Код:
ComboFix 14-08-31.01 - К-2 01.09.2014 11:01:44.1.4 - x86
Microsoft Windows 7 Домашняя базовая 6.1.7601.1.1251.7.1049.18.2039.634 [GMT 4:00]
Running from: C:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\К-2\99
c:\users\К-2\99\Наказание бандитам.txt
c:\users\К-2\99\loadfs.txt
c:\users\К-2\99\sa-mp-111.png
c:\users\К-2\99\sa-mp-141.png
c:\users\К-2\99\sa-mp-142.png
c:\users\К-2\99\sa-mp-180.png
c:\users\К-2\99\sa-mp-181.png
c:\users\К-2\99\sa-mp-187.png
c:\users\К-2\99\Stanislav Karpov [03.07].txt
c:\windows\system32\CatRoot3
c:\windows\system32\CatRoot3\dsfOggMux.dll
c:\windows\system32\CatRoot3\dsfTheoraEncoder.dll
c:\windows\system32\CatRoot3\dsfVorbisEncoder.dll
c:\windows\system32\CatRoot3\HookDrv.dll
c:\windows\system32\CatRoot3\Microsoft.VC80.CRT.manifest
c:\windows\system32\CatRoot3\msvcp80.dll
c:\windows\system32\CatRoot3\msvcr80.dll
c:\windows\system32\CatRoot3\PushSource.ax
c:\windows\system32\CatRoot3\rfusclient.exe
c:\windows\system32\CatRoot3\RIPCServer.dll
c:\windows\system32\CatRoot3\rutserv.exe
c:\windows\system32\CatRoot3\rversionlib.dll
c:\windows\system32\CatRoot3\RWLN.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Legacy_BLOCK_READER
-------\Service_bd0001
-------\Service_bd0002
-------\Service_BLOCK_READER
-------\Service_RManService
.
.
((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 )))))))))))))))))))))))))))))))
.
.
2014-08-31 22:00 . 2014-08-31 22:00 -------- d-----w- c:\users\К-2\AppData\Local\Adobe
2014-08-31 19:27 . 2014-08-31 19:28 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-31 19:27 . 2014-08-31 19:28 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-31 19:13 . 2014-08-31 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-08-31 19:13 . 2013-04-04 10:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-31 19:00 . 2014-08-31 19:00 -------- d-----w- c:\users\К-2\AppData\Roaming\Malwarebytes
2014-08-31 18:54 . 2014-08-31 18:54 -------- d-----w- c:\programdata\McAfee Security Scan
2014-08-31 18:54 . 2014-08-31 18:54 -------- d-----w- c:\programdata\McAfee
2014-08-31 18:26 . 2014-08-21 07:24 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{134A1B07-F30B-4A1B-AD00-33D67A560E7E}\mpengine.dll
2014-08-31 18:24 . 2014-08-31 18:24 -------- d-----w- c:\programdata\Apple Computer
2014-08-31 18:13 . 2014-08-31 18:59 -------- d-----w- c:\programdata\Malwarebytes
2014-08-31 18:13 . 2014-08-31 18:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-31 18:10 . 2014-08-31 18:10 -------- d-----w- c:\programdata\LogiShrd
2014-08-31 18:08 . 2014-08-31 18:08 -------- d-----w- c:\programdata\Splashtop
2014-08-31 18:08 . 2014-08-31 18:08 -------- d-----w- c:\programdata\Apple
2014-08-31 18:07 . 2014-08-31 18:07 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-08-31 18:06 . 2014-08-31 18:06 10240 ----a-w- c:\windows\system32\drivers\ujm3mtq3.sys
2014-08-31 18:05 . 2014-08-31 18:21 7168 ----a-w- c:\windows\system32\drivers\utm3mtq3.sys
2014-08-31 16:52 . 2014-08-31 16:52 -------- d-----w- c:\programdata\ATI
2014-08-31 15:29 . 2010-08-30 04:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-31 15:28 . 2014-08-31 18:50 -------- dc----w- C:\AdwCleaner
2014-08-24 08:37 . 2014-08-24 08:37 -------- d-----w- c:\program files\iPod
2014-08-24 08:27 . 2014-08-24 08:27 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin5.dll
2014-08-24 08:27 . 2014-08-24 08:27 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin4.dll
2014-08-24 08:27 . 2014-08-24 08:27 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin3.dll
2014-08-24 08:27 . 2014-08-24 08:27 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin2.dll
2014-08-24 08:27 . 2014-08-24 08:27 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin.dll
2014-08-12 18:32 . 2014-08-22 15:17 59720 ----a-w- c:\windows\system32\drivers\BDEnhanceBoost.sys
2014-08-12 18:27 . 2014-08-13 20:14 91976 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-08-12 18:22 . 2014-08-12 18:22 -------- d-----w- c:\program files\ШоппингГид
2014-08-12 18:21 . 2014-08-31 18:04 -------- d-----w- c:\users\К-2\AppData\Roaming\eTranslator
2014-08-06 21:53 . 2014-08-06 21:53 -------- d-----w- c:\program files\Common Files\Skype
2014-08-02 22:11 . 2012-08-21 09:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-08-02 21:12 . 2014-08-02 22:29 -------- d-----w- c:\users\К-2\AppData\Roaming\Apple Computer
2014-08-02 21:12 . 2014-08-02 21:12 -------- d-----w- c:\users\К-2\AppData\Local\Apple Computer
2014-08-02 21:10 . 2014-08-02 21:10 -------- d-----w- c:\users\К-2\AppData\Local\Apple
2014-08-02 21:10 . 2014-08-02 21:10 -------- d-----w- c:\program files\Apple Software Update
2014-08-02 21:09 . 2014-08-02 21:10 -------- d-----w- c:\program files\Bonjour
2014-08-02 21:09 . 2014-08-24 08:36 -------- d-----w- c:\program files\Common Files\Apple
2014-08-02 20:21 . 2014-08-02 20:21 -------- d-----w- c:\program files\BitTorrent Sync
2014-08-02 20:21 . 2014-09-01 06:55 -------- d-----w- c:\users\К-2\AppData\Roaming\BitTorrent Sync
2014-08-02 19:58 . 2014-08-02 19:58 -------- d-----w- c:\users\Рљ-2
2014-08-02 19:58 . 2014-08-02 19:58 -------- d-----w- c:\users\К-2\AppData\Local\Splashtop
2014-08-02 19:55 . 2014-08-02 19:56 -------- d-----w- c:\program files\Splashtop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-10 17:50 . 2014-06-10 17:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-06-10 17:50 . 2014-06-10 17:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-04 15:06 100984 --sha-r- c:\windows\System32\de.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]
2013-04-01 01:22 73728 ----a-w- d:\distr\Tongbu\Addin\tbIEAddin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-07-22 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-07-22 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\users\К-2\Desktop\Skype.exe" [2013-11-14 20588192]
"Adguard"="c:\program files\Adguard\Adguard.exe" [2014-04-15 1906224]
"BitTorrent Sync"="c:\program files\BitTorrent Sync\BTSync.exe" [2014-08-02 3025512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-01-29 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"FileZilla Server Interface"="d:\distr\FileZilla Server\FileZilla Server Interface.exe" [2014-01-02 2315776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="d:\distr\Itunes\iTunesHelper.exe" [2014-08-01 152392]
.
d:\distr\111\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
R1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys [x]
R1 BDMWrench;BDMWrench;c:\windows\system32\DRIVERS\BDMWrench.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [2013-01-18 12800]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 ujm3mtq3;AVZ-SG Kernel Driver;c:\windows\system32\Drivers\ujm3mtq3.sys [2014-08-31 10240]
R3 utm3mtq3;AVZ Kernel Driver;c:\windows\system32\Drivers\utm3mtq3.sys [2014-08-31 7168]
R4 BDMNetMon;BDMNetMon;c:\windows\system32\DRIVERS\BDMNetMon.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-08-24 721904]
S1 adgnetworktdi;adgnetworktdi;c:\windows\system32\drivers\adgnetworktdi.sys [2014-03-13 55440]
S2 Adguard Service;Adguard Service;c:\program files\Adguard\AdguardSvc.exe [2014-04-15 120368]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe [2013-10-08 26600]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-06-28 233344]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2014-06-24 790880]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-09 609056]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176]
S3 DLKRTEC32;DFE-520TX Fast Ethernet PCI Adapter;c:\windows\system32\DRIVERS\DLKRTEC32.sys [2012-01-19 49768]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 10:13 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-16 06:45]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-16 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.ru/cnt/10445
uDefault_Search_URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=e2577b0655794995f5b6e063180f96ee&text={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{21F87264-4AED-4B86-B22A-1C09495BA1D7}: NameServer = 172.16.0.1
TCP: Interfaces\{BB7DDB87-57F7-4DE7-BD18-5D18E0C834B7}: NameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-baidusdTray - c:\program files\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe
HKLM-Run-BaiduAnTray - c:\program files\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe
HKLM_ActiveSetup-{DFA8D366-3E84-F42F-567B-9D4D1E79A2E7} - c:\users\К-2\AppData\Local\Temp\Upd.exe
AddRemove-%Tongbu% %2.0.8.2% - d:\distr\Tongbu\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}"=hex:51,66,7a,6c,4c,1d,38,12,1b,ee,5b,
aa,64,14,31,09,c4,d8,2c,5a,c6,d9,1b,72
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:63,57,eb,66,a5,24,cf,01
.
[HKEY_USERS\S-1-5-21-2445678246-3593584567-572470267-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4ED466-B094-E4E5-90F9-9F610A023955}*]
"jaahelmcpcocmnlflcgc"=hex:62,61,64,6a,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bd0003\Instances]
@DACL=(02 0000)
"DefaultInstance"="bd0003 Instance"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\distr\FileZilla Server\FileZilla Server.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files\iPod\bin\iPodService.exe
c:\users\c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-09-01 11:13:56 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-01 07:13
.
Pre-Run: 3*033*276*416 байт свободно
Post-Run: 1*008*988*160 байт свободно
.
- - End Of File - - BDB0EDD27D58851C67C6AD7F322C6EEE
A36C5E4F47E84449FF07ED3517B43A31