- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 09-04-25.01 — Admin 25.04.2009 0:12.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.3071.2393 [GMT 6:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAdminLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
E:install.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 18:08 . 2009-04-24 18:08 142 —-a-w c:windowssystem32spupdsvc.inf
2009-04-24 18:07 . 2009-04-24 18:07
d
w c:windowsLastGood
2009-04-24 17:12 . 2009-04-24 17:12
d
w C:rsit
2009-04-24 11:23 . 2009-04-24 11:43 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-24 11:23 . 2009-04-24 11:43 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-24 11:22 . 2009-04-24 17:45 32 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-24 11:22 . 2009-04-24 17:45 32 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-24 11:22 . 2009-04-24 17:45 32 —sha-w c:windowssystem32driversfidbox.idx
2009-04-24 11:22 . 2009-04-24 17:45 32 —sha-w c:windowssystem32driversfidbox.dat
2009-04-24 11:22 . 2009-04-24 11:22
d
w c:program filesKaspersky Lab
2009-04-24 11:22 . 2009-04-24 11:22
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-04-23 13:25 . 2009-04-23 13:25
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-04-21 10:16 . 2009-04-21 10:16
d-sh—w C:FOUND.010
2009-04-21 03:01 . 2009-04-21 03:01
d
w C:VKLife
2009-04-19 14:06 . 2007-11-06 17:20 782336 —-a-r c:windowssystem32tmp5E8.tmp
2009-04-19 14:06 . 2007-11-06 17:20 782336 —-a-r c:windowssystem32tmp5E7.tmp
2009-04-18 12:35 . 2009-04-18 12:35
d
w c:documents and settingsAdminLocal SettingsApplication DataFallout3
2009-04-18 12:23 . 2009-04-18 12:23
d
w c:program filesShrek Super-Slam
2009-04-18 12:21 . 2009-04-18 12:21
d
w c:program filesShrek 2 Activity Center
2009-04-18 12:20 . 2009-04-18 12:20
d
w c:program filesShrek 2
2009-04-18 12:11 . 2009-04-18 12:11
d
w c:program filesGarfield 2
2009-04-18 07:57 . 2007-05-31 12:14 782336 —-a-r c:windowssystem32tmp4A6.tmp
2009-04-18 05:41 . 2007-05-31 12:14 782336 —-a-r c:windowssystem32tmp38E.tmp
2009-04-18 02:13 . 2009-04-18 02:13 38 —-a-w c:windowsavisplitter.INI
2009-04-17 16:37 . 2009-04-17 16:37
d
w c:documents and settingsAdminApplication DataAce
2009-04-17 16:25 . 2009-04-17 16:25
d
w c:program filesMoyKotenok
2009-04-17 16:09 . 2009-04-17 16:09
d
w c:documents and settingsAll UsersApplication DataInstallShield
2009-04-17 16:09 . 2009-04-17 16:09
d
w c:program filesRussobit-M
2009-04-17 16:09 . 2009-04-17 16:09
d
w c:program filesMaestro Learning
2009-04-17 16:09 . 2004-06-16 00:03 73728 —-a-w c:windowssystem32ISUSPM.cpl
2009-04-17 15:57 . 2002-02-01 20:02 1311744 —-a-w C:Alcohol.exe
2009-04-15 02:27 . 2009-03-27 06:58 1203922
w c:windowssystem32dllcachesysmain.sdb
2009-04-15 02:27 . 2008-04-21 21:15 218624
w c:windowssystem32dllcachewordpad.exe
2009-04-12 08:49 . 2009-04-12 08:49
d
w c:documents and settingsAdminApplication DataMeridian93
2009-04-12 05:54 . 2009-04-12 05:54
d
w c:documents and settingsAdminApplication DataSecretIslandRus
2009-04-11 15:18 . 2009-04-11 15:18
d
w c:documents and settingsAdminLocal SettingsApplication DataEIDOS
2009-04-11 15:17 . 2009-04-11 15:17
d
w c:program filesGameShadow
2009-04-11 15:17 . 2009-04-11 15:17
d
w c:windowsDownloaded Installations
2009-04-11 15:16 . 2009-04-11 15:16
d
w c:program filesEidos
2009-04-10 15:54 . 2009-04-10 15:54 170152 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-04-10 10:10 . 2009-04-10 10:10
d-sh—w C:FOUND.009
2009-04-10 08:53 . 2005-11-02 14:43 2359350 —-a-w c:windowswp3_1024.bmp
2009-04-10 08:43 . 2009-04-10 08:43
d
w C:Смешарики — По дороге со Смешариками2
2009-04-10 08:42 . 2009-04-10 08:42
d
w C:По дороге со Смешариками
2009-04-10 08:02 . 2009-04-10 08:02
d
w C:Смешарики — Круглая Компания2
2009-04-10 08:01 . 2009-04-10 08:01
d
w c:program filesXviD
2009-04-10 07:52 . 2009-04-10 07:52
d
w C:Смешарики — Компьютер Ежика (Русские Версии)2
2009-04-10 07:42 . 2009-04-10 07:42
d
w C:Круглая Компания
2009-04-10 07:40 . 2009-04-10 07:40
d
w C:Компьютер Ежика
2009-04-10 07:27 . 2009-04-10 07:27
d
w c:program filesSmeshariki
2009-04-10 07:15 . 2009-04-10 07:15
d
w C:Смешарики — Калейдоскоп Игр
2009-04-09 09:58 . 2009-04-09 09:58
d
w c:program filesDAEMON Tools Lite
2009-04-08 15:13 . 2008-01-08 20:00 799424 —-a-r c:windowssystem32tmp10DA.tmp
2009-04-08 15:13 . 2008-01-08 20:00 799424 —-a-r c:windowssystem32tmp10D9.tmp
2009-04-05 17:08 . 2009-04-05 17:08
d-sh—w C:FOUND.008
2009-04-04 15:02 . 2009-04-04 15:02
d
w c:program filessunmedia
2009-04-03 15:30 . 2009-04-03 15:30
d
w c:program filesCodec Pack — All In 1
2009-04-03 15:30 . 2009-04-03 15:30 737280 —-a-w c:windowsiun6002.exe
2009-04-03 13:22 . 2009-04-03 13:22 107888 —-a-w c:windowssystem32CmdLineExt.dll
2009-04-03 10:20 . 2009-04-03 10:20
d
w c:documents and settingsAll UsersApplication DataВеселаяФерма-ПечемПиццу
2009-03-30 16:57 . 2009-03-30 16:57
d
w c:documents and settingsAll UsersApplication DataGogii Games
2009-03-30 16:57 . 2009-03-30 16:57
d
w c:documents and settingsAdminApplication DataGogii Games
2009-03-30 13:45 . 2009-03-30 13:45
d
w c:documents and settingsAdminApplication Data.design
2009-03-30 13:44 . 2009-03-30 13:44
d
w c:program filesВесёлые акварели
2009-03-29 11:08 . 2009-03-29 11:08
d
w c:documents and settingsAll UsersApplication DataHP Product Assistant
2009-03-29 11:07 . 2009-03-29 11:07
d
w c:program filesHewlett-Packard
2009-03-29 10:29 . 2009-03-29 11:22 153301 —-a-w c:windowshpoins14.dat
2009-03-29 10:29 . 2007-06-05 23:07 2000
w c:windowshpomdl14.dat
2009-03-29 07:06 . 2009-03-29 07:06 207 —-a-w c:windowsUpdateClientUI.INI
2009-03-28 14:33 . 2009-03-28 14:33
d
w c:program filesEA GAMES
2009-03-28 12:04 . 2000-07-14 18:00 434252 —-a-w c:windowssystem32Msvcrtd.dll
2009-03-28 12:04 . 2005-05-14 15:09 2179072 —-a-w c:windowssystem32mfc71d.dll
2009-03-26 06:26 . 2009-03-26 06:26
d
w c:program filesDIFX
2009-03-26 06:26 . 2009-03-26 06:26
d
w c:program filesCommon FilesNokia
2009-03-26 06:26 . 2009-03-26 06:26
d
w c:documents and settingsAdminApplication DataPC Suite
2009-03-26 06:26 . 2009-03-26 06:26
d
w c:documents and settingsAll UsersApplication DataPC Suite
2009-03-26 06:26 . 2009-03-26 06:26
d
w c:program filesCommon FilesPCSuite
2009-03-26 06:25 . 2006-05-29 02:26 50688 —-a-w c:windowssystem32nmwcdcls.dll
2009-03-26 06:25 . 2009-03-26 06:25
d
w c:program filesNokia
2009-03-26 06:25 . 2009-03-26 06:25
d
w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-26 06:22 . 2009-03-26 06:22
d-sh—w c:windowsftpcache
2009-03-26 05:11 . 2009-03-26 05:11
d
w c:documents and settingsAll UsersApplication DataInstallations
2009-03-26 05:10 . 2009-03-26 05:10
d
w c:documents and settingsAdminApplication DataAdobeAUM
2009-03-26 05:10 . 2009-03-26 05:10
d
w c:documents and settingsAdminApplication DataAdobeUM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 17:50 . 2004-08-18 06:00 85140 —-a-w c:windowssystem32perfc019.dat
2009-04-24 17:50 . 2004-08-18 06:00 487750 —-a-w c:windowssystem32perfh019.dat
2009-04-24 11:43 . 2008-01-29 11:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-19 14:06 . 2008-11-08 09:40 413696 —-a-w c:windowssystem32wrap_oal.dll
2009-04-19 14:06 . 2008-11-08 09:40 110592 —-a-w c:windowssystem32OpenAL32.dll
2009-04-12 03:16 . 2008-12-07 12:36 138184 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-04-12 03:16 . 2008-12-07 12:36 183112 —-a-w c:windowssystem32PnkBstrB.exe
2009-04-10 15:50 . 2009-03-28 12:16 13736 —-a-w C:WinxError.log
2009-03-26 11:57 . 2008-11-08 10:38 78864 —-a-w c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-24 07:33 . 2009-03-24 07:33
d
w c:documents and settingsAll UsersApplication DataIntenium
2009-03-23 11:02 . 2009-03-23 11:02
d
w c:documents and settingsAdminApplication DataSuper-Cow
2009-03-21 14:09 . 2009-04-15 02:28 995840
w c:windowssystem32dllcachekernel32.dll
2009-03-19 05:04 . 2009-03-19 05:04
d
w c:documents and settingsAdminApplication DataUniblue
2009-03-18 19:21 . 2004-08-18 06:00 251152 —sha-r C:ntldr
2009-03-18 14:51 . 2009-03-18 14:51
d
w c:program filesOpera
2009-03-17 18:49 . 2009-03-17 18:48
d
w c:documents and settingsAdminApplication Datacom.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-15 05:20 . 2009-03-15 05:20
d
w c:documents and settingsAdminApplication DataCommFort
2009-03-15 05:20 . 2009-03-15 05:20
d
w c:program filesCommFort
2009-03-13 19:38 . 2009-03-13 19:38
d
w c:program filesTrend Micro
2009-03-13 18:36 . 2009-03-13 18:36
d
w c:program filesCommon FilesSymantec Shared
2009-03-13 18:36 . 2009-03-13 18:36
d
w c:program filesNorton Security Scan
2009-03-13 13:40 . 2009-03-13 13:40
d
w c:documents and settingsAdminApplication DataTMNT
2009-03-13 08:56 . 2009-03-13 08:56
d
w c:program filesWATER.RUS
2009-03-13 08:56 . 2009-03-13 08:56
d
w c:program filesFFISH5.RUS
2009-03-13 08:55 . 2009-03-13 08:55
d
w c:program filesFFISH4.RUS
2009-03-13 08:54 . 2009-03-13 08:54
d
w c:program filesFFISH3.RUS
2009-03-13 08:53 . 2009-03-13 08:53
d
w c:program filesFFISH2.RUS
2009-03-12 03:03 . 2009-03-12 02:57 109056 —-a-w c:windowsWebWallpapergmwpfilessetwp.exe
2009-03-11 19:09 . 2009-03-11 19:09
d
w c:documents and settingsAdminApplication DataAhead
2009-03-10 16:18 . 2009-03-10 16:18 970624
w c:windowssystem32dllcacheWgaTray.exe
2009-03-10 16:18 . 2009-03-10 16:18 1482112
w c:windowssystem32SET13B.tmp
2009-03-10 16:18 . 2009-03-10 16:18 265096
w c:windowssystem32dllcachewgaLogon.dll
2009-03-09 13:00 . 2009-03-09 13:00
d
w c:documents and settingsAll UsersApplication DataФутбол без правил
2009-03-09 09:05 . 2009-03-09 09:05
d
w c:program filesKeypict
2009-03-08 08:09 . 2009-01-27 13:13 638816 —-a-w c:windowssystem32dllcacheiexplore.exe
2009-03-08 08:09 . 2007-12-21 13:47 391536 —-a-w c:windowssystem32dllcacheiedkcs32.dll
2009-03-07 22:41 . 2008-11-08 09:38 5937152 —-a-w c:windowssystem32dllcachemshtml.dll
2009-03-07 22:39 . 2009-01-27 13:13 11063808 —-a-w c:windowssystem32dllcacheieframe.dll
2009-03-07 22:34 . 2009-01-27 13:13 914944 —-a-w c:windowssystem32dllcachewininet.dll
2009-03-07 22:34 . 2007-12-21 13:48 914944 —-a-w c:windowssystem32wininet.dll
2009-03-07 22:34 . 2009-01-27 13:13 1206784 —-a-w c:windowssystem32dllcacheurlmon.dll
2009-03-07 22:34 . 2008-11-08 09:38 236544 —-a-w c:windowssystem32dllcachewebcheck.dll
2009-03-07 22:34 . 2007-12-21 13:47 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-07 22:34 . 2007-12-21 13:47 43008 —-a-w c:windowssystem32dllcachelicmgr10.dll
2009-03-07 22:34 . 2009-01-27 13:13 105984 —-a-w c:windowssystem32dllcacheurl.dll
2009-03-07 22:34 . 2009-01-27 13:13 109568 —-a-w c:windowssystem32dllcacheoccache.dll
2009-03-07 22:34 . 2007-12-21 13:17 193536 —-a-w c:windowssystem32dllcachemsrating.dll
2009-03-07 22:33 . 2008-11-08 09:39 759296 —-a-w c:windowssystem32dllcacheVGX.dll
2009-03-07 22:33 . 2009-03-07 22:33 18944
w c:windowssystem32dllcachecorpol.dll
2009-03-07 22:33 . 2007-12-21 13:47 18944 —-a-w c:windowssystem32corpol.dll
2009-03-07 22:33 . 2007-12-21 13:47 25600 —-a-w c:windowssystem32dllcachejsproxy.dll
2009-03-07 22:33 . 2009-03-19 04:27 726528 —-a-w c:windowssystem32dllcachejscript.dll
2009-03-07 22:33 . 2009-01-27 13:13 229376 —-a-w c:windowssystem32dllcacheieaksie.dll
2009-03-07 22:33 . 2009-03-19 04:27 420352 —-a-w c:windowssystem32dllcachevbscript.dll
2009-03-07 22:33 . 2007-12-21 13:47 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-07 22:33 . 2007-12-21 13:47 125952 —-a-w c:windowssystem32dllcacheieakeng.dll
2009-03-07 22:32 . 2007-12-21 13:47 72704 —-a-w c:windowssystem32dllcacheadmparse.dll
2009-03-07 22:32 . 2007-12-21 13:47 72704 —-a-w c:windowssystem32admparse.dll
2009-03-07 22:32 . 2007-12-21 13:47 173056 —-a-w c:windowssystem32dllcacheie4uinit.exe
2009-03-07 22:32 . 2007-12-21 13:47 163840 —-a-w c:windowssystem32dllcacheieakui.dll
2009-03-07 22:32 . 2009-01-27 13:13 55808 —-a-w c:windowssystem32dllcacheiernonce.dll
2009-03-07 22:32 . 2007-12-21 13:47 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-07 22:32 . 2007-12-21 13:47 71680 —-a-w c:windowssystem32dllcacheiesetup.dll
2009-03-07 22:32 . 2007-12-21 16:47 128512 —-a-w c:windowssystem32dllcacheadvpack.dll
2009-03-07 22:32 . 2007-12-21 13:17 94720 —-a-w c:windowssystem32dllcacheinseng.dll
2009-03-07 22:32 . 2009-01-27 13:13 594432 —-a-w c:windowssystem32dllcachemsfeeds.dll
2009-03-07 22:32 . 2009-01-27 13:13 1985024 —-a-w c:windowssystem32dllcacheiertutil.dll
2009-03-07 22:32 . 2007-12-21 13:47 611840 —-a-w c:windowssystem32dllcachemstime.dll
2009-03-07 22:24 . 2007-08-13 12:18 68608 —-a-w c:windowssystem32dllcachehmmapi.dll
2009-03-07 22:22 . 2007-12-21 13:47 156160 —-a-w c:windowssystem32msls31.dll
2009-03-07 22:22 . 2007-12-21 13:47 156160 —-a-w c:windowssystem32dllcachemsls31.dll
2009-03-07 22:11 . 2009-01-27 13:13 445952 —-a-w c:windowssystem32dllcacheieapfltr.dll
2009-03-07 18:04 . 2009-03-07 18:04
d
w c:program filesPunto Switcher
2009-03-06 14:23 . 2009-04-15 02:28 284672
w c:windowssystem32dllcachepdh.dll
2009-03-06 14:23 . 2004-08-18 06:00 284672 —-a-w c:windowssystem32pdh.dll
2009-03-06 12:24 . 2009-02-17 10:34 36734 —-a-w c:windowssystem32OggDSuninst.exe
2009-03-03 17:26 . 2009-03-03 17:26
d
w c:program filesAdobe Media Player
2009-03-03 17:26 . 2009-03-03 17:26
d
w c:program filesCommon FilesAdobe AIR
2009-02-25 14:40 . 2009-02-25 14:40 179 —-a-w C:Локальный диск (D).lnk
2009-02-10 13:09 . 2009-01-28 09:54 2067840
w c:windowssystem32dllcachentkrnlpa.exe
2009-02-09 14:07 . 2009-01-28 09:54 1846912
w c:windowssystem32dllcachewin32k.sys
2009-02-09 14:07 . 2007-12-21 13:18 1846912 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:26 . 2009-01-28 09:54 2190848
w c:windowssystem32dllcachentoskrnl.exe
2009-02-09 11:26 . 2009-01-28 09:54 2025984
w c:windowssystem32dllcachentkrpamp.exe
2009-02-09 11:26 . 2007-12-21 16:18 2025984 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 11:25 . 2009-01-28 09:54 2147328
w c:windowssystem32dllcachentkrnlmp.exe
2009-02-09 11:25 . 2007-12-21 13:17 2147328 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:25 . 2009-04-15 02:28 111104
w c:windowssystem32dllcacheservices.exe
2009-02-09 11:25 . 2004-08-18 06:00 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:54 . 2009-04-15 02:28 401408
w c:windowssystem32dllcacherpcss.dll
2009-02-09 10:54 . 2009-04-15 02:28 731136
w c:windowssystem32dllcachelsasrv.dll
2009-02-09 10:54 . 2009-04-15 02:28 687616
w c:windowssystem32dllcacheadvapi32.dll
2009-02-09 10:54 . 2007-12-21 13:17 401408 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:54 . 2007-12-21 13:17 731136 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:54 . 2004-08-18 06:00 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:54 . 2009-04-15 02:28 473600
w c:windowssystem32dllcachefastprox.dll
2009-02-09 10:54 . 2009-04-15 02:28 718848
w c:windowssystem32dllcachentdll.dll
2009-02-09 10:54 . 2009-04-15 02:28 453120
w c:windowssystem32dllcachewmiprvsd.dll
2009-02-09 10:54 . 2004-08-18 06:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-06 15:07 . 2009-01-27 13:13 3698584 —-a-w c:windowssystem32dllcacheieapfltr.dat
2008-12-31 21:2009-01-01 06:17 23:12 . c:program filesmozilla firefoxcomponentsGoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3698976]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3698976]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]
«LaunchList»=»c:program filesPinnacleStudio 11LaunchList2.exe» [2007-03-21 145496]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-11-01 484104]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«AMP Agent»=»c:program filesCommon FilesARS CompanyAgentAgent.exe» [2002-02-28 37888]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2009-04-15 2558728]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2006-09-15 2048000]
«CommFort client»=»c:program filesCommFortCommFort.exe» [2008-09-08 3509760]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-12-31 39408]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2007-12-29 486856]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2009-04-22 133104]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-10-04 8491008]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-10-04 81920]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«wcmdmgr»=»c:windowswtupdaterwcmdmgrl.exe» [2002-09-27 20480]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-12-31 30192]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«Adobe Photo Downloader»=»c:program filesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe» [2005-06-06 57344]
«ISUSPM Startup»=»c:progra~1COMMON~1INSTAL~1UPDATE~1isuspm.exe» [2004-06-16 221184]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2004-06-16 81920]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-04-24 206088]
«NevoDRM»=»c:игрыNevoDRMNevoDRM.exe» [2008-12-11 41984]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-10-04 1626112]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2007-11-06 16855552]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-07 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-07 128512]
c:documents and settingsAdminѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
PowerReg Scheduler.exe [2009-2-21 256000]
Adobe Media Player.lnk — c:program filesAdobe Media PlayerAdobe Media Player.exe [2009-3-3 261632]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2007-3-11 210520]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«e:\Games\RPLPES08\PES2008.exe»=
R1 prodrv04;Star Force copy protection driver v4; [x]
R2 spupdsvc;Windows Service Pack Installer update service;c:windowssystem32spupdsvc.exe [2009-01-07 26144]
R3 GoogleDesktopManager-110408-113106;Диспетчер Google Desktop 5.8.811.4345;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-12-31 30192]
S0 iastor76;iastor76; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-24 33808]
S2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-10-24 9216]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder
2009-04-24 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-27 15:52]
2009-04-24 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1645522239-1606980848-839522115-500.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-04-22 04:48]
2009-04-24 c:windowsTasksNorton Security Scan for Admin.job
— c:program filesNorton Security ScanNss.exe [2008-11-25 14:20]
2009-04-24 c:windowsTasksUser_Feed_Synchronization-{326E8BDC-FA0C-42BE-9AD4-20E8BBEC792B}.job
— c:windowssystem32msfeedssync.exe [2008-11-08 22:31]
.
— — — — ORPHANS REMOVED — — — —
HKCU-Run-Uniblue RegistryBooster 2009 — c:program filesUniblueRegistryBoosterRegistryBooster.exe
HKCU-Run-VKontakte — c:program filesAgent VkontakteAgentVkontakte.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.ngs.ru/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride =
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
LSP: imon.dll
TCP: {534E2D38-C1F7-4096-918A-96BE2DED5857} = 213.228.92.161
Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — c:program filesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9vf96daw.default
user_pref(browser.search.defaultenginename, Яндекс);FF — prefs.js: browser.search.defaulturl — hxxp://yandex.ru/yandsearch?clid=40548&text={searchTerms}
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=21979
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=21975&yasoft=barff&text=
FF — prefs.js: browser.startup.homepage — hxxp://www.daemon-search.com/startpage
FF — prefs.js: browser.search.selectedEngine — DAEMON Search
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=21979FF — component: c:documents and settingsAll UsersApplication DataGoogleToolbar for Firefox{3112ca9c-de6d-4884-a869-9855de68056c}componentsgoogletoolbarloader.dll
FF — component: c:documents and settingsAll UsersApplication DataGoogleToolbar for Firefox{3112ca9c-de6d-4884-a869-9855de68056c}componentsmetricsloader.dll
FF — component: c:program filesMozilla FirefoxcomponentsGoogleDesktopMozilla.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesPicasa2npPicasa2.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 00:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(1392)
c:windowssystem32imon.dll
.
Completion time: 2009-04-24 0:15
ComboFix-quarantined-files.txt 2009-04-24 18:15
Pre-Run: 59 015 757 824 байт свободно
Post-Run: 59 847 180 288 байт свободно
367 — E O F — 2009-04-15 02:36
