почти все вышеописанные проблемы устранились, кроме обновления Malwarebytes’ Anti-Malware, пишет проверить соединение с интернет, и файрволл (он отключен)
вот лог
ComboFix 10-09-17.04 — Администратор 19.09.2010 14:55:04.1.4 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1392 [GMT 4:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS — WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsАдминистраторApplication Datainst.exe
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Filesimoky.vbs
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Fileslysuxuc.com
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Filestyhycid.dat
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Fileszexyq.dat
c:documents and settingsАдминистраторRecentThumbs.db
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
C:feed.txt
c:program filesBPK
c:program filesBPKbpk.dat
c:program filesBPKdt2008-12-12_03-00-05-3066421
c:program filesBPKdt2008-12-12_03-05-05-3366406
c:program filesBPKdt2008-12-12_03-10-05-3666406
c:program filesBPKdt2008-12-12_03-15-05-3966406
c:program filesBPKdt2008-12-12_03-20-05-4266406
c:program filesBPKdtth_2008-12-12_03-00-05-3066421
c:program filesBPKdtth_2008-12-12_03-05-05-3366406
c:program filesBPKdtth_2008-12-12_03-10-05-3666406
c:program filesBPKdtth_2008-12-12_03-15-05-3966406
c:program filesBPKdtth_2008-12-12_03-20-05-4266406
c:program filesBPKpk.bin
c:program filesBPKweb.dat
c:program filesFieryAds
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesMyCentria
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney AdvisortbHElper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:windowsdagezyni.dll
c:windowsigudot._sy
c:windowsogijelyli.dll
c:windowsosytycybyz._sy
c:windowssystem32driversnpf.sys
c:windowssystem32driverswdreg.exe
c:windowssystem32mxpvct22.dat
c:windowssystem32mxpvct25.dat
c:windowssystem32Packet.dll
c:windowssystem32pthreadVC.dll
c:windowssystem32WanPacket.dll
c:windowssystem32wpcap.dll
c:windowswiaservb.log
c:windowsysebeceneg._sy
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_NPF
Legacy_TDSSSERV.SYS
Service_NPF
Legacy_Winpcap
Service_Winpcap
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.
2010-09-19 09:00 . 2010-09-19 09:00 161296 —-a-w- c:windowssystem32driverstmcomm.sys
2010-09-19 08:31 . 2010-09-19 08:31 388096 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-09-18 17:17 . 2010-09-07 14:52 165584 —-a-w- c:windowssystem32driversaswSP.sys
2010-09-18 17:17 . 2010-09-07 14:47 17744 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-09-18 17:17 . 2010-09-07 14:47 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-09-18 17:17 . 2010-09-07 14:52 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-09-18 17:17 . 2010-09-07 14:47 100176 —-a-w- c:windowssystem32driversaswmon2.sys
2010-09-18 17:17 . 2010-09-07 14:47 94544 —-a-w- c:windowssystem32driversaswmon.sys
2010-09-18 17:17 . 2010-09-07 14:46 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-09-18 17:17 . 2010-09-07 15:12 38848 —-a-w- c:windowsavastSS.scr
2010-09-18 17:17 . 2010-09-07 15:11 167592 —-a-w- c:windowssystem32aswBoot.exe
2010-09-18 13:49 . 2010-09-18 13:49
d
w- c:program filesCommon Filesa8f9db59
2010-09-18 11:53 . 2009-06-30 05:37 28552 —-a-w- c:windowssystem32driverspavboot.sys
2010-09-18 11:53 . 2010-09-18 11:53
d
w- c:program filesPanda Security
2010-09-18 08:50 . 2010-09-19 09:51
d
w- c:windowsBDOSCAN8
2010-09-17 18:44 . 2010-09-17 18:44
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataGoogle
2010-09-17 18:39 . 2010-09-17 18:39
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataGoogle
2010-09-13 13:35 . 2010-09-13 13:35
d
w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-09-09 08:57 . 2007-11-15 08:20 225280 —-a-w- c:windowssystem32grddrv.dll
2010-09-07 10:52 . 2010-09-07 10:52
d
w- c:program filesCommon FilesGuardant
2010-09-07 10:52 . 2008-06-17 10:59 2081792 —-a-w- c:windowssystem32driversd348prt.sys
2010-09-07 10:50 . 2010-09-07 10:50
d
w- c:program filesGrand
2010-08-30 11:40 . 2010-08-30 11:40
d
w- c:documents and settingsAll UsersApplication DataMcAfee
2010-08-27 06:10 . 2010-08-27 06:10
d
w- c:documents and settingsAll UsersApplication DataCounterPath
2010-08-26 13:44 . 2010-08-26 13:44
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataCounterPath
2010-08-26 13:42 . 2010-08-26 13:42
d
w- c:program filesCommon FilesIntel
2010-08-26 13:42 . 2010-08-26 13:42
d
w- c:program filesCounterPath
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 11:03 . 2008-10-31 11:58
d
w- c:documents and settingsАдминистраторApplication DatauTorrent
2010-09-19 10:33 . 2010-09-16 22:11 87484 —-a-w- c:program filesCommon Filesjqyrg4inedzz13m
2010-09-19 09:32 . 2009-01-21 19:12
d
w- c:program filestrend micro
2010-09-18 20:52 . 2010-07-13 07:57
d
w- c:documents and settingsАдминистраторApplication DataYandex
2010-09-18 20:52 . 2010-07-13 07:57
d
w- c:program filesYandex
2010-09-18 13:13 . 2008-09-30 19:52
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-09-17 18:39 . 2009-01-25 14:47
d
w- c:program filesGoogle
2010-09-17 10:24 . 2009-01-29 15:12
d
w- c:program filesMSECache
2010-09-14 21:30 . 2010-03-01 03:35 612960 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-09-13 18:45 . 2009-03-06 13:03
d
w- c:program filesAlwil Software
2010-09-09 08:22 . 2010-08-09 14:11
d
w- c:program filesQIP 2010
2010-09-09 06:01 . 2010-06-10 06:27
d
w- c:documents and settingsАдминистраторApplication Datalicenses
2010-09-08 19:58 . 2009-01-25 13:00
d
w- c:documents and settingsАдминистраторApplication DataVso
2010-09-08 17:34 . 2010-07-22 20:18 848 —sha-w- c:windowssystem32KGyGaAvL.sys
2010-09-04 14:56 . 2008-10-16 09:34
d
w- c:documents and settingsАдминистраторApplication DataCanon
2010-09-04 07:30 . 2008-10-31 13:33
d
w- c:program filesuTorrent
2010-08-26 14:33 . 2009-02-25 10:41
d
w- c:documents and settingsАдминистраторApplication DataSkype
2010-08-26 14:07 . 2009-02-21 15:05
d
w- c:documents and settingsАдминистраторApplication DataskypePM
2010-08-23 17:58 . 2008-11-19 10:41
d
w- c:program filesFlashGet
2010-08-09 13:40 . 2010-03-15 15:23 127440 —-a-w- c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesedigljq4.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-07-29 09:12 . 2008-09-30 11:27 120840 —-a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-27 13:56 . 2008-09-30 12:03
d
w- c:program filesWinamp
2010-07-27 07:32 . 2010-07-27 07:32
d
w- c:program filesDAEMON Tools Lite
2010-07-01 17:55 . 2010-07-01 17:55 92816 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Anti-Virus 2011 11.0.1.400Russiansetup.exe
2008-11-11 14:30 . 2008-11-11 14:30 19670 —-a-w- c:program filesCommon Fileszexudylum.sys
2008-11-11 14:30 . 2008-11-11 14:30 17210 —-a-w- c:program filesCommon Filesodubejy.dl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{24cc1362-11c6-4918-a2c0-b9ee5a563185}»= «c:program filesArchiBartbArc0.dll» [2010-08-22 2734688]
[HKEY_CLASSES_ROOTclsid{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
2010-08-22 17:23 2734688 —-a-w- c:program filesArchiBartbArc0.dll
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 14:28 1174920 —-a-w- c:program filesAsk.comGenericAskToolbar.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{24cc1362-11c6-4918-a2c0-b9ee5a563185}»= «c:program filesArchiBartbArc0.dll» [2010-08-22 2734688]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-07-10 1174920]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
[HKEY_CLASSES_ROOTclsid{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{24CC1362-11C6-4918-A2C0-B9EE5A563185}»= «c:program filesArchiBartbArc0.dll» [2010-08-22 2734688]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-07-10 1174920]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
[HKEY_CLASSES_ROOTclsid{24cc1362-11c6-4918-a2c0-b9ee5a563185}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-09-03 328568]
«eyeBeam SIP Client»=»c:program filesCounterPathX-Litex-lite.exe» [2010-01-04 23941120]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast5″=»c:program filesAlwil SoftwareAvast5avastUI.exe» [2010-09-07 2838912]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-07-14 13877248]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Acrobat Assistant.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAcrobat Assistant.lnk
backup=c:windowspssAcrobat Assistant.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma Loader.lnk
backup=c:windowspssAdobe Gamma Loader.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^NaturalColorLoad.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаNaturalColorLoad.lnk
backup=c:windowspssNaturalColorLoad.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Privoxy.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаPrivoxy.lnk
backup=c:windowspssPrivoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUserFaultCheck]
c:windowssystem32dumprep 0 -u [X]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg36X Raid Configurer]
2007-05-25 06:07 1953792
r- c:windowssystem32xRaidSetup.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2008-01-11 18:16 39792 —-a-w- c:program filesAdobeReader 8.0Readerreader_sl.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
2008-12-10 05:03 2356088 —-a-w- c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2005-05-03 10:43 69632
r- c:windowsAlcmtr.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBeeline GPRS Explorer]
2007-01-12 16:03 834632 —-a-w- c:program filesBeelineGPRS Explorergprsexpl.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]
2006-09-28 19:21 57344 —-a-w- c:program filesSlySoftCloneCDCloneCDTray.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 18:40 15360 —-a-w- c:windowssystem32ctfmon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEA Core]
2008-07-22 09:34 2772992 —-a-w- c:program filesElectronic ArtsEADMCore.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
2005-08-11 12:30 249856 —-a-w- c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
2005-08-11 12:30 81920 —-a-w- c:program filesCommon FilesInstallShieldUpdateServiceissch.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregJMB36X IDE Setup]
2007-03-20 06:36 36864
r- c:windowsRaidToolxInsIDE.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
2008-12-25 19:06 5597680 —-a-w- c:program filesMail.RuAgentmagent.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 18:41 1695232
w- c:program filesMessengermsmsgs.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2006-01-12 11:40 155648 —-a-w- c:windowssystem32NeroCheck.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2009-07-14 09:34 13877248 —-a-w- c:windowssystem32nvcpl.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2009-07-14 09:34 86016 —-a-w- c:windowssystem32nvmctray.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2009-07-08 20:03 1657376 —-a-w- c:program filesNVIDIA CorporationnViewnwiz.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2006-09-01 11:57 282624 —-a-w- c:program filesQuickTimeqttask.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2007-07-05 08:08 16380416
r- c:windowsRTHDCPL.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
2005-10-26 13:17 159744 —-a-r- c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2008-09-30 18:18 77824 —-a-w- c:program filesJavajre1.6.0binjusched.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2010-09-17 18:39 39408 —-a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTeleport Scheduler]
2007-11-01 11:05 327680 —-a-w- c:program filesTeleport Proscheduler.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVidalia]
2009-01-21 02:59 4033618 —-a-w- c:program filesVidalia BundleVidaliavidalia.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
2006-10-25 05:37 35328
w- c:program filesWinampwinampa.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwmagent.exe]
2008-10-01 09:45 209376 —-a-w- c:program filesWebMoney Agentwmagent.exe
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Autodesk\Backburner\manager.exe»=
«c:\Program Files\Autodesk\Backburner\server.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\StrongDC++\StrongDC.exe»=
«c:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe»=
«c:\3dsmax7\3dsmax.exe»=
«c:\Program Files\backburner 2\monitor.exe»=
«c:\Program Files\backburner 2\manager.exe»=
«c:\Program Files\backburner 2\server.exe»=
«c:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe»=
«c:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe»=
«c:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe»=
«c:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\conviction_game.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\gu.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«56866:TCP»= 56866:TCP:56866
«1748:UDP»= 1748:UDP:лайк 2
«7264:TCP»= 7264:TCP:лайк
«22529:TCP»= 22529:TCP
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [18.09.2010 15:53 28552]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [18.09.2010 21:17 165584]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [18.09.2010 21:17 17744]
R2 d348prt;Daemon Tools Bus;c:windowssystem32driversd348prt.sys [07.09.2010 14:52 2081792]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [09.12.2008 15:21 222456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:program filesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe [10.03.2008 0:04 65536]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:program filesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32server.exe [12.03.2009 18:36 86016]
R3 GrdKey;Guardant LPT Dongle Service;c:windowssystem32driversgrdkey.sys [08.11.2007 19:44 1189888]
R3 GrdUsb;Guardant USB Dongle Service;c:windowssystem32driversgrdusb.sys [08.11.2007 19:44 1112832]
S2 d348bus;d348bus; [x]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [17.09.2010 22:39 136176]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:windowssystem32driversw300mgmt.sys [01.10.2008 11:58 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:windowssystem32driversw300obex.sys [01.10.2008 11:58 85696]
.
Contents of the ‘Scheduled Tasks’ folder
2010-07-22 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2006-08-29 10:21]
2010-09-19 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-09-17 18:39]
2010-09-19 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-09-17 18:39]
2010-09-19 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2009-07-10 14:29]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = about:blank
uInternet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Закачать все при помощи FlashGet — c:program filesFlashGetjc_all.htm
IE: &Закачать при помощи FlashGet — c:program filesFlashGetjc_link.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
TCP: {F502E5D1-4055-4E2E-97CB-44083AF07579} = 109.60.128.2,109.60.128.3
Handler: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} —
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesedigljq4.default
FF — prefs.js: browser.search.defaulturl — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=46751
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — prefs.js: network.proxy.type — 4
FF — component: c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesedigljq4.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesJavajre1.6.0binnpjpi160.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbaam7a8h», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
.
File Associations
.
.scr=AutoCADScriptFile
.
— — — — ORPHANS REMOVED — — — —
BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
SafeBoot-klmdb.sys
MSConfigStartUp-Antivirus Pro 2009 — c:program filesAntivirusPro2009AntivirusPro2009.exe
MSConfigStartUp-avast! — c:progra~1ALWILS~1Avast4ashDisp.exe
MSConfigStartUp-avgnt — c:program filesAviraAntiVir Desktopavgnt.exe
MSConfigStartUp-AVP — c:program filesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
MSConfigStartUp-DAEMON Tools Lite — c:program filesDAEMON Tools Litedaemon.exe
MSConfigStartUp-QIP Internet Guardian — c:documents and settingsАдминистраторApplication DataQipGuardQipGuard.exe
MSConfigStartUp-RGSC — c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe
MSConfigStartUp-SIA2006 — c:program filesSteganos Internet Anonym 2006SIA2006.exe
MSConfigStartUp-Torrent2Exe[5a82552bb08c8a0aeffebf56d69c815b0245188f] — c:documents and settingsАдминистраторРабочий столts[1].exe
MSConfigStartUp-wnaspid — c:windowssystem32wnaspid.exe
AddRemove-3dk-mat-pack v.1205 — c:program filesAutodesk3ds Max 2009materiallibrariesUI3dkMP1205.exe
AddRemove-DAEMON Tools Toolbar — c:program filesDAEMON Tools Toolbaruninst.exe
AddRemove-Install_PBM6_R251 1 — c:3dsmax7un-Install_PBM6_R251.exe
AddRemove-mIRC — d:прогиdc211DownloadsmIRCmirc.exe
AddRemove-neptunes_secret — c:игры от nevosoftNeptunes Secretuninstall.exe
AddRemove-Shockwave — c:windowssystem32MacromedSHOCKW~1UNWISE.EXE
AddRemove-V-Ray for 3dsmax 2009 for x86 — c:program filesChaos GroupV-Ray3dsmax 2009 for x32uninstallwininstaller.exe-uninstall=c:program filesChaos GroupV-Ray3dsmax 2009 for x32uninstallinstall.log
AddRemove-V-Ray for 3dsmax 2010 for x86 — c:program filesChaos GroupV-Ray3dsmax 2010 for x86uninstallwininstaller.exe-uninstall=c:program filesChaos GroupV-Ray3dsmax 2010 for x86uninstallinstall.log
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 15:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32wuapi.dll.wusetup.171031.bak 549720 bytes executable
c:windowssystem32wuauclt.exe.wusetup.171796.bak 53080 bytes executable
c:windowssystem32wuaueng.dll.wusetup.173250.bak 1712984 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet005Servicesd348bus]
«ImagePath»=»»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2116)
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:program filesAlwil SoftwareAvast5AvastSvc.exe
c:program filesCommon FilesAutodesk SharedServiceAdskScSrv.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32PnkBstrA.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-19 15:06:53 — machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 11:06
Pre-Run: 36 574 306 304 байт свободно
Post-Run: 38 231 490 560 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect/3GB
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,4,5,6
— — End Of File — — 7A7989BE3AA00662D6108A35DF02CB70
