Новый участник
Сообщения: 7
Благодарности: 0
|
Профиль
|
Отправить PM
| Цитировать
ComboFix 12-03-08.02 - General 08.03.2012 16:28:56.1.2 - x86
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.380.1049.18.3067.1855 [GMT 2:00]
Running from: c:\users\General\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\General\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Gdiplus.dll
c:\windows\system32\muzapp.exe
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 14:37 . 2012-03-08 14:46 -------- d-----w- c:\users\General\AppData\Local\temp
2012-03-08 14:37 . 2012-03-08 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 07:13 . 2012-03-08 07:13 -------- d-----w- c:\users\General\AppData\Roaming\Malwarebytes
2012-03-08 07:13 . 2012-03-08 07:13 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 07:13 . 2012-03-08 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-08 07:13 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 23:18 . 2012-03-08 14:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D2404F-40AC-48C5-B588-A40A0F98103A}\offreg.dll
2012-03-07 05:53 . 2012-03-07 05:53 -------- d-----w- c:\users\General\DoctorWeb
2012-03-06 20:16 . 2012-03-07 16:00 -------- d-----w- c:\program files\trend micro
2012-03-06 20:16 . 2012-03-06 20:20 -------- d-----w- C:\rsit
2012-03-06 20:02 . 2012-03-06 20:02 -------- d-----w- C:\Temp
2012-03-06 16:17 . 2009-05-28 13:38 10752 ----a-w- c:\windows\system32\drivers\SABI.sys
2012-03-06 07:42 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D2404F-40AC-48C5-B588-A40A0F98103A}\mpengine.dll
2012-03-02 21:33 . 2012-03-03 08:22 -------- d-----w- c:\users\General\AppData\Local\Samsung
2012-03-02 21:32 . 2011-12-08 04:22 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-03-02 21:32 . 2011-12-08 04:22 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-03-02 21:32 . 2011-12-08 04:22 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-03-02 21:32 . 2011-12-08 04:22 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-03-02 21:32 . 2011-12-08 04:22 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-03-02 21:32 . 2011-12-08 04:22 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-03-02 21:32 . 2011-12-08 04:22 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-03-02 21:32 . 2011-12-08 04:22 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-03-02 21:32 . 2011-12-08 04:22 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-03-02 21:32 . 2011-12-08 04:22 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-03-02 21:31 . 2011-12-08 04:22 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-03-02 21:31 . 2011-12-08 04:22 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-03-02 21:31 . 2011-12-08 04:22 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-03-02 21:31 . 2011-12-08 04:22 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-03-02 21:31 . 2011-12-08 04:22 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-03-02 21:31 . 2011-12-08 04:22 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-03-02 21:31 . 2011-12-08 04:22 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-03-02 21:30 . 2012-01-31 16:15 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-03-02 21:30 . 2012-03-02 21:30 -------- d-----w- c:\program files\MarkAny
2012-03-02 21:30 . 2012-01-31 16:15 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-03-02 21:30 . 2012-03-06 16:17 -------- d-----w- c:\programdata\Samsung
2012-03-02 12:04 . 2012-03-02 12:19 -------- d-----w- c:\program files\Connectify
2012-03-02 12:04 . 2012-03-02 12:16 -------- d-----w- c:\programdata\Connectify
2012-03-02 11:59 . 2012-03-02 11:59 -------- d-----w- c:\users\General\AppData\Roaming\AnvSoft
2012-03-02 11:59 . 2012-03-02 11:59 -------- d-----w- c:\program files\AnvSoft
2012-03-01 19:45 . 2012-03-02 15:41 -------- d-----w- c:\users\General\AppData\Roaming\Skype
2012-03-01 19:44 . 2012-03-01 19:44 -------- d-----w- c:\program files\Common Files\Skype
2012-03-01 19:44 . 2012-03-01 19:44 -------- d-----r- c:\program files\Skype
2012-03-01 19:40 . 2012-03-01 19:44 -------- d-----w- c:\programdata\Skype
2012-02-29 09:43 . 2012-02-29 09:58 -------- d-----w- c:\program files\Monkey's Audio
2012-02-29 09:43 . 2011-04-16 19:08 446464 ----a-w- c:\windows\system32\MACDll.dll
2012-02-19 13:14 . 2012-02-19 13:14 -------- d-----w- c:\users\General\AppData\Roaming\Softplicity
2012-02-19 13:14 . 2012-02-19 16:24 -------- d-----w- c:\program files\TotalAudioConverter
2012-02-19 07:27 . 2012-02-19 07:28 -------- d-----w- c:\program files\Total Video Converter
2012-02-18 19:31 . 2012-02-18 19:31 -------- d-----w- c:\programdata\Astroburn Lite
2012-02-18 19:24 . 2012-02-18 19:24 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-18 19:24 . 2012-02-18 19:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-02-18 19:24 . 2012-02-18 19:26 -------- d-----w- c:\users\General\AppData\Roaming\DAEMON Tools Lite
2012-02-18 19:24 . 2012-02-18 19:24 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-18 18:50 . 2012-02-18 18:50 -------- d-----w- c:\program files\foobar2000
2012-02-18 15:29 . 2012-02-29 09:58 -------- d-----w- c:\users\General\AppData\Roaming\foobar2000
2012-02-18 15:07 . 2005-07-28 06:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2012-02-18 15:07 . 2005-06-21 10:10 24576 ----a-w- c:\windows\system32\hdsuinst.exe
2012-02-18 15:07 . 2001-09-28 17:00 164864 ----a-w- c:\windows\system32\UNWISE.EXE
2012-02-18 15:07 . 2005-09-28 12:24 2164411 ----a-w- c:\windows\system32\haspds_windows.dll
2012-02-18 15:07 . 2012-02-18 16:04 -------- d-----w- c:\program files\Weiss Engineering
2012-02-17 18:09 . 2012-02-17 18:09 -------- d-----w- c:\program files\LANG
2012-02-17 18:09 . 2012-02-17 18:09 -------- d-----w- c:\program files\FLAG
2012-02-17 18:09 . 2008-08-27 17:21 821760 ----a-w- c:\program files\CUE_Splitter.exe
2012-02-16 19:28 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 19:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 19:28 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 19:01 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 14:45 . 2011-12-26 19:01 28160 ----a-w- c:\windows\system32\drivers\oem-drv86.sys
2012-02-23 07:18 . 2011-12-26 21:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 19:14 . 2011-12-27 03:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 10:11 . 2012-01-05 11:22 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 16:15 . 2012-01-31 16:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 16:15 . 2012-01-31 16:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 16:15 . 2012-01-31 16:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 16:15 . 2012-01-31 16:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 16:15 . 2012-01-31 16:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 16:15 . 2012-01-31 16:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 16:15 . 2012-01-31 16:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 16:15 . 2012-01-31 16:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 16:15 . 2012-01-31 16:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 16:15 . 2012-01-31 16:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 16:15 . 2012-01-31 16:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 16:15 . 2012-01-31 16:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 16:15 . 2012-01-31 16:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 16:15 . 2012-01-31 16:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 16:15 . 2012-01-31 16:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 16:15 . 2012-01-31 16:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 16:15 . 2012-01-31 16:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 16:15 . 2012-01-31 16:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 16:15 . 2012-01-31 16:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 16:15 . 2012-01-31 16:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 16:15 . 2012-01-31 16:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 16:15 . 2012-01-31 16:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 16:15 . 2012-01-31 16:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 16:15 . 2012-01-31 16:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 16:15 . 2012-01-31 16:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 16:15 . 2012-01-31 16:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 16:15 . 2012-01-31 16:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 16:15 . 2012-01-31 16:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-26 22:23 . 2011-12-26 22:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-12-26 20:38 . 2011-12-26 20:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-26 20:38 . 2011-12-26 20:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-26 20:38 . 2011-12-26 20:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-26 20:38 . 2011-12-26 20:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-26 20:38 . 2011-12-26 20:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-26 20:38 . 2011-12-26 20:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-26 20:38 . 2011-12-26 20:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-26 20:38 . 2011-12-26 20:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-26 20:38 . 2011-12-26 20:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-26 20:38 . 2011-12-26 20:38 367104 ----a-w- c:\windows\system32\html.iec
2011-12-26 20:38 . 2011-12-26 20:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-26 20:38 . 2011-12-26 20:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-26 20:38 . 2011-12-26 20:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-26 20:38 . 2011-12-26 20:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-26 20:38 . 2011-12-26 20:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-26 20:38 . 2011-12-26 20:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-26 20:38 . 2011-12-26 20:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-26 17:04 . 2011-12-26 17:04 9216 ----a-r- c:\users\General\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-12-26 10:35 . 2011-12-26 10:35 13312 ----a-w- c:\windows\system32\drivers\KMDFMEMIO.sys
2011-12-26 10:05 . 2011-12-26 10:05 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-12-16 08:01 . 2012-01-05 11:22 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-16 08:01 . 2012-01-05 11:22 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clock Widget (HTC Home)"="d:\install\HTC Home Apis Portable\Clock.exe" [2011-12-27 1970688]
"TouchpadBlocker.exe"="c:\program files\Touchpad Blocker\TouchpadBlocker.exe" [2011-11-26 878080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2012-03-02 3073864]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-04 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-12-16 284560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ACSW14EN"="c:\program files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" [2011-09-19 1231472]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Вырезка экрана и программа запуска для OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 20992]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 13824]
R3 netw5v32;Драйвер адаптера беспроводной связи серии Intel(R) Wireless WiFi Link 5000 для 32-разрядной версии Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 28672]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1343400]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2012-03-08 28160]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-16 36000]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2011-12-26 27248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-18 242240]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-16 340232]
S2 AntiVirSchedulerService;Avira Планировщик;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-16 86736]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-16 463824]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2011-12-01 69632]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2011-12-26 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;Драйвер минипорта NDIS6.2 для контроллера Marvell Yukon Ethernet;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152155325-2590358471-3149706016-1000Core.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152155325-2590358471-3149706016-1000UA.job
- c:\users\General\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: Закачать ВСЕ при помощи Download Master - c:\program files\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\Download Master\dmie.htm
IE: Отправить изображение на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Передать на удаленную закачку DM - c:\program files\Download Master\remdown.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6B6E2867-0F6E-457E-B633-6D2AF1A16566}: NameServer = 195.128.182.46 195.128.182.45
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2976)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\progra~1\TOTALV~1\Flv.ax
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Connectify\ConnectifyD.exe
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-08 16:53:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 14:53
.
Pre-Run: 3*642*077*184 байт свободно
Post-Run: 3*847*995*392 байт свободно
.
- - End Of File - - 4E9515518FABF379195013021DF51E64
|
Отправлено: 18:57, 08-03-2012
| #7
|
