Все вроде разобрался. Запустил программу вот вылаживаю полученный лог.файл
ComboFix 09-09-06.06 — ваня 07.09.2009 23:39.1.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3069.1741 [GMT 4:00]
Running from: c:usersваняDesktopComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:progra~1COMMON~1{7445F~1
c:progra~1COMMON~1{7445F~1chrome.manifest
c:progra~1COMMON~1{7445F~1chromecontentextensions.xul
c:progra~1COMMON~1{7445F~1chromecontentlogo.png
c:progra~1COMMON~1{7445F~1chromecontentmain.js
c:progra~1COMMON~1{7445F~1chromecontentmain.xul
c:progra~1COMMON~1{7445F~1chromecontentq.png
c:progra~1COMMON~1{7445F~1chromecontentq_gray.png
c:progra~1COMMON~1{7445F~1chromecontentx.png
c:progra~1COMMON~1{7445F~1chromecontentx_gray.png
c:progra~1COMMON~1{7445F~1defaultspreferencesmain.js
c:progra~1COMMON~1{7445F~1defaultspreferencesmain.js.old
c:progra~1COMMON~1{7445F~1extension.reg
c:progra~1COMMON~1{7445F~1install.rdf
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:usersваняGoogle
c:usersваняGooglegoogletoolbar1.dll
c:usersваняGooglesetupcom.dat
c:usersваняGooglesetupext.dat
c:windowsInstallerWMEncoder.msi
.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-07 19:45 . 2009-09-07 19:45
d
w- c:usersDefaultAppDataLocaltemp
2009-09-07 19:27 . 2009-09-07 19:27
d
w- c:usersваняAdobe
2009-09-02 18:00 . 2009-08-28 12:39 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2009-09-02 18:00 . 2009-08-28 10:15 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-09-01 16:33 . 2009-09-01 16:34
d
w- C:rsit
2009-09-01 16:33 . 2009-09-01 16:34
d
w- c:program filestrend micro
2009-09-01 12:43 . 2009-09-01 12:43
d—h—w- c:program filesRS
2009-08-31 12:43 . 2009-09-02 16:26
d
w- c:usersваняAppDataRoamingWebMoney
2009-08-29 08:27 . 2009-08-29 08:27
d
w- c:program filesMSXML 4.0
2009-08-28 20:13 . 2009-08-28 20:13
d
w- c:program filesCommon FilesPX Storage Engine
2009-08-28 12:21 . 2009-09-01 06:26
d
w- c:usersваняAppDataRoaminguTorrent
2009-08-28 08:14 . 2009-06-22 10:22 2048 —-a-w- c:windowssystem32tzres.dll
2009-08-27 14:58 . 2009-08-27 15:01 94643 —-a-w- c:windowssystem32driversklick.dat
2009-08-27 14:58 . 2009-08-27 15:01 105395 —-a-w- c:windowssystem32driversklin.dat
2009-08-27 14:58 . 2009-09-07 05:02
d
w- c:programdataKaspersky Lab
2009-08-27 14:58 . 2009-09-06 20:01 507936 —sha-w- c:windowssystem32driversfidbox2.dat
2009-08-27 14:58 . 2009-09-06 20:01 3419168 —sha-w- c:windowssystem32driversfidbox.dat
2009-08-27 14:58 . 2009-08-27 14:58
d
w- c:program filesKaspersky Lab
2009-08-27 14:57 . 2009-08-27 14:57
d
w- c:programdataKaspersky Lab Setup Files
2009-08-27 14:46 . 2009-08-27 14:46
d
w- c:usersваняAppDataRoamingOpera
2009-08-27 14:46 . 2009-08-27 14:46
d
w- c:usersваняAppDataLocalOpera
2009-08-27 14:46 . 2009-08-27 14:46
d
w- c:program filesOpera
2009-08-27 14:45 . 2009-08-27 14:45
d
w- c:usersваняAppDataLocalAhead
2009-08-27 14:41 . 2009-08-27 14:41
d
w- c:usersваняAppDataRoamingNero
2009-08-27 14:39 . 2009-08-27 14:40
d
w- c:program filesCommon FilesNero
2009-08-27 14:39 . 2009-08-27 14:39
d
w- c:programdataNero
2009-08-27 14:39 . 2009-08-27 14:39
d
w- c:program filesNero
2009-08-26 20:50 . 2009-08-26 20:50
d
w- c:programdataHewlett-Packard
2009-08-26 12:29 . 2009-08-26 13:12
d
w- c:programdataVirtualFarm
2009-08-26 10:05 . 2009-08-26 10:06
d
w- c:program filesReadiris Pro 11 HP
2009-08-26 09:49 . 2007-12-04 03:25 409600 —-a-w- c:windowssystem32ZSM1120.exe
2009-08-26 09:49 . 2007-12-04 03:22 53248 —-a-w- c:windowssystem32ZTAG.dll
2009-08-26 09:49 . 2007-12-04 03:22 106496 —-a-w- c:windowssystem32ZSPOOL.dll
2009-08-26 09:49 . 2007-12-04 03:20 135168 —-a-w- c:windowssystem32ZLM1120.dll
2009-08-26 09:49 . 2007-12-04 03:22 61440 —-a-w- c:windowssystem32ZIMF.DLL
2009-08-26 09:49 . 2007-12-04 03:32 114688 —-a-w- c:windowssystem32HPMCoSetup.dll
2009-08-26 09:49 . 2007-12-04 03:20 167936 —-a-w- c:windowssystem32hpsfs.dll
2009-08-26 09:47 . 2007-12-18 07:45 221184 —-a-r- c:windowsbrprs.exe
2009-08-26 09:47 . 2009-08-26 20:50
d
w- c:programdataHP
2009-08-26 09:47 . 2009-08-26 09:48
d
w- c:program filesHP
2009-08-26 09:47 . 2009-08-26 09:47
d
w- c:usersваняAppDataRoamingHP
2009-08-25 18:30 . 2009-08-25 18:30
d
w- c:programdataFriday’s games
2009-08-24 16:10 . 2009-08-24 16:10
d
w- c:programdataPlayrix Entertainment
2009-08-23 11:46 . 2009-08-23 11:46
d
w- c:programdataМодный Дом
2009-08-23 10:31 . 2009-08-23 10:31
d
w- c:programdataSandlot Games
2009-08-23 09:23 . 2009-08-23 09:23
d
w- c:programdataAlawar Stargaze
2009-08-21 21:15 . 2009-08-21 21:15
d
w- c:usersваняAppDataRoamingWinRAR
2009-08-21 14:50 . 2009-03-08 11:33 109568 —-a-w- c:windowssystem32PDMSetup.exe
2009-08-21 14:50 . 2009-03-08 11:33 107520 —-a-w- c:windowssystem32RegisterIEPKEYs.exe
2009-08-21 14:50 . 2009-03-08 11:33 107008 —-a-w- c:windowssystem32SetIEInstalledDate.exe
2009-08-21 14:50 . 2009-03-08 11:33 103936 —-a-w- c:windowssystem32SetDepNx.exe
2009-08-21 14:50 . 2009-03-08 11:32 169472 —-a-w- c:windowssystem32iexpress.exe
2009-08-21 14:50 . 2009-03-08 11:31 45568 —-a-w- c:windowssystem32mshta.exe
2009-08-21 14:49 . 2009-06-15 15:24 175104 —-a-w- c:windowssystem32wdigest.dll
2009-08-21 14:49 . 2009-06-15 15:23 1256448 —-a-w- c:windowssystem32lsasrv.dll
2009-08-21 14:49 . 2009-06-15 15:22 213504 —-a-w- c:windowssystem32msv1_0.dll
2009-08-21 14:49 . 2009-06-15 15:21 499712 —-a-w- c:windowssystem32kerberos.dll
2009-08-21 14:49 . 2009-06-15 15:24 270848 —-a-w- c:windowssystem32schannel.dll
2009-08-21 14:49 . 2009-06-15 18:20 439896 —-a-w- c:windowssystem32driversksecdd.sys
2009-08-21 14:49 . 2009-06-15 12:57 9728 —-a-w- c:windowssystem32lsass.exe
2009-08-21 14:49 . 2009-06-15 15:24 72704 —-a-w- c:windowssystem32secur32.dll
2009-08-21 11:38 . 2009-08-21 11:38
d
w- c:usersваняAppDataRoamingSahmon Games
2009-08-20 18:47 . 2009-08-20 18:47
d
w- c:programdataFenomen Games
2009-08-20 12:32 . 2009-08-22 19:17
d
w- c:usersваняAppDataRoamingPlayFirst
2009-08-20 11:15 . 2009-08-23 12:06
d
w- c:programdataMeridian93
2009-08-20 11:14 . 2009-08-23 12:06
d
w- c:usersваняAppDataRoamingMeridian93
2009-08-20 09:54 . 2009-08-20 09:54
d
w- c:usersваняAppDataRoamingGaijin Ent
2009-08-20 08:52 . 2009-08-20 09:10
d
w- c:programdataFarmFrenzy3
2009-08-20 07:42 . 2009-08-20 07:42
d
w- c:program filesAlawar.ru
2009-08-20 07:20 . 2009-08-20 07:38
d
w- c:usersваняAppDataRoamingDownload Master
2009-08-20 07:19 . 2009-08-20 07:19
d
w- c:program filesDownload Master
2009-08-19 19:38 . 2009-08-19 19:38
d
w- c:usersваняAppDataRoamingBeachPartyCraze
2009-08-19 18:33 . 2009-08-19 18:33
d
w- c:programdata7 Artifacts
2009-08-19 16:20 . 2009-08-19 16:20
d
w- c:programdataАлекс Гордон
2009-08-19 15:20 . 2009-08-19 15:21
d
w- c:usersваняAppDataRoamingSprillBermudeRus
2009-08-19 15:20 . 2009-08-29 08:24
d
w- c:usersваняAppDataLocalNevoSoft
2009-08-19 15:19 . 2009-08-19 15:19
d
w- C:Игры
2009-08-19 14:09 . 2009-08-19 14:12
d
w- c:usersваняAppDataRoamingSuper-Cow
2009-08-19 13:38 . 2009-08-19 13:38
d
w- c:programdataIntenium
2009-08-19 12:42 . 2009-08-19 12:42
d
w- c:programdataAWEM
2009-08-19 08:17 . 2009-08-19 08:17
d
w- c:programdataFreshGames
2009-08-19 07:16 . 2009-08-19 07:16
d
w- c:programdataBilbo
2009-08-17 03:57 . 2008-06-20 01:14 97800 —-a-w- c:windowssystem32infocardapi.dll
2009-08-17 03:57 . 2008-06-20 01:14 105016 —-a-w- c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-08-17 03:57 . 2008-06-20 01:14 43544 —-a-w- c:windowssystem32PresentationHostProxy.dll
2009-08-17 03:57 . 2008-06-20 01:14 11264 —-a-w- c:windowssystem32icardres.dll
2009-08-17 03:57 . 2008-06-20 01:14 622080 —-a-w- c:windowssystem32icardagt.exe
2009-08-17 03:57 . 2008-06-20 01:14 781344 —-a-w- c:windowssystem32PresentationNative_v0300.dll
2009-08-17 03:57 . 2008-06-20 01:14 326160 —-a-w- c:windowssystem32PresentationHost.exe
2009-08-17 03:53 . 2008-07-27 18:03 96760 —-a-w- c:windowssystem32dfshim.dll
2009-08-17 03:53 . 2008-07-27 18:03 282112 —-a-w- c:windowssystem32mscoree.dll
2009-08-17 03:53 . 2008-07-27 18:03 41984 —-a-w- c:windowssystem32netfxperf.dll
2009-08-17 03:52 . 2008-07-27 18:03 158720 —-a-w- c:windowssystem32mscorier.dll
2009-08-17 03:52 . 2008-07-27 18:03 83968 —-a-w- c:windowssystem32mscories.dll
2009-08-16 21:32 . 2009-04-30 12:37 428544 —-a-w- c:windowssystem32EncDec.dll
2009-08-16 21:32 . 2009-04-30 12:37 293376 —-a-w- c:windowssystem32psisdecd.dll
2009-08-16 21:03 . 2008-06-26 01:45 12240896 —-a-w- c:windowssystem32NlsLexicons0007.dll
2009-08-16 21:03 . 2008-06-26 01:45 2644480 —-a-w- c:windowssystem32NlsLexicons0009.dll
2009-08-16 21:03 . 2008-06-26 03:29 801280 —-a-w- c:windowssystem32NaturalLanguage6.dll
2009-08-15 13:16 . 2009-03-03 04:40 499200 —-a-w- c:windowssystem32wbemWmiPrvSD.dll
2009-08-15 13:16 . 2009-03-03 04:36 615424 —-a-w- c:windowssystem32wbemfastprox.dll
2009-08-15 13:15 . 2009-03-03 04:46 3599328 —-a-w- c:windowssystem32ntkrnlpa.exe
2009-08-15 13:15 . 2009-03-03 04:46 3547632 —-a-w- c:windowssystem32ntoskrnl.exe
2009-08-15 13:15 . 2009-03-03 04:39 551424 —-a-w- c:windowssystem32rpcss.dll
2009-08-15 13:15 . 2009-03-03 02:16 247296 —-a-w- c:windowssystem32wbemWmiPrvSE.exe
2009-08-15 13:15 . 2009-03-03 04:40 129024 —-a-w- c:windowssystem32wbemWmiDcPrv.dll
2009-08-15 13:15 . 2009-03-03 04:39 26112 —-a-w- c:windowssystem32printfilterpipelineprxy.dll
2009-08-15 13:15 . 2009-03-03 03:04 666624 —-a-w- c:windowssystem32printfilterpipelinesvc.exe
2009-08-15 13:15 . 2009-03-03 04:39 183296 —-a-w- c:windowssystem32sdohlp.dll
2009-08-15 13:15 . 2009-03-03 04:37 98304 —-a-w- c:windowssystem32iasrecst.dll
2009-08-15 13:15 . 2009-03-03 04:37 44032 —-a-w- c:windowssystem32iasdatastore.dll
2009-08-15 13:15 . 2009-03-03 04:37 54784 —-a-w- c:windowssystem32iasads.dll
2009-08-15 13:15 . 2009-03-03 02:38 17408 —-a-w- c:windowssystem32iashost.exe
2009-08-15 13:14 . 2009-03-17 03:38 13824 —-a-w- c:windowssystem32apilogen.dll
2009-08-15 13:14 . 2009-03-17 03:38 24064 —-a-w- c:windowssystem32amxread.dll
2009-08-15 13:14 . 2008-06-19 03:31 361984 —-a-w- c:windowssystem32IPSECSVC.DLL
2009-08-15 13:14 . 2008-10-22 03:57 241152 —-a-w- c:windowssystem32PortableDeviceApi.dll
2009-08-15 13:14 . 2009-04-21 11:55 2033152 —-a-w- c:windowssystem32win32k.sys
2009-08-15 13:13 . 2008-06-06 03:27 38912 —-a-w- c:windowssystem32xolehlp.dll
2009-08-15 13:13 . 2008-06-06 03:27 562176 —-a-w- c:windowssystem32msdtcprx.dll
2009-08-15 13:05 . 2009-06-15 15:24 156672 —-a-w- c:windowssystem32t2embed.dll
2009-08-15 13:05 . 2009-06-15 15:20 72704 —-a-w- c:windowssystem32fontsub.dll
2009-08-15 13:05 . 2009-06-15 12:52 289792 —-a-w- c:windowssystem32atmfd.dll
2009-08-15 13:05 . 2009-06-15 15:20 10240 —-a-w- c:windowssystem32dciman32.dll
2009-08-15 13:05 . 2008-04-26 08:26 891448 —-a-w- c:windowssystem32driverstcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 19:45 . 2009-06-30 14:04 1835008 —sha-w- c:usersваняntuser.dat
2009-09-07 11:07 . 2009-06-30 14:04
d-s—w- c:usersваняAppDataRoamingMicrosoft
2009-09-07 04:47 . 2008-01-21 05:44 653312 —-a-w- c:windowssystem32perfh019.dat
2009-09-07 04:47 . 2008-01-21 05:44 125800 —-a-w- c:windowssystem32perfc019.dat
2009-09-06 20:01 . 2009-08-27 14:58 3864 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-06 20:01 . 2009-08-27 14:58 29888 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-02 16:26 . 2009-08-31 12:43
d
w- c:usersваняAppDataRoamingWebMoney
2009-09-01 15:10 . 2009-07-03 09:06 34 —-a-w- c:windowssystem32BD2030.DAT
2009-09-01 06:26 . 2009-08-28 12:21
d
w- c:usersваняAppDataRoaminguTorrent
2009-08-28 13:38 . 2009-07-09 04:58
d
w- c:usersваняAppDataRoamingICQ
2009-08-27 15:01 . 2008-01-29 13:29 33808 —-a-w- c:windowssystem32driversklbg.sys
2009-08-27 14:52 . 2008-07-02 09:25
d
w- c:programdataMcAfee
2009-08-27 14:46 . 2009-08-27 14:46
d
w- c:usersваняAppDataRoamingOpera
2009-08-27 14:41 . 2009-08-27 14:41
d
w- c:usersваняAppDataRoamingNero
2009-08-26 09:47 . 2009-08-26 09:47
d
w- c:usersваняAppDataRoamingHP
2009-08-23 12:06 . 2009-08-20 11:14
d
w- c:usersваняAppDataRoamingMeridian93
2009-08-23 11:46 . 2009-08-23 11:46
d
w- c:programdataМодный Дом
2009-08-22 19:17 . 2009-08-20 12:32
d
w- c:usersваняAppDataRoamingPlayFirst
2009-08-21 21:15 . 2009-08-21 21:15
d
w- c:usersваняAppDataRoamingWinRAR
2009-08-21 11:38 . 2009-08-21 11:38
d
w- c:usersваняAppDataRoamingSahmon Games
2009-08-20 09:54 . 2009-08-20 09:54
d
w- c:usersваняAppDataRoamingGaijin Ent
2009-08-20 07:38 . 2009-08-20 07:20
d
w- c:usersваняAppDataRoamingDownload Master
2009-08-19 19:38 . 2009-08-19 19:38
d
w- c:usersваняAppDataRoamingBeachPartyCraze
2009-08-19 16:20 . 2009-08-19 16:20
d
w- c:programdataАлекс Гордон
2009-08-19 15:21 . 2009-08-19 15:20
d
w- c:usersваняAppDataRoamingSprillBermudeRus
2009-08-19 14:12 . 2009-08-19 14:09
d
w- c:usersваняAppDataRoamingSuper-Cow
2009-08-16 11:07 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2009-08-12 18:15 . 2009-08-12 18:14
d
w- c:usersваняAppDataRoamingSprillRichiRus
2009-07-21 21:52 . 2009-08-22 09:24 915456 —-a-w- c:windowssystem32wininet.dll
2009-07-21 21:47 . 2009-08-22 09:24 109056 —-a-w- c:windowssystem32iesysprep.dll
2009-07-21 21:47 . 2009-08-22 09:24 71680 —-a-w- c:windowssystem32iesetup.dll
2009-07-21 20:13 . 2009-08-22 09:24 133632 —-a-w- c:windowssystem32ieUnatt.exe
2009-07-14 13:00 . 2009-08-15 12:57 313344 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-14 12:59 . 2009-08-15 12:57 4096 —-a-w- c:windowssystem32dxmasf.dll
2009-07-14 12:58 . 2009-08-15 12:57 7680 —-a-w- c:windowssystem32spwmp.dll
2009-07-14 10:59 . 2009-08-15 12:57 8147456 —-a-w- c:windowssystem32wmploc.DLL
2009-07-08 13:53 . 2009-06-30 14:10 114400 —-a-w- c:usersваняAppDataLocalGDIPFONTCACHEV1.DAT
2009-06-30 15:55 . 2009-06-30 15:55 0 —-a-w- c:usersваняAppDataRoamingwklnhst.dat
2009-06-30 10:53 . 2009-06-30 10:53 0 —-a-w- c:windowsativpsrm.bin
2009-06-30 10:50 . 2008-07-02 08:57 319456 —-a-w- c:windowsDIFxAPI.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-21 1233920]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-08-05 3777536]
«ICQ»=»c:program filesICQ6.5ICQ.exe» [2009-03-01 172792]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-06-24 1840424]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-21 202240]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-21 1008184]
«SunJavaUpdateSched»=»c:program filesJavajre1.6.0_06binjusched.exe» [2008-03-25 144784]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2007-12-06 1029416]
«ITSecMng»=»c:program filesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 75136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«topi»=»c:program filesTOSHIBAToshiba Online Product Informationtopi.exe» [2007-07-10 581632]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-07-02 29744]
«Google EULA Launcher»=»c:program filesGoogleGoogle EULAGoogleEULALauncher.exe» [2008-05-28 20480]
«Toshiba TEMPO»=»c:program filesToshiba TEMPROToshiba.Tempo.UI.TrayApplication.exe» [2008-04-24 103824]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«Camera Assistant Software»=»c:program filesCamera Assistant Software for Toshibatraybar.exe» [2008-09-26 417792]
«TPwrMain»=»c:program filesTOSHIBAPower SaverTPwrMain.EXE» [2008-01-17 431456]
«SmoothView»=»c:program filesToshibaSmoothViewSmoothView.exe» [2008-01-25 509816]
«00TCrdMain»=»c:program filesTOSHIBAFlashCardsTCrdMain.exe» [2008-03-19 716800]
«Toshiba Registration»=»c:program filesToshibaRegistrationToshibaRegistration.exe» [2008-01-11 574864]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-07-09 7975608]
«HPUsageTracking»=»c:program filesHPHP UTbinhppusg.exe» [2007-11-02 36864]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-06-08 2221352]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-08-27 208616]
«WinampAgent»=»e:винампWinampwinampa.exe» [2009-07-01 37888]
«NDSTray.exe»=»NDSTray.exe» [BU]
«RtHDVCpl»=»RtHDVCpl.exe» — c:windowsRtHDVCpl.exe [2008-04-08 6037504]
«Skytel»=»Skytel.exe» — c:windowsSkyTel.exe [2007-11-20 1826816]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1GoogleGOOGLE~2GoogleDesktopNetwork3.dll c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
«DisableMonitoring»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2798722555-1735108407-2583936263-1000]
«EnableNotificationsRef»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowsSystem32driversklbg.sys [29.01.2008 17:29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowsSystem32driversklim6.sys [09.07.2008 17:28 20496]
R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [17.04.2008 0:19 40960]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:program filesToshiba TEMPROTempoSVC.exe [24.04.2008 10:21 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03.12.2007 17:03 126976]
R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [02.07.2008 13:15 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [25.08.2008 9:58 77824]
S3 GoogleDesktopManager-022208-143751;Диспетчер Google Desktop 5.7.802.22438;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [02.07.2008 13:31 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:program filesJumpstartjswpsapi.exe [30.06.2009 18:09 954368]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowsSystem32rundll32.exe» «c:windowsSystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder
2009-09-07 c:windowsTasksUser_Feed_Synchronization-{BE5429A0-D76F-42DF-A378-7308D735D703}.job
— c:windowssystem32msfeedssync.exe [2009-08-22 20:13]
.
— — — — ORPHANS REMOVED — — — —
HKCU-Run-TOSCDSPD — TOSCDSPD.EXE
HKLM-Run-jswtrayutil — c:program filesJumpstartjswtrayutil.exe
HKLM-Run-cfFncEnabler.exe — cfFncEnabler.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
mStart Page = hxxp://mail.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?RU
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} — http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {A4C6E1F5-2711-4145-AE9D-8BC5FA9E5D93} = 80.254.111.254
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 23:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-07 23:48
ComboFix-quarantined-files.txt 2009-09-07 19:48
Pre-Run: 110 170 959 872 байт свободно
Post-Run: 111 899 054 080 байт свободно
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
300 — E O F — 2009-09-03 04:16
