ComboFix 14-02-16.01 - Admin 18.02.2014 12:02:41.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2045.1556 [GMT 3:00] Running from: c:\documents and settings\Admin\Рабочий стол\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 ))))))))))))))))))))))))))))))) . . 2014-02-12 16:00 . 2014-02-18 08:30 -------- d-----r- C:\Program Files . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-17 09:06 . 2013-10-11 16:28 24672 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2014-02-17 09:06 . 2013-06-06 14:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys 2014-02-17 09:06 . 2013-10-11 16:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-20 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\e54644597fb5ba29bf4a386b93c95aec\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\e54644597fb5ba29bf4a386b93c95aec\SP3GDR\tcpip.sys . [-] 2009-07-20 20:53 . C2A4A12D0106CF878135075DAE64BCAB . 855040 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll . [-] 2009-07-20 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2014-02-06 . 41E52CA0AAEA000361A7B14EB31FE880 . 920064 . . [8.00.6001.23562] . . c:\windows\SoftwareDistribution\Download\ffb7b85091349fb816aaa1f2528cda1f\SP3QFE\wininet.dll [-] 2009-07-20 . EE47A5D5F86E5F813DD74ED546972D08 . 1040384 . . [8.00.6001.22873] . . c:\windows\system32\wininet.dll . [-] 2009-07-20 . 44F379B57266C7DB5FCC8EE83BAF6D16 . 1721344 . . [6.00.2900.5512] . . c:\windows\explorer.exe . [-] 2009-07-20 . E16AFEC551E90AAF9FDC81806BD87CD0 . 226816 . . [5.1.2600.5512] . . c:\windows\regedit.exe . [-] 2009-07-20 . EA6D0E0514DBF29212BC84396902D3CE . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . [-] 2009-07-20 . 8F51D3D08E9FFF9113EFDFA7A7511F2C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-07 110696] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-07 13851752] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Punto Switcher.lnk] path=c:\documents and settings\Admin\Главное меню\Программы\Автозагрузка\Punto Switcher.lnk backup=c:\windows\pss\Punto Switcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus] 2008-10-09 11:15 798720 ----a-w- c:\program files\USBDiskSecurity\USBGuard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "UpdatesOverride"=dword:00000001 "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "d:\\ПРОГРАММЫ\\World_of_Tanks\\WorldOfTanks.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.02.2014 16:19 721904] R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.04.2013 15:34 14432] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [14.05.2013 17:34 45024] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [06.06.2013 17:38 144992] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.04.2013 11:44 36448] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11.10.2013 19:28 24672] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11.10.2013 19:28 24672] . Contents of the 'Scheduled Tasks' folder . 2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12 18:10] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: Interfaces\{7F3B9D54-8048-4A4E-97DA-7955E61710C0}: NameServer = 208.67.222.222,208.67.220.220,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-02-18 12:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-507921405-1336601894-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,6f,62,e6,7d,89,4b,44,b8,60,91,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,6f,62,e6,7d,89,4b,44,b8,60,91,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,6f,62,e6,7d,89,4b,44,b8,60,91,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\windows\system32\cscui.dll . - - - - - - - > 'explorer.exe'(3808) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2014-02-18 12:07:08 ComboFix-quarantined-files.txt 2014-02-18 09:07 ComboFix2.txt 2014-02-18 08:06 . Pre-Run: 135 585 423 360 байт свободно Post-Run: 135 573 524 480 байт свободно . - - End Of File - - 6B4CFF53B118D1DF26B2A96BFFC195AB 8F558EB6672622401DA993E1E865C861