Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 19.07.2014
Scan Time: 13:38:38
Logfile: report MAM.txt
Administrator: No
Version: 2.00.2.1012
Malware Database: v2014.07.19.02
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Admin
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 148668
Time Elapsed: 18 min, 59 sec
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[65f9e1c04c2f7abc3e53c2e1cc389868]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[4a145c45d5a638fed6bc970c21e3ad53]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[75e97130116a171f4848950e8c785ea2]
Folders: 1
Trojan.Spyeyes, C:\Recycle.Bin, , [71ed079a2b50dc5a4eddcfd1e12147b9],
Files: 5
Trojan.Critroni, C:\Program Files\Mozilla Firefox\run6305625.exe, , [a7b7158c4f2c290dd9d8e8b5f30e5da3],
Trojan.Dropped, C:\WINDOWS\system32\hidcon.exe, , [bf9f49587a01d85e87ef0f9be1203dc3],
Exploit.Dropper, C:\Program Files\Mozilla Firefox\0.10673251557132157.exe, , [441a9e03f289ad890c1296ffea19748c],
Malware.Trace, C:\WINDOWS\system32\ieunitdrf.inf, , [f36bedb4e6951224355f485fa2613dc3],
Hijack.Trace, C:\WINDOWS\system32\drivers\etc\h??sts, , [c59948593f3c092df51f9d3b5ea5fc04],
Physical Sectors: 0
(No malicious items detected)
(end)
2. hijackthis.log
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:52:09, on 19.07.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 35.0.1916.153
FIREFOX: 30.0 (ru)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DrWeb Enterprise Suite\dwengine.exe
C:\Program Files\DrWeb Enterprise Suite\DWNETFILTER.EXE
C:\Program Files\DrWeb Enterprise Suite\frwl_svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe
C:\Program Files\DrWeb Enterprise Suite\frwl_notify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VistaDriveIcon\VistaDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe
C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe
C:\Program Files\DrWeb Enterprise Suite\dwengine.exe
C:\Program Files\DrWeb Enterprise Suite\dwarkdaemon.exe
J:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://webalta.ru/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yandex.ru/?clid=133922
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O4 - HKLM\..\Run: [2Gis Update Notifier] "C:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start
O4 - HKLM\..\Run: [DrWebAgentUI] "C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe"
O4 - HKLM\..\Run: [FirewallNotify] "C:\Program Files\DrWeb Enterprise Suite\frwl_notify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'Default user')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 2GIS UpdateService (2GISUpdateService) - ООО ДубльГИС - C:\Program Files\2gis\3.0\2GISUpdateService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Dr.Web Enterprise Agent (drwagntd) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\dwengine.exe
O23 - Service: Dr.Web Firewall Service (DrWebFwSvc) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\frwl_svc.exe
O23 - Service: Dr.Web Net Filtering Service (DrWebNetFilter) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\DWNETFILTER.EXE
O23 - Service: Dr.Web Enterprise Upgrade Service (drwupgrade) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\1\drwupgrade.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 7013 bytes
Скрыть