ComboFix 14-11-12.01 - Олег 12.11.2014 18:18:58.1.2 - x86
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.380.1049.18.3583.1921 [GMT 2:00]
Running from: C:\Users\+ыху\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
/wow section not completed
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Аудио и видео скачивание\IE\x86\DoWNloader.dll
C:\Windows\PFRO.log
Infected copy of C:\Windows\system32\winlogon.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\514eea40a3113f1e3f5e58303fb2681e\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
Infected copy of C:\Windows\System32\slui.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe
Infected copy of C:\Windows\System32\slui.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
((((((((((((((((((((((((( Files Created from 2014-10-12 to 2014-11-12 )))))))))))))))))))))))))))))))
2014-11-12 16:32:33 . 2014-11-12 16:32:33 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2014-11-12 16:32:33 . 2014-11-12 16:32:33 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-12 13:32:39 . 2014-11-12 13:39:35 62280 ----a-w- C:\Windows\system32\drivers\BDEnhanceBoost.sys
2014-11-12 13:32:21 . 2014-06-19 03:40:54 94024 ----a-w- C:\Windows\system32\drivers\BDMNetMon.sys
2014-11-12 13:31:10 . 2014-11-12 13:31:10 520 ----a-w- C:\Windows\system32\an.bat
2014-11-12 13:30:50 . 2014-11-12 13:30:50 520 ----a-w- C:\Windows\system32\sd.bat
2014-11-12 13:27:26 . 2014-11-12 15:13:24 133960 ----a-w- C:\Windows\system32\drivers\BDArKit.sys
2014-11-12 13
04 . 2014-11-12 13
04 -------- d-----w- C:\Users\Олег\Doctor Web
2014-11-12 12:56:12 . 2014-09-23 09:14:32 123720 ----a-w- C:\Windows\system32\drivers\BDDefense.sys
2014-11-12 12:33:48 . 2014-11-12 12:33:48 -------- d-----w- C:\Users\3ADE~1
2014-11-12 12:33:47 . 2014-11-12 12:33:47 -------- d-----w- C:\Users\Олег\AppData\Roaming\Baidu
2014-11-12 12:33:08 . 2014-11-12 12:33:26 216648 ----a-w- C:\Windows\system32\drivers\BDMWrench.sys
2014-11-12 12:32:45 . 2014-09-10 03:30:28 56136 ----a-w- C:\Windows\system32\drivers\bd0003.sys
2014-11-12 12:32:38 . 2014-09-17 02:37:36 196424 ----a-w- C:\Windows\system32\drivers\bd0002.sys
2014-11-12 12:32:36 . 2014-09-17 02:37:36 70984 ----a-w- C:\Windows\system32\drivers\bd0001.sys
2014-11-12 12:32:32 . 2014-11-12 15:09:20 -------- d-----w- C:\ProgramData\Baidu
2014-11-12 12:32:32 . 2014-11-12 12:33:06 -------- d-----w- C:\Program Files\Common Files\Baidu
2014-11-12 12:31:49 . 2014-11-12 13:31:35 -------- d-----w- C:\Program Files\Baidu
2014-11-12 12:30:05 . 2014-11-12 12:30:05 -------- d-----w- C:\Users\Олег\AppData\Local\Opera Software
2014-11-12 12:30:03 . 2014-11-12 12:30:03 -------- d-----w- C:\Users\Олег\AppData\Roaming\Opera Software
2014-11-12 12:29:51 . 2014-11-12 12:29:54 -------- d-----w- C:\Program Files\Opera
2014-11-12 07:00:09 . 2014-10-14 20:13:57 8901368 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5188C7CC-723A-4F8D-B325-6FF9F60CEAF0}\mpengine.dll
2014-11-10 15:05:21 . 2014-09-18 05:37:35 908840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82C403C3-241B-4849-B4DB-D035CC7FD4AF}\gapaengine.dll
2014-11-10 15:04:32 . 2014-10-14 20:13:57 8901368 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-10 08:11:14 . 2014-11-12 15:56:22 -------- d-----w- C:\Windows\system32\MRT
2014-10-16 00:09:54 . 2014-10-16 00:09:54 3528440 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll
2014-10-14 15:04:33 . 2014-11-12 16:09:01 -------- d-----w- C:\Users\Олег\AppData\Roaming\ViberPC
2014-10-14 15:03:31 . 2014-11-12 16:08:11 -------- d-----w- C:\Users\Олег\AppData\Local\Viber
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2014-11-12 11:49:35 . 2014-09-05 14:08:37 701104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 11:49:35 . 2014-09-05 14:08:36 71344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24:45 . 2014-09-05 13:59:31 229000 ------w- C:\Windows\system32\MpSigStub.exe
2014-09-18 05:37:35 . 2014-09-18 05:38:00 908840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-10 06:42:49 . 2014-09-10 06:42:49 21504 ----a-w- C:\Windows\system32\plkmon32.dll
2014-09-09 21:47:10 . 2014-09-24 06:22:30 2048 ----a-w- C:\Windows\system32\tzres.dll
2014-09-09 13:19:23 . 2014-09-09 13:19:23 16400 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2014-09-05 14:15:36 . 2014-09-05 14:15:35 436792 ----a-w- C:\Windows\system32\drivers\sptd.sys
2014-09-05 13:36:59 . 2014-09-05 13:36:39 543744 --sha-w- C:\Windows\system32\hale.exe
2014-08-21 08:24:36 . 2014-09-05 13:59:34 8581864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACCCBA53-D11F-4B9D-97D7-CC0A921D7978}\mpengine.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2014-07-17 01:39:27 . 52449FD429D6053B78AE564DEF303870 . 304128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\514eea40a3113f1e3f5e58303fb2681e\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[-] 2014-07-17 01:39:27 . 1562571D6B1541098E677C3BB78709A0 . 285696 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\winlogon.exe
[7] 2014-07-16 02:56:14 . 4F37B93C14AEE313BEC52A23AFB15C2E . 304640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\514eea40a3113f1e3f5e58303fb2681e\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[7] 2014-03-04 10:39:02 . D53972F87D850CD2EB4B29B60CAFDD77 . 304640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
[7] 2014-03-04 09:17:02 . 998507B046BA314CE8245364C686FA67 . 304128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[7] 2010-11-20 21:29:06 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[-] 2010-11-20 21:29:20 . BE8C64439F1E2AF088063218C16EB9FE . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll
[7] 2010-11-20 21:29:20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
2014-09-16 10:58:20 366984 ----a-w- C:\Program Files\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 11:03:08 33120]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2014-10-01 08:43:52 22065760]
"uTorrent"="C:\Users\Олег\AppData\Roaming\uTorrent\uTorrent.exe" [2014-10-30 13:32:55 1385808]
"Alarm Clock20"="C:\Program Files\MaxLim\AlarmClock\Alarm clock.exe" [2014-06-22 11:13:22 3375104]
"eTranslator Update"="C:\Users\Олег\AppData\Roaming\eTranslator\eTranslator.exe" [2014-09-08 07:48:03 2895800]
"Viber"="C:\Users\Олег\AppData\Local\Viber\Viber.exe" [2014-09-02 04:22:33 936656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2014-08-22 09:41:00 974432]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 12:27:46 89184]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 04:27:44 444904]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 16:30:32 959176]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 14:04:16 3478392]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 20:35:16 2303256]
"priPrinterTray"="C:\Program Files\priPrinter\pritray.exe" [2014-09-04 10:25:26 37888]
"baidusdTray"="C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe" [2014-09-28 03:28:28 2157064]
"BaiduAnTray"="C:\Program Files\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe" [2014-10-09 07:34:30 2091528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c715937"="START" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2014-03-24 22:50:38 64280 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
Помогите Плиз!!!
Скрыть