Валерий добрый день.Спасибо за быстрый ответ.Вот результаты сканирования:
omboFix 10-02-03.03 — Dmitriy 05.02.2010 9:21.2.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.491 [GMT 3:00]
Running from: H:ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://download.yandex.ru
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-04 19:33 . 2010-02-04 19:33
d
w- c:program filesM-Audio Delta
2010-02-03 07:21 . 2003-05-30 15:31 212992 —-a-w- c:windowssystem32ReWire.dll
2010-02-03 07:20 . 2010-02-03 07:20
d
w- c:program filesAbleton
2010-02-02 21:39 . 2010-02-02 21:39
d
w- c:documents and settingsDmitriyApplication DataURSoft
2010-02-02 19:30 . 2010-02-02 19:30 60416 —-a-w- c:windowsALCFDRTM.EXE
2010-02-02 19:26 . 2010-02-02 19:26
d
w- c:windowssystem32Lang
2010-02-02 19:23 . 2004-07-02 11:49 57344 —-a-r- c:windowsALCMTR.EXE
2010-02-02 19:23 . 2004-02-27 02:10 156160 —-a-r- c:windowssystem32RTLCPAPI.dll
2010-02-02 19:23 . 2004-07-05 10:05 2550272 —-a-r- c:windowsALCWZRD.EXE
2010-02-02 19:23 . 2004-07-05 08:38 8779776 —-a-r- c:windowsRTLCPL.EXE
2010-02-02 19:23 . 2004-07-01 03:58 73728 —-a-r- c:windowsSOUNDMAN.EXE
2010-02-02 19:23 . 2004-07-06 08:59 2185408 —-a-r- c:windowssystem32driversRtkHDAud.sys
2010-02-02 19:06 . 2004-07-16 09:12 24971 —-a-r- c:windowssystem32driversiteraid.sys
2010-02-02 07:22 . 2010-02-02 07:22
d
w- c:program filestrend micro
2010-02-02 07:22 . 2010-02-02 07:22
d
w- C:rsit
2010-02-01 11:53 . 2010-02-01 11:53
d
w- c:program filesAskBardis
2010-02-01 10:23 . 2010-02-01 10:23
d
w- c:documents and settingsDmitriyApplication DataMalwarebytes
2010-02-01 10:23 . 2010-02-01 10:23
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-01 09:53 . 2010-02-01 09:53
d
w- c:program filesSpycheck Fast AntiSpyware
2010-01-30 16:17 . 2002-05-21 14:33 61440 —-a-w- c:windowssystemBPEnhan.dll
2010-01-30 16:17 . 2010-01-30 21:59
d
w- c:program filesBearPaw 1200CU Plus
2010-01-28 09:46 . 2009-02-09 10:54 687616 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskMan_entreelist.dll
2010-01-26 09:52 . 2010-01-26 09:52
d
w- c:documents and settingsDmitriyApplication DataRetouchPilot
2010-01-26 09:51 . 2010-01-26 09:51
d
w- c:program filesTwo Pilots
2010-01-26 09:51 . 2010-01-26 09:51
d
w- c:program filesRetouch Pilot
2010-01-26 07:56 . 2010-01-26 07:56
d
w- c:program filesFoxit Software
2010-01-26 07:56 . 2010-01-26 07:56
d
w- c:documents and settingsDmitriyApplication DataFoxit
2010-01-24 15:54 . 2010-01-25 19:33
d
w- c:windowsSxsCaPendDel
2010-01-24 15:32 . 2010-01-25 07:37
dc—-w- c:windowssystem32DRVSTORE
2010-01-24 15:32 . 2010-01-24 15:32
d
w- c:documents and settingsAll UsersApplication DataSamsung
2010-01-24 15:31 . 2009-12-17 15:42 238952 —-a-w- c:windowssystem32FsUsbExService.Exe
2010-01-24 15:31 . 2009-12-14 06:21 36608 —-a-w- c:windowssystem32FsUsbExDisk.Sys
2010-01-24 15:31 . 2009-12-14 06:21 110592 —-a-w- c:windowssystem32FsUsbExDevice.Dll
2010-01-24 15:31 . 2010-01-24 20:45 69632 —-a-w- c:documents and settingsDmitriyApplication DataSamsungNew PC StudioDriverChecker.exe
2010-01-24 15:31 . 2010-01-24 15:31
d
w- c:documents and settingsDmitriyApplication DataSamsung
2010-01-24 15:30 . 2010-01-25 07:34
d
w- c:program filesSamsung
2010-01-24 09:11 . 2010-01-24 09:11
d
w- c:program filesAdobe Photoshop CS3 rus
2010-01-13 06:29 . 2009-11-21 16:03 471552 -c—-w- c:windowssystem32dllcacheaclayers.dll
2010-01-09 13:14 . 2010-01-09 13:14
d
w- c:program filesAdorageI-GfxDatas
2010-01-09 13:14 . 2010-01-09 13:14
d
w- c:program filesAdorageI-SAL
2010-01-08 22:21 . 2007-08-30 13:21 29952
w- c:windowssystem32driverszskrnl.sys
2010-01-08 21:45 . 2006-05-12 08:34 446464 —-a-w- c:windowssystem32raprcore.dll
2010-01-08 21:45 . 2006-05-12 07:13 173952 —-a-w- c:windowssystem32driversRAPRKRNL.SYS
2010-01-08 21:45 . 2005-01-20 12:31 28672 —-a-w- c:windowssystem32raprdd.dll
2010-01-08 21:45 . 2002-05-29 13:40 208896 —-a-w- c:windowssystem32raprconf.dll
2010-01-08 21:45 . 2002-05-01 10:55 24576 —-a-w- c:windowssystem32raprcdvc.dll
2010-01-08 17:38 . 2010-01-08 17:38
d
w- c:documents and settingsDmitriyApplication DataApple Computer
2010-01-08 17:29 . 2010-01-08 17:30
d
w- c:documents and settingsDmitriyApplication DataCanopus
2010-01-08 17:28 . 2010-01-08 15:46 40960 —-a-w- c:windowssystem32pavedius.dll
2010-01-08 17:28 . 2010-01-08 15:46 1024 —-a-w- c:windowssystem32pavplal.dll
2010-01-08 17:07 . 2005-05-26 12:34 2297552 —-a-w- c:windowssystem32d3dx9_26.dll
2010-01-08 17:07 . 2010-01-08 17:07
d
w- c:program filesQuickTime
2010-01-08 17:07 . 2010-01-08 17:07
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2010-01-08 17:07 . 2010-01-08 17:07
d
w- c:documents and settingsDmitriyLocal SettingsApplication DataApple Computer
2010-01-08 17:06 . 2010-01-08 17:06
d
w- c:program filesCommon FilesSnell & Wilcox Shared
2010-01-08 17:06 . 2007-03-19 07:21 647168 —-a-w- c:windowshasp_windows.dll
2010-01-08 17:06 . 2007-03-19 07:21 188482 —-a-r- c:windowssystem32helixprodctrl.dll
2010-01-08 17:06 . 2007-03-19 07:21 84992 —-a-w- c:windowscsejpeg.dll
2010-01-08 17:06 . 2007-03-19 07:21 864338 —-a-w- c:windowssystem32csempeg3.dll
2010-01-08 17:06 . 2010-01-08 17:06
d
w- c:program filesCommon FilesCanopus
2010-01-08 17:06 . 2010-01-08 17:29
d
w- c:documents and settingsAll UsersApplication DataCanopus
2010-01-08 17:04 . 2006-11-22 07:01 693760 —-a-w- c:windowssystem32drivershardlock.sys
2010-01-08 16:38 . 2007-12-06 23:00 57344 —-a-w- c:windowssystem32pavedius4db.dll
2010-01-08 16:38 . 2007-09-21 11:36 462848
w- c:windowssystem32pavapi.dll
2010-01-08 16:38 . 2006-05-01 08:08 4096
w- c:windowssystem32paveno.dll
2010-01-08 16:34 . 2010-01-08 16:35
d
w- C:EDIUS pro_v461
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 06:19 . 2009-08-16 05:37
d
w- c:documents and settingsDmitriyApplication DataSkype
2010-02-05 06:18 . 2009-08-16 05:40
d
w- c:documents and settingsDmitriyApplication DataskypePM
2010-02-05 06:18 . 2008-08-06 15:02
d
w- c:program filesSymantec AntiVirus
2010-02-04 20:36 . 2009-12-29 08:43
d
w- c:program filesuTorrent
2010-02-03 09:40 . 2004-08-18 12:00 361600 —-a-w- c:windowssystem32driverstcpip.sys
2010-02-03 09:22 . 2008-08-06 16:28
d
w- c:program filesWindows Media Connect 2
2010-02-02 21:51 . 2009-12-17 09:25
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-02 18:36 . 2008-08-06 14:35
d—h—w- c:program filesInstallShield Installation Information
2010-02-02 06:50 . 2008-11-02 09:52
d
w- c:program filesDownload Master
2010-02-01 12:14 . 2010-01-28 09:45
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2010-01-28 09:47 . 2010-01-28 09:45
d
w- c:program filesSecurity Task Manager
2010-01-27 06:31 . 2009-02-27 08:29
d
w- c:program filesGoogle
2010-01-24 09:11 . 2008-08-08 06:18
d
w- c:program filesCommon FilesAdobe
2010-01-19 07:07 . 2010-01-08 17:05
d
w- c:program filesCanopus
2010-01-15 18:24 . 2009-12-17 09:31
d
w- c:documents and settingsDmitriyApplication DataWebMoney
2010-01-08 21:45 . 2010-01-08 17:05
d
w- c:program filesCommon FilesCanopus Shared
2010-01-08 21:20 . 2009-12-04 10:12
d
w- c:program filesKMPlayer
2010-01-08 17:30 . 2008-08-06 16:36 23072 —-a-w- c:documents and settingsDmitriyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-29 22:12 . 2009-03-08 11:12
d
w- c:documents and settingsDmitriyApplication DatauTorrent
2009-12-29 09:06 . 2008-11-02 09:52
d
w- c:documents and settingsDmitriyApplication DataYandex
2009-12-28 19:44 . 2009-12-28 19:44
d
w- c:documents and settingsAll UsersApplication DataYandex
2009-12-21 19:08 . 2004-08-18 12:00 916480
w- c:windowssystem32wininet.dll
2009-12-17 09:25 . 2009-12-17 09:25
d
w- c:program filesWebMoney Agent
2009-12-17 09:25 . 2009-12-17 09:24
d
w- c:program filesWebMoney
2009-12-14 06:42 . 2004-08-18 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-12-14 06:42 . 2004-08-18 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-11-21 16:03 . 2004-08-18 12:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
.
Sigcheck
[-] 2010-02-03 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcachetcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-10-09 25623336]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«nwiz»=»nwiz.exe» [2008-05-16 1630208]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-16 86016]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2007-05-29 52840]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2007-12-17 125224]
«DiskeeperSystray»=»c:program filesDiskeeper CorporationDiskeeperDkIcon.exe» [2006-06-07 319488]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«NevoDRM»=»c:игрыNevoDRMNevoDRM.exe» [2008-12-11 41984]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-06-29 286720]
«SoundMan»=»SOUNDMAN.EXE» [2004-07-01 73728]
«AlcWzrd»=»ALCWZRD.EXE» [2004-07-05 2550272]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3fnxx.sys]
@=»Driver»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3kaxx.sys]
@=»Driver»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4tlxx.sys]
@=»Driver»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8nnxx.sys]
@=»Driver»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 16:10 15360
w- c:windowssystem32ctfmon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
R0 iteraid;ITERAID_Service_Install;c:windowssystem32driversiteraid.sys [02.02.2010 22:06 24971]
R1 cdrblock;cdrblock;c:windowssystem32driverscdrblock.sys [08.01.2010 20:05 20992]
R1 cdrport;cdrport;c:windowssystem32driverscdrport.sys [08.01.2010 20:05 4608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [27.08.2009 20:00 102448]
S0 ati3fnxx;ati3fnxx;c:windowssystem32Driversati3fnxx.sys —> c:windowssystem32Driversati3fnxx.sys [?]
S0 ati3kaxx;ati3kaxx;c:windowssystem32Driversati3kaxx.sys —> c:windowssystem32Driversati3kaxx.sys [?]
S0 ati4tlxx;ati4tlxx;c:windowssystem32Driversati4tlxx.sys —> c:windowssystem32Driversati4tlxx.sys [?]
S0 ati8fhxx;ati8fhxx;c:windowssystem32Driversati8fhxx.sys —> c:windowssystem32Driversati8fhxx.sys [?]
S0 ati8nnxx;ati8nnxx;c:windowssystem32Driversati8nnxx.sys —> c:windowssystem32Driversati8nnxx.sys [?]
S2 gupdate1c998b58e0495dc;Google Update Service (gupdate1c998b58e0495dc);c:program filesGoogleUpdateGoogleUpdate.exe [27.02.2009 11:29 133104]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:windowssystem32DRIVERSdeltaII.sys —> c:windowssystem32DRIVERSdeltaII.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [24.01.2010 18:31 36608]
S3 SavRoam;SAVRoam;c:program filesSymantec AntiVirusSavRoam.exe [17.12.2007 23:29 119592]
.
Contents of the ‘Scheduled Tasks’ folder
2010-02-05 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-27 08:29]
2010-02-04 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-27 08:29]
2010-02-04 c:windowsTasksUser_Feed_Synchronization-{9777BDF7-75F8-4221-A920-624FD82BD921}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 01:31]
2010-02-04 c:windowsTasksVPDN_LU.job
— c:program filesSymantec AntiVirusVPDN_LU.exe [2007-12-17 20:30]
2010-02-05 c:windowsTasksWGASetup.job
— c:windowssystem32KB905474wgasetup.exe [2009-08-30 18:18]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=48105
mStart Page = hxxp://topdownloads.ru/games/catalog
uInternet Settings,ProxyServer = http=127.0.0.1:8600
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsDmitriyApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40795
FF — prefs.js: keyword.URL — hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.13npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpFoxitReaderPlugin.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} — c:program filesAskBarDisbarbinaskBar.dll
BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} — c:program filesAskBarDisbarbinaskBar.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
HKCU-Run-Download Master — c:program filesDownload Masterdmaster.exe
HKCU-Run-LaunchList — c:program filesPinnacleStudio 11LaunchList2.exe
HKCU-Run-Driver Updater — c:program filesCarambisDriver Updaterdupdater.exe
HKLM-Run-DeltaIITaskbarApp — c:windowssystem32DeltaIITray.exe
SafeBoot-ati0eoxx.sys
SafeBoot-ati0lgxx.sys
SafeBoot-ati0rhxx.sys
SafeBoot-ati0vgxx.sys
SafeBoot-ati1fcxx.sys
SafeBoot-ati1ffxx.sys
SafeBoot-ati1gyxx.sys
SafeBoot-ati1jtxx.sys
SafeBoot-ati1lixx.sys
SafeBoot-ati1puxx.sys
SafeBoot-ati1qqxx.sys
SafeBoot-ati1qxxx.sys
SafeBoot-ati1ruxx.sys
SafeBoot-ati1tmxx.sys
SafeBoot-ati1wexx.sys
SafeBoot-ati2afxx.sys
SafeBoot-ati2dxxx.sys
SafeBoot-ati2npxx.sys
SafeBoot-ati2sixx.sys
SafeBoot-ati2vqxx.sys
SafeBoot-ati2whxx.sys
SafeBoot-ati3blxx.sys
SafeBoot-ati3dkxx.sys
SafeBoot-ati3goxx.sys
SafeBoot-ati3mexx.sys
SafeBoot-ati3prxx.sys
SafeBoot-ati3ttxx.sys
SafeBoot-ati4ccxx.sys
SafeBoot-ati4egxx.sys
SafeBoot-ati4gvxx.sys
SafeBoot-ati4kmxx.sys
SafeBoot-ati4suxx.sys
SafeBoot-ati4vdxx.sys
SafeBoot-ati4xgxx.sys
SafeBoot-ati5afxx.sys
SafeBoot-ati5arxx.sys
SafeBoot-ati5sdxx.sys
SafeBoot-ati5xxxx.sys
SafeBoot-ati6afxx.sys
SafeBoot-ati6tmxx.sys
SafeBoot-ati6uixx.sys
SafeBoot-ati7bqxx.sys
SafeBoot-ati7dxxx.sys
SafeBoot-ati7gnxx.sys
SafeBoot-ati7gqxx.sys
SafeBoot-ati7iaxx.sys
SafeBoot-ati7nvxx.sys
SafeBoot-ati7qexx.sys
SafeBoot-ati7qxxx.sys
SafeBoot-ati7rcxx.sys
SafeBoot-ati7rjxx.sys
SafeBoot-ati7tqxx.sys
SafeBoot-ati7vgxx.sys
SafeBoot-ati7wmxx.sys
SafeBoot-ati7wpxx.sys
SafeBoot-ati8bnxx.sys
SafeBoot-ati8byxx.sys
SafeBoot-ati8inxx.sys
SafeBoot-ati8kdxx.sys
SafeBoot-ati8rexx.sys
SafeBoot-ati8rgxx.sys
SafeBoot-ati8vvxx.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 09:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,0f,9b,91,60,1b,cd,44,b7,5e,c4,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,ef,6a,40,30,a6,f4,48,9c,2e,b1,
«6256FFB019F8FDFBD36745B06F4540E9AEAF222A25″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,0f,9b,91,60,1b,cd,44,b7,5e,c4,
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*i*n*f*_*«€O=…(glљ]
@Class=»Shell»
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*i*n*f*_*«€O=…(glљOpenWithList]
@Class=»Shell»
[HKEY_USERSS-1-5-21-1993962763-1935655697-682003330-500SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B9989107-91B4-4C10-C384-E8F3AD2ED93E}*]
«jamcfiheggeendnikicd»=hex:62,61,6c,6a,00,00
«iamhompaoiemkljooc»=hex:6b,61,64,6d,69,6e,6d,6d,67,6b,64,66,6b,6d,64,6c,62,6a,
63,62,69,6b,00,00
«jamcfiheggeendnikigd»=hex:62,61,61,6d,00,00
«haghipiihaeeifdp»=hex:6b,61,64,6d,69,6e,6d,6d,67,6b,64,66,6b,6d,64,6c,64,6b,
63,66,64,6e,00,00
.
Completion time: 2010-02-05 09:28:05
ComboFix-quarantined-files.txt 2010-02-05 06:28
Pre-Run: 63 878 746 112 байт свободно
Post-Run: 63 881 887 744 байт свободно
— — End Of File — — 8F17DF721D734A95D24F287DE5F383A2
