Re: Re: прошу о помощи в удалении порно банера.

18 мая, 2009 в 6:16 дп #23795

Participant

Темы:2
Сообщений:12

☆

BITS: Possible infected sites

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Service_System

((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-05 10:46 . 2009-05-05 10:46

w c:program filessxcodec
2009-05-02 12:31 . 2009-05-02 12:31

w c:documents and settingsГалюня.COMPLocal SettingsApplication DataPC
2009-05-02 12:31 . 2009-05-02 12:31

w c:documents and settingsГалюня.COMPLocal SettingsApplication DataWheelman
2009-05-01 12:34 . 2009-05-01 12:35

w c:documents and settingsГалюня.COMPApplication DataMasanaIPlajnieZamorochki
2009-05-01 12:13 . 2009-05-01 12:25

w c:documents and settingsAll UsersApplication DataВеселаяФерма-ПечемПиццу
2009-05-01 11:53 . 2009-05-01 12:05

w c:documents and settingsAll UsersApplication DataВеселаяФерма2
2009-05-01 11:53 . 2009-05-01 11:53

w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-05-01 11:52 . 2009-05-01 12:32

w c:program filesAlawar.ru
2009-04-29 06:16 . 2009-04-29 06:16

d-sh—w c:documents and settingsАдминистратор.COMPIETldCache
2009-04-29 06:15 . 2008-08-25 20:23

w c:documents and settingsАдминистратор.COMPLocal SettingsApplication DataMicrosoft Help
2009-04-29 06:15 . 2007-11-17 20:19

r c:documents and settingsАдминистратор.COMPГлавное меню
2009-04-29 06:15 . 2007-11-17 17:23

d—h—w c:documents and settingsАдминистратор.COMPШаблоны
2009-04-29 06:15 . 2007-11-17 20:19

r c:documents and settingsАдминистратор.COMPГлавное меню
2009-04-29 06:15 . 2007-11-17 17:23

d—h—w c:documents and settingsАдминистратор.COMPШаблоны
2009-04-29 06:15 . 2009-04-29 06:16

w c:documents and settingsАдминистратор.COMP
2009-04-28 16:00 . 2004-09-03 08:05 1928 —-a-w c:windowssystem32activ.reg
2009-04-28 11:31 . 2009-05-05 11:08 1496576 —h—w c:windowssystem32wodfamop.dll
2009-04-28 11:30 . 2009-04-28 11:30

w c:program filesAbrosoft
2009-04-25 03:19 . 2009-04-25 03:19 715268 —-a-w c:windowstaskmrg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 12:34 . 2009-01-26 11:01

w c:program filesCrawler
2009-05-16 11:57 . 2008-12-27 13:55

w c:program filesFreeCap
2009-05-16 10:47 . 2009-02-14 13:15

w c:program filesHide IP NG
2009-05-15 16:33 . 2008-03-16 14:16 70632 —-a-w c:documents and settingsСветуняLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-15 07:02 . 2009-04-07 16:23

w c:program filesWeb Page Maker
2009-05-14 07:14 . 2009-05-10 20:40

w c:program filestrend micro
2009-05-12 11:16 . 2009-01-26 10:43

w c:program filesDownload Master
2009-05-10 21:19 . 2007-11-17 19:53

w c:program filesOpera
2009-05-09 06:13 . 2009-05-09 06:13

w c:program filesCommon FilesNokia
2009-05-09 06:13 . 2007-12-26 08:57

w c:program filesNokia
2009-05-09 06:12 . 2007-12-10 07:26

w c:program filesPC Connectivity Solution
2009-05-08 17:36 . 2009-05-08 15:31

w c:program filesSpybot — Search & Destroy
2009-05-08 15:41 . 2009-05-08 15:41

w c:program filesFlylinkDC++
2009-05-08 15:29 . 2009-05-08 15:29

w c:program filesqwe.Net
2009-05-06 11:44 . 2009-03-15 08:33

w c:program filesMozilla Firefox 3.1 Beta 3
2009-05-02 13:37 . 2007-11-22 13:49 48 —-a-w c:windowspopcinfo.dat
2009-05-02 12:39 . 2009-03-24 10:36

w c:program filesFormatFactory
2009-04-24 07:41 . 2001-10-20 12:00 86968 —-a-w c:windowssystem32perfc019.dat
2009-04-24 07:41 . 2001-10-20 12:00 472944 —-a-w c:windowssystem32perfh019.dat
2009-04-20 07:19 . 2007-12-29 00:11

w c:program filesARCHPR
2009-04-10 09:13 . 2007-11-17 18:16

w c:program filesESET
2009-04-10 09:11 . 2007-11-17 18:16 502368 —-a-w c:windowssystem32driversamon.sys
2009-04-10 09:11 . 2007-11-17 18:16 274432 —-a-w c:windowssystem32imon.dll
2009-04-07 17:19 . 2009-04-07 16:14

w c:program filesWYSIWYG Web Builder 5
2009-04-07 16:14 . 2009-04-07 16:15 737280 —-a-w c:windowsiun6002.exe
2009-04-01 20:13 . 2009-01-07 13:22

w c:program filesRinkost — MetaTrader 4
2009-03-30 17:54 . 2007-11-22 09:18

w c:program filesWebMoney
2009-03-08 01:34 . 2004-08-17 14:04 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 01:34 . 2004-08-17 14:04 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 01:33 . 2004-08-17 14:04 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 01:33 . 2004-08-17 14:04 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 01:32 . 2004-08-17 14:04 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 01:32 . 2004-08-17 14:04 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 01:31 . 2004-08-17 14:04 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 01:31 . 2004-08-17 14:02 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 01:31 . 2004-08-17 14:04 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 01:22 . 2001-10-20 12:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:23 . 2004-08-17 14:04 284672 —-a-w c:windowssystem32pdh.dll
2009-02-20 12:58 . 2009-02-20 12:58 27136 —-a-w c:windowssystem32driversnchssvad.sys
2009-01-07 13:21 . 2009-01-07 13:08 5764912 —-a-w c:program filesrinkostmt4.exe
2007-12-17 15:39 . 2007-12-17 15:06 14791200 —-a-w c:program filesIE7-WindowsXP-x86-rus.exe
2007-11-17 21:09 . 2007-11-18 20:46 536064 —-a-w c:program filesRMAgent.exe
2007-11-17 17:45 . 2007-11-17 19:05 24576 —-a-w c:program filesНастройка VPN для работы в кабельной сети.htm
2007-11-17 17:44 . 2007-11-17 19:05 5488 —-a-w c:program filesНастройка VPN соединения для Windows 2000 — XP.htm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{1236D836-E9BA-4175-894F-2072A14D5A26}]
2008-03-05 16:19 2465792 —-a-w c:program filesWebMoney Advisortbu02037wmadvisor.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{71f1a4d3-aa10-4a26-85a2-12b27685e92b}]
2009-03-09 08:39 1883672 —-a-w c:program filesDailyClickstbDai1.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-09-05 12:42 2409472 —-a-w c:program filesWebMoney Advisorwmadvisor.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472]
«{71f1a4d3-aa10-4a26-85a2-12b27685e92b}»= «c:program filesDailyClickstbDai1.dll» [2009-03-09 1883672]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736]

[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223]

[HKEY_CLASSES_ROOTclsid{71f1a4d3-aa10-4a26-85a2-12b27685e92b}]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-09-05 2409472]
«{71F1A4D3-AA10-4A26-85A2-12B27685E92B}»= «c:program filesDailyClickstbDai1.dll» [2009-03-09 1883672]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736]

[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223]

[HKEY_CLASSES_ROOTclsid{71f1a4d3-aa10-4a26-85a2-12b27685e92b}]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-01-29 23975720]
«Web Navigate»=»c:windowstaskmrg.exe» [2009-04-25 715268]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-04-10 921600]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-31 7634944]
«Samsung PanelMgr»=»c:windowsSamsungPanelMgrssmmgr.exe» [2006-08-16 503808]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

c:documents and settings‘ўҐвг«пѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-3-16 826152]
‚лаҐ§Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-7 101440]

c:documents and settings‘ўҐвгпѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
‚лаҐ§Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-7 101440]

c:documents and settingsѓ «оп.COMPѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ScrollWall.lnk — c:program filesScrollWallScrollWall.exe [2009-1-26 131072]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128]

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\AGAVA SpamProtexx\sfproxy.exe»=
«c:\Documents and Settings\Галюня.COMP\Рабочий стол\СЕРФИНГ\VipIpClnt.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe»=
«c:\Program Files\FChat\FChat.exe»=
«c:\Program Files\qwe.Net\FlylinkDC\FlylinkDC.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)

R1 VD_FileDisk;VD_FileDisk;c:windowssystem32driversvd_filedisk.sys [17.11.2007 20:59 15872]
R2 AGWinService;AG Windows Service;c:program filesAGIcommonwin32pythonservice.exe [24.01.2009 17:05 10240]
R3 phaudlwr;Philips Audio Filter;c:windowssystem32driversphaudlwr.sys [09.01.2009 18:55 118310]
R3 SPC530;Philips SPC530NC PC Camera;c:windowssystem32driversSPC530.sys [09.01.2009 19:00 484864]
R3 SPC530m;Philips SPC530NC PC Cameram;c:windowssystem32driversSPC530m.sys [09.01.2009 19:00 7680]
S2 DNCP;DNCP — Клиент;c:windowssystem32dncpsvchost.exe -k net dsvcs —> c:windowssystem32dncpsvchost.exe [?]

— Other Services/Drivers In Memory —

*Deregistered* — mchInjDrv

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-05-18 c:windowsTasksUser_Feed_Synchronization-{9F5800E8-98C1-437A-8E9B-BA3BD6924208}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
— — — — ORPHANS REMOVED — — — —

Toolbar-Locked — (no file)
HKU-Default-Run-Nokia.PCSync — c:program filesNokiaNokia PC Suite 6PcSync2.exe

Supplementary Scan

.
uStart Page = hxxp://jgame.by.ru
uInternet Settings,ProxyServer = socks=127.0.0.1:7070
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: Crawler Search — tbr:iemenu
IE: Download Image with Download Manager — tbr:iemenudownload
IE: Download URL in selection with Download Manager — tbr:iemenudownsel
IE: Download URL with Download Manager — tbr:iemenudownload
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{9787C789-65F9-4291-A2DE-BE288D933EE3} — http://sms.start-page.ru/smsfromie.html
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} — c:program filesCrawlerSSaverCSSaver.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
LSP: c:windowssystem32imon.dll
LSP: c:windowssystem32lsprdir.dll
Handler: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — c:progra~1Crawlerctbr.dll
DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} — file:///C:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsГалюня.COMPApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine —
FF — prefs.js: browser.startup.homepage — hxxp://www.crawler.com/?tbid=66020
FF — prefs.js: keyword.URL — hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw=
FF — component: c:progra~1Crawlerfirefoxcomponentsxcomm.dll
FF — component: c:progra~1Crawlerfirefoxcomponentsxshared.dll
FF — component: c:progra~1Crawlerfirefoxcomponentsxsupport.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpnul32.dll

—- FIREFOX POLICIES —-
FF — user.js: network.proxy.type — 1
FF — user.js: network.proxy.http —
FF — user.js: network.proxy.http_port — 0
FF — user.js: network.proxy.ssl —
FF — user.js: network.proxy.ssl_port — 0
FF — user.js: network.proxy.ftp —
FF — user.js: network.proxy.ftp_port — 0
FF — user.js: network.proxy.gopher —
FF — user.js: network.proxy.gopher_port — 0
FF — user.js: network.proxy.socks_version — 5
FF — user.js: network.proxy.socks — 127.0.0.1
user_pref(network.proxy.socks_port,7070);
FF — user.js: network.proxy.no_proxies_on — plimus.com,www.plimus.com,regnow.com,www.regnow.com,
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«media.enforce_same_site_origin», false);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«media.ogg.enabled», true);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«media.wave.enabled», true);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«media.autoplay.enabled», true);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«browser.urlbar.autocomplete.enabled», true);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«capability.policy.mailnews.*.wholeText», «noAccess»);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«network.http.prompt-temp-redirect», true);
c:program filesMozilla Firefox 3.1 Beta 3greprefsall.js — pref(«network.tcp.sendbuffer», 131072);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«extensions.blocklist.level», 2);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«browser.urlbar.restrict.typed», «~»);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«browser.urlbar.default.behavior», 0);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«browser.ssl_override_behavior», 2);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«security.alternate_certificate_error_page», «certerror»);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«browser.privatebrowsing.autostart», false);
c:program filesMozilla Firefox 3.1 Beta 3defaultspreffirefox.js — pref(«browser.privatebrowsing.dont_prompt_on_enter», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘lsass.exe'(744)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowssystem32lsprdir.dll

— — — — — — — > ‘Explorer.EXE'(2852)
c:program filesWindows Desktop Searchdeskbar.dll
c:program filesWindows Desktop Searchru-rudbres.dll.mui
c:program filesWindows Desktop Searchdbres.dll
c:program filesWindows Desktop Searchwordwheel.dll
c:program filesWindows Desktop Searchru-rumsnlExtRes.dll.mui
c:program filesWindows Desktop SearchmsnlExtRes.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll
c:program filesArsenal CompanyСократ Персональный 4.1SpvHook.dll
.

Other Running Processes

.
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesESETnod32krn.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32searchindexer.exe
c:windowssystem32wbemwmiapsrv.exe
c:program filesSkypePlugin ManagerskypePM.exe
c:program filesArsenal Companyc:progra~1ARSENA~14024E~1.1SPE.exe
.
**************************************************************************
.
Completion time: 2009-05-18 9:09 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 06:09

Pre-Run: 6 575 972 352 байт свободно
Post-Run: 7 747 207 168 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect /usepmtimer

812 — E O F — 2009-05-14 10:04