Не выдержал и запустил Combofix, но не помогло.
Вот лог:
ComboFix 10-03-06.06 — Yevi 03/07/2010 9:42.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.398 [GMT 2:00]
Running from: d:12ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsYevi.YEVApplication DataCMediaCMedia.dat
c:documents and settingsYevi.YEVApplication DataCMediaFeed.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed1.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed10.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed11.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed12.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed13.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed14.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed15.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed2.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed3.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed4.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed5.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed6.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed7.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed8.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed9.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeedfeed.xml
c:documents and settingsYevi.YEVApplication DataCMediag.fla
c:documents and settingsYevi.YEVApplication DataCMediaUninstall.exe
c:documents and settingsYevi.YEVApplication DataFieryAds
c:documents and settingsYevi.YEVApplication DataFieryAdsFieryAdsUninstall.exe
c:program filesCommon Fileskeylog.txt
c:program filesINSTALL.LOG
c:recyclerS-1-5-21-1343024091-329068152-725345543-1003
c:recyclerS-1-5-21-725345543-746137067-839522115-1003
c:windowsDownloaded Program Fileslauncher.ocx
c:windowsEventSystem.log
c:windowssystem32Cache
c:windowssystem32logs
c:windowssystem32logsAd-Aware event.log
c:windowssystem32sstray.exe
c:windowssystem32twain_32.dll
c:windowssystem32vb40032.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 23:19 . 2010-03-06 23:19
d
w- C:rsit
2010-03-06 23:19 . 2010-03-06 23:19
d
w- c:program filestrend micro
2010-03-06 22:25 . 2010-03-06 22:25
d
w- c:program filesTrendMicro
2010-03-06 22:01 . 2010-03-06 22:02
dc-h—w- c:windowsie8
2010-03-05 23:01 . 2010-03-05 23:01
d
w- c:program filesCommon Fileswm
2010-03-05 23:01 . 2010-03-05 23:01
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2010-03-04 09:11 . 2010-03-04 09:11
d
w- c:program filesMicrosoft Enterprise Library 4.1 — October 2008
2010-02-14 21:25 . 2010-03-04 07:55
d
w- c:program filesuTorrent
2010-02-14 21:23 . 2010-03-04 08:55
d
w- c:documents and settingsYevi.YEVApplication DatauTorrent
2010-02-09 10:25 . 2010-03-04 09:19
d
w- c:documents and settingsYevi.YEVApplication Datavlc
2010-02-09 08:44 . 2009-12-12 14:15 178176 —-a-w- c:windowssystem32unrar.dll
2010-02-09 08:43 . 2004-01-25 16:18 217088 —-a-w- c:windowssystem32yv12vfw.dll
2010-02-09 08:43 . 2009-05-29 21:31 881664 —-a-w- c:windowssystem32xvidcore.dll
2010-02-09 08:43 . 2009-05-29 21:37 205824 —-a-w- c:windowssystem32xvidvfw.dll
2010-02-09 08:41 . 2010-01-05 18:00 85504 —-a-w- c:windowssystem32ff_vfw.dll
2010-02-05 11:36 . 2007-03-04 11:55 719872 —-a-w- c:windowssystem32devil.dll
2010-02-05 11:36 . 2007-03-04 11:55 308224 —-a-w- c:windowssystem32avisynth.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 08:02 . 2009-11-11 18:47
d
w- c:documents and settingsYevi.YEVApplication DataCMedia
2010-03-06 23:23 . 2008-12-10 20:59
d
w- c:documents and settingsAll Users.WINDOWSApplication DataBabylon
2010-03-06 22:25 . 2010-03-06 22:25 388096 —-a-r- c:documents and settingsYevi.YEVApplication DataMicrosoftInstaller{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}HiJackThis.exe
2010-03-06 21:42 . 2009-05-22 08:01
d
w- c:program filesMicrosoft
2010-03-06 21:36 . 2005-06-19 19:00
d
w- c:program filesFlashGet
2010-03-06 21:19 . 2005-02-11 22:45
d
w- c:program filesmIRC
2010-03-05 22:05 . 2009-11-05 17:49
d
w- c:program filesGarena
2010-03-04 09:22 . 2008-05-16 14:04
d
w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoft Help
2010-03-02 11:31 . 2008-05-16 17:56
d
w- c:documents and settingsYevi.YEVApplication DataICQ
2010-03-01 14:47 . 2010-01-11 12:37
d
w- c:program filesMinilyrics
2010-02-25 17:18 . 2010-01-08 13:01
d
w- c:documents and settingsYevi.YEVApplication DataWinamp
2010-02-22 17:51 . 2009-09-08 12:05 10238 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataBlazeVideoBlazeDTV 6.0blazedvd.dll
2010-02-16 11:51 . 2008-04-28 16:56
d
w- c:program filesMicrosoft Silverlight
2010-02-14 21:19 . 2005-02-11 15:35
d
w- c:program filesAzureus
2010-02-14 21:19 . 2008-05-17 08:06
d
w- c:documents and settingsYevi.YEVApplication DataAzureus
2010-02-10 16:17 . 2009-03-10 08:54
d
w- c:program filesICQ6.5
2010-02-09 08:47 . 2009-04-20 08:20
d
w- c:program filesK-Lite Codec Pack
2010-02-09 08:36 . 2008-05-16 13:58
d
w- c:documents and settingsYevi.YEVApplication DataBSplayer PRO
2010-02-06 15:03 . 2005-02-11 18:09
d
w- c:program filesWinamp
2010-02-05 11:45 . 2010-01-18 22:09
d
w- c:program filesWMR14
2010-01-30 16:00 . 2008-05-16 14:16 112320 —-a-w- c:documents and settingsYevi.YEVLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-29 16:52 . 2010-01-28 16:52
d
w- c:program filesAptana
2010-01-29 10:58 . 2008-05-30 09:51
d
w- c:documents and settingsYevi.YEVApplication DataSkype
2010-01-26 13:20 . 2010-01-13 09:24
d
w- c:program filesFoxit Software
2010-01-24 23:50 . 2009-10-14 23:24 480688 —-a-w- c:documents and settingsLocalService.NT AUTHORITY.000Local SettingsApplication DataFontCache3.0.0.0.dat
2010-01-24 11:22 . 2010-01-24 11:22
d
w- c:program filesMicrosoft ASP.NET
2010-01-24 10:38 . 2010-01-24 10:36
d
w- c:program filesDevExpress 2009.3
2010-01-23 15:51 . 2010-01-23 15:51
d
w- c:documents and settingsLocalService.NT AUTHORITY.000Application DataFoxit Software
2010-01-18 22:13 . 2007-11-24 21:16
d
w- c:program filesWinPcap
2010-01-13 09:25 . 2010-01-13 09:25
d
w- c:documents and settingsYevi.YEVApplication DataFoxit
2009-12-09 11:35 . 2008-12-29 11:40 18368 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoftVSA9.01033ResourceCache.dll
2009-12-09 11:35 . 2008-12-29 11:40 1309760 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoftVisualStudio9.01033ResourceCache.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Google Update»=»c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2010-01-25 135664]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2007-08-31 1037736]
«SoundMan»=»SOUNDMAN.EXE» [2005-06-20 77824]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 110592]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«EnableShellExecuteHooks»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«EnableShellExecuteHooks»= 1 (0x1)
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{A5949E07-8536-4625-A3D0-2DD83F559990}»= «c:windowssystem32ShellHook.dll» [2009-01-01 147456]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *autocheck lsdelete
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@=»Service»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
[HKLM~startupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:documents and settingsYevi.YEVStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM~startupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^Warkeys Update.lnk]
path=c:documents and settingsYevi.YEVStart MenuProgramsStartupWarkeys Update.lnk
backup=c:windowspssWarkeys Update.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2008-06-12 00:38 34672 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBabylon Client]
2009-07-20 17:42 3706768 —-a-w- c:program filesBabylonBabylon-ProBabylon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 13:35 202024 —-a-w- c:program filesCommon FilesNeroLibNMBgMonitor.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
2006-10-26 22:47 31016 —-a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2007-03-01 13:57 153136 —-a-w- c:program filesCommon FilesNeroLibNeroCheck.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
2008-12-03 10:47 1205760 —-a-w- c:program filesNokiaNokia PC Suite 7PCSuite.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-03-09 03:19 148888 —-a-w- c:program filesJavajre6binjusched.exe
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\USDownloader\USDownloader.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\FlashGet\flashget.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\SopCast\adv\SopAdver.exe»=
«c:\Program Files\SopCast\SopCast.exe»=
«c:\Program Files\Java\jdk1.6.0_06\bin\java.exe»=
«c:\Program Files\VideoLAN\VLC\vlc.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\Java\jre1.6.0_06\bin\java.exe»=
«c:\Program Files\TVUPlayer\TVUPlayer.exe»=
«c:\WINDOWS\system32\fxsclnt.exe»=
«c:\Program Files\JetBrains\IntelliJ IDEA 8.0.1\bin\idea.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=
«c:\Program Files\Windows Live\Messenger\wlcsdk.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Games\Warcraft III\War3.exe»=
«c:\Program Files\Garena\Garena.exe»=
«c:\Program Files\Java\jre6\bin\javaw.exe»=
«c:\Program Files\Java\jre6\bin\java.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe»=
«c:\Program Files\FlashFXP\FlashFXP.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe»=
«c:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\u992\u992.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«135:TCP»= 135:TCP:DCOM
«4129:TCP»= 4129:TCP
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [14/05/2009 15:47 731840]
R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:program filesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe [10/07/2008 01:15 31256]
R2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [20/10/2009 20:19 50704]
R2 paldrv;paldrv;c:windowssystem32pal_drv.sys [11/11/2009 17:09 11107]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:program filesSolidWorks CorpSolidWorks Flow SimulationbinCFWStandAloneSlv.exe [11/09/2009 19:46 144680]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [29/06/2008 21:32 685816]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:windowssystem32driversCE6230StandaloneDriver.sys [26/07/2009 13:09 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:windowssystem32driversCE6230BDA.sys [26/07/2009 13:09 19328]
S3 CE9500;CE9500.Sys driver;c:windowssystem32Driversce9500.sys —> c:windowssystem32Driversce9500.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:program filesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe [15/10/2009 06:51 87336]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp —> c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [09/05/2009 23:21 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [09/05/2009 23:21 8320]
S3 PRODIGY;PRODIGY;c:windowssystem32driversprodigy.sys [18/04/2009 15:19 32377]
S3 USBHIDIR;USBHIDIR;c:windowssystem32driversusbhidir.sys [03/09/2009 21:44 7717]
S3 utqwnzm2;AVZ Kernel Driver;c:windowssystem32driversutqwnzm2.sys [23/01/2009 23:22 7168]
S4 gupdate1c98af5be02e090;Google Update Service (gupdate1c98af5be02e090);»c:program filesGoogleUpdateGoogleUpdate.exe» /svc —> c:program filesGoogleUpdateGoogleUpdate.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100Sharedsqladhlp.exe [10/07/2008 11:49 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe [23/09/2005 07:01 2799808]
S4 RsFx0102;RsFx0102 Driver;c:windowssystem32driversRsFx0102.sys [10/07/2008 02:49 242712]
.
Contents of the ‘Scheduled Tasks’ folder
2010-03-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003Core.job
— c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-01-25 08:38]
2010-03-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003UA.job
— c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-01-25 08:38]
2010-03-06 c:windowsTasksUser_Feed_Synchronization-{6F9C4480-70AB-420B-BE43-14341FEEB630}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 02:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet — c:program filesFlashGetjc_all.htm
IE: &Download with FlashGet — c:program filesFlashGetjc_link.htm
IE: Translate this web page with Babylon — c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon — c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} — res://c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/ActionTU.htm
DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} — hxxp://chat-basic.nana.co.il/Cabs/launcher.cab
DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} — hxxp://www.tapuz.co.il/irc/main/launcher.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} — hxxp://irc.nana10.co.il/Cabs/launcher39.cab
FF — ProfilePath — c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yev
FF — prefs.js: browser.search.selectedEngine — IMDb
FF — prefs.js: browser.startup.homepage — about:blank
FF — component: c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yevextensions{34ea1c70-42cc-42c5-aa29-ec58b95a343e}componentsFFAlert.dll
FF — component: c:program filesHttpWatchFirefoxcomponentshttpwatchproff.dll
FF — plugin: c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yevextensionsmoveplayer@movenetworks.complatformWINNT_x86-msvcpluginsnpmnqmp07076007.dll
FF — plugin: c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdate1.2.183.17npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:program filesMozilla FirefoxpluginsNPAdbESD.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpmozax.dll
FF — plugin: c:program filesMozilla FirefoxpluginsNPTURNMED.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpunagi2.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —
ShellIconOverlayIdentifiers-{6B830884-20E3-4AB6-B672-2629F0F72071} — (no file)
HKLM-Run-StartCCC — c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe
HKLM-Run-nForce Tray Options — sstray.exe
HKLM-Run-mspaint — c:windowssystem32Paint.exe
MSConfigStartUp-ARC — c:documents and settingsYevi.YEVMy DocumentsSystemsvchost.exe
MSConfigStartUp-mspaint — c:windowssystem32Paint.exe
MSConfigStartUp-NBKeyScan — c:program filesNeroNero8Nero BackItUpNBKeyScan.exe
MSConfigStartUp-Nitro PDF Printer Monitor — c:program filesNitro PDFProfessionalNitroPDFPrinterMonitor.exe
MSConfigStartUp-w3dr — c:gamesWarcraft IIIw3dr.exe
AddRemove-CMedia — c:documents and settingsYevi.YEVApplication DataCMediaUninstall.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 — c:program filesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe
AddRemove-WM Recorder 12.1 — c:program filesWMR11Uninstal.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 10:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1547161642-616249376-725345543-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(836)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2010-03-07 10:15:43
ComboFix-quarantined-files.txt 2010-03-07 08:15
Pre-Run: 57,319,014,400 bytes free
Post-Run: 58,734,678,016 bytes free
— — End Of File — — A9AA0712391F72681574EFC877EEB781
