ComboFix 09-10-01.05 — Мюллер 07.10.2009 18:33.2.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3326.2452 [GMT 4:00]
Running from: c:usersМюллерDesktopComboFix.exe
Command switches used :: c:usersМюллерDesktopCFScript.txt
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersМюллерAppDataRoamingAdRiver
c:usersМюллерAppDataRoamingAdRiverAdRiver.dat
c:usersМюллерAppDataRoamingAdRiverAdRiver.dll
c:usersМюллерAppDataRoamingAdRiverFeed.jpg
c:usersМюллерAppDataRoamingAdRiverFeed1.jpg
c:usersМюллерAppDataRoamingAdRiverFeed10.jpg
c:usersМюллерAppDataRoamingAdRiverFeed11.jpg
c:usersМюллерAppDataRoamingAdRiverFeed12.jpg
c:usersМюллерAppDataRoamingAdRiverFeed13.jpg
c:usersМюллерAppDataRoamingAdRiverFeed14.jpg
c:usersМюллерAppDataRoamingAdRiverFeed15.jpg
c:usersМюллерAppDataRoamingAdRiverFeed2.jpg
c:usersМюллерAppDataRoamingAdRiverFeed3.jpg
c:usersМюллерAppDataRoamingAdRiverFeed4.jpg
c:usersМюллерAppDataRoamingAdRiverFeed5.jpg
c:usersМюллерAppDataRoamingAdRiverFeed6.jpg
c:usersМюллерAppDataRoamingAdRiverFeed7.jpg
c:usersМюллерAppDataRoamingAdRiverFeed8.jpg
c:usersМюллерAppDataRoamingAdRiverFeed9.jpg
c:usersМюллерAppDataRoamingAdRiverFeedfeed.xml
c:usersМюллерAppDataRoamingAdRiverg.fla
c:usersМюллерAppDataRoamingAdRiverUninstall.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.
2009-10-07 14:37 . 2009-10-07 14:37
d
w- c:usersМюллерAppDataLocaltemp
2009-10-07 14:37 . 2009-10-07 14:37
d
w- c:usersPublicAppDataLocaltemp
2009-10-07 14:37 . 2009-10-07 14:37
d
w- c:usersDefaultAppDataLocaltemp
2009-09-30 06:00 . 2009-09-30 06:00
d
w- C:rsit
2009-09-30 06:00 . 2009-09-30 06:00
d
w- c:program filestrend micro
2009-09-30 05:19 . 2009-09-30 05:24
d
w- c:program filesAd Muncher
2009-09-29 04:54 . 2009-09-29 04:54
d
w- c:programdataSUPERAntiSpyware.com
2009-09-29 04:52 . 2009-09-29 04:52
d
w- c:program filesSUPERAntiSpyware
2009-09-29 04:52 . 2009-09-29 04:52
d
w- c:usersМюллерAppDataRoamingSUPERAntiSpyware.com
2009-09-29 04:52 . 2009-09-29 04:52
d
w- c:program filesCommon FilesWise Installation Wizard
2009-09-19 09:05 . 2009-09-19 09:07
d
w- c:usersМюллерAppDataRoamingLuntik
2009-09-19 08:54 . 2009-09-19 08:54
d
w- c:programdataAlawarWrapper
2009-09-19 08:54 . 2009-09-19 08:54
d
w- c:programdataEgoset
2009-09-19 08:53 . 2009-09-19 09:04
d
w- c:program filesGamerOnline.ru
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 14:36 . 2008-09-26 18:53 2883584 —sha-w- c:usersМюллерNTUSER.DAT
2009-10-07 14:32 . 2009-09-05 07:51
d
w- c:usersМюллерAppDataRoaminguTorrent
2009-10-07 13:24 . 2008-02-05 16:29 656154 —-a-w- c:windowssystem32perfh019.dat
2009-10-07 13:24 . 2008-02-05 16:29 126450 —-a-w- c:windowssystem32perfc019.dat
2009-10-07 13:19 . 2008-09-26 19:23 9 —-a-w- c:windowsmvraidver.dat
2009-10-07 04:19 . 2008-09-27 18:52 12 —-a-w- c:windowsbthservsdp.dat
2009-10-04 02:41 . 2009-09-24 03:58 87414 —-a-w- c:usersМюллерAppDataRoamingfieryads.dat
2009-10-02 00:40 . 2009-03-21 15:54 189184 —-a-w- c:windowssystem32PnkBstrB.exe
2009-10-02 00:21 . 2009-03-21 15:56 138064 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-09-29 10:11 . 2008-10-15 07:21
d
w- c:program filesSteam
2009-09-29 04:52 . 2009-09-29 04:52
d
w- c:usersМюллерAppDataRoamingSUPERAntiSpyware.com
2009-09-27 13:04 . 2008-09-28 03:03
d
w- c:program filesCommon FilesAdobe
2009-09-19 09:07 . 2009-09-19 09:05
d
w- c:usersМюллерAppDataRoamingLuntik
2009-09-18 12:00 . 2008-09-27 20:22
d
w- c:programdataMicrosoft Help
2009-09-18 12:00 . 2008-09-26 18:53
d-s—w- c:usersМюллерAppDataRoamingMicrosoft
2009-09-05 07:52 . 2009-09-05 07:52
d
w- c:program filesuTorrent
2009-09-03 05:06 . 2009-08-11 09:43
d
w- c:usersМюллерAppDataRoamingImage Zone Express
2009-09-02 12:41 . 2009-09-02 12:40
d
w- c:usersМюллерAppDataRoamingSuper-Cow
2009-09-02 07:55 . 2009-09-02 07:55
d
w- c:usersМюллерAppDataRoamingYandex
2009-09-02 07:55 . 2009-09-02 07:55
d
w- c:usersМюллерAppDataRoamingMozilla
2009-09-02 07:55 . 2009-09-02 07:55
d
w- c:program filesYandex
2009-08-29 14:07 . 2009-08-29 14:07
d
w- c:usersМюллерAppDataRoamingWinRAR
2009-08-18 03:42 . 2009-08-18 03:42
d
w- c:usersМюллерAppDataRoamingScreenSeven
2009-08-11 09:43 . 2009-08-11 09:43
d
w- c:usersМюллерAppDataRoamingPrinter Info Cache
2009-08-11 09:43 . 2009-03-06 05:30
d
w- c:usersМюллерAppDataRoamingHP
2009-08-04 14:56 . 2009-03-21 15:53 75064 —-a-w- c:windowssystem32PnkBstrA.exe
2009-07-31 02:09 . 2009-03-21 15:55 22328 —-a-w- c:usersМюллерAppDataRoamingPnkBstrK.sys
2009-07-31 02:09 . 2009-03-21 15:53 682280 —-a-w- c:windowssystem32pbsvc.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-04_02.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-07 13:20 38370 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-07 13:20 64078 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
— 2008-09-26 18:52 . 2009-10-04 02:28 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-09-26 18:52 . 2009-10-07 13:39 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-09-26 18:52 . 2009-10-04 02:28 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-09-26 18:52 . 2009-10-07 13:39 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-09-26 18:52 . 2009-10-04 02:28 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-09-26 18:52 . 2009-10-07 13:39 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-09-26 18:57 . 2009-10-07 13:20 8936 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1019601049-4187624012-3535808926-1000_UserData.bin
— 2009-10-04 01:39 . 2009-10-04 01:39 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-10-07 13:19 . 2009-10-07 13:19 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2009-10-04 01:39 . 2009-10-04 01:39 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-10-07 13:19 . 2009-10-07 13:19 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2006-11-02 10:33 . 2009-10-07 13:24 589884 c:windowsSystem32perfh009.dat
— 2006-11-02 10:33 . 2009-10-04 01:45 589884 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-10-07 13:24 101896 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-10-04 01:45 101896 c:windowsSystem32perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Google Update»=»c:usersМюллерAppDataLocalGoogleUpdateGoogleUpdate.exe» [2009-08-10 133104]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-09-05 288048]
«NevoDRM»=»c:игрыNevoDRMNevoDRM.exe» [2008-12-11 41984]
«SUPERAntiSpyware»=»c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe» [2009-09-15 1998576]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-21 202240]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-21 1008184]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2006-12-10 49152]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-06-18 271360]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-01-18 751616]
«RtHDVCpl»=»RtHDVCpl.exe» — c:windowsRtHDVCpl.exe [2007-03-23 4423680]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-06-19 1241088]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2009-09-03 11:21 548352 —-a-w- c:program filesSUPERAntiSpywareSASWINLO.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux»=wdmaud.drv
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk /p ??F:autocheck autochk *
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»
[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM~startupfolderC:^Users^Мюллер^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MarvellTrayStartup.lnk]
path=c:usersМюллерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMarvellTrayStartup.lnk
backup=c:windowspssMarvellTrayStartup.lnk.Startup
backupExtension=.Startup
[HKLM~startupfolderC:^Users^Мюллер^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Вырезка экрана и программа запуска для OneNote 2007.lnk]
path=c:usersМюллерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupВырезка экрана и программа запуска для OneNote 2007.lnk
backup=c:windowspssВырезка экрана и программа запуска для OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1019601049-4187624012-3535808926-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{FF7E13AB-DB40-4DA8-8C29-57969F8489CD}»= Disabled:TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{0753B0E6-1263-4935-B6C5-8F6FE81951DF}»= UDP:c:program filesMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe:Gears of War
«{23EA3B29-221F-4827-83E9-779AF1CB0A30}»= TCP:c:program filesMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe:Gears of War
«TCP Query User{845FE12B-7B53-423A-BB5D-EAF048CD58DE}c:\program files\pcgame\call of duty world at war\codwaw.exe»= UDP:c:program filespcgamecall of duty world at warcodwaw.exe:Call of Duty(R): World at War Campaign/Coop
«UDP Query User{6A5C952D-AEDB-4660-A301-F6C447A05DD4}c:\program files\pcgame\call of duty world at war\codwaw.exe»= TCP:c:program filespcgamecall of duty world at warcodwaw.exe:Call of Duty(R): World at War Campaign/Coop
«TCP Query User{F3417F39-DAE7-43F5-9760-FE4EBD1A752F}c:\program files\codwaw\codwaw.exe»= UDP:c:program filescodwawcodwaw.exe:Call of Duty(R): World at War Campaign/Coop
«UDP Query User{4B3ECA4E-68BE-44DA-99ED-DEE7253AFAAA}c:\program files\codwaw\codwaw.exe»= TCP:c:program filescodwawcodwaw.exe:Call of Duty(R): World at War Campaign/Coop
«{E4EF1C89-6DED-4293-89F5-56C154520AF9}»= UDP:Profile=Private|990:LocalSubnet:LocalSubnet|IF={74570CBA-52A8-4362-A857-3FE710B3FE1E}|c:windowssystem32svchost.exe|Svc=rapimgr:Возможности подключения устройств на платформе Windows Mobile
«TCP Query User{420DF1C3-82FE-4F0D-8090-9B92F985F87B}c:\program files\marvell\61xx\apache2\bin\apache.exe»= Disabled:UDP:c:program filesmarvell61xxapache2binapache.exe:Apache HTTP Server
«UDP Query User{D91E8EFB-C7F1-4EB7-90CF-0E35E532E522}c:\program files\marvell\61xx\apache2\bin\apache.exe»= Disabled:TCP:c:program filesmarvell61xxapache2binapache.exe:Apache HTTP Server
«{39A0559D-3B1B-4BE3-8896-4034651FDC9C}»= Disabled:UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{10456C03-F374-4CE8-9C44-A5CCCEBC8DAA}»= Disabled:TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{AE52AB3D-31B2-4FFD-9945-1398981D2FED}»= Disabled:UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{E42E90E9-93F4-44C0-A15D-012F4B39347E}»= Disabled:TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{74DB3C9A-8523-4C67-9E17-7F34079DFF7C}»= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={74570CBA-52A8-4362-A857-3FE710B3FE1E}|c:windowssystem32svchost.exe|Svc=rapimgr:Возможности подключения устройств на платформе Windows Mobile
«{FA3849A3-FFA0-430C-8690-A52A38CCFF72}»= UDP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{39CB083B-4D09-474A-A665-0A6FD2EE5C54}»= TCP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{EDAE9076-39C6-48EC-A967-534975E85768}»= UDP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{8892897E-7CA0-4DDB-A258-A61699D77E43}»= TCP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{8185E953-BDDB-43D3-B572-D27C144D0E97}»= UDP:c:program filesActivisionCall of Duty — World at WarCoDWaW.exe:Call of Duty(R) — World at War(TM)
«{9CC3123A-30EF-4DC0-A70B-2C0716BC0EF3}»= TCP:c:program filesActivisionCall of Duty — World at WarCoDWaW.exe:Call of Duty(R) — World at War(TM)
«{4925D697-A059-45C7-9410-74DCF65FB7DD}»= UDP:c:program filesActivisionCall of Duty — World at WarCoDWaWmp.exe:Call of Duty(R) — World at War(TM)
«{4446AB3A-FA48-47AE-8328-8D5A2C4E2BEC}»= TCP:c:program filesActivisionCall of Duty — World at WarCoDWaWmp.exe:Call of Duty(R) — World at War(TM)
«{4AA1A7E8-8231-4EC7-B2F1-7D9A2344F6B0}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{459ED6D2-AEA6-4622-976F-A447CC65FBE5}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)
«DisabledInterfaces»= {C5312F4D-1C7B-4C93-AC51-0C6E3A207659},{F9FF4D7C-7C5F-4F48-91BC-44385D9880E1},{563723C9-6D6C-45B5-8988-15D90FB2215B},{3935CAB3-C8D6-4157-B588-381BF341BB83}
R0 mv61xx;mv61xx;c:windowsSystem32driversmv61xx.sys [15.06.2007 11:52 143256]
R1 aswSP;avast! Self Protection;c:windowsSystem32driversaswSP.sys [06.03.2009 9:07 114768]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [15.09.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [15.09.2009 11:42 74480]
R2 aswFsBlk;aswFsBlk;c:windowsSystem32driversaswFsBlk.sys [06.03.2009 9:07 20560]
R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [06.03.2009 9:06 51792]
R2 Marvell RAID;Marvell RAID Event Agent;c:program filesMarvell61xxsvcmvraidsvc.exe [12.06.2007 22:54 61440]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:windowsSystem32driversl160x86.sys [26.09.2008 23:13 46592]
R3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [15.09.2009 11:42 7408]
S2 MRUWebService;MRU Web Service;c:program filesMarvell61xxApache2binApache.exe [23.05.2007 4:17 20539]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
Supplementary Scan
.
uStart Page = hxxp://www.rambler.ru/
mStart Page = hxxp://www.rambler.ru/ra/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=333N582O&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=333N582O&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=333N582O&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=333N582O&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=333N582O&id=menu_ie_report
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU5950.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5950.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5950.dll/dic.htm
TCP: {C5312F4D-1C7B-4C93-AC51-0C6E3A207659} = 10.42.100.12 10.42.100.14
.
— — — — ORPHANS REMOVED — — — —
AddRemove-AdRiver — c:usersМюллерAppDataRoamingAdRiverUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 18:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1019601049-4187624012-3535808926-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*>]
@Class=»Shell»
@Allowed: (Read) (RestrictedCode)
[HKEY_USERSS-1-5-21-1019601049-4187624012-3535808926-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*>OpenWithList]
@Class=»Shell»
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2009-10-07 18:38
ComboFix-quarantined-files.txt 2009-10-07 14:38
ComboFix2.txt 2009-10-04 02:48
Pre-Run: 30 116 360 192 байт свободно
Post-Run: 29 892 300 800 байт свободно
281
