ComboFix 09-05-25.A2 — Admin 26.05.2009 23:37.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.451 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-25 20:52 . 2009-05-25 20:52
d
w c:documents and settingsAdminApplication DataAgnitum
2009-05-25 20:51 . 2008-02-06 13:20 446336 —-a-w c:windowssystem32driversSandBox.sys
2009-05-25 20:51 . 2008-02-21 12:22 206224 —-a-w c:windowssystem32driversafw.sys
2009-05-25 20:51 . 2009-05-26 11:32
d
w c:windowssystem32Filt
2009-05-25 20:51 . 2009-05-25 20:51
d
w c:program filesAgnitum
2009-05-25 20:50 . 2009-05-25 20:50
d
w c:documents and settingsAll UsersApplication DataAgnitum
2009-05-25 19:41 . 2009-05-25 19:41
d
w c:documents and settingsAdminLocal SettingsApplication DataThe Weather Channel
2009-05-25 19:33 . 2009-05-25 19:33
d
w c:documents and settingsAdminApplication DataQuickScan
2009-05-25 19:33 . 2009-05-18 19:52 507904 —-a-w c:documents and settingsAdminApplication DataMozillaFirefoxProfilesuu9c8wzu.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}pluginsnpqscan.dll
2009-05-25 19:33 . 2009-05-18 19:52 565248 —-a-w c:documents and settingsAdminApplication DataMozillaFirefoxProfilesuu9c8wzu.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}componentsbdqscan.dll
2009-05-25 19:10 . 2009-05-25 19:10
d-sh—w c:documents and settingsAdminIETldCache
2009-05-25 19:08 . 2009-05-25 19:08
d
w c:windowsie8updates
2009-05-25 19:08 . 2009-04-25 05:30 102400 -c—-w c:windowssystem32dllcacheiecompat.dll
2009-05-25 19:06 . 2009-05-25 19:07
dc-h—w c:windowsie8
2009-05-25 03:10 . 2009-05-25 19:56
d
w c:program filesSuperAX
2009-05-24 21:06 . 2009-05-24 21:07
d
w C:rsit
2009-05-24 19:47 . 2009-05-24 19:47
d
w c:documents and settingsAdminDoctorWeb
2009-05-24 14:44 . 2009-05-24 14:49 152576 —-a-w c:documents and settingsAdminApplication DataSunJavajre1.6.0_13lzma.dll
2009-05-24 14:13 . 2009-05-24 14:13
d
w c:program filesESET
2009-05-24 11:44 . 2009-05-24 11:44 77824 —-atw c:windowssystem32DRWEBSP.DLL
2009-05-24 11:44 . 2009-05-24 14:04
d
w c:program filesDrWeb
2009-05-23 23:03 . 2009-01-07 14:21 26144 —-a-w c:windowssystem32spupdsvc.exe
2009-05-23 23:01 . 2009-05-23 23:01
d
w c:program filesMSXML 4.0
2009-05-23 23:00 . 2009-05-25 19:08
d—h—w c:windows$hf_mig$
2009-05-23 22:53 . 2009-05-23 22:53
d
w c:documents and settingsAdminLocal SettingsApplication DataESET
2009-05-23 22:45 . 2009-05-23 22:45
d
w c:documents and settingsAll UsersApplication DataESET
2009-05-23 22:35 . 2009-05-23 22:35
d
w c:documents and settingsAdminLocal SettingsApplication DataIdentities
2009-05-23 19:17 . 2008-06-17 19:02 8478720 -c—-w c:windowssystem32dllcacheshell32.dll
2009-05-23 19:16 . 2008-06-20 11:51 361600 -c—-w c:windowssystem32dllcachetcpip.sys
2009-05-23 19:12 . 2009-02-09 11:18 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-05-23 19:12 . 2009-02-09 11:18 2067968 -c—-w c:windowssystem32dllcachentkrnlpa.exe
2009-05-23 19:12 . 2009-02-09 11:18 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-05-23 19:10 . 2008-10-24 11:41 455936 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-05-23 19:04 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-05-23 19:02 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-05-23 19:00 . 2008-10-16 10:06 268648 —-a-w c:windowssystem32mucltui.dll
2009-05-23 18:49 . 2009-05-23 18:49
d
w c:documents and settingsAdminApplication DataMalwarebytes
2009-05-23 18:49 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-23 18:49 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-23 15:03 . 2009-05-23 15:03
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-05-22 10:33 . 2009-05-23 18:49
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-22 10:33 . 2009-05-22 10:33
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-20 23:33 . 2009-05-24 21:07
d
w c:program filestrend micro
2009-05-20 21:26 . 2009-05-20 21:26
d
w c:windowsSun
2009-05-20 21:25 . 2009-05-20 21:25 57344 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0505b902232-207d7e07-nDecora-SSE.dll
2009-05-20 21:25 . 2009-05-20 21:25 24064 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0154e09eacf-1d715efb-nDecora-D3D.dll
2009-05-20 21:25 . 2009-05-20 21:25 315392 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0626baea4fe-7603a671-njogl.dll
2009-05-20 21:25 . 2009-05-20 21:25 20480 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0626baea4fe-7603a671-njogl_awt.dll
2009-05-20 21:25 . 2009-05-20 21:25 114688 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0626baea4fe-7603a671-njogl_cg.dll
2009-05-20 21:25 . 2009-05-20 21:25 20480 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.0454f710eed-1abd723f-ngluegen-rt.dll
2009-05-20 21:25 . 2009-05-20 21:25 499712 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.033258cea61-69c8a06b-nmsvcp71.dll
2009-05-20 21:25 . 2009-05-20 21:25 499712 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.033258cea61-69c8a06b-njmc.dll
2009-05-20 21:25 . 2009-05-20 21:25 348160 —-a-w c:documents and settingsAdminApplication DataSunJavaDeploymentcache6.033258cea61-69c8a06b-nmsvcr71.dll
2009-05-20 21:25 . 2009-05-24 14:45 410984 —-a-w c:windowssystem32deploytk.dll
2009-05-20 12:52 . 2009-05-21 12:17
d
w c:program filesSO Utilities
2009-05-16 18:37 . 2009-05-16 18:55
d
w c:program filesМастер Открыток
2009-05-10 23:21 . 2009-05-10 23:21
d
w c:documents and settingsAdminLocal SettingsApplication DataPaint.NET
2009-05-10 20:41 . 2009-05-10 20:41
d
w c:documents and settingsAdminLocal SettingsApplication DataHelp
2009-05-10 13:00 . 2008-06-21 04:28 37888 -c—a-w c:windowssystem32dllcachebthmodem.sys
2009-05-10 13:00 . 2008-06-21 04:28 37888 —-a-w c:windowssystem32driversbthmodem.sys
2009-05-10 12:40 . 2008-06-21 04:28 101120 -c—a-w c:windowssystem32dllcachebthpan.sys
2009-05-10 12:40 . 2008-06-21 04:28 101120 —-a-w c:windowssystem32driversbthpan.sys
2009-05-10 12:39 . 2008-06-21 04:28 59136 -c—a-w c:windowssystem32dllcacherfcomm.sys
2009-05-10 12:39 . 2008-06-21 04:28 59136 —-a-w c:windowssystem32driversrfcomm.sys
2009-05-10 12:39 . 2008-06-21 04:28 17024 -c—a-w c:windowssystem32dllcachebthenum.sys
2009-05-10 12:39 . 2008-06-21 04:28 17024 —-a-w c:windowssystem32driversBthEnum.sys
2009-05-10 12:39 . 2008-06-21 04:28 28160 -c—a-w c:windowssystem32dllcacheirmon.dll
2009-05-10 12:39 . 2008-06-21 04:28 28160 —-a-w c:windowssystem32irmon.dll
2009-05-10 12:39 . 2008-06-21 04:28 8192 -c—a-w c:windowssystem32dllcachewshirda.dll
2009-05-10 12:39 . 2008-06-21 04:28 8192 —-a-w c:windowssystem32wshirda.dll
2009-05-10 12:39 . 2008-06-21 04:28 152064 -c—a-w c:windowssystem32dllcacheirftp.exe
2009-05-10 12:39 . 2008-06-21 04:28 152064 —-a-w c:windowssystem32irftp.exe
2009-05-10 12:39 . 2008-06-21 04:28 18944 -c—a-w c:windowssystem32dllcachebthusb.sys
2009-05-10 12:39 . 2008-06-21 04:28 18944 —-a-w c:windowssystem32driversBTHUSB.SYS
2009-05-09 18:34 . 2009-05-10 14:00
d
w c:documents and settingsAdminApplication DataSamsung
2009-05-09 18:16 . 2006-05-03 18:53 174592 —-a-w c:windowssystem32framedyn.dll
2009-05-09 18:15 . 2009-05-09 18:15
d
w c:program filesDIFX
2009-05-09 18:15 . 2009-05-10 13:30
d
w c:windowssystem32Samsung_USB_Drivers
2009-05-09 18:15 . 2007-05-02 07:11 15112 —-a-w c:windowssystem32driversss_mdfl.sys
2009-05-09 18:15 . 2007-05-02 07:11 12424 —-a-w c:windowssystem32driversss_whnt.sys
2009-05-09 18:15 . 2007-05-02 07:11 12424 —-a-w c:windowssystem32driversss_wh.sys
2009-05-09 18:15 . 2007-05-02 07:11 109704 —-a-w c:windowssystem32driversss_mdm.sys
2009-05-09 18:15 . 2007-05-02 07:11 83592 —-a-w c:windowssystem32driversss_bus.sys
2009-05-09 18:15 . 2007-05-02 07:11 12424 —-a-w c:windowssystem32driversss_cmnt.sys
2009-05-09 18:15 . 2007-05-02 07:11 12424 —-a-w c:windowssystem32driversss_cm.sys
2009-05-09 18:15 . 2009-05-10 14:11 5632 —-a-w c:windowssystem32driversStarOpen.sys
2009-05-09 18:15 . 2009-05-24 11:44
d—h—w c:program filesInstallShield Installation Information
2009-05-09 18:15 . 2009-05-09 18:15
d
w c:program filesSamsung
2009-05-09 18:14 . 2009-05-09 21:57
d
w c:program filesCommon FilesAdobe
2009-05-09 18:13 . 2008-06-21 04:28 159232 —-a-w c:windowssystem32ptpusd.dll
2009-05-09 18:13 . 2008-06-21 04:27 5632 —-a-w c:windowssystem32ptpusb.dll
2009-05-09 00:35 . 2009-05-09 00:35
d
w c:program filesRiver and stones v.1.3
2009-05-08 20:56 . 2009-05-08 20:56
d
w c:documents and settingsAdminApplication DataHP
2009-05-08 20:54 . 2009-05-08 20:54
d
w c:program filesРНИВЦ
2009-05-08 20:53 . 2009-05-08 20:53
d
w c:program filesДекларация 2008
2009-05-08 20:41 . 2009-05-08 20:41 65016 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-08 20:34 . 2009-05-08 20:34
d
w c:documents and settingsAll UsersApplication DataWEBREG
2009-05-08 20:34 . 2009-05-08 20:41
d
w c:documents and settingsLocalServiceApplication DataHP
2009-05-08 20:32 . 2009-05-08 20:33
d
w c:documents and settingsAll UsersApplication DataHP
2009-05-08 20:32 . 2009-05-08 20:34
d
w c:program filesCommon FilesHP
2009-05-08 20:32 . 2009-05-08 20:32
d
w c:program filesHewlett-Packard
2009-05-08 20:32 . 2009-05-08 20:32
d
w c:program filesCommon FilesHewlett-Packard
2009-05-08 20:30 . 2008-06-21 04:28 15104 -c—a-w c:windowssystem32dllcacheusbscan.sys
2009-05-08 20:30 . 2008-06-21 04:28 15104 —-a-w c:windowssystem32driversusbscan.sys
2009-05-08 20:30 . 2006-12-06 06:00 675840 —-a-r c:windowssystem32hpowiax3.dll
2009-05-08 20:30 . 2006-12-06 06:00 569344 —-a-r c:windowssystem32hpotscl3.dll
2009-05-08 20:30 . 2006-12-06 06:00 294912 —-a-r c:windowssystem32hpovst10.dll
2009-05-08 20:29 . 2009-05-08 20:34
d
w c:program filesHP
2009-05-08 20:26 . 2006-12-06 06:02 16496 —-a-r c:windowssystem32driversHPZipr12.sys
2009-05-08 20:25 . 2006-12-06 06:02 49920 —-a-r c:windowssystem32driversHPZid412.sys
2009-05-08 20:25 . 2009-05-08 20:34 141012 —-a-w c:windowshpoins12.dat
2009-05-08 20:25 . 2009-05-08 20:25
d
w c:documents and settingsAll UsersApplication DataHewlett-Packard
2009-05-08 20:25 . 2007-01-22 16:05 1470
w c:windowshpomdl12.dat
2009-05-08 20:25 . 2006-12-15 16:04 258048 —-a-r c:windowssystem32hpzids01.dll
2009-05-08 20:25 . 2006-12-30 11:49 117760 —-a-w c:windowssystem32hpzll4v2.dll
2009-05-08 20:24 . 2009-05-09 18:15
dc—-w c:windowssystem32DRVSTORE
2009-05-08 20:24 . 2006-12-06 06:02 309760 —-a-r c:windowssystem32difxapi.dll
2009-05-08 20:24 . 2006-12-06 06:02 21568 —-a-r c:windowssystem32driversHPZius12.sys
2009-05-08 20:24 . 2006-12-06 06:02 364544 —-a-r c:windowssystem32hppldcoi.dll
2009-05-08 20:24 . 2008-06-21 04:28 25856 -c—a-w c:windowssystem32dllcacheusbprint.sys
2009-05-08 20:24 . 2008-06-21 04:28 25856 —-a-w c:windowssystem32driversusbprint.sys
2009-05-08 18:58 . 2009-05-08 18:58 65016 —-a-w c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-08 18:36 . 2009-05-08 18:36
d
w c:program filesДекларация 2007
2009-05-07 22:50 . 2009-05-07 22:50
d
w c:documents and settingsAdminApplication DataAuslogics
2009-05-07 21:51 . 2009-05-07 21:51
d—h—w c:windowssystem32GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 23:16 . 2008-04-15 12:00 76678 —-a-w c:windowssystem32perfc019.dat
2009-05-23 23:16 . 2008-04-15 12:00 448388 —-a-w c:windowssystem32perfh019.dat
2009-05-06 23:33 . 2009-05-06 23:33
d
w c:documents and settingsAdminApplication DataYandex
2009-05-06 22:56 . 2009-05-06 22:56
d
w c:program filesMicrosoft Works
2009-05-06 22:56 . 2009-05-06 22:56
d
w c:program filesMicrosoft.NET
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program filesKillSoft
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program filesAhead
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program filesCommon FilesAhead
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program files7-Zip
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program filesSkype
2009-05-06 22:55 . 2009-05-06 22:55
d
w c:program filesPunto Switcher
2009-05-06 22:43 . 2009-05-06 22:43
d
w c:program filesAuslogics
2009-05-06 22:43 . 2009-05-06 22:42
d
w c:documents and settingsAdminApplication DataMra
2009-05-06 22:42 . 2009-05-06 22:42
d
w c:program filesMail.Ru
2009-05-06 22:41 . 2009-05-06 22:41 0 —-a-w c:windowsnsreg.dat
2009-05-06 22:28 . 2009-05-06 22:04 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-06 22:08 . 2009-05-06 22:08
d
w c:program filesVistaDriveIcon
2009-05-06 22:08 . 2009-05-06 22:08 717296
w c:windowssystem32driverssptd.sys
2009-05-06 22:07 . 2009-05-06 22:07
d
w c:program filesCommon FilesJava
2009-05-06 22:02 . 2009-05-06 22:02 22564
w c:windowssystem32emptyregdb.dat
2009-05-06 22:02 . 2009-05-06 22:02
d
w c:program filesWindows Media Connect 2
2009-05-06 22:02 . 2009-05-06 22:02
d
w c:program filesPaint.NET
2009-03-19 07:45 . 2009-03-19 07:45 93848 —-a-w c:windowssystem32driversepfwtdir.sys
2009-03-19 07:44 . 2009-03-19 07:44 107256 —-a-w c:windowssystem32driversehdrv.sys
2009-03-19 07:41 . 2009-03-19 07:41 113960 —-a-w c:windowssystem32driverseamon.sys
2009-03-17 07:26 . 2009-03-17 07:26 8416444 -c—a-w c:windowssystem32River and stones.scr
2009-03-08 00:34 . 2008-06-21 04:49 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2008-06-21 04:40 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2008-06-21 04:40 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2008-06-21 04:26 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2008-06-21 04:40 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2008-06-21 04:40 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2008-04-15 12:00 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2008-06-21 04:40 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2008-06-21 04:40 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2008-06-21 04:40 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 13:51 . 2008-04-15 12:00 284672 —-a-w c:windowssystem32pdh.dll
.
Sigcheck
[-] 2008-06-21 04:49 579072 23B7D3F3F5EC8FEEA75EC381C71CBD5E c:windowssystem32user32.dll
[-] 2008-06-21 04:47 1721344 DBE9BB4018832ED71BC288B2A38F225B c:windowsexplorer.exe
[-] 2008-06-21 04:47 30208 53DB04AA692F9E906E46127AB7E83252 c:windowssystem32ctfmon.exe
[-] 2008-06-21 04:50 1571840 8A76B647BF35E4C8230F69FAADABD977 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-06-21 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Auslogics BoostSpeed 4″=»c:program filesAuslogicsAusLogics BoostSpeedboostspeed.exe» [2008-05-05 255600]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-11-14 201728]
«KillCopy»=»c:windowssystem32killcopy.exe» [2006-10-29 1185792]
«SuperAX Tray Control Application»=»c:program filesSuperAXSuperAXTrayApp.exe» [2009-03-22 524288]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-05-06 6210744]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2006-12-10 49152]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-03-19 2029640]
«OutpostMonitor»=»c:progra~1AgnitumOutpost Firewall Proop_mon.exe» [2008-02-26 1012736]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2008-02-26 419144]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-12-05 1626112]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2008-04-10 16861184]
«BluetoothAuthenticationAgent»=»bthprops.cpl» — c:windowssystem32bthprops.cpl [2008-06-21 110592]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2007-1-2 210520]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [19.03.2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [19.03.2009 11:45 93848]
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [26.05.2009 0:51 446336]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOutpost Firewall Proacs.exe [26.05.2009 0:51 1176904]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [19.03.2009 11:44 731840]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [26.05.2009 0:51 206224]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [26.05.2009 0:51 33024]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
— — — — ORPHANS REMOVED — — — —
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {D5B2CF0E-E748-4114-86C6-ABCFCD1ABD0E} = 91.144.140.4 91.144.142.3
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfilesuu9c8wzu.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40795
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=13999&yasoft=barff&text=
FF — component: c:documents and settingsAdminApplication DataMozillaFirefoxProfilesuu9c8wzu.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}componentsbdqscan.dll
FF — plugin: c:documents and settingsAdminApplication DataMozillaFirefoxProfilesuu9c8wzu.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}pluginsnpqscan.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 23:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(984)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll
— — — — — — — > ‘lsass.exe'(1040)
c:windowssystem32setupapi.dll
— — — — — — — > ‘explorer.exe'(3908)
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switchercorrect.dll
c:program filesWindows Media Playerwmpband.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32ieframe.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32webcheck.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Completion time: 2009-05-26 23:40
ComboFix-quarantined-files.txt 2009-05-26 19:40
Pre-Run: 21 638 868 992 байт свободно
Post-Run: 21 631 963 136 байт свободно
294 — E O F — 2009-05-25 19:08
