Сделал, вот лог :
ComboFix 09-09-17.04 — Admin 18.09.2009 6:48.3.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.2047.1538 [GMT 4:00]
Running from: c:documents and settingsAdmin.MICROSOF-760B6AРабочий столDownloadComboFix.exe
Command switches used :: c:documents and settingsAdmin.MICROSOF-760B6AРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windows.0ALCMTR.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_117B5638F836C060
Legacy_NAVIGATOR
Service_117B5638F836C060
Service_navigator
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-09-14 12:05 . 2009-09-14 12:05
d
w- c:program filesFinamDataFeed
2009-09-14 04:30 . 2009-09-14 04:30
d
w- c:program filestrend micro
2009-09-14 04:30 . 2009-09-14 04:30
d
w- C:rsit
2009-09-13 07:34 . 1998-10-02 15:00 327168 —-a-w- c:windows.0IsUninst.exe
2009-09-07 02:49 . 2009-09-07 02:49
d
w- C:nodupd
2009-08-28 09:54 . 2009-08-28 09:54
d
w- c:documents and settingsAdmin.MICROSOF-760B6ALocal SettingsApplication Dataid Software
2009-08-28 09:52 . 2009-03-09 11:27 453456 —-a-w- c:windows.0system32d3dx10_41.dll
2009-08-28 09:52 . 2009-03-09 11:27 1846632 —-a-w- c:windows.0system32D3DCompiler_41.dll
2009-08-28 09:52 . 2009-03-09 11:27 4178264 —-a-w- c:windows.0system32D3DX9_41.dll
2009-08-28 09:52 . 2009-03-16 10:18 69448 —-a-w- c:windows.0system32XAPOFX1_3.dll
2009-08-28 09:52 . 2009-03-16 10:18 517448 —-a-w- c:windows.0system32XAudio2_4.dll
2009-08-28 09:52 . 2009-03-16 10:18 235352 —-a-w- c:windows.0system32xactengine3_4.dll
2009-08-28 09:52 . 2009-03-16 10:18 22360 —-a-w- c:windows.0system32X3DAudio1_6.dll
2009-08-28 09:40 . 2009-08-28 09:41
d
w- c:program filesActivision
2009-08-28 09:39 . 2009-08-28 09:39
d-sh—w- c:windows.0ftpcache
2009-08-27 08:05 . 2001-02-05 15:00 22912 —-a-w- c:windows.0system32driversCAPLPTN.SYS
2009-08-27 08:05 . 2001-02-05 15:00 54272 —-a-w- c:windows.0system32CAP1EMN.DLL
2009-08-27 08:05 . 2001-02-05 15:00 28160 —-a-w- c:windows.0system32CAPRPCSK.EXE
2009-08-27 08:05 . 2001-02-05 15:00 23552 —-a-w- c:windows.0system32CAPPTMN.DLL
2009-08-27 08:05 . 2001-02-05 15:00 13824 —-a-w- c:windows.0system32CAPMONK.DLL
2009-08-27 08:05 . 2001-02-05 15:00 40960 —-a-w- c:windows.0system32CAPSMK.DLL
2009-08-24 14:25 . 2009-08-24 14:25
d
w- c:documents and settingsAdmin.MICROSOF-760B6ALocal SettingsApplication DataGoogle
2009-08-23 15:10 . 2009-08-23 15:10
d
w- c:program files1cv8
2009-08-23 05:37 . 2009-08-23 05:37
d
w- c:documents and settingsAdmin.MICROSOF-760B6AWINDOWS
2009-08-23 05:29 . 2009-08-23 05:29
d
w- C:1S_8.0.10.27
2009-08-21 13:38 . 2009-08-21 13:38
d
w- c:documents and settingsAll Users.WINDOWS.0Application DataFarmFrenzy3
2009-08-21 13:36 . 2009-08-21 13:36
d
w- c:program filesAlawar.ru
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-14 02:14 . 2004-08-18 08:00 84938 —-a-w- c:windows.0system32perfc019.dat
2015-09-14 02:14 . 2004-08-18 08:00 487442 —-a-w- c:windows.0system32perfh019.dat
2015-09-13 07:37 . 2015-09-13 07:37
d
w- c:program filesEquis
2015-09-13 07:37 . 2015-09-13 07:37
d
w- c:program filesCommon FilesEquis
2009-09-07 05:23 . 2009-07-13 10:31 2269 —-a-w- c:documents and settingsAll Users.WINDOWS.0Application Datasortedcards.tmp
2009-09-04 05:14 . 2009-07-13 10:43 0 —-a-w- c:documents and settingsAll Users.WINDOWS.0Application Dataplayercachelines.tmp
2009-07-29 14:28 . 2009-07-29 14:28
d
w- c:documents and settingsAll Users.WINDOWS.0Application DataTEMP
2009-07-29 14:28 . 2009-07-29 14:28
d
w- c:program filesPokerTracker 3
2009-07-27 04:30 . 2009-07-27 04:30
d
w- c:program filesUltraISO
2009-07-27 04:29 . 2009-07-27 04:29
d
w- c:program filesAhead
2009-07-27 04:28 . 2009-07-27 04:28
d
w- c:program filesQIP
2009-07-23 11:56 . 2009-07-23 11:56
d
w- c:program filesKyodai Mahjongg 2006
2009-07-16 01:51 . 2009-03-29 15:19 69128 —-a-w- c:documents and settingsAdmin.MICROSOF-760B6ALocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-16 01:41 . 2009-07-16 01:41 160952 —-a-w- c:documents and settingsLocalService.NT AUTHORITYLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-07-13 10:29 . 2009-07-13 10:29 359 —-a-w- c:documents and settingsAdmin.MICROSOF-760B6ALocal SettingsApplication Datapostgresinstall.bat
.
Sigcheck
[-] 2007-12-21 . 6EBEAE64113900F24318B02D3A87C112 . 360576 . . [5.1.2600.2892] . . c:windows.0system32driverstcpip.sys
[-] 2007-12-21 . 196B409A7C1C39A5A0F7566C2741FAD1 . 578560 . . [5.1.2600.3099] . . c:windows.0system32user32.dll
[-] 2007-12-21 . 7A1DB08674B329BA2104BB90C9CD9BC5 . 80216 . . [7.0.6000.381] . . c:windows.0system32wuauclt.exe
[-] 2007-12-21 . 907712EC5AE77486FC4DB8DD917C731A . 1720832 . . [6.00.2900.3156] . . c:windows.0explorer.exe
[-] 2007-12-21 . 9E62E0CDEC5617D03A1598040E73A70B . 1548288 . . [5.1.2600.2180] . . c:windows.0system32sfcfiles.dll
[-] 2007-12-21 . ACC544D628A758A445DF844269E803A7 . 30208 . . [5.1.2600.2180] . . c:windows.0system32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windows.0system32NvCpl.dll» [2007-07-13 8466432]
«NvMediaCenter»=»c:windows.0system32NvMcTray.dll» [2007-07-13 81920]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-04-04 949376]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«NeroFilterCheck»=»c:windows.0system32NeroCheck.exe» [2006-01-12 155648]
«CAPON»=»c:windows.0system32SpoolDriversw32x863CAPONN.EXE» [2001-02-05 22528]
«nwiz»=»nwiz.exe» — c:windows.0system32nwiz.exe [2007-07-13 1626112]
«RTHDCPL»=»RTHDCPL.EXE» — c:windows.0RTHDCPL.EXE [2007-11-06 16855552]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windows.0system32advpack.dll [2007-12-21 124928]
«IE7_012″=»advpack.dll» — c:windows.0system32advpack.dll [2007-12-21 124928]
c:documents and settingsAdmin.MICROSOF-760B6Aѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]
c:documents and settingsAll Users.WINDOWS.0ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Canon LBP-810 Status Window.LNK — c:windows.0system32spooldriversw32x863CAPPSWK.EXE [2009-8-27 113664]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
R1 nod32drv;nod32drv;c:windows.0system32driversnod32drv.sys [04.04.2009 8:26 15424]
R2 RapidPort;RapidPort;c:windows.0system32driversCAPLPTN.SYS [27.08.2009 12:05 22912]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.orionnet.ru/
uInternet Connection Wizard,ShellNext = hxxp://www.zvercd.com/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
LSP: c:windows.0system32imon.dll
TCP: {098C6FE3-97AC-4A1B-B305-EDEDB8274D43} = 192.168.13.1 192.168.12.1
DPF: {AB0E0EBE-1338-4959-807D-82AED379080C} — hxxps://edox.finam.ru/components/crypto.cab
DPF: {F34675BB-3EC7-4977-8B3C-A612492A5A79} — hxxps://edox.finam.ru/components/report.cab
FF — ProfilePath — c:documents and settingsAdmin.MICROSOF-760B6AApplication DataMozillaFirefoxProfiles7tv2qnah.default
FF — prefs.js: browser.startup.homepage — hxxp://www.zvercd.com
FF — component: c:documents and settingsAdmin.MICROSOF-760B6AApplication DataMozillaFirefoxProfiles7tv2qnah.defaultextensionspiclens@cooliris.comcomponentspiclensstub.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 06:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(748)
c:windows.0system32SETUPAPI.dll
c:windows.0system32cscui.dll
— — — — — — — > ‘lsass.exe'(812)
c:windows.0system32setupapi.dll
c:windows.0system32imon.dll
c:program filesEsetpr_imon.dll
— — — — — — — > ‘explorer.exe'(2844)
c:windows.0system32COMRes.dll
c:windows.0System32cscui.dll
c:program filesPunto Switchercorrect.dll
c:windows.0system32NETSHELL.dll
c:windows.0system32msi.dll
c:windows.0system32SETUPAPI.dll
c:windows.0system32wpdshserviceobj.dll
c:windows.0system32POWRPROF.dll
c:program filesNokiaNokia PC Suite 6PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 6PCSCM.dll
c:program filesNokiaNokia PC Suite 6LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 6ResourcePhoneBrowser_Nokia.ngr
c:windows.0system32portabledevicetypes.dll
c:windows.0system32portabledeviceapi.dll
.
Other Running Processes
.
c:program filesEsetnod32krn.exe
c:windows.0system32nvsvc32.exe
c:windows.0system32rundll32.exe
c:windows.0system32CAPRPCSK.EXE
.
**************************************************************************
.
Completion time: 2009-09-18 6:56 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 02:56
ComboFix2.txt 2009-09-15 02:16
Pre-Run: 5 734 432 768 байт свободно
Post-Run: 5 668 274 176 байт свободно
188
