37 118,784 —a
c:windowssystem32DSRSys.dll
2008-11-17 10:29 . 2001-03-05 16:38 114,688 —a
c:windowssystem32PTZPELCO_P_Version.drv
2008-11-17 10:29 . 2001-03-05 16:31 114,688 —a
c:windowssystem32PTZPELCO_D_Version.drv
2008-11-17 10:29 . 2001-03-30 12:40 114,688 —a
c:windowssystem32PTZPANASONIC_WVCS850(Conventional).drv
2008-11-17 10:29 . 2001-03-30 12:37 110,592 —a
c:windowssystem32PTZPANASONIC_WVCS850(New).drv
2008-11-17 10:29 . 2001-11-28 16:40 110,592 —a
c:windowssystem32Dsrinfo.dll
2008-11-17 10:29 . 2002-02-04 03:43 82,432 —a
c:windowssystem32msxml4r.dll
2008-11-17 10:29 . 2003-04-18 17:29 44,544 —a
c:windowssystem32msxml4a.dll
2008-11-17 09:48 . 2008-11-17 09:48d
c:windowssystem32ru-ru
2008-11-17 09:48 . 2008-10-04 00:26 6,066,176
c:windowssystem32dllcacheieframe.dll
2008-11-17 09:48 . 2007-04-17 16:32 2,455,488
c:windowssystem32dllcacheieapfltr.dat
2008-11-17 09:48 . 2007-03-08 12:12 1,060,864
c:windowssystem32dllcacheieframe.dll.mui
2008-11-17 09:48 . 2008-08-26 15:26 459,264
c:windowssystem32dllcachemsfeeds.dll
2008-11-17 09:48 . 2008-08-26 15:26 383,488
c:windowssystem32dllcacheieapfltr.dll
2008-11-17 09:48 . 2008-08-26 15:26 267,776
c:windowssystem32dllcacheiertutil.dll
2008-11-17 09:48 . 2008-08-26 15:26 63,488
c:windowssystem32dllcacheicardie.dll
2008-11-17 09:48 . 2008-08-26 15:26 52,224
c:windowssystem32dllcachemsfeedsbs.dll
2008-11-17 09:48 . 2008-08-25 15:38 13,824
c:windowssystem32dllcacheieudinit.exe
2008-11-17 09:43 . 2007-08-13 18:54 33,792 —a
c:windowssystem32dllcachecustsat.dll
2008-11-17 09:16 . 2008-11-17 09:16 118 —a
c:windowssystem32MRT.INI
2008-11-17 09:15 . 2003-02-28 18:26 139,536 —a
c:windowssystem32javaee.dll
2008-11-15 15:40 . 2008-11-15 15:40d
c:documents and settingsЕвгенDoctorWeb
2008-11-15 15:40 . 2008-11-15 15:40d
c:documents and settingsЕвгенDoctorWeb
2008-11-15 15:37 . 2008-11-15 15:38 600 —a
c:windowssess_ad556d36281077c50120cfba334daf6b
2008-11-15 15:34 . 2008-11-15 15:34d
c:program filesSmall Soft
2008-11-15 01:47 . 2008-06-15 00:59 272,512
c:windowssystem32dllcachebthport.sys
2008-11-15 01:45 . 2007-07-09 20:11 584,192
c:windowssystem32dllcacherpcrt4.dll
2008-11-15 01:43 . 2008-08-28 17:04 333,056
c:windowssystem32dllcachesrv.sys
2008-11-15 01:25 . 2008-08-14 20:47 2,182,144
c:windowssystem32dllcachentoskrnl.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,138,112
c:windowssystem32dllcachentkrnlmp.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,059,520
c:windowssystem32dllcachentkrnlpa.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,017,792
c:windowssystem32dllcachentkrpamp.exe
2008-11-15 01:03 . 2008-05-01 21:33 331,776
c:windowssystem32dllcachemsadce.dll
2008-11-15 01:02 . 2008-04-12 01:51 683,520
c:windowssystem32dllcacheinetcomm.dll
2008-11-15 00:57 . 2008-09-04 23:46 1,106,944
c:windowssystem32dllcachemsxml3.dll
2008-11-14 23:53 . 2008-10-16 00:00 332,800
c:windowssystem32dllcachenetapi32.dll
2008-11-14 23:50 . 2008-11-14 23:50d—h
c:windows$hf_mig$
2008-11-14 19:07 . 2001-01-09 08:57 299,520 —a
c:windowsuninst.exe
2008-11-14 18:38 . 2002-03-21 17:33 17,167 —a
c:windowssystem32driverscg300Au.sys
2008-11-14 18:37 . 2002-03-21 17:33 13,468 —a
c:windowssystem32driverscg300vc.sys
2008-11-14 16:43 . 2008-11-14 16:43d
c:program filesDigital Surveillance Recorder
2008-11-14 16:01 . 2008-11-14 16:01d
c:documents and settingsЕвгенApplication DataMedia Player Classic
2008-11-14 15:50 . 2008-11-14 15:50d
c:program filesK-Lite Codec Pack
2008-11-14 15:50 . 2007-11-29 23:30 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-11-14 15:50 . 2008-01-10 13:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-11-14 15:50 . 2007-12-04 02:33 682,496 —a
c:windowssystem32divx.dll
2008-11-14 15:50 . 2006-09-24 16:11 389,120 —a
c:windowssystem32lameACM.acm
2008-11-14 15:50 . 2004-01-25 17:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-11-14 15:50 . 2007-09-04 17:56 164,352 —a
c:windowssystem32unrar.dll
2008-11-14 15:50 . 2008-01-10 13:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-11-14 15:50 . 2007-09-21 01:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-11-14 15:50 . 2007-11-29 23:28 81,920 —a
c:windowssystem32dpl100.dll
2008-11-14 15:50 . 2007-12-24 13:49 7,680 —a
c:windowssystem32ff_vfw.dll
2008-11-14 15:50 . 2007-07-10 17:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-11-14 15:50 . 2007-10-03 16:03 414 —a
c:windowssystem32lame_acm.xml
2008-11-14 13:41 . 2008-11-14 13:42d
c:documents and settingsЕвгенApplication DataBIS077
2008-11-14 04:19 . 2008-11-14 04:19d
c:program filesUnivision Canada Limited
2008-11-14 04:16 . 2008-11-14 04:16d
c:program filesVIA Technologies, Inc
2008-11-14 04:16 . 2003-07-04 23:14 32,768 —a
c:windowssystem32UnAudioNT.dll
2008-11-14 03:32 . 2008-11-14 03:32d
c:documents and settingsЕвгенApplication DataskypePM
2008-11-14 03:32 . 2008-11-14 03:32 56 —ah
c:windowssystem32ezsidmv.dat
2008-11-14 03:27 . 2008-11-14 03:27d
c:documents and settingsЕвгенApplication DataSkype
2008-11-14 03:26 . 2008-11-14 03:26dr
c:program filesSkype
2008-11-14 03:26 . 2008-11-14 03:26d
c:program filesCommon FilesSkype
2008-11-14 03:26 . 2008-11-14 03:26d
c:documents and settingsAll UsersApplication DataSkype
2008-11-13 17:52 . 2008-11-13 17:52d
C:Dsr-Video
2008-11-13 17:51 . 2000-10-19 15:57 114,688 —a
c:windowssystem32PTZPELCO_SPECTRA.drv
2008-11-11 23:16 . 2008-11-11 23:16d
c:program filesOpera
2008-11-11 22:36 . 2008-11-11 22:36 0 —a
c:windowsnsreg.dat
2008-11-11 22:03 . 2008-11-11 22:03d
c:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-11 16:14 . 2008-11-11 16:14d
c:program filesTrend Micro
2008-11-11 15:58 . 2008-11-11 15:58d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 15:58 . 2008-12-03 19:52 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 15:58 . 2008-12-03 19:52 15,504 —a
c:windowssystem32driversmbam.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 —-a-w c:windowssystem32driversmrxsmb.sys
2008-10-24 11:10 453,632
w c:windowssystem32dllcachemrxsmb.sys
2008-10-16 07:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 07:13 202,776 —-a-w c:windowssystem32dllcachewuweb.dll
2008-10-16 07:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 07:13 1,809,944 —-a-w c:windowssystem32dllcachewuaueng.dll
2008-10-16 07:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 07:12 561,688 —-a-w c:windowssystem32dllcachewuapi.dll
2008-10-16 07:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 07:12 323,608 —-a-w c:windowssystem32dllcachewucltui.dll
2008-10-16 07:09 92,696 —-a-w c:windowssystem32dllcachecdm.dll
2008-10-16 07:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 07:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 07:09 51,224 —-a-w c:windowssystem32dllcachewuauclt.exe
2008-10-16 07:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 07:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 07:08 34,328 —-a-w c:windowssystem32dllcachewups.dll
2008-09-30 09:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-15 15:41 1,846,144 —-a-w c:windowssystem32win32k.sys
2008-09-15 15:41 1,846,144
w c:windowssystem32dllcachewin32k.sys
2008-06-23 15:37 24,192 —-a-w c:documents and settingsЕвгенusbsermptxp.sys
2008-06-23 15:37 24,192 —-a-w c:documents and settingsЕвгенusbsermptxp.sys
2008-06-23 15:37 22,768 —-a-w c:documents and settingsЕвгенusbsermpt.sys
2008-06-23 15:37 22,768 —-a-w c:documents and settingsЕвгенusbsermpt.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2008-11-29 270128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-27 81000]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 39792]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-03 136600]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2008-12-03 1265296][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2008-12-06 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\THQ\Titan Quest\Titan Quest.exe»=
«c:\Program Files\Far\Far.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Univision Canada Limited\Pico2000\DSR.exe»=
«c:\Program Files\Small Soft\MCC\mysql\bin\mysqld-nt.exe»=
«c:\Program Files\Small Soft\MCC\MCCServer\MCCmicroServ.exe»=
«c:\Program Files\Small Soft\MCC\Apache2\bin\Apache.exe»=
«c:\Program Files\Digital Surveillance Recorder\PICO2000\PlayServer.exe»=
«c:\Program Files\Digital Surveillance Recorder\PICO2000\DSR.exe»=
«c:\WINDOWS\System32\dpvsetup.exe»=
«c:\Program Files\Digital Surveillance Recorder\Remote Module\Alarm Receiver.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-11-20 111184]
R2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2008-11-20 20560]
R2 sw848b;sw848b;c:windowssystem32driverssw848b.sys [2008-11-14 46790]
R2 sw878b;sw878b;c:windowssystem32driverssw878b.sys [2008-11-14 10148]
R3 cg300;cg300VidCap;c:windowssystem32DRIVERScg300vc.sys [2008-11-14 13468]
R3 cg300Au;cg300 Audio Capture;c:windowssystem32DRIVERScg300au.sys [2008-11-14 17167]
S3 ATE_PROCMON;ATE_PROCMON;??c:program filesAnti Trojan EliteATEPMon.sys []
S3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windowssystem32DRIVERSNtApm.sys [2008-03-17 9472]
S3 Winacusb;Winacusb;c:windowssystem32DRIVERSwinacusb.sys [2008-03-17 886240]
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 20:26:24
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(520)
c:windowssystem32Ati2evxx.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHDISP.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:program filesALWIL SOFTWAREAVAST4ASHMAISV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHWEBSV.EXE
c:program filesALWIL SOFTWAREAVAST4SETUPAVAST.SETUP
.
**************************************************************************
.
Completion time: 2008-12-09 20:27:34 — machine was rebooted
ComboFix2.txt 2008-12-07 19:16:58
ComboFix-quarantined-files.txt 2008-12-09 13:27:32Pre-Run: 69 464 424 448 байт свободно
Post-Run: 69,445,419,008 байт свободно244 — E O F — 2008-11-17 15:20:01
ComboFix 08-12-06.06 — Евген 2008-12-08 2:12:30.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.393 [GMT 7:00]
Running from: c:documents and settingsЕвгенРабочий столЗагрузкиАнтивирусыЛечим вирусыComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32atipdsx.dll . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.2008-12-08 01:22 . 2008-12-08 01:22
d
c:program filesRadikal
2008-12-04 21:03 . 2008-12-04 21:04d
c:program filesPhun
2008-12-04 14:57 . 2008-12-04 14:57d
c:program filesATI Technologies
2008-12-03 15:34 . 2008-12-03 15:35d
c:documents and settingsЕвген.housecall6.6
2008-12-03 15:34 . 2008-12-03 15:35d
c:documents and settingsЕвген.housecall6.6
2008-12-03 15:06 . 2008-12-03 15:06d
c:windowsSun
2008-12-03 15:06 . 2008-12-03 15:06d
c:program filesJava
2008-12-03 15:06 . 2008-12-03 15:06 410,984 —a
c:windowssystem32deploytk.dll
2008-12-03 15:06 . 2008-12-03 15:06 73,728 —a
c:windowssystem32javacpl.cpl
2008-12-03 14:37 . 2008-12-04 14:47 10 —a
c:windowsWININIT.INI
2008-12-02 14:24 . 2008-12-02 14:24d
c:documents and settingsЕвгенApplication DataUniblue
2008-12-02 14:17 . 2008-12-02 14:17d—h
c:documents and settingsAll UsersApplication Data~0
2008-12-02 01:21 . 2008-12-02 01:21d
c:documents and settingsЕвгенApplication Datavlc
2008-12-02 01:21 . 2008-12-02 01:21d
c:documents and settingsЕвгенApplication Datadvdcss
2008-12-02 01:05 . 2008-12-02 01:05d
c:program filesVideoLAN
2008-12-01 09:11 . 2008-12-07 20:22 54,156 —ah
c:windowsQTFont.qfn
2008-12-01 09:11 . 2008-12-01 09:11 1,409 —a
c:windowsQTFont.for
2008-11-29 12:08 . 2008-11-29 12:08d
c:program filesuTorrent
2008-11-29 12:08 . 2008-11-29 12:08d
c:documents and settingsЕвгенApplication DatauTorrent
2008-11-26 15:37 . 2008-11-26 15:37d
c:program filesSSC Service Utility
2008-11-25 16:57 . 2008-11-25 16:57d
c:program filesProfiliV2
2008-11-23 21:14 . 2008-11-23 21:14d
c:windowssystem32Новая папка
2008-11-21 10:42 . 2008-11-21 10:54 10,677 —a
c:windowscoolkb2k.ini
2008-11-21 10:42 . 2008-11-21 10:46 2,233 —a
c:windowscoolmp3.ini
2008-11-21 10:42 . 2008-11-21 10:42 29 —a
c:windowswordpad.ini
2008-11-21 10:42 . 2008-11-21 10:54 0 —a
c:windowsCOOLSYS.INI
2008-11-21 10:41 . 2008-11-21 10:41 29 —a
c:windowswinzip32.ini
2008-11-21 10:23 . 2008-11-21 10:23d
c:program filesCool2000
2008-11-21 10:23 . 2008-11-21 10:54 5,718 —a
c:windowsCOOL.INI
2008-11-21 10:22 . 2008-11-21 10:22 129 —a
c:windowsEDITPRO.INI
2008-11-21 10:20 . 1998-04-30 14:56 129,024 —a
c:windowsUNWISE.EXE
2008-11-21 09:12 . 2008-11-21 09:12d
c:program filesDjVi
2008-11-20 20:41 . 2008-11-20 20:41d
c:program filesGoogle
2008-11-20 09:53 . 2008-11-20 09:53d
c:program filesAlwil Software
2008-11-17 22:19 . 2008-11-17 22:19d
c:program filesMSXML 4.0
2008-11-17 10:29 . 2001-09-07 12:41 290,816 —a
c:windowssystem32WINHTTP5.DLL
2008-11-17 10:29 . 2001-05-18 16:42 122,880 —a
c:windowssystem32PTZAD_DeltaDome_II_422.drv
2008-11-17 10:29 . 2001-03-05 17:37 118,784 —a
c:windowssystem32DSRSys.dll
2008-11-17 10:29 . 2001-03-05 16:38 114,688 —a
c:windowssystem32PTZPELCO_P_Version.drv
2008-11-17 10:29 . 2001-03-05 16:31 114,688 —a
c:windowssystem32PTZPELCO_D_Version.drv
2008-11-17 10:29 . 2001-03-30 12:40 114,688 —a
c:windowssystem32PTZPANASONIC_WVCS850(Conventional).drv
2008-11-17 10:29 . 2001-03-30 12:37 110,592 —a
c:windowssystem32PTZPANASONIC_WVCS850(New).drv
2008-11-17 10:29 . 2001-11-28 16:40 110,592 —a
c:windowssystem32Dsrinfo.dll
2008-11-17 10:29 . 2002-02-04 03:43 82,432 —a
c:windowssystem32msxml4r.dll
2008-11-17 10:29 . 2003-04-18 17:29 44,544 —a
c:windowssystem32msxml4a.dll
2008-11-17 09:48 . 2008-11-17 09:48d
c:windowssystem32ru-ru
2008-11-17 09:48 . 2008-10-04 00:26 6,066,176
c:windowssystem32dllcacheieframe.dll
2008-11-17 09:48 . 2007-04-17 16:32 2,455,488
c:windowssystem32dllcacheieapfltr.dat
2008-11-17 09:48 . 2007-03-08 12:12 1,060,864
c:windowssystem32dllcacheieframe.dll.mui
2008-11-17 09:48 . 2008-08-26 15:26 459,264
c:windowssystem32dllcachemsfeeds.dll
2008-11-17 09:48 . 2008-08-26 15:26 383,488
c:windowssystem32dllcacheieapfltr.dll
2008-11-17 09:48 . 2008-08-26 15:26 267,776
c:windowssystem32dllcacheiertutil.dll
2008-11-17 09:48 . 2008-08-26 15:26 63,488
c:windowssystem32dllcacheicardie.dll
2008-11-17 09:48 . 2008-08-26 15:26 52,224
c:windowssystem32dllcachemsfeedsbs.dll
2008-11-17 09:48 . 2008-08-25 15:38 13,824
c:windowssystem32dllcacheieudinit.exe
2008-11-17 09:43 . 2007-08-13 18:54 33,792 —a
c:windowssystem32dllcachecustsat.dll
2008-11-17 09:16 . 2008-11-17 09:16 118 —a
c:windowssystem32MRT.INI
2008-11-17 09:15 . 2003-02-28 18:26 139,536 —a
c:windowssystem32javaee.dll
2008-11-15 15:40 . 2008-11-15 15:40d
c:documents and settingsЕвгенDoctorWeb
2008-11-15 15:40 . 2008-11-15 15:40d
c:documents and settingsЕвгенDoctorWeb
2008-11-15 15:37 . 2008-11-15 15:38 600 —a
c:windowssess_ad556d36281077c50120cfba334daf6b
2008-11-15 15:34 . 2008-11-15 15:34d
c:program filesSmall Soft
2008-11-15 01:47 . 2008-06-15 00:59 272,512
c:windowssystem32dllcachebthport.sys
2008-11-15 01:45 . 2007-07-09 20:11 584,192
c:windowssystem32dllcacherpcrt4.dll
2008-11-15 01:43 . 2008-08-28 17:04 333,056
c:windowssystem32dllcachesrv.sys
2008-11-15 01:25 . 2008-08-14 20:47 2,182,144
c:windowssystem32dllcachentoskrnl.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,138,112
c:windowssystem32dllcachentkrnlmp.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,059,520
c:windowssystem32dllcachentkrnlpa.exe
2008-11-15 01:25 . 2008-08-14 20:47 2,017,792
c:windowssystem32dllcachentkrpamp.exe
2008-11-15 01:03 . 2008-05-01 21:33 331,776
c:windowssystem32dllcachemsadce.dll
2008-11-15 01:02 . 2008-04-12 01:51 683,520
c:windowssystem32dllcacheinetcomm.dll
2008-11-15 00:57 . 2008-09-04 23:46 1,106,944
c:windowssystem32dllcachemsxml3.dll
2008-11-14 23:53 . 2008-10-16 00:00 332,800
c:windowssystem32dllcachenetapi32.dll
2008-11-14 23:50 . 2008-11-14 23:50d—h
c:windows$hf_mig$
2008-11-14 19:07 . 2001-01-09 08:57 299,520 —a
c:windowsuninst.exe
2008-11-14 18:38 . 2002-03-21 17:33 17,167 —a
c:windowssystem32driverscg300Au.sys
2008-11-14 18:37 . 2002-03-21 17:33 13,468 —a
c:windowssystem32driverscg300vc.sys
2008-11-14 16:43 . 2008-11-14 16:43d
c:program filesDigital Surveillance Recorder
2008-11-14 16:01 . 2008-11-14 16:01d
c:documents and settingsЕвгенApplication DataMedia Player Classic
2008-11-14 15:50 . 2008-11-14 15:50d
c:program filesK-Lite Codec Pack
2008-11-14 15:50 . 2007-11-29 23:30 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-11-14 15:50 . 2008-01-10 13:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-11-14 15:50 . 2007-12-04 02:33 682,496 —a
c:windowssystem32divx.dll
2008-11-14 15:50 . 2006-09-24 16:11 389,120 —a
c:windowssystem32lameACM.acm
2008-11-14 15:50 . 2004-01-25 17:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-11-14 15:50 . 2007-09-04 17:56 164,352 —a
c:windowssystem32unrar.dll
2008-11-14 15:50 . 2008-01-10 13:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-11-14 15:50 . 2007-09-21 01:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-11-14 15:50 . 2007-11-29 23:28 81,920 —a
c:windowssystem32dpl100.dll
2008-11-14 15:50 . 2007-12-24 13:49 7,680 —a
c:windowssystem32ff_vfw.dll
2008-11-14 15:50 . 2007-07-10 17:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-11-14 15:50 . 2007-10-03 16:03 414 —a
c:windowssystem32lame_acm.xml
2008-11-14 13:41 . 2008-11-14 13:42d
c:documents and settingsЕвгенApplication DataBIS077
2008-11-14 04:19 . 2008-11-14 04:19d
c:program filesUnivision Canada Limited
2008-11-14 04:16 . 2008-11-14 04:16d
c:program filesVIA Technologies, Inc
2008-11-14 04:16 . 2003-07-04 23:14 32,768 —a
c:windowssystem32UnAudioNT.dll
2008-11-14 03:32 . 2008-11-14 03:32d
c:documents and settingsЕвгенApplication DataskypePM
2008-11-14 03:32 . 2008-11-14 03:32 56 —ah
c:windowssystem32ezsidmv.dat
2008-11-14 03:27 . 2008-11-14 03:27d
c:documents and settingsЕвгенApplication DataSkype
2008-11-14 03:26 . 2008-11-14 03:26dr
c:program filesSkype
2008-11-14 03:26 . 2008-11-14 03:26d
c:program filesCommon FilesSkype
2008-11-14 03:26 . 2008-11-14 03:26d
c:documents and settingsAll UsersApplication DataSkype
2008-11-13 17:52 . 2008-11-13 17:52d
C:Dsr-Video
2008-11-13 17:51 . 2000-10-19 15:57 114,688 —a
c:windowssystem32PTZPELCO_SPECTRA.drv
2008-11-11 23:16 . 2008-11-11 23:16d
c:program filesOpera
2008-11-11 22:36 . 2008-11-11 22:36 0 —a
c:windowsnsreg.dat
2008-11-11 22:03 . 2008-11-11 22:03d
c:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-11 16:14 . 2008-11-11 16:14d
c:program filesTrend Micro
2008-11-11 15:58 . 2008-11-11 15:58d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 15:58 . 2008-12-03 19:52 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 15:58 . 2008-12-03 19:52 15,504 —a
c:windowssystem32driversmbam.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 19:04 105,216 —-a-w c:windowssystem32atipdsx.dll
2008-10-24 11:10 453,632 —-a-w c:windowssystem32driversmrxsmb.sys
2008-10-24 11:10 453,632
w c:windowssystem32dllcachemrxsmb.sys
2008-10-16 07:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 07:13 202,776 —-a-w c:windowssystem32dllcachewuweb.dll
2008-10-16 07:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 07:13 1,809,944 —-a-w c:windowssystem32dllcachewuaueng.dll
2008-10-16 07:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 07:12 561,688 —-a-w c:windowssystem32dllcachewuapi.dll
2008-10-16 07:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 07:12 323,608 —-a-w c:windowssystem32dllcachewucltui.dll
2008-10-16 07:09 92,696 —-a-w c:windowssystem32dllcachecdm.dll
2008-10-16 07:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 07:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 07:09 51,224 —-a-w c:windowssystem32dllcachewuauclt.exe
2008-10-16 07:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 07:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 07:08 34,328 —-a-w c:windowssystem32dllcachewups.dll
2008-09-30 09:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-15 15:41 1,846,144 —-a-w c:windowssystem32win32k.sys
2008-09-15 15:41 1,846,144
w c:windowssystem32dllcachewin32k.sys
2008-06-23 15:37 24,192 —-a-w c:documents and settingsЕвгенusbsermptxp.sys
2008-06-23 15:37 24,192 —-a-w c:documents and settingsЕвгенusbsermptxp.sys
2008-06-23 15:37 22,768 —-a-w c:documents and settingsЕвгенusbsermpt.sys
2008-06-23 15:37 22,768 —-a-w c:documents and settingsЕвгенusbsermpt.sys
.((((((((((((((((((((((((((((( snapshot@2008-12-08_ 2.07.56.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 19:15:38 16,384 —-a-w c:windowsTempPerflib_Perfdata_528.dat
+ 2008-12-07 19:15:24 16,384 —-a-w c:windowsTempPerflib_Perfdata_598.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{31A71CFE-2774-4D06-9EB3-486A2F28E53D}]
2008-12-08 02:04 105216 —a
c:windowssystem32atipdsx.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2008-11-29 270128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-27 81000]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 39792]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-03 136600]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2008-12-03 1265296][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2008-12-06 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\THQ\Titan Quest\Titan Quest.exe»=
«c:\Program Files\Far\Far.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Univision Canada Limited\Pico2000\DSR.exe»=
«c:\Program Files\Small Soft\MCC\mysql\bin\mysqld-nt.exe»=
«c:\Program Files\Small Soft\MCC\MCCServer\MCCmicroServ.exe»=
«c:\Program Files\Small Soft\MCC\Apache2\bin\Apache.exe»=
«c:\Program Files\Digital Surveillance Recorder\PICO2000\PlayServer.exe»=
«c:\Program Files\Digital Surveillance Recorder\PICO2000\DSR.exe»=
«c:\WINDOWS\System32\dpvsetup.exe»=
«c:\Program Files\Digital Surveillance Recorder\Remote Module\Alarm Receiver.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 fychtgty;fychtgty;c:windowssystem32driverswxzmfyzt.dat []
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-11-20 111184]
R2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2008-11-20 20560]
R2 sw848b;sw848b;c:windowssystem32driverssw848b.sys [2008-11-14 46790]
R2 sw878b;sw878b;c:windowssystem32driverssw878b.sys [2008-11-14 10148]
R3 cg300;cg300VidCap;c:windowssystem32DRIVERScg300vc.sys [2008-11-14 13468]
R3 cg300Au;cg300 Audio Capture;c:windowssystem32DRIVERScg300au.sys [2008-11-14 17167]
S3 ATE_PROCMON;ATE_PROCMON;??c:program filesAnti Trojan EliteATEPMon.sys []
S3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windowssystem32DRIVERSNtApm.sys [2008-03-17 9472]
S3 Winacusb;Winacusb;c:windowssystem32DRIVERSwinacusb.sys [2008-03-17 886240][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{057e9560-ff1d-11dc-8410-a7704c509c54}]
ShellAutoRuncommand — wscript.exe ..vbs
Shellopencommand — wscript.exe ..vbs[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{057e9561-ff1d-11dc-8410-a7704c509c54}]
ShellAutoRuncommand — wscript.exe ..vbs
Shellopencommand — wscript.exe ..vbs[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0f404e90-5a21-11dc-a8de-806d6172696f}]
ShellAutocommand — D:auto.exe
ShellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1dea6cc0-fc00-11dc-8407-d9e42bbc9e52}]
ShellAutoRuncommand — wscript.exe ..vbs
Shellopencommand — wscript.exe ..vbs[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e1ab6700-436b-11dd-b3f9-c00ad6a83956}]
ShellAutoRuncommand — wscript.exe ..vbs
Shellopencommand — wscript.exe ..vbs*Newly Created Service* — CATCHME
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 02:15:31
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(516)
c:windowssystem32Ati2evxx.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHDISP.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:program filesALWIL SOFTWAREAVAST4SETUPAVAST.SETUP
c:program filesALWIL SOFTWAREAVAST4ASHMAISV.EXE
c:program filesALWIL SOFTWAREAVAST4ASHWEBSV.EXE
.
**************************************************************************
.
Completion time: 2008-12-08 2:16:53 — machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:16:52
ComboFix2.txt 2008-12-07 19:08:42Pre-Run: 71 518 715 904 байт свободно
Post-Run: 71,505,281,024 байт свободно255 — E O F — 2008-11-17 15:20:01
Malwarebytes’ Anti-Malware 1.31
Версия базы данных: 1459
Windows 5.1.2600 Service Pack 204.12.2008 16:24:16
mbam-log-2008-12-04 (16-24-16).txtТип проверки: Быстрая
Проверено объектов: 41658
Прошло времени: 2 minute(s), 16 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 4
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 0Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
(Вредоносные программы не обнаружены)После перезагрузки то же.
