- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Установила Combofix. Лог:
ComboFix 11-02-09.02 — Vika 10.02.2011 0:28.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1413 [GMT 3:00]
Running from: c:documents and settingsVikaРабочий столComboFix.exe
Command switches used :: c:documents and settingsVikaРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersApplication DataToolbar4
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files3ea5acb03df0ef3df1ced03320d3b77
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files6f045ae82a8027fc6082ed26cff7516
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa8f67f6bf53151da5b34580dfdb0ed2
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesaa898ac2dc25ed42bb2a46311d0be23
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc3d162df546a73b1f1563e5829d731c
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files12c0904c16028b74e5e9aa97d9a40594
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files1959d493fb004c428027b06ca83a8f28
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files3867770264898d3515748c33efc02999
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files3c7a724667239c2ea39dd626f70ad3c8
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files3dc276f577ea49a263b418913dd76088
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files4a8478f14c7e15bbe3572ad1081d4fc1
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files5b415dd1d44f9aa1a53448a0ef50fd0d
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files65d1324ada4f7d69da95d856a4cef785
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files6b808a49e8199b9bf4aa9b6cd8c3b900
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files72957b1ccb922e996066672ba1bd6be4
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files7bc8f0fa165de30ce91a884b62a1916b
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_files8e278f68c7c9c9377f55ad8fb9f8c21c
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa3c3a3ccd176f68f928660f84b2a5660
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesa483dc8a74903d0abe6a4a2f872064a2
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb095ad814f1b6362f5bedfde3b2e9046
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb3cb21c598d61a994fb667cb3766da98
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesb52bfb18106fb786cefb274a87bdf30a
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesbac499e17637ff9216f616e5aa1f1df3
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc0573bd783a3980bff06d44b29b74695
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc27e270c1bd77ee95b01e38dd4a51ac3
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesc3a0bcef48a39907c13382b98009d61c
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesd3d681e85dcc9b9d406374901a352cb1
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesd89c2a65c6c6681fa04e5473b04bcf9c
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesdeea4ba01bd1252b06f9510ad90cb226
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filese5a1fa2bbd6540bf1801e1a3ee8ca0cc
c:documents and settingsAll UsersApplication DataToolbar4{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}include_filesf6f7ceb7049a2959613192fec2121354
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing Agency
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing AgencyTMAgentdata.bin
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing AgencyTMAgentparams.bin
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing AgencyTMAgenttmagent.bin
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing AgencyTMAgentupdatecurver.xml
c:documents and settingsVikaLocal SettingsApplication DataTarget Marketing AgencyTMAgentupdateupdateInfo.xml
c:documents and settingsVikaLocal SettingsTemporary Internet FilesEB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsVikaLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsVikaLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsVikaLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsVikaLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsVikaLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsVikaLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsVikaLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
C:feed.txt
c:program filesCommon FilesTarget Marketing Agency
c:program filesCommon FilesTarget Marketing AgencyTMAgentaupdate.exe
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensionchrome.manifest
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensionchrometmagent.jar
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioncomponentsnsIAdHandler.xpt
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioncomponentsnsISteadway.xpt
c:program filesCommon FilesTarget Marketing AgencyTMAgentextensioninstall.rdf
c:program filesCommon FilesTarget Marketing AgencyTMAgentlicense.txt
c:program filesCommon FilesTarget Marketing AgencyTMAgentUninstaller.exe
c:windowssystem32twunk_32.exe
c:windowsVM305Cap.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.
2011-02-09 11:04 . 2009-10-22 09:54 37392 —-a-w- c:windowssystem32drivers31097132.sys
2011-02-09 11:04 . 2009-10-09 19:31 315408 —-a-w- c:windowssystem32drivers3109713.sys
2011-02-09 11:04 . 2009-09-25 13:59 128016 —-a-w- c:windowssystem32drivers31097131.sys
2011-02-09 09:31 . 2011-02-09 09:31
d
w- c:documents and settingsVikaLocal SettingsApplication DataElectronic Arts
2011-02-08 19:20 . 2011-02-08 19:20
d
w- C:rsit
2011-02-07 21:07 . 2011-02-09 10:38
d
w- c:documents and settingsAll UsersApplication DataIObit
2011-02-07 21:07 . 2011-02-07 21:07
d
w- c:program filesIObit
2011-02-01 11:42 . 2011-02-01 11:42
d
w- c:program filesNVIDIA Corporation
2011-02-01 11:00 . 2011-02-01 11:00
d
w- c:documents and settingsVikaLocal SettingsApplication Data2K Games
2011-01-15 17:32 . 2011-01-15 17:32
d
w- c:program filesPC Connectivity Solution
2011-01-15 17:31 . 2010-02-26 11:21 8320 —-a-w- c:windowssystem32driversnmwcdnsuc.sys
2011-01-15 17:31 . 2010-02-26 11:32 8192 —-a-w- c:windowssystem32driversusbser_lowerfltj.sys
2011-01-15 17:31 . 2010-02-26 11:32 8192 —-a-w- c:windowssystem32driversusbser_lowerflt.sys
2011-01-15 17:31 . 2010-02-26 11:21 137344 —-a-w- c:windowssystem32driversnmwcdnsu.sys
2011-01-15 17:31 . 2010-02-26 11:32 662016 —-a-w- c:windowssystem32nmwcdcocls.dll
2011-01-15 17:31 . 2010-02-26 11:32 22528 —-a-w- c:windowssystem32driversccdcmbo.sys
2011-01-15 17:31 . 2010-02-26 11:32 18176 —-a-w- c:windowssystem32driversccdcmb.sys
2011-01-15 17:31 . 2010-02-26 11:19 1461992 —-a-w- c:windowssystem32wdfcoinstaller01009.dll
2011-01-12 10:18 . 2011-01-22 20:19
d
w- c:documents and settingsVikaLocal SettingsApplication DataMy Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 14:52 . 2010-11-14 11:02 48512 —-a-w- c:documents and settingsVikaApplication DataMicrosoftInternet Explorerqstatsrv.dll
2010-11-18 18:15 . 2008-09-10 19:15 81920 —-a-w- c:windowssystem32isign32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisortbcore3.dll» [2010-02-24 2559608]
[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03374.TBSB03374.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03374.TBSB03374]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisortbcore3.dll» [2010-02-24 2559608]
[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03374.TBSB03374.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03374.TBSB03374]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-12-20 395640]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-02-24 203928]
«2IP StartGuard»=»c:program files2IPStartGuardStartGuard.exe» [2008-08-27 218624]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«QIP Internet Guardian»=»c:documents and settingsVikaApplication DataQipGuardQipGuard.exe» [2010-12-23 191360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=»RTHDCPL.EXE» [2007-03-21 16126464]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-06-26 2165272]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-23 8466432]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2007-01-09 115816]
«osCheck»=»c:program filesNorton Internet SecurityosCheck.exe» [2007-01-13 771704]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-07-23 81920]
«Symantec PIF AlertEng»=»c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2008-01-29 583048]
«NeroCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2007-01-08 68640]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-08 52256]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«nwiz»=»nwiz.exe» [2007-07-23 1626112]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-09-23 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-09-20 932288]
«Advanced Spyware Remover»=»c:program filesIObitAdvanced Spyware RemoverASRtray.exe» [2009-12-15 1213952]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]
c:documents and settingsVikaѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
setup_9.0.0.722_09.02.2011_12-06.lnk — c:documents and settingsVikaђ Ў®зЁ© бв®«Virus Removal Toolsetup_9.0.0.722_09.02.2011_12-06startup.exe [2011-2-9 72208]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«NoSecCpl»= 0 (0x0)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStartMenuSubFolders»= 0 (0x0)
«NoCommonGroups»= 0 (0x0)
«NoPrinters»= 0 (0x0)
«NoRecentDocsNetHood»= 0 (0x0)
«NoChangeAnimation»= 0 (0x0)
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
R0 31097132;31097132 Boot Guard Driver;c:windowssystem32drivers31097132.sys [09.02.2011 14:04 37392]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [11.01.2010 23:44 721904]
R1 31097131;31097131;c:windowssystem32drivers31097131.sys [09.02.2011 14:04 128016]
R1 setup_9.0.0.722_09.02.2011_12-06drv;setup_9.0.0.722_09.02.2011_12-06drv;c:windowssystem32drivers3109713.sys [09.02.2011 14:04 315408]
R2 Планировщик автоматического запуска LiveUpdate;Планировщик автоматического запуска LiveUpdate;c:program filesSymantecLiveUpdateAluSchedulerSvc.exe [10.09.2008 22:54 554616]
R2 ASRservice;ASRservice;c:program filesIObitAdvanced Spyware RemoverASRsrv.exe [08.02.2011 0:07 697104]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [10.09.2008 22:33 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [28.05.2010 1:53 102448]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [23.02.2010 2:42 9216]
S2 gupdate1c9e13aa1a37d2e;Служба Google Update (gupdate1c9e13aa1a37d2e);c:program filesGoogleUpdateGoogleUpdate.exe [30.05.2009 18:23 133104]
S2 SVKP;SVKP;??c:windowssystem32SVKP.sys —> c:windowssystem32SVKP.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins — Content Updater;d:gamesDragon Age Origins Awakeningbin_shipdaupdatersvc.service.exe [07.01.2011 21:21 25832]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [15.01.2011 20:31 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [15.01.2011 20:31 8320]
S3 ZSMC0305;A4 TECH PC Camera V;c:windowssystem32driversusbVM305.sys [02.01.2009 19:40 391688]
— Other Services/Drivers In Memory —
*NewlyCreated* — COMHOST
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the ‘Scheduled Tasks’ folder
2011-02-09 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]
2011-02-09 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-30 15:23]
2011-02-09 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-30 15:23]
2011-02-07 c:windowsTasksNorton Internet Security — Выполнить полный осмотр системы — Vika.job
— c:program filesNorton Internet SecurityNorton AntiVirusNavw32.exe [2007-01-13 18:09]
.
.
Supplementary Scan
.
uStart Page = hxxp://qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisortbcore3.dll
FF — ProfilePath — c:documents and settingsVikaApplication DataMozillaFirefoxProfileswguj1rde.default
FF — Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} — c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF — Ext: NASA Night Launch: nasanightlaunch@example.com — %profile%extensionsnasanightlaunch@example.com
FF — Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} — %profile%extensions{d62e0de0-401b-11dd-ae16-0800200c9a66}
.
— — — — ORPHANS REMOVED — — — —
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} — (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 00:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2011-02-10 00:34:25
ComboFix-quarantined-files.txt 2011-02-09 21:34
Pre-Run: 20 693 569 536 байт свободно
Post-Run: 20 950 855 680 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect
— — End Of File — — AEFFEFE3812045262C89D466238A6AE6
