Re: Re: Помогите избавиться от информера FREE PORNO VIDEO — SPYWARE-RU.COM

SPYWARE-RU.COM

Adguard

30 ноября, 2008 в 5:22 пп #20039

Participant

Темы:1
Сообщений:6

☆

Все сделал 😉
ComboFix 08-11-28.03 — Пользователь 2008-11-30 23:08:29.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1033 [GMT 6:00]
Running from: c:downloadsПрограммыComboFix.exe
Command switches used :: c:documents and settingsПользовательРабочий столCFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:documents and settingsПользовательApplication Dataaduby.com
c:documents and settingsПользовательApplication Dataahyjy.reg
c:documents and settingsПользовательApplication Databiky.com
c:documents and settingsПользовательApplication Datahimihyguh.sys
c:documents and settingsПользовательApplication Dataixyry.dat
c:documents and settingsПользовательApplication Datajyqunemysy.bin
c:documents and settingsПользовательApplication Datapenolarub.reg
c:documents and settingsПользовательApplication Datavapyfepun.pif
c:documents and settingsПользовательApplication Datayrejus.com
c:documents and settingsAll UsersApplication Dataadyrerepo.sys
c:documents and settingsAll UsersApplication Dataerynaxig.scr
c:documents and settingsAll UsersApplication Datajuleby.pif
c:documents and settingsAll UsersApplication Datalycuxulim.dat
c:documents and settingsAll UsersApplication Datamubo.pif
c:documents and settingsAll UsersApplication Dataokub.com
c:documents and settingsAll UsersApplication Dataoquvytyry.reg
c:documents and settingsAll UsersApplication Dataugaco.reg
c:documents and settingsAll UsersApplication Datauvukudepim.pif
c:documents and settingsAll UsersApplication Datavyhapo.scr
c:program filesCommon Filesaxesuhe.ban
c:program filesCommon Filesenanegyza.dl
c:program filesCommon Filesicyty.vbs
c:program filesCommon Filesijewysizy.dll
c:program filesCommon Fileslixagav.inf
c:program filesCommon Filesonihyci.ban
c:program filesCommon Filestico.ban
c:program filesCommon Filestodopobo.bat
c:program filesCommon Fileswydyjih.sys
c:program filesCommon Fileswyniw.dll
c:program filesCommon Filesyxafyvaq.dl
c:windowssystem32vmjlib.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsПользовательApplication Dataaduby.com
c:documents and settingsПользовательApplication Dataahyjy.reg
c:documents and settingsПользовательApplication Databiky.com
c:documents and settingsПользовательApplication Datahimihyguh.sys
c:documents and settingsПользовательApplication Dataixyry.dat
c:documents and settingsПользовательApplication Datajyqunemysy.bin
c:documents and settingsПользовательApplication Datapenolarub.reg
c:documents and settingsПользовательApplication Datavapyfepun.pif
c:documents and settingsПользовательApplication Datayrejus.com
c:documents and settingsПользовательLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsПользовательLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsAll UsersApplication Dataadyrerepo.sys
c:documents and settingsAll UsersApplication Dataerynaxig.scr
c:documents and settingsAll UsersApplication Datajuleby.pif
c:documents and settingsAll UsersApplication Datalycuxulim.dat
c:documents and settingsAll UsersApplication Datamubo.pif
c:documents and settingsAll UsersApplication Dataokub.com
c:documents and settingsAll UsersApplication Dataoquvytyry.reg
c:documents and settingsAll UsersApplication Dataugaco.reg
c:documents and settingsAll UsersApplication Datauvukudepim.pif
c:documents and settingsAll UsersApplication Datavyhapo.scr
c:program filesCommon Filesaxesuhe.ban
c:program filesCommon Filesenanegyza.dl
c:program filesCommon Filesicyty.vbs
c:program filesCommon Filesijewysizy.dll
c:program filesCommon Fileslixagav.inf
c:program filesCommon Filesonihyci.ban
c:program filesCommon Filestico.ban
c:program filesCommon Filestodopobo.bat
c:program filesCommon Fileswydyjih.sys
c:program filesCommon Fileswyniw.dll
c:program filesCommon Filesyxafyvaq.dl
c:windowssystem32vmjlib.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_SEEKEEN_SERVICE

Legacy_ZZJBN

Service_Aha1dos

Service_Seekeen Service

Service_zzjbn

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-27 23:46 . 2008-11-27 23:46

d

C:rsit
2008-11-27 18:21 . 2008-11-27 18:21 d

c:program filesSUPERAntiSpyware
2008-11-27 18:21 . 2008-11-27 18:21 d

c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2008-11-27 18:21 . 2008-11-27 18:21 d

c:documents and settingsПользовательApplication DataSUPERAntiSpyware.com
2008-11-27 18:20 . 2008-11-27 18:20 d

c:program filesCommon FilesWise Installation Wizard
2008-11-26 18:30 . 2008-11-26 18:30 d

c:program filesTrend Micro
2008-11-25 23:15 . 2008-11-25 23:15 d—hs—- c:documents and settingsПользовательPrivacIE
2008-11-25 23:15 . 2008-11-25 23:15 d—hs—- c:documents and settingsПользовательPrivacIE
2008-11-25 23:10 . 2008-11-25 23:10 d—h-c— c:windowsie8
2008-11-21 21:56 . 2008-11-21 21:56 d

c:windowssystem32WINDOWS
2008-11-21 21:56 . 2008-11-21 21:56 d

c:windowssystem32systemprofile
2008-11-21 21:56 . 2008-11-21 21:56 d

c:windowssystem32report
2008-11-21 21:56 . 2008-11-21 21:56 d

c:windowssystem32cs
2008-11-21 21:56 . 2008-11-21 21:56 d

C:config
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowssystem32system32
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowssystem32Smart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowssystem32configsystemprofileSmart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowssystem32configsystemprofilecs
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowsSmart-Shopper
2008-11-19 23:23 . 2008-11-19 23:23 d

c:windowscs
2008-11-19 23:23 . 2008-11-19 23:23 d

C:systemprofile
2008-11-19 23:23 . 2008-11-19 23:23 d

C:report
2008-11-19 23:23 . 2008-11-19 23:23 d

C:Application Data
2008-11-19 22:57 . 2008-11-19 22:57 d

c:windowssystem32ru-ru
2008-11-19 22:55 . 2008-06-12 11:27 26,144 —a

c:windowssystem32spupdsvc.exe
2008-11-19 22:53 . 2008-11-19 22:53 d—h

c:windows$hf_mig$
2008-11-19 20:43 . 2004-01-27 12:32 2,100,191 —a

c:windowsRomantic Moments.scr
2008-11-19 20:41 . 2008-11-19 20:41 d

c:documents and settingsAll UsersApplication DataWinferno
2008-11-19 20:38 . 2008-11-19 20:52 d

c:program filesFreeze.com
2008-11-19 20:38 . 2008-11-19 20:38 d

c:program filesCommon FilesWinferno
2008-11-19 20:38 . 2005-05-11 15:13 1,813,436 —a

c:windowsHaunted House.scr
2008-11-19 20:36 . 2008-11-19 20:55 d

c:program filesWinferno
2008-11-19 20:36 . 2008-11-19 20:36 d

c:program filesSmart-Shopper
2008-11-19 20:36 . 2008-11-27 21:32 d

c:program filesSeekeen
2008-11-19 20:36 . 2008-11-25 22:35 d

c:documents and settingsПользовательApplication DataSmart-Shopper
2008-11-19 20:36 . 2006-10-09 12:28 835,584 —a

c:windowssystem32WINCTL4.OCX
2008-11-19 20:36 . 2006-10-09 13:06 495,616 —a

c:windowssystem32WINUTIL5.DLL
2008-11-19 20:36 . 2006-05-17 08:40 393,216 —a

c:windowssystem32WINLCTL5.DLL
2008-11-19 19:36 . 2008-11-19 19:36 d

c:documents and settingsПользовательApplication DataPROject MT
2008-11-19 19:33 . 2008-11-19 19:33 d

c:program filesWinamp Toolbar
2008-11-19 19:33 . 2008-11-19 19:33 d

c:documents and settingsAll UsersApplication DataWinamp Toolbar
2008-11-19 19:31 . 2007-03-08 05:51 129,784

c:windowssystem32pxafs.dll
2008-11-19 19:31 . 2007-03-08 05:51 9,464

c:windowssystem32driverscdralw2k.sys
2008-11-19 19:31 . 2007-03-08 05:51 9,336

c:windowssystem32driverscdr4_xp.sys
2008-11-19 15:36 . 2008-11-30 23:14 d

c:documents and settingsПользовательApplication DataWireChanger
2008-11-19 15:34 . 2008-07-24 22:09 155,648 —a

c:windowsWired_Screensaver.exe
2008-11-19 15:33 . 2008-11-19 15:33 d

c:program filesWiredPlane
2008-11-19 15:32 . 2008-07-24 22:09 155,648 —a

c:windowsWired_Screensaver.scr
2008-11-05 22:41 . 2008-11-05 22:41 d

c:documents and settingsLocalServiceApplication DataYaChatData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 17:14 138,784 —sha-w c:windowssystem32driversfidbox2.dat
2008-11-30 17:13 12,871,968 —sha-w c:windowssystem32driversfidbox.dat
2008-11-30 17:11 176,528 —sha-w c:windowssystem32driversfidbox.idx
2008-11-30 17:11 16,100 —sha-w c:windowssystem32driversfidbox2.idx
2008-11-30 16:54

d

w c:documents and settingsAll UsersApplication DataKaspersky Lab
2008-11-30 16:54

d

w c:documents and settingsПользовательApplication DataYaChatData
2008-11-30 16:53

d

w c:documents and settingsПользовательApplication DataQIP.Online
2008-11-20 02:23

d

w c:program filesJetAudio
2008-11-19 13:53

d

w c:program filesWinamp
2008-11-19 09:18

d

w c:program filesDownload Master
2008-11-14 14:53

d

w c:documents and settingsAll UsersApplication DataCanonIJPLM
2008-08-21 21:08 878,592 —-a-w c:windowssystem32wininet.dll
2008-08-21 21:08 43,008 —-a-w c:windowssystem32licmgr10.dll
2008-08-21 21:07 18,944 —-a-w c:windowssystem32corpol.dll
2008-08-21 21:06 72,704 —-a-w c:windowssystem32admparse.dll
2008-08-21 21:06 71,680 —-a-w c:windowssystem32iesetup.dll
2008-08-21 21:06 434,176 —-a-w c:windowssystem32vbscript.dll
2008-08-21 21:05 48,640

w c:windowssystem32PrivacIE.dll
2008-08-21 21:05 48,128 —-a-w c:windowssystem32mshtmler.dll
2008-08-21 21:05 35,840 —-a-w c:windowssystem32imgutil.dll
2008-08-21 21:04 45,568 —-a-w c:windowssystem32mshta.exe
2008-08-21 20:57 156,160 —-a-w c:windowssystem32msls31.dll
2008-08-19 12:37 19,276 —-a-w c:windowssiqekelym.reg
2008-08-19 12:37 18,366 —-a-w c:windowsamih.reg
2008-08-19 12:37 14,295 —-a-w c:windowsifujaf.sys
2008-08-19 12:37 12,639 —-a-w c:windowsumyf.sys
2008-08-19 12:33 17,585 —-a-w c:windowsbigeziby.bin
2008-08-19 12:33 13,818 —-a-w c:windowsizykuruhi.bin
2008-08-19 12:33 13,103 —-a-w c:windowssystem32rawymixi.sys
2008-08-19 12:33 11,362 —-a-w c:windowskibuzyjy.vbs
2008-08-19 12:28 16,974 —-a-w c:windowsfupi.com
2008-08-19 12:28 16,273 —-a-w c:windowssystem32ojajecocew.sys
2008-08-19 12:28 15,660 —-a-w c:windowsepiqagivy.vbs
2008-08-19 12:28 14,590 —-a-w c:windowsxodi.pif
2008-08-19 12:28 13,187 —-a-w c:windowswiviqy.vbs
2008-08-19 12:23 18,767 —-a-w c:windowssystem32imybel.reg
2008-08-19 12:23 17,902 —-a-w c:windowsoxezagelu.reg
2008-08-19 12:23 14,664 —-a-w c:windowsodemosur.bin
2008-08-19 10:59 18,755 —-a-w c:windowsebobaqah.dll
2008-08-19 10:59 18,654 —-a-w c:windowssystem32qaloqu.pif
2008-08-19 10:59 17,588 —-a-w c:windowsarybyjumo.vbs
2008-08-19 10:59 16,444 —-a-w c:windowsifibadoqem.bin
2008-08-19 10:59 13,756 —-a-w c:windowssystem32nyrasybir.dll
2008-08-19 07:19 18,420 —-a-w c:windowsloxita.exe
2008-08-19 07:19 14,182 —-a-w c:windowsmegitavun.scr
2008-08-19 07:19 12,441 —-a-w c:windowssystem32hixebemoty.pif
2008-08-10 17:08 978,396 —-a-w c:program filesBDAXP.cab
2008-08-05 11:55 265,720 —-a-w c:windowssystem32msdbg2.dll
.

Sigcheck

2004-09-17 18:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_23.55.36.07 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-10-27 09:01:15 58,596 —-a-w c:windowssystem32perfc009.dat
+ 2008-11-29 17:56:56 58,596 —-a-w c:windowssystem32perfc009.dat
— 2008-10-27 09:01:15 70,134 —-a-w c:windowssystem32perfc019.dat
+ 2008-11-29 17:56:56 70,134 —-a-w c:windowssystem32perfc019.dat
— 2008-10-27 09:01:15 392,296 —-a-w c:windowssystem32perfh009.dat
+ 2008-11-29 17:56:56 392,296 —-a-w c:windowssystem32perfh009.dat
— 2008-10-27 09:01:15 432,488 —-a-w c:windowssystem32perfh019.dat
+ 2008-11-29 17:56:56 432,488 —-a-w c:windowssystem32perfh019.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-17 1266992]

[HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{893AE660-AE80-4dd0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-10-03 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{893AE660-AE80-4DD0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-10-03 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248]

[HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2004-09-24 1916928]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-11-04 68856]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-03 484104]
«QIP.Online»=»c:program filesQIP.Onlineqiponline.exe» [2008-10-14 3293696]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-11-18 3297280]
«SUPERAntiSpyware»=»c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe» [2008-11-17 1805552]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2008-10-16 2154248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-01-19 339968]
«EPSON Stylus C45 Series (Копия 1)»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I3T1.EXE» [2004-01-14 99840]
«EPSON Stylus C45 Series (Копия 2)»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I3T1.EXE» [2004-01-14 99840]
«DAEMON Tools-1033″=»c:program filesDRToolsdaemon.exe» [2004-08-22 81920]
«FineReader7NewsReaderPro»=»c:program filesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe» [2003-08-05 278528]
«SMSTray»=»c:program filesSamsungSamsung Media Studio 5SMSTray.exe» [2007-02-23 126976]
«MAAgent»=»c:program filesMarkAnyContentSaferMAAgent.exe» [2007-01-30 57344]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«SoundMan»=»SOUNDMAN.EXE» [2005-06-14 c:windowssoundman.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]

c:documents and settingsЏ®«м§®ў вҐ«мѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Crazy.mp3 [2008-11-24 624794]
WireChanger.lnk — c:program filesWiredPlaneWireChangerWireChanger.exe [2008-11-19 1335296]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
WinZip Quick Pick.lnk — c:program filesWinZipWZQKPICK.EXE [2007-02-25 118784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 1 (0x1)
«SynchronousUserGroupPolicy»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoStrCmpLogical»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMBalloonTip»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{88485281-8b4b-4f8d-9ede-82e29a064277}»= «c:progra~1MarkAnyCONTEN~1MACSMA~1.DLL» [2004-11-23 192512]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 15:28 352256 c:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.HFYU»= huffyuv.dll
«VIDC.VP31″= vp31vfw.dll
«vidc.DIV3″= DivXc32.dll
«msacm.divxa32″= DivXa32.acm

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma Loader.lnk
backup=c:windowspssAdobe Gamma Loader.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаInterVideo WinCinema Manager.lnk
backup=c:windowspssInterVideo WinCinema Manager.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаУскоренный запуск Adobe Reader.lnk
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
—a

2008-11-18 17:27 3297280 c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]

2004-09-24 16:22 1916928 c:program filesAheadNero BackItUpNBJ.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a

2001-07-09 10:50 155648 c:windowssystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\InterVideo\DVD7\WinDVD.exe»=
«e:\Games\Настольные\монополия 4\Морской бой\CBattle\CBattle.exe»=
«c:\Program Files\GameSpy Arcade\Aphex.exe»=
«e:\Games\Бродилки\HalfLife2\hl2.exe»=
«e:\Games\Гонки\Need For Speed Underground 2\speed2.exe»=
«c:\WINDOWS\system32\muzapp.exe»=
«e:\Games\Стратегии\Королевства\RK.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=

R0 prohlp01;StarForce Protection Helper Driver v1;c:windowssystem32driversprohlp01.sys [2002-10-05 75936]
R0 UP55bus;UP55bus;c:windowssystem32DRIVERSUP55bus.sys [2006-06-29 155136]
R0 UP55prt;UP55prt;c:windowssystem32DriversUP55prt.sys [2006-06-29 5248]
R1 Asapi;Asapi;c:windowssystem32driversAsapi.sys [2006-06-29 11264]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2007-01-10 114496]
R1 prodrv05;StarForce Protection Environment Driver v5;c:windowssystem32driversprodrv05.sys [2002-10-05 53376]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:program filesCanonIJPLMIJPLMSVC.EXE [2008-01-07 99936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2007-12-13 24592]
.
Contents of the ‘Scheduled Tasks’ folder

2008-11-30 c:windowsTasksPCConfidential.job
— c:program filesWinfernoPC ConfidentialPCConfidential.exe []

2008-11-30 c:windowsTasksRegPowerClean.job
— c:program filesWinfernoRegistryPowerCleanerRegPowerClean.exe []

2008-11-19 c:windowsTasksRPCReminder.job
— c:program filesWinfernoRegistryPowerCleanerRPCReminder.exe []

2008-11-30 c:windowsTasksUser_Feed_Synchronization-{87D8143B-5709-4AC9-B947-31C73E71D554}.job
— c:windowssystem32msfeedssync.exe [2008-08-22 03:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 23:12:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(1044)
c:program filesSUPERAntiSpywareSASWINLO.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll
.

Other Running Processes

.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32wdfmgr.exe
c:program filesKaspersky LabKaspersky AV for Yandex Onlineavp.exe
c:program filesKaspersky LabKaspersky AV for Yandex Onlineavp.exe
c:windowssystem32wscntfy.exe
c:program filesYandexOnlineYaChatyachat.exe
.
**************************************************************************
.
Completion time: 2008-11-30 23:16:52 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 17:16:49
ComboFix2.txt 2008-11-29 17:56:40

Pre-Run: 3 116 535 808 байт свободно
Post-Run: 3,107,557,376 байт свободно

373
😉