Новости
Видео
Microsoft
Windows 10
Железо
Программы
Форум
Имя пользователя:
Пароль:  
Помощь | Регистрация | Забыли пароль?  

Название темы: Anti-Malware при запуске сканирования вылетает. Сайты грузятся выборочно...
Показать сообщение отдельно
PRL PRL вне форума Автор темы

Новый участник


Сообщения: 11
Благодарности: 0

Профиль | Отправить PM | Цитировать

Код: Выделить весь код
ComboFix 10-03-29.04 - Admin 30.03.2010  22:50:17.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.2047.1584 [GMT 3:00]
Running from: c:\documents and settings\Admin\Рабочий стол\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\DESKTOP.REG
E:\show.pif

.
(((((((((((((((((((((((((   Files Created from 2010-02-28 to 2010-03-30  )))))))))))))))))))))))))))))))
.

2010-03-29 20:08 . 2010-03-29 20:08	388096	----a-r-	c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 20:08 . 2010-03-29 20:08	--------	d-----w-	c:\program files\TrendMicro
2010-03-29 18:07 . 2009-12-03 13:14	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 18:07 . 2010-03-29 18:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-29 18:07 . 2009-12-03 13:13	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-26 19:48 . 2008-04-13 22:26	30592	-c--a-w-	c:\windows\system32\dllcache\rndismpx.sys
2010-03-26 19:48 . 2008-04-13 22:26	30592	----a-w-	c:\windows\system32\drivers\rndismpx.sys
2010-03-26 19:48 . 2008-04-13 22:26	12800	-c--a-w-	c:\windows\system32\dllcache\usb8023x.sys
2010-03-26 19:48 . 2008-04-13 22:26	12800	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2010-03-26 19:44 . 2010-03-26 19:44	--------	d-----w-	c:\program files\Microsoft ActiveSync
2010-03-23 18:07 . 2010-03-29 22:11	--------	d-----w-	C:\OziExplorer
2010-03-23 17:26 . 1996-07-18 11:06	297472	----a-w-	c:\windows\uninst.exe
2010-03-23 17:26 . 2010-03-23 17:26	--------	d-----w-	c:\documents and settings\Admin\WINDOWS
2010-03-21 18:55 . 2010-03-21 18:55	--------	d-----w-	c:\program files\Common Files\Skype
2010-03-08 12:05 . 2008-04-13 22:10	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-08 12:05 . 2008-04-13 22:10	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-03-08 12:04 . 2008-04-13 22:11	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-03-08 12:04 . 2008-04-13 22:11	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-03-08 12:04 . 2008-04-13 22:11	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-03-08 12:04 . 2008-04-13 22:11	8192	----a-w-	c:\windows\system32\drivers\changer.sys
2010-03-03 22:07 . 2010-03-03 22:35	88	--sh--r-	c:\documents and settings\All Users\Application Data\Protexis\E3308F25C8.sys
2010-03-03 22:04 . 2010-03-03 22:41	2516	--sha-w-	c:\documents and settings\All Users\Application Data\Protexis\KGyGaAvL.sys
2010-03-03 22:04 . 2010-03-03 22:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\Protexis
2010-03-03 22:04 . 2010-03-03 22:04	--------	d-----w-	c:\documents and settings\Admin\Application Data\Corel
2010-03-03 22:03 . 2010-03-03 22:03	348256	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-03-03 22:03 . 2010-03-03 22:03	348256	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-03-03 22:03 . 2010-03-03 22:03	416	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-03 22:02 . 2010-03-03 22:02	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-03-03 22:02 . 2010-03-03 22:02	--------	d-----w-	c:\program files\Microsoft SDKs
2010-03-03 22:02 . 2010-03-03 22:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-03 22:02 . 2010-03-03 22:02	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 19:55 . 2010-01-21 21:43	--------	d-----w-	c:\documents and settings\Admin\Application Data\Skype
2010-03-30 17:52 . 2010-01-21 21:45	--------	d-----w-	c:\documents and settings\Admin\Application Data\skypePM
2010-03-30 17:52 . 2010-01-25 22:42	--------	d-----w-	c:\documents and settings\Admin\Application Data\ICQ
2010-03-29 18:37 . 2008-04-15 11:00	84284	----a-w-	c:\windows\system32\perfc019.dat
2010-03-29 18:37 . 2008-04-15 11:00	484670	----a-w-	c:\windows\system32\perfh019.dat
2010-03-29 06:08 . 2010-01-21 21:21	27944	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 23:33 . 2010-01-22 13:09	--------	d-----w-	c:\documents and settings\Admin\Application Data\BitTorrent
2010-03-25 21:12 . 2010-01-21 22:17	--------	d-----w-	c:\program files\Common Files\Adobe
2010-03-23 17:22 . 2010-01-26 19:42	--------	d-----w-	c:\documents and settings\Admin\Application Data\Canon
2010-03-22 22:21 . 2010-01-21 21:19	196608	----a-w-	c:\windows\system32\drivers\aStandard.bin
2010-03-08 12:04 . 2010-03-08 12:04	16	----a-w-	c:\documents and settings\LocalService\Application Data\rbuwzv.dat
2010-03-03 23:18 . 2010-01-21 19:55	149848	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-23 14:40 . 2010-02-23 14:40	--------	d-----w-	c:\program files\FLV Player
2010-02-08 09:47 . 2010-02-08 09:47	27539	----a-w-	c:\windows\system32\j04Wz21.exe
2010-02-07 21:58 . 2010-02-07 21:58	--------	d-----w-	c:\program files\Common Files\wm
2010-02-07 16:06 . 2010-01-21 22:58	--------	d-----w-	c:\program files\Codec
2010-02-07 16:05 . 2010-02-07 16:05	35328	----a-w-	c:\windows\system32\cygz.dll
2010-02-07 16:05 . 2010-02-07 16:05	35328	----a-w-	c:\windows\cygz.dll
2010-02-07 16:05 . 2010-02-07 16:05	1126281	----a-w-	c:\windows\system32\cygwin1.dll
2010-02-07 16:05 . 2010-02-07 16:05	1126281	----a-w-	c:\windows\cygwin1.dll
2010-01-29 20:47 . 2010-01-21 21:43	--------	d-----w-	c:\program files\Google
2010-01-21 21:45 . 2010-01-21 21:45	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-01-21 21:21 . 2010-01-21 21:21	128	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\fusioncache.dat
2010-01-21 21:18 . 2010-01-21 21:18	9158	----a-r-	c:\documents and settings\Admin\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
2010-01-21 21:11 . 2010-01-21 21:11	315392	----a-w-	c:\windows\HideWin.exe
2010-01-21 19:49 . 2010-01-21 19:49	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-21 19:47 . 2010-01-21 19:47	22564	----a-w-	c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-11-25 . 26F9714B64603C7927C9E777E76EA410 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28	1174920	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-21 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"Punto Switcher"="c:\program files\punto switcher\ps.exe" [2008-05-30 722112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Punto Switcher"="c:\program files\punto switcher\ps.exe" [2008-05-30 722112]
"VolumeControl"="c:\program files\VolumeControl\volume.exe" [2003-09-15 36864]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LinkDel"="linkdel.cmd" [2008-08-21 2324]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"IE7_012"="advpack.dll" [2008-11-25 124928]

c:\documents and settings\Admin\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
Punto Switcher.lnk - c:\program files\Yandex\Punto Switcher\punto.exe [2010-1-22 830248]

c:\documents and settings\All Users\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-1-22 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"Start"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.01.2010 0:24 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.01.2010 23:09 38656]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [22.01.2010 0:19 5376]
S2 gupdate;Служба Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.01.2010 23:47 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [29.03.2010 21:07 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6e1170ab780.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:47]

2010-01-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google ВикиКомментарии... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 22:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-30  22:56:24
ComboFix-quarantined-files.txt  2010-03-30 19:56

Pre-Run: 7*259*889*664 байт свободно
Post-Run: 7*646*453*760 байт свободно

- - End Of File - - 0562FDCAD7CEBDF9F37C007BA69D2056

Последний раз редактировалось Drongo, 31-03-2010 в 12:33. Причина: Тег код - #

Отправлено: 23:58, 30-03-2010 | #9

Название темы: Anti-Malware при запуске сканирования вылетает. Сайты грузятся выборочно...