После запуска ОС (XP SP3) мышь визуально отображается, но не выполняет свои функции

Nika12345 · Отправлено: **23:13, 05-02-2012** | #9

ComboFix

Код:

12-02-05.02 - Наталья 05.02.2012  22:33:14.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.1023.500 [GMT 4:00]
Running from: C:\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Наталья\WINDOWS
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
C:\Documents and Settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\Setup.ilg
C:\Program Files\Mail.Ru\Agent\Mra\dll\MousePhone.dll
C:\WINDOWS\SET52.tmp
C:\WINDOWS\system32\Пузыри.scr
C:\WINDOWS\system32\odbcad32.exe
C:\WINDOWS\system32\TZLog.log


(((((((((((((((((((((((((   Files Created from 2012-01-05 to 2012-02-05  )))))))))))))))))))))))))))))))


2012-02-05 18:26:32 . 2012-02-05 18:26:47	--------	d-----w-	C:\Downloads
2012-02-02 13:44:23 . 2012-02-02 14:30:44	--------	d-----w-	C:\Samsung
2012-01-21 08:02:52 . 2012-01-21 08:02:52	--------	d-----w-	C:\users
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-29 14:04:45 . 2010-10-27 18:46:05	219648	----a-w-	C:\WINDOWS\system32\uxtheme.dll
2011-11-25 21:56:38 . 2010-10-27 18:34:02	293376	----a-w-	C:\WINDOWS\system32\winsrv.dll
2011-11-23 14:39:23 . 2010-10-27 18:34:01	1868672	----a-w-	C:\WINDOWS\system32\win32k.sys
2011-11-20 06:12:43 . 2008-04-15 13:00:00	60416	----a-w-	C:\WINDOWS\system32\packager.exe
2011-11-16 14:20:57 . 2010-10-27 18:34:02	354816	----a-w-	C:\WINDOWS\system32\winhttp.dll
2011-11-16 14:20:57 . 2010-10-27 18:33:47	152064	----a-w-	C:\WINDOWS\system32\schannel.dll
2012-02-01 11:18:32 . 2012-01-26 18:49:23	134104	----a-w-	C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2010-10-27 18:48:03 . 82729834BD295AF4966F953F0092C9C7 . 855040 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll

[-] 2010-10-27 18:49:03 . 1FF87282D77C552CE35528E208B00802 . 80376 . . [7.4.7600.229 (winmain_wtr_wsus3sp2(wmbla).100506-1159)] . . C:\WINDOWS\system32\wuauclt.exe

[-] 2010-10-27 18:48:54 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll

[-] 2010-10-27 18:48:07 . BE0C6C950280990376DC347D5FC1A15C . 1721344 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe

[-] 2010-10-27 18:47:55 . 213AC5992CAF3E155EE0CAA5D62BAF58 . 226816 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe

[-] 2010-10-27 18:48:04 . 5F248184441EB310947287D435C9DBB0 . 30208 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe

[-] 2010-10-27 18:57:49 . AB778E794E8F39D0D387A440AD356944 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2011-06-08 16:04:18	282656	----a-w-	C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}]
2011-12-13 14:43:52	2767160	----a-w-	C:\Program Files\Yandex\YandexBarIE\fastdial.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2011-12-13 14:44:00 8856376]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2011-12-13 14:44:00 8856376]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17	122512	----a-w-	C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="C:\Program Files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 10:52:02 132096]
"LClock"="C:\Program Files\LClock\lclock.exe" [2007-12-14 14:17:33 86016]
"Download Master"="C:\Program Files\Download Master\dmaster.exe" [2011-12-22 13:44:56 4185664]
"Total Commander 32 bit"="C:\Program Files\totalcmd_IT\TOTALCMD.EXE" [2011-02-01 15:09:20 3707808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"louderit.exe"="C:\Program Files\louderit\LouderIt.exe" [2008-02-19 16:32:12 41472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-03-16 03:37:50 110696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-03-16 03:37:50 13670504]
"MAgent"="C:\Program Files\Mail.Ru\Agent\magent.exe" [2012-01-18 18:50:35 14900288]
"RemoteControl9"="C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-10-06 17:24:12 87336]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 14:38:12 987187]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 10:53:18 460872]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 06:53:06 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 07:38:00 2749440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="C:\Program Files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 10:52:02 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2010-10-27 18:45:57 128512]

C:\Documents and Settings\Наталья\Главное меню\Программы\Автозагрузка\
Punto Switcher.lnk - C:\Program Files\Yandex\Punto Switcher\punto.exe [2011-11-14 1121640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AlcWzrd"=ALCWZRD.EXE
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Guard.Mail.ru.gui"="C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\WINDOWS\system32\drivers\aswNdis.sys [18.01.2012 17:45:19 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\WINDOWS\system32\drivers\aswNdis2.sys [18.01.2012 17:45:46 195416]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18.01.2012 18:40:15 691696]
R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\drivers\appdrv01.sys [04.02.2012 21:31:56 3069040]
R1 aswFW;avast! TDI Firewall driver;C:\WINDOWS\system32\drivers\aswFW.sys [18.01.2012 17:46:06 111320]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [18.01.2012 17:46:08 435032]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [18.01.2012 17:46:10 314456]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/01/25 23:58:55];C:\Program Files\CyberLink\PowerDVD9\000.fcl [06.10.2009 21:24:10 87536]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [18.01.2012 17:46:10 20568]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [18.01.2012 17:45:18 127192]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [18.01.2012 22:51:09 1717336]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [31.01.2012 10:20:41 652360]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [31.01.2012 10:20:40 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10.03.2011 17:25:54 10064]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc --> C:\WINDOWS\System32\appdrvrem01.exe svc [?]
S2 gupdate;Служба Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [25.01.2012 23:43:41 136176]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.06.2011 18:20:42 1524544]
S3 gupdatem;Служба Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [25.01.2012 23:43:41 136176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
*Deregistered* - BootScreen

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder

2012-01-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57:16 . 2011-06-01 14:57:16]

2012-02-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-25 19:43:41 . 2012-01-25 19:43:26]

2012-02-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-25 19:43:41 . 2012-01-25 19:43:26]


------- Supplementary Scan -------

uStart Page = hxxp://www.apeha.ru
mStart Page = hxxp://topdownloads.ru/games/catalog
IE: &Экспорт в Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - C:\Program Files\Download Master\remdown.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
FF - ProfilePath - C:\Documents and Settings\Наталья\Application Data\Mozilla\Firefox\Profiles\3hbnfm7b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - mail.ru: РџРѕРёСЃРє РІ Р˜РЅС‚РµСЂРЅРµС‚Рµ
FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/5087
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false

- - - - ORPHANS REMOVED - - - -

Toolbar-ITBar7Position - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 22:46:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD9\000.fcl"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1648)
C:\WINDOWS\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2724)
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\WININET.dll
C:\Program Files\Yandex\Punto Switcher\pshook.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\System32\cscui.dll
C:\Program Files\louderit\LHook.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\system32\wpdshserviceobj.dll
C:\WINDOWS\system32\webcheck.dll
C:\Program Files\LClock\LC.dll
C:\WINDOWS\system32\portabledevicetypes.dll
C:\WINDOWS\system32\portabledeviceapi.dll
C:\WINDOWS\system32\MSISIP.DLL

------------------------ Other Running Processes ------------------------

C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\taskmgr.exe

**************************************************************************

Completion time: 2012-02-05  22:57:58 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-05 18:57:47

Pre-Run: 38*239*563*776 байт свободно
Post-Run: 39*103*758*336 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /execute /fastdetect /TUTag=20JCTM /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU (TuneUp Backup)" /execute /fastdetect /TUTag=20JCTM-BAK

- - End Of File - - 34A3C5BEF1837C8E6E3820B24F94E55F