Новости
Видео
Microsoft
Windows 10
Железо
Программы
Форум
Имя пользователя:
Пароль:  
Помощь | Регистрация | Забыли пароль?  

Название темы: Не открываются сайты антивирусов, AVZ не запускается
Показать сообщение отдельно

Новый участник


Сообщения: 28
Благодарности: 0

Профиль | Отправить PM | Цитировать

Вот ComboFix.txt

Код: Выделить весь код
omboFix 10-10-11.05 - Михаил 12.10.2010  22:59:07.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.766.503 [GMT 4:00]
Running from: c:\documents and settings\Михаил.ZONG\Рабочий стол\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AGAVA Firewall *disabled* {88C101B1-C3A4-4665-B493-04B4914728BA}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winlogon.bak

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
(((((((((((((((((((((((((   Files Created from 2010-09-12 to 2010-10-12  )))))))))))))))))))))))))))))))
.

2010-10-12 17:11 . 2010-10-12 17:11	--------	d-----w-	c:\program files\Common Files\932969D5a
2010-10-12 16:38 . 2010-10-12 16:38	--------	d-----w-	c:\program files\Common Files\93296A2Da
2010-10-12 14:56 . 2009-10-22 09:54	37392	----a-w-	c:\windows\system32\drivers\80653142.sys
2010-10-12 14:56 . 2009-10-09 19:31	315408	----a-w-	c:\windows\system32\drivers\8065314.sys
2010-10-12 14:56 . 2009-09-25 13:59	128016	----a-w-	c:\windows\system32\drivers\80653141.sys
2010-10-12 14:23 . 2010-10-12 14:23	--------	d-----w-	c:\program files\Trend Micro
2010-10-12 05:43 . 2010-10-12 05:43	168960	----a-w-	c:\windows\system32\с'Iж¶’Бѓ9жЭ~вFЊ™№ч
2010-10-04 16:09 . 2010-10-04 17:43	--------	d-----w-	C:\videooutput
2010-10-04 11:40 . 2000-03-15 20:56	69632	----a-w-	c:\windows\system32\voxmsdec.ax
2010-10-04 11:40 . 1999-10-29 22:36	278016	----a-w-	c:\windows\system32\vct3216.dll
2010-10-04 11:40 . 1999-10-29 22:36	82944	----a-w-	c:\windows\system32\vct3216.acm
2010-10-04 11:40 . 1999-10-29 22:36	281600	----a-w-	c:\windows\system32\mvoice.vwp
2010-10-04 11:40 . 1999-04-15 09:10	56320	----a-w-	c:\windows\system32\voxmvdec.ax
2010-10-04 11:40 . 1999-04-15 09:10	424960	----a-w-	c:\windows\system32\msms001.vwp
2010-10-03 18:14 . 2010-10-03 18:14	--------	d-----w-	c:\program files\Opera
2010-10-03 14:11 . 2010-10-03 15:23	--------	d-----w-	c:\program files\Common Files\6cd69121
2010-10-02 18:37 . 2007-04-12 10:19	129024	----a-w-	c:\windows\system32\AVERM.dll
2010-10-02 18:37 . 2006-09-26 09:57	28672	----a-w-	c:\windows\system32\AVEQT.dll
2010-09-26 19:15 . 2010-09-26 19:15	--------	d-----w-	c:\documents and settings\.ZONG
2010-09-25 15:49 . 2010-09-25 15:49	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-09-23 19:17 . 2010-09-23 19:17	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-23 19:15 . 2005-05-26 11:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2010-09-23 19:00 . 2005-04-25 06:43	159616	----a-w-	c:\windows\system32\drivers\Vax347b.sys
2010-09-23 19:00 . 2004-04-30 05:33	5248	----a-w-	c:\windows\system32\drivers\Vax347s.sys
2010-09-20 09:28 . 2010-06-21 15:27	354304	-c----w-	c:\windows\system32\dllcache\srv.sys
2010-09-18 17:11 . 2009-05-18 09:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-18 17:11 . 2008-04-17 08:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-09-18 17:11 . 2010-09-18 17:11	--------	d-----w-	c:\program files\iPod
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin6.dll
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin5.dll
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin4.dll
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin3.dll
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin2.dll
2010-09-18 17:10 . 2010-09-18 17:10	159744	----a-w-	c:\program files\Internet Explorer\Модули\npqtplugin.dll
2010-09-18 14:31 . 2010-09-18 14:31	--------	d-----w-	c:\program files\ATI
2010-09-18 14:30 . 2010-09-18 14:30	--------	d-----w-	C:\ATI
2010-09-18 10:09 . 2008-04-14 16:11	29184	-c--a-w-	c:\windows\system32\dllcache\msoobe.exe
2010-09-18 10:09 . 2005-07-31 15:20	114688	----a-w-	c:\windows\WPA_Kill.exe
2010-09-18 10:09 . 2004-10-01 01:13	3072	----a-w-	c:\windows\AntiWPA_Crypt.dll
2010-09-18 10:09 . 2010-09-18 10:09	--------	d-----w-	c:\windows\8_WPA_kill2
2010-09-18 07:51 . 2010-06-24 12:26	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-09-18 07:51 . 2010-06-24 13:56	11077120	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2010-09-18 07:51 . 2010-06-24 12:26	599040	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2010-09-18 07:51 . 2010-06-24 12:26	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-18 07:51 . 2010-06-24 12:26	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-09-18 07:51 . 2010-06-24 12:26	1986560	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2010-09-18 07:51 . 2010-06-24 12:26	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-09-17 18:14 . 2001-08-17 21:59	3072	----a-w-	c:\windows\system32\drivers\audstub.sys
2010-09-17 18:14 . 2008-04-13 18:36	20352	----a-w-	c:\windows\system32\drivers\hidbatt.sys
2010-09-17 18:14 . 2008-04-13 18:36	10240	----a-w-	c:\windows\system32\drivers\compbatt.sys
2010-09-17 18:14 . 2008-04-13 18:36	14208	----a-w-	c:\windows\system32\drivers\battc.sys
2010-09-17 18:14 . 2008-04-13 18:47	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2010-09-17 18:13 . 2008-04-14 15:41	58368	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-09-17 18:13 . 2004-08-03 22:31	20992	----a-w-	c:\windows\system32\drivers\RTL8139.sys
2010-09-17 18:12 . 2008-04-14 16:10	76800	----a-w-	c:\windows\system32\usbui.dll
2010-09-17 18:09 . 2001-10-20 12:00	5632	-c--a-w-	c:\windows\system32\dllcache\kbdtat.dll
2010-09-17 18:08 . 2002-12-20 08:40	675328	----a-w-	c:\windows\system32\ir50_32.qtx
2010-09-17 18:07 . 2010-09-17 14:29	--------	d--h--w-	c:\documents and settings\Default User.WINDOWS
2010-09-17 18:07 . 2010-09-17 14:20	--------	d-----w-	c:\documents and settings\All Users.WINDOWS
2010-09-17 17:49 . 2010-09-17 19:01	--------	d-----w-	c:\program files\ABBYY FineReader 9.0
2010-09-17 17:47 . 2007-11-02 14:58	566560	----a-w-	c:\temp\FR90PE\ABBYY FineReader 9.0\NetworkLicenseServer.exe
2010-09-17 15:47 . 2006-03-12 21:14	95232	----a-r-	c:\windows\system32\HPcam_03.dll
2010-09-17 15:42 . 2008-04-13 18:51	101120	----a-w-	c:\windows\system32\drivers\bthpan.sys
2010-09-17 15:42 . 2008-04-13 18:46	59136	----a-w-	c:\windows\system32\drivers\rfcomm.sys
2010-09-17 15:42 . 2008-04-14 16:10	152064	----a-w-	c:\windows\system32\irftp.exe
2010-09-17 15:42 . 2008-04-14 16:10	28160	----a-w-	c:\windows\system32\irmon.dll
2010-09-17 15:42 . 2008-04-13 18:46	17024	----a-w-	c:\windows\system32\drivers\bthenum.sys
2010-09-17 15:42 . 2008-04-14 16:10	8192	----a-w-	c:\windows\system32\wshirda.dll
2010-09-17 15:40 . 2004-08-03 18:29	63663	------w-	c:\windows\system32\drivers\ati1rvxx.sys
2010-09-17 15:40 . 2004-08-03 18:29	30671	------w-	c:\windows\system32\drivers\ati1raxx.sys
2010-09-17 15:40 . 2004-08-03 18:29	56623	------w-	c:\windows\system32\drivers\ati1btxx.sys
2010-09-17 15:40 . 2004-08-03 18:29	12047	------w-	c:\windows\system32\drivers\ati1pdxx.sys
2010-09-17 15:40 . 2004-08-03 18:29	11615	------w-	c:\windows\system32\drivers\ati1mdxx.sys
2010-09-17 15:39 . 2000-06-26 06:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll
2010-09-17 15:38 . 2004-07-26 12:16	476320	------w-	c:\windows\system32\ImagXpr7.dll
2010-09-17 15:38 . 2004-07-26 12:16	471040	------w-	c:\windows\system32\ImagXRA7.dll
2010-09-17 15:38 . 2004-07-26 12:16	262144	------w-	c:\windows\system32\ImagXR7.dll
2010-09-17 15:38 . 2004-07-26 12:16	1568768	------w-	c:\windows\system32\ImagX7.dll
2010-09-17 15:38 . 2001-07-09 06:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2010-09-17 15:35 . 2004-08-10 11:35	4142592	----a-w-	c:\windows\system32\qtintf.dll
2010-09-17 15:30 . 2003-04-15 18:31	258048	----a-r-	c:\windows\system32\hpsjvset.dll
2010-09-17 15:30 . 2003-04-15 18:33	401408	----a-r-	c:\windows\system32\hpgt2436.dll
2010-09-17 15:30 . 2003-04-15 18:31	274432	----a-r-	c:\windows\system32\hpgwiamd.dll
2010-09-17 15:30 . 2008-04-13 18:45	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2010-09-17 15:26 . 2010-02-24 13:11	455680	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2010-09-17 15:25 . 2009-10-15 16:33	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2010-09-17 15:25 . 2009-10-15 16:33	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2010-09-17 15:24 . 2005-03-08 13:52	16496	----a-r-	c:\windows\system32\drivers\HPZipr12.sys
2010-09-17 15:24 . 2005-03-08 13:52	51120	----a-r-	c:\windows\system32\drivers\HPZid412.sys
2010-09-17 15:23 . 2005-05-10 16:49	37376	----a-w-	c:\windows\system32\hpz3l3xu.dll
2010-09-17 15:23 . 2005-05-10 16:48	67072	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp3xu.dll
2010-09-17 15:23 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-09-17 15:23 . 2009-11-21 16:03	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-09-17 15:23 . 2004-09-29 08:15	204800	----a-w-	c:\windows\system32\HPZipr12.dll
2010-09-17 15:23 . 2004-09-29 08:14	69632	----a-w-	c:\windows\system32\HPZipm12.exe
2010-09-17 15:23 . 2004-09-29 08:09	57344	----a-w-	c:\windows\system32\HPZisn12.dll
2010-09-17 15:23 . 2004-09-29 08:09	94208	----a-w-	c:\windows\system32\HPZipt12.dll
2010-09-17 15:23 . 2004-09-29 08:08	61440	----a-w-	c:\windows\system32\HPZinw12.exe
2010-09-17 15:23 . 2004-09-29 08:12	278584	----a-w-	c:\windows\system32\HPZidr12.dll
2010-09-17 15:23 . 1998-10-29 12:45	306688	----a-w-	c:\windows\IsUninst.exe
2010-09-17 15:22 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys
2010-09-17 15:21 . 2008-10-15 16:37	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2010-09-17 15:21 . 2008-10-23 12:42	286720	-c----w-	c:\windows\system32\dllcache\gdi32.dll
2010-09-17 15:20 . 2009-02-06 10:10	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe
2010-09-17 15:20 . 2010-04-28 18:15	2191744	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-17 15:20 . 2009-03-06 14:23	284672	-c----w-	c:\windows\system32\dllcache\pdh.dll
2010-09-17 15:20 . 2009-02-09 11:25	111104	-c----w-	c:\windows\system32\dllcache\services.exe
2010-09-17 15:20 . 2009-02-09 10:54	401408	-c----w-	c:\windows\system32\dllcache\rpcss.dll
2010-09-17 15:20 . 2009-02-09 10:54	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll
2010-09-17 15:20 . 2009-06-25 08:27	732160	-c----w-	c:\windows\system32\dllcache\lsasrv.dll
2010-09-17 15:20 . 2009-02-09 10:54	687616	-c----w-	c:\windows\system32\dllcache\advapi32.dll
2010-09-17 15:20 . 2009-02-09 10:54	718848	-c----w-	c:\windows\system32\dllcache\ntdll.dll
2010-09-17 15:20 . 2009-02-09 10:54	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-17 15:20 . 2010-04-28 05:45	2148352	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-17 15:20 . 2010-04-28 05:45	2026496	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-17 15:18 . 2010-06-09 07:45	692736	-c----w-	c:\windows\system32\dllcache\inetcomm.dll
2010-09-17 15:12 . 2004-03-22 11:17	25840	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-09-17 15:12 . 2004-03-22 11:17	24816	----a-w-	c:\windows\system32\mdimon.dll
2010-09-17 15:02 . 2010-09-18 10:19	--------	d-----w-	c:\program files\Mail.Ru
2010-09-17 14:47 . 2010-09-07 14:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-17 14:47 . 2010-09-07 14:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-09-17 14:47 . 2010-09-07 14:53	340048	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2010-09-17 14:47 . 2010-09-07 14:54	99792	----a-w-	c:\windows\system32\drivers\aswFW.sys
2010-09-17 14:47 . 2010-09-07 14:53	190416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2010-09-17 14:47 . 2010-09-07 14:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2010-09-18 . FAD4579B18A9E134B5BAC0A88874E2FD . 509440 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . B3B5D5855127E240C88451030AAEE76E . 509440 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-09-17 . A975A70FCEFE2A224412214320C89DED . 503808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1208AB5D-4748-49fe-A74A-484AE2FA5D34}"= "c:\program files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll" [2010-08-20 8888136]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]

[HKEY_CLASSES_ROOT\clsid\{1208ab5d-4748-49fe-a74a-484ae2fa5d34}]
[HKEY_CLASSES_ROOT\YandexTorrent.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{50EBFBE3-CEAE-4567-884E-C58C12E91F4C}]
[HKEY_CLASSES_ROOT\YandexTorrent.Toolbar]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1208AB5D-4748-49fe-A74A-484AE2FA5D34}"= "c:\program files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll" [2010-08-20 8888136]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]

[HKEY_CLASSES_ROOT\clsid\{1208ab5d-4748-49fe-a74a-484ae2fa5d34}]
[HKEY_CLASSES_ROOT\YandexTorrent.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{50EBFBE3-CEAE-4567-884E-C58C12E91F4C}]
[HKEY_CLASSES_ROOT\YandexTorrent.Toolbar]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14	152160	----a-w-	c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-09-17 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
APC UPS Status.lnk - d:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-17 221247]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\SkyNet\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 80653142;80653142 Boot Guard Driver;c:\windows\system32\drivers\80653142.sys [12.10.2010 18:56 37392]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [08.09.2010 19:00 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [17.09.2010 18:47 190416]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 16:46 63352]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [23.09.2010 23:00 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [23.09.2010 23:00 5248]
R1 80653141;80653141;c:\windows\system32\drivers\80653141.sys [12.10.2010 18:56 128016]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [17.09.2010 18:47 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.09.2010 18:47 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.09.2010 18:47 165584]
R1 setup_9.0.0.722_12.10.2010_08-36drv;setup_9.0.0.722_12.10.2010_08-36drv;c:\windows\system32\drivers\8065314.sys [12.10.2010 18:56 315408]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06.12.2007 21:03 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.09.2010 18:47 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [08.09.2010 19:00 119200]
S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys [14.07.2005 11:39 27008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.09.2010 19:49 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 13:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=155829
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Михаил.ZONG\Application Data\Mozilla\Firefox\Profiles\6k8woy3m.default\
FF - prefs.js: browser.startup.homepage - yandex.ru
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82E31520]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75e4f28
\Driver\ACPI -> ACPI.sys @ 0xf7440cb8
\Driver\atapi -> 0x82e31520
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72c6bb0
 PacketIndicateHandler -> NDIS.sys @ 0xf72d3a21
 SendHandler -> NDIS.sys @ 0xf72b187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-12  23:20:20
ComboFix-quarantined-files.txt  2010-10-12 19:20

Pre-Run: 30*556*807*168 байт свободно
Post-Run: 30*528*045*056 байт свободно

- - End Of File - - CC32B0B6C46AF3596B26211690F4DE06

Последний раз редактировалось iskander-k, 17-10-2010 в 20:33.

Отправлено: 23:29, 12-10-2010 | #7

Название темы: Не открываются сайты антивирусов, AVZ не запускается