Добрый день Валерий
Скачать Flash_Disinfector не удалось, free porno video агораживает место где должна быть кнопка скачать, попытался скачать с другого сайта, но результат показался странным, исчезли все иконки с рабочего стола на 5 секунд, появилось окно, левая кнопка открывала все ранее открытые страницы ЭКСПЛОЕРа, а вторая открывала только домашнюю страницу, после чего появлялось маленикое окошечко с кнопкой окей и все.
Скачал программу Combofix и высылаю лог фаил, может поможет разобраться?
ComboFix 08-11-28.03 — Пользователь 2008-11-29 23:45:29.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1077 [GMT 6:00]
Running from: c:downloadsПрограммыComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsПользовательГлавное менюПрограммыXP_AntiSpyware
c:documents and settingsПользовательГлавное менюПрограммыXP_AntiSpywareUninstall.lnk
c:documents and settingsПользовательГлавное менюПрограммыXP_AntiSpywareXP_AntiSpyware.lnk
c:documents and settingsПользовательCookiesawypuhy.ban
c:documents and settingsПользовательCookiesexudajym.bat
c:documents and settingsПользовательCookiesgyruqyb.scr
c:documents and settingsПользовательCookieshorenowaru.vbs
c:documents and settingsПользовательCookiesinibelusy.sys
c:documents and settingsПользовательCookiesinozihid.lib
c:documents and settingsПользовательCookiesitin.dll
c:documents and settingsПользовательCookieskusal.bat
c:documents and settingsПользовательCookiesmajuk.ban
c:documents and settingsПользовательCookiesneruqa.bin
c:documents and settingsПользовательCookiesnibab.dat
c:documents and settingsПользовательCookiesobot.pif
c:documents and settingsПользовательCookiesovaj.exe
c:documents and settingsПользовательCookiessysupimuj.lib
c:documents and settingsПользовательCookiesucaxuqikul.bat
c:documents and settingsПользовательCookiesumaxepuri.bin
c:documents and settingsПользовательCookiesvikypu.scr
c:documents and settingsПользовательCookiesxyfyn.ban
c:documents and settingsПользовательCookiesypogoge.scr
c:documents and settingsПользовательCookieszalapihyva.reg
c:documents and settingsПользовательCookieszoluzeto.com
c:documents and settingsПользовательLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesavelypejov.sys
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesehiwo.com
c:documents and settingsПользовательLocal SettingsTemporary Internet Fileseqyvakok.vbs
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesetifuh._sy
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesgadu.dll
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesinegof.reg
c:documents and settingsПользовательLocal SettingsTemporary Internet Fileskeva.sys
c:documents and settingsПользовательLocal SettingsTemporary Internet Filestywuca.pif
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesudofyhajap.db
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesunuh.sys
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesutoj.lib
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesxitew.ban
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesxuhe.reg
c:documents and settingsПользовательLocal SettingsTemporary Internet Filesymap.sys
c:documents and settingsПользовательLocal SettingsTemporary Internet Fileszekoxegom.bin
c:windowsIE4 Error Log.txt
c:windowssystem32DelSelf.bat
c:windowssystem32h@tkeysh@@k.dll
c:windowssystem32sexit.dat
c:windowssystem32TDSSfpmp.dll
c:windowssystem32TDSSosvn.dat
c:windowsWINDOWS
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_SYNSEND
Service_synsend
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
2008-11-27 23:46 . 2008-11-27 23:46
C:rsit
2008-11-27 21:32 . 2008-11-25 22:14 315,392 —a
c:windowssystem32VMJLIB.DLL
2008-11-27 18:21 . 2008-11-27 18:21
c:program filesSUPERAntiSpyware
2008-11-27 18:21 . 2008-11-27 18:21
c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2008-11-27 18:21 . 2008-11-27 18:21
c:documents and settingsПользовательApplication DataSUPERAntiSpyware.com
2008-11-27 18:20 . 2008-11-27 18:20
c:program filesCommon FilesWise Installation Wizard
2008-11-26 18:30 . 2008-11-26 18:30
c:program filesTrend Micro
2008-11-25 23:15 . 2008-11-25 23:15
2008-11-25 23:15 . 2008-11-25 23:15
2008-11-25 23:10 . 2008-11-25 23:10
2008-11-21 21:56 . 2008-11-21 21:56
c:windowssystem32WINDOWS
2008-11-21 21:56 . 2008-11-21 21:56
c:windowssystem32systemprofile
2008-11-21 21:56 . 2008-11-21 21:56
c:windowssystem32report
2008-11-21 21:56 . 2008-11-21 21:56
c:windowssystem32cs
2008-11-21 21:56 . 2008-11-21 21:56
C:config
2008-11-19 23:23 . 2008-11-19 23:23
c:windowssystem32system32
2008-11-19 23:23 . 2008-11-19 23:23
c:windowssystem32Smart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23
c:windowssystem32configsystemprofileSmart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23
c:windowssystem32configsystemprofilecs
2008-11-19 23:23 . 2008-11-19 23:23
c:windowsSmart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23
c:windowscs
2008-11-19 23:23 . 2008-11-19 23:23
C:systemprofile
2008-11-19 23:23 . 2008-11-19 23:23
C:report
2008-11-19 23:23 . 2008-11-19 23:23
C:Application Data
2008-11-19 22:57 . 2008-11-19 22:57
c:windowssystem32ru-ru
2008-11-19 22:55 . 2008-06-12 11:27 26,144 —a
c:windowssystem32spupdsvc.exe
2008-11-19 22:53 . 2008-11-19 22:53
c:windows$hf_mig$
2008-11-19 20:43 . 2004-01-27 12:32 2,100,191 —a
c:windowsRomantic Moments.scr
2008-11-19 20:41 . 2008-11-19 20:41
c:documents and settingsAll UsersApplication DataWinferno
2008-11-19 20:38 . 2008-11-19 20:52
c:program filesFreeze.com
2008-11-19 20:38 . 2008-11-19 20:38
c:program filesCommon FilesWinferno
2008-11-19 20:38 . 2005-05-11 15:13 1,813,436 —a
c:windowsHaunted House.scr
2008-11-19 20:36 . 2008-11-19 20:55
c:program filesWinferno
2008-11-19 20:36 . 2008-11-19 20:36
c:program filesSmart-Shopper
2008-11-19 20:36 . 2008-11-27 21:32
c:program filesSeekeen
2008-11-19 20:36 . 2008-11-25 22:35
c:documents and settingsПользовательApplication DataSmart-Shopper
2008-11-19 20:36 . 2006-10-09 12:28 835,584 —a
c:windowssystem32WINCTL4.OCX
2008-11-19 20:36 . 2006-10-09 13:06 495,616 —a
c:windowssystem32WINUTIL5.DLL
2008-11-19 20:36 . 2006-05-17 08:40 393,216 —a
c:windowssystem32WINLCTL5.DLL
2008-11-19 19:36 . 2008-11-19 19:36
c:documents and settingsПользовательApplication DataPROject MT
2008-11-19 19:33 . 2008-11-19 19:33
c:program filesWinamp Toolbar
2008-11-19 19:33 . 2008-11-19 19:33
c:documents and settingsAll UsersApplication DataWinamp Toolbar
2008-11-19 19:31 . 2007-03-08 05:51 129,784
c:windowssystem32pxafs.dll
2008-11-19 19:31 . 2007-03-08 05:51 9,464
c:windowssystem32driverscdralw2k.sys
2008-11-19 19:31 . 2007-03-08 05:51 9,336
c:windowssystem32driverscdr4_xp.sys
2008-11-19 15:36 . 2008-11-29 23:50
c:documents and settingsПользовательApplication DataWireChanger
2008-11-19 15:34 . 2008-07-24 22:09 155,648 —a
c:windowsWired_Screensaver.exe
2008-11-19 15:33 . 2008-11-19 15:33
c:program filesWiredPlane
2008-11-19 15:32 . 2008-07-24 22:09 155,648 —a
c:windowsWired_Screensaver.scr
2008-11-05 22:41 . 2008-11-05 22:41
c:documents and settingsLocalServiceApplication DataYaChatData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 17:53 132,384 —sha-w c:windowssystem32driversfidbox2.dat
2008-11-29 17:53 12,775,200 —sha-w c:windowssystem32driversfidbox.dat
2008-11-29 17:51 175,232 —sha-w c:windowssystem32driversfidbox.idx
2008-11-29 17:51 15,524 —sha-w c:windowssystem32driversfidbox2.idx
2008-11-29 17:36
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2008-11-29 17:36
d
w c:documents and settingsПользовательApplication DataYaChatData
2008-11-29 17:36
d
w c:documents and settingsПользовательApplication DataQIP.Online
2008-11-20 02:23
d
w c:program filesJetAudio
2008-11-19 13:53
d
w c:program filesWinamp
2008-11-19 09:18
d
w c:program filesDownload Master
2008-11-14 14:53
d
w c:documents and settingsAll UsersApplication DataCanonIJPLM
2008-08-19 12:37 18,510 —-a-w c:documents and settingsAll UsersApplication Dataugaco.reg
2008-08-19 12:37 17,960 —-a-w c:program filesCommon Filesaxesuhe.ban
2008-08-19 12:37 13,777 —-a-w c:program filesCommon Fileslixagav.inf
2008-08-19 12:37 12,314 —-a-w c:documents and settingsПользовательApplication Datajyqunemysy.bin
2008-08-19 12:37 12,173 —-a-w c:documents and settingsAll UsersApplication Dataokub.com
2008-08-19 12:37 10,164 —-a-w c:program filesCommon Fileswydyjih.sys
2008-08-19 12:33 19,873 —-a-w c:documents and settingsПользовательApplication Datavapyfepun.pif
2008-08-19 12:33 19,511 —-a-w c:documents and settingsAll UsersApplication Datamubo.pif
2008-08-19 12:33 15,303 —-a-w c:program filesCommon Filestodopobo.bat
2008-08-19 12:33 11,513 —-a-w c:documents and settingsAll UsersApplication Datavyhapo.scr
2008-08-19 12:33 10,997 —-a-w c:program filesCommon Filesonihyci.ban
2008-08-19 12:28 18,176 —-a-w c:documents and settingsAll UsersApplication Datauvukudepim.pif
2008-08-19 12:28 16,312 —-a-w c:documents and settingsПользовательApplication Datayrejus.com
2008-08-19 12:28 15,336 —-a-w c:documents and settingsПользовательApplication Dataaduby.com
2008-08-19 12:28 13,550 —-a-w c:documents and settingsAll UsersApplication Datalycuxulim.dat
2008-08-19 12:28 11,649 —-a-w c:documents and settingsПользовательApplication Dataahyjy.reg
2008-08-19 12:23 19,432 —-a-w c:program filesCommon Filesijewysizy.dll
2008-08-19 12:23 18,103 —-a-w c:documents and settingsПользовательApplication Databiky.com
2008-08-19 12:23 17,687 —-a-w c:documents and settingsAll UsersApplication Dataoquvytyry.reg
2008-08-19 12:23 15,103 —-a-w c:documents and settingsПользовательApplication Datahimihyguh.sys
2008-08-19 12:23 14,444 —-a-w c:documents and settingsПользовательApplication Datapenolarub.reg
2008-08-19 12:23 11,398 —-a-w c:program filesCommon Filesicyty.vbs
2008-08-19 10:59 17,123 —-a-w c:documents and settingsAll UsersApplication Dataerynaxig.scr
2008-08-19 07:19 19,006 —-a-w c:program filesCommon Filesyxafyvaq.dl
2008-08-19 07:19 18,705 —-a-w c:program filesCommon Fileswyniw.dll
2008-08-19 07:19 18,459 —-a-w c:documents and settingsAll UsersApplication Dataadyrerepo.sys
2008-08-19 07:19 18,285 —-a-w c:program filesCommon Filesenanegyza.dl
2008-08-19 07:19 16,209 —-a-w c:program filesCommon Filestico.ban
2008-08-19 07:19 16,075 —-a-w c:documents and settingsПользовательApplication Dataixyry.dat
2008-08-19 07:19 12,095 —-a-w c:documents and settingsAll UsersApplication Datajuleby.pif
2008-08-10 17:08 978,396 —-a-w c:program filesBDAXP.cab
.
Sigcheck
2004-09-17 18:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-17 1266992]
[HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D04F5245-E362-4C8B-AA0E-D0E92FEF1E69}]
2008-11-25 22:14 315392 —a
c:windowssystem32vmjlib.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{893AE660-AE80-4dd0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-10-03 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{893AE660-AE80-4DD0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-10-03 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248]
[HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2004-09-24 1916928]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-11-04 68856]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-03 484104]
«QIP.Online»=»c:program filesQIP.Onlineqiponline.exe» [2008-10-14 3293696]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-11-18 3297280]
«SUPERAntiSpyware»=»c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe» [2008-11-17 1805552]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2008-10-16 2154248]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-01-19 339968]
«EPSON Stylus C45 Series (Копия 1)»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I3T1.EXE» [2004-01-14 99840]
«EPSON Stylus C45 Series (Копия 2)»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I3T1.EXE» [2004-01-14 99840]
«DAEMON Tools-1033″=»c:program filesDRToolsdaemon.exe» [2004-08-22 81920]
«FineReader7NewsReaderPro»=»c:program filesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe» [2003-08-05 278528]
«SMSTray»=»c:program filesSamsungSamsung Media Studio 5SMSTray.exe» [2007-02-23 126976]
«MAAgent»=»c:program filesMarkAnyContentSaferMAAgent.exe» [2007-01-30 57344]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«SoundMan»=»SOUNDMAN.EXE» [2005-06-14 c:windowssoundman.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]
c:documents and settingsЏ®«м§®ў ⥫샫 ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Crazy.mp3 [2008-11-24 624794]
WireChanger.lnk — c:program filesWiredPlaneWireChangerWireChanger.exe [2008-11-19 1335296]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
WinZip Quick Pick.lnk — c:program filesWinZipWZQKPICK.EXE [2007-02-25 118784]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 1 (0x1)
«SynchronousUserGroupPolicy»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStrCmpLogical»= 0 (0x0)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMBalloonTip»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{88485281-8b4b-4f8d-9ede-82e29a064277}»= «c:progra~1MarkAnyCONTEN~1MACSMA~1.DLL» [2004-11-23 192512]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 15:28 352256 c:program filesSUPERAntiSpywareSASWINLO.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.HFYU»= huffyuv.dll
«VIDC.VP31″= vp31vfw.dll
«vidc.DIV3″= DivXc32.dll
«msacm.divxa32″= DivXa32.acm
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma Loader.lnk
backup=c:windowspssAdobe Gamma Loader.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаInterVideo WinCinema Manager.lnk
backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаУскоренный запуск Adobe Reader.lnk
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
—a
2008-11-18 17:27 3297280 c:program filesDownload Masterdmaster.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
2004-09-24 16:22 1916928 c:program filesAheadNero BackItUpNBJ.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a
2001-07-09 10:50 155648 c:windowssystem32NeroCheck.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\InterVideo\DVD7\WinDVD.exe»=
«e:\Games\Настольные\монополия 4\Морской бой\CBattle\CBattle.exe»=
«c:\Program Files\GameSpy Arcade\Aphex.exe»=
«e:\Games\Бродилки\HalfLife2\hl2.exe»=
«e:\Games\Гонки\Need For Speed Underground 2\speed2.exe»=
«c:\WINDOWS\system32\muzapp.exe»=
«e:\Games\Стратегии\Королевства\RK.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
R0 prohlp01;StarForce Protection Helper Driver v1;c:windowssystem32driversprohlp01.sys [2002-10-05 75936]
R0 UP55bus;UP55bus;c:windowssystem32DRIVERSUP55bus.sys [2006-06-29 155136]
R0 UP55prt;UP55prt;c:windowssystem32DriversUP55prt.sys [2006-06-29 5248]
R1 Asapi;Asapi;c:windowssystem32driversAsapi.sys [2006-06-29 11264]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2007-01-10 114496]
R1 prodrv05;StarForce Protection Environment Driver v5;c:windowssystem32driversprodrv05.sys [2002-10-05 53376]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:program filesCanonIJPLMIJPLMSVC.EXE [2008-01-07 99936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2007-12-13 24592]
S2 zzjbn;zzjbn;??c:windowssystem32driverslznkeuq.sys []
S3 Aha1dos;Aha1dos; []
S4 Seekeen Service;Seekeen Service;»c:program filesSeekeenseekeen.exe» «c:program filesSeekeenseekeen.dll» Service []
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F]
ShellAutoRuncommand — F:run.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
ShellAutoRuncommand — g:autorunshell.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0cf3a340-d6f9-11dc-95a1-0015f234fc53}]
ShellAutoRuncommand — I:fclpktm.exe
ShellexploreCommand — I:fclpktm.exe
ShellopenCommand — I:fclpktm.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d1039f0-aa1c-11dc-bea8-eebd3f98613e}]
ShellAutoRuncommand — I:ntde1ect.com
ShellexploreCommand — I:ntde1ect.com
ShellopenCommand — I:ntde1ect.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1e22601f-9f78-11db-9523-c2f96cda483f}]
ShellAutoRuncommand — I:ntde1ect.com
ShellexploreCommand — I:ntde1ect.com
ShellopenCommand — I:ntde1ect.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{20ee3920-2414-11dd-9584-0015f234fc53}]
ShellAutoRuncommand — I:juok3st.bat
ShellexploreCommand — I:juok3st.bat
ShellopenCommand — I:juok3st.bat
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4ec73000-2a01-11dd-958c-0015f234fc53}]
ShellAutoRuncommand — I:juok3st.bat
ShellexploreCommand — I:juok3st.bat
ShellopenCommand — I:juok3st.bat
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5c54a341-b9ed-11db-94b6-806d6172696f}]
ShellAutoRuncommand — K:juok3st.bat
ShellexploreCommand — K:juok3st.bat
ShellopenCommand — K:juok3st.bat
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6322de90-1de1-11dd-9580-0015f234fc53}]
ShellAutoRuncommand — I:ntde1ect.com
ShellexploreCommand — I:ntde1ect.com
ShellopenCommand — I:ntde1ect.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6322de91-1de1-11dd-9580-0015f234fc53}]
ShellAutoRuncommand — J:ntde1ect.com
ShellexploreCommand — J:ntde1ect.com
ShellopenCommand — J:ntde1ect.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6d16e120-a45d-11db-bf29-f04b8fa6b131}]
Shell1Command — i:runaut~1autorun.pif
Shell2Command — i:runaut~1autorun.pif
ShellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1autorun.pif
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cec3ccb9-9cde-11db-9519-85c02916613e}]
ShellAutoRuncommand — J:xn1i9x.com
ShellexploreCommand — J:xn1i9x.com
ShellopenCommand — J:xn1i9x.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e7490ee0-7a74-11dd-9626-0015f234fc53}]
ShellAutoRuncommand — I:juok3st.bat
ShellexploreCommand — I:juok3st.bat
ShellopenCommand — I:juok3st.bat
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fb949473-e591-11db-ac76-c2e0b320d224}]
ShellAutoRuncommand — K:ntde1ect.com
ShellexploreCommand — K:ntde1ect.com
ShellopenCommand — K:ntde1ect.com
.
Contents of the ‘Scheduled Tasks’ folder
2008-11-29 c:windowsTasksPCConfidential.job
— c:program filesWinfernoPC ConfidentialPCConfidential.exe []
2008-11-29 c:windowsTasksRegPowerClean.job
— c:program filesWinfernoRegistryPowerCleanerRegPowerClean.exe []
2008-11-19 c:windowsTasksRPCReminder.job
— c:program filesWinfernoRegistryPowerCleanerRPCReminder.exe []
2008-11-29 c:windowsTasksUser_Feed_Synchronization-{87D8143B-5709-4AC9-B947-31C73E71D554}.job
— c:windowssystem32msfeedssync.exe [2008-08-22 03:05]
.
— — — — ORPHANS REMOVED — — — —
HKLM-Run-QuickTime Task — c:program filesQuickTimeqttask.exe
HKLM-Run-XP Antispyware 2009 — c:program filesXP_AntispywareXP_AntiSpyware.exe
HKLM-Run-smapp — (no file)
SafeBoot-TDSSpaxt.sys
MSConfigStartUp-QuickTime Task — c:program filesQuickTimeqttask.exe
MSConfigStartUp-Device Detector — DevDetect.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 23:52:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1048)
c:program filesSUPERAntiSpywareSASWINLO.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32wdfmgr.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-29 23:56:37 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 17:56:34
Pre-Run: 2 069 372 928 байт свободно
Post-Run: 3,118,649,344 байт свободно
396
😉
