ComboFix 09-07-07.A9 — Admin 30.01.2001 19:57.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.3327.2824 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {55185680-1D7E-44D7-3094-596BB89B90C9}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:recyclerS-1-5-21-1482476501-1644491937-682003330-1013
c:windowsInstallerc8d295.msi
c:windowsInstallerebaff.msi
c:windowssystem32EPSTP32U.EXE
c:windowsnotepad.exe . . . is infected!!
c:windowssystem32notepad.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2000-12-28 to 2001-01-30 )))))))))))))))))))))))))))))))
.
2009-07-04 16:24 . 2007-03-27 13:05 57344 —-a-w- c:windowssystem32driversavfwot.sys
2009-07-04 16:24 . 2007-03-20 05:56 43584 —-a-w- c:windowssystem32driversavipbb.sys
2009-07-04 16:24 . 2007-03-12 07:38 53504 —-a-w- c:windowssystem32driversavfwim.sys
2009-07-04 16:24 . 2007-02-27 11:18 40000 —-a-w- c:windowssystem32driversavgntdd.sys
2009-07-04 16:24 . 2006-11-16 12:13 14848 —-a-w- c:windowssystem32driversavgntmgr.sys
2009-07-04 16:24 . 2001-01-27 09:27
d
w- c:documents and settingsAll UsersApplication DataAvira Premium Security Suite
2009-07-04 16:24 . 2001-01-27 09:16
d
w- c:program filesAvira Premium Security Suite
2009-07-04 16:21 . 2009-07-04 16:45 7168 —-a-w- c:windowssystem32driversuteznjcy.sys
2009-07-02 14:56 . 2009-07-02 14:56
d
w- c:program filesMicrosoft Silverlight
2009-06-29 15:44 . 2009-06-29 15:44
d
w- c:program filesMSECache
2009-06-20 16:35 . 2009-06-20 16:35
d
w- c:program filesREDEMAX
2009-06-20 14:29 . 2009-06-20 14:32
d
w- c:program filesmyAC_mtcv
2009-06-18 16:37 . 2009-06-20 08:58
d
w- c:program filesAlawar.ru
2009-06-13 08:44 . 2009-06-13 08:44
d
w- c:program filesCommon FilesAdobe Systems Shared
2009-06-13 08:43 . 2009-06-13 09:04
d
w- c:program filesCommon FilesAdobe
2009-05-31 14:06 . 2009-05-31 14:06
d
w- c:program filesuTorrent [tfile.ru]
2009-05-20 15:06 . 2009-05-01 07:49 439768 —-a-w- c:documents and settingsAdminApplication DataMozillaFirefoxProfiles7r8eus7r.defaultextensions{99E00A4C-D35E-11DD-BA95-9B6A56D89593}oovootb.dll
2009-05-16 12:51 . 2008-11-20 19:19 9200
w- c:windowssystem32driverscdralw2k.sys
2009-05-16 12:51 . 2008-11-20 19:19 9072
w- c:windowssystem32driverscdr4_xp.sys
2009-05-16 12:50 . 2009-05-16 12:50
d
w- c:windowssystem32IOSUBSYS
2009-05-12 08:39 . 2009-05-12 08:39
d
w- c:program filesElectronic Arts
2009-05-12 08:39 . 2009-05-12 08:39
d
w- C:ProgramData
2009-05-12 08:38 . 2009-05-12 08:38 5888 —-a-w- c:windowssystem32ealregsnapshot1.reg
2009-05-12 08:38 . 2009-05-12 08:38
d
w- c:documents and settingsAdminApplication DataLeadertech
2009-05-01 18:30 . 2009-05-01 18:30 3366912 —-a-w- c:windowssystem32GPhotos.scr
2009-04-23 16:29 . 2009-04-23 16:29
d
w- c:documents and settingsAdminApplication DataEmailNotifier
2009-04-23 15:42 . 2009-04-23 15:42
d
w- c:documents and settingsAll UsersApplication DataEmailNotifier
2009-04-23 15:42 . 2009-04-23 16:31
d
w- c:documents and settingsAdminApplication Dataoovootb
2009-04-23 15:42 . 2009-04-23 15:42
d
w- c:program filesoovootb
2009-04-01 15:51 . 2009-04-01 15:51
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Pro
2009-04-01 15:50 . 2009-04-01 15:50
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-04-01 15:49 . 2009-04-02 12:55
d
w- c:program filesDAEMON Tools Lite
2009-04-01 15:49 . 2009-04-01 15:49
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-03-29 10:49 . 2009-04-11 16:48
d
w- c:program filesvalve
2009-03-28 08:54 . 2009-03-28 08:54
d
w- c:documents and settingsAdminLocal SettingsApplication DataArmA
2009-03-27 06:22 . 2009-03-27 06:22
d
w- c:documents and settingsAdminLocal SettingsApplication DataActivision
2009-03-27 06:19 . 2009-07-02 17:16 138184 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-03-27 06:19 . 2009-03-27 06:19 22328 —-a-w- c:documents and settingsAdminApplication DataPnkBstrK.sys
2009-03-27 06:19 . 2009-07-02 17:16 183112 —-a-w- c:windowssystem32PnkBstrB.exe
2009-03-27 06:19 . 2009-05-12 15:33 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-03-27 06:19 . 2009-03-27 06:19 682280 —-a-w- c:windowssystem32pbsvc.exe
2009-03-27 05:14 . 2009-03-27 05:31
d
w- c:documents and settingsAdminLocal SettingsApplication DataFallout3
2009-03-25 13:42 . 2009-06-20 08:58
d
w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-25 13:41 . 2009-05-19 08:55
d
w- c:program filesGames.Mail.Ru
2009-03-17 11:38 . 2009-03-17 18:01
d—h—w- c:windowssystem325D927B
2009-03-17 11:38 . 2009-03-17 17:28
d—h—w- c:windowssystem32F35385
2009-03-17 11:38 . 2009-03-17 11:38
d—h—w- c:windowssystem32130AC6
2009-03-16 17:44 . 2009-03-16 17:44
d
w- c:program filesViewpoint
2009-03-09 14:13 . 2009-03-09 14:13
d
w- c:documents and settingsAll UsersApplication DataTest Drive Unlimited
2009-02-25 12:20 . 2009-02-25 12:20
d
w- c:documents and settingsAll UsersApplication DataSSScanAppDataDir
2009-02-25 12:19 . 2009-02-25 12:19
d
w- c:documents and settingsAll UsersApplication DataMSScanAppDataDir
2009-02-14 18:10 . 2009-02-14 18:10
d
w- c:program filesCommon FilesSkype
2009-02-13 17:28 . 2000-01-11 15:19 413760 —-a-w- c:windowssystem32MPG4c32.dll
2009-02-13 17:28 . 2009-02-13 17:28 2059448 —-a-w- c:documents and settingsAll UsersApplication DataSkypePluginsPluginsD3987B641C134048B815DB578D607F42setup.exe
2009-02-13 17:28 . 2009-02-13 17:28 172032 —-a-w- c:documents and settingsAll UsersApplication DataSkypePluginsPluginsD3987B641C134048B815DB578D607F42supertintin_skype_extra_wrapper.exe
2009-02-13 17:28 . 2009-02-13 17:28 122880 —-a-w- c:documents and settingsAll UsersApplication DataSkypePluginsPluginsD3987B641C134048B815DB578D607F42mcr_lib.dll
2009-02-13 10:20 . 2009-02-13 10:20
d—h—r- c:documents and settingsAdminApplication DataSecuROM
2009-02-13 10:18 . 2009-02-13 10:18
d
w- c:windowssystem32xlive
2009-02-13 10:18 . 2009-02-13 10:18
d
w- c:program filesMicrosoft Games for Windows — LIVE
2009-02-13 09:40 . 2009-02-13 09:40
d
w- c:program filesMSBuild
2009-02-13 09:40 . 2009-03-11 19:21 374544 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-02-13 09:40 . 2009-02-13 09:42
d
w- c:windowssystem32XPSViewer
2009-02-13 09:39 . 2009-02-13 09:39
d
w- c:program filesReference Assemblies
2009-02-13 09:39 . 2006-06-29 10:07 14048
w- c:windowssystem32spmsg2.dll
2009-02-09 13:04 . 2009-04-11 16:48
d
w- c:program filesPlasma Pong
2009-02-09 12:45 . 2009-02-09 12:45
d
w- c:documents and settingsAll UsersApplication DataMumboJumbo
2009-02-09 12:45 . 2009-02-09 12:45
d
w- c:program filesLuxor 2
2009-02-06 09:55 . 2009-02-06 09:55
d
w- c:documents and settingsAdminApplication Datarambler.ru
2009-02-06 09:55 . 2009-02-06 09:55
d
w- c:program filesRambler Assistant
2009-02-06 09:50 . 2009-04-26 12:06
d
w- c:program filesICQ6.5
2009-02-03 13:29 . 2009-05-12 10:07
d
w- c:program filesArtMoney
2009-01-20 22:22 . 2009-01-20 22:22 33240 —-a-w- c:documents and settingsAdminApplication DataMozillaFirefoxProfiles7r8eus7r.defaultextensions{99E00A4C-D35E-11DD-BA95-9B6A56D89593}componentsooVooCtl.dll
2009-01-15 18:53 . 2009-01-15 18:53 858112 —-a-w- c:documents and settingsAll UsersApplication DataEmailNotifierEmailNotifierAPI.dll
2009-01-15 18:53 . 2009-01-15 18:53 849920 —-a-w- c:documents and settingsAll UsersApplication DataEmailNotifierEmailNotifier.exe
2009-01-08 11:06 . 2009-01-08 11:06
d
w- c:program filesMSN Messenger
2008-12-29 04:30 . 2008-12-29 04:30
d
w- c:documents and settingsAdminScilab
2008-12-29 04:21 . 2008-12-29 04:24
d
w- c:program filesscilab-4.1.2
2008-12-17 17:46 . 2008-12-17 17:46
d
w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2008-12-17 17:25 . 2009-01-08 11:00
d
w- c:documents and settingsAdminTracing
2008-12-17 17:20 . 2008-12-08 14:01 55136 —-a-w- c:windowssystem32driversfssfltr_tdi.sys
2008-12-17 17:19 . 2008-12-17 17:19
d
w- c:program filesMicrosoft SQL Server Compact Edition
2008-12-17 17:17 . 2008-12-17 17:17
d
w- c:program filesMicrosoft
2008-12-17 17:17 . 2008-12-17 17:17
d
w- c:program filesWindows Live SkyDrive
2008-12-17 16:22 . 2008-12-17 16:22
d
w- c:program filesCommon FilesWindows Live
2008-12-10 08:05 . 2006-12-01 22:46 65536 —-a-w- c:windowssystem32vcomp.dll
2008-12-10 08:05 . 2006-08-30 16:11 749568 —-a-w- c:windowssystem32OpenALwEAX.exe
2008-12-10 08:04 . 2006-12-01 22:08 65536 —-a-w- c:windowssystem32mfc80DEU.dll
2008-12-10 08:04 . 2006-12-01 22:08 61440 —-a-w- c:windowssystem32mfc80ITA.dll
2008-12-10 08:04 . 2006-12-01 22:08 61440 —-a-w- c:windowssystem32mfc80FRA.dll
2008-12-10 08:04 . 2006-12-01 22:08 61440 —-a-w- c:windowssystem32mfc80ESP.dll
2008-12-10 08:04 . 2006-12-01 22:08 57344 —-a-w- c:windowssystem32mfc80ENU.dll
2008-12-10 08:04 . 2006-12-01 22:08 49152 —-a-w- c:windowssystem32mfc80KOR.dll
2008-12-10 08:04 . 2006-12-01 22:08 49152 —-a-w- c:windowssystem32mfc80JPN.dll
2008-12-10 08:04 . 2006-12-01 22:08 45056 —-a-w- c:windowssystem32mfc80CHT.dll
2008-12-10 08:04 . 2006-12-01 22:08 40960 —-a-w- c:windowssystem32mfc80CHS.dll
2008-12-10 08:04 . 2006-12-01 20:56 96256 —-a-w- c:windowssystem32ATL80.dll
2008-12-09 16:38 . 2008-12-09 16:38
d
w- c:program filesWMV9_VCM
2008-12-09 16:38 . 2008-12-09 16:38
d
w- c:program files1C
2008-12-09 16:27 . 2009-04-01 15:51
d
w- c:documents and settingsAdminApplication DataDAEMON Tools
2008-12-04 20:56 . 2008-12-04 20:56 308072 —-a-w- c:windowsWLXPGSS.SCR
2008-11-20 19:19 . 2008-11-20 19:19 43872 —-a-w- c:windowssystem32driverspxhelp20.sys
2008-11-18 17:17 . 2009-05-11 15:02
d
w- c:documents and settingsAdminLocal SettingsApplication DataNFS Underground 2
2008-11-17 17:23 . 2008-11-22 09:05
d
w- c:program filesMario Forever
2008-11-17 17:23 . 2009-06-08 08:24
d
w- c:program filesRicochet Infinity
2008-11-10 13:43 . 2008-11-10 17:17
d
w- c:documents and settingsAll UsersApplication DataNFS Underground
2008-11-10 05:23 . 2008-11-10 05:23
d
w- c:program filesCommon FilesDirectX
2008-11-08 11:53 . 2008-11-08 11:53 2560 —-a-w- c:windows_MSRSTRT.EXE
2008-11-07 12:43 . 2008-11-07 12:43
d
w- c:windowsDownloaded Installations
2008-11-06 17:26 . 2008-11-06 17:26
d
w- c:program filesNet Spikerphone 4.6
2008-11-06 17:10 . 2008-11-06 17:10
d
w- c:documents and settingsAdminApplication DataASCON
2008-11-06 17:05 . 2005-09-22 11:41 67712 —-a-w- c:windowssystem32drivershl_mull.sys
2008-11-06 17:05 . 2003-07-13 09:02 57344 —-a-w- c:windowssystem32driverswdreg.exe
2008-10-31 13:06 . 2008-10-31 13:06
d
w- c:program filesCommon FilesBorland Shared
2008-10-31 12:56 . 2004-07-14 09:54 676864 —-a-w- c:windowssystem32drivershardlock.sys
2008-10-31 12:56 . 2008-10-31 12:56 6656 —-a-w- c:windowssystem32haspvdd.dll
2008-10-31 12:56 . 2008-10-31 12:56 47616 —-a-w- c:windowssystem32driversHaspnt.sys
2008-10-31 12:56 . 2008-10-31 12:56 383 —-a-w- c:windowssystem32haspdos.sys
2008-10-31 12:55 . 2008-10-31 12:55
d
w- c:program filesCommon FilesASCON Shared
2008-10-31 12:54 . 2008-10-31 12:54
d
w- c:program filesASCON
2008-10-28 14:41 . 2008-10-28 14:41 14303392 —-a-w- c:windowssystem32xlive.dll
2008-10-28 14:41 . 2008-10-28 14:41 13643936 —-a-w- c:windowssystem32xlivefnt.dll
2008-10-25 07:37 . 2008-10-25 07:37
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2008-10-25 07:37 . 2008-10-25 07:37
d
w- c:program filesOpera
2008-10-12 12:13 . 2008-10-12 12:13
d
w- c:documents and settingsAdminApplication DataCyberLink
2008-10-12 12:12 . 2008-10-12 12:12
d
w- c:documents and settingsAll UsersApplication DataCyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 06:30 . 2008-08-09 13:30
d
w- c:program filesMarvell
2009-05-12 08:39 . 2008-08-09 11:07
d—h—w- c:program filesInstallShield Installation Information
2009-05-12 08:38 . 2008-08-09 11:07
d
w- c:program filesCommon FilesInstallShield
2009-04-11 16:48 . 2008-08-09 10:16
d
w- c:program filesWindows Media Connect 2
2009-04-11 16:48 . 2008-08-09 11:08
d
w- c:program filesDownload Master
2009-04-11 16:48 . 2008-08-09 11:07
d
w- c:program filesFSImgViewer
2009-03-28 08:46 . 2008-12-09 15:54
d
w- c:program filesOpenAL
2008-12-09 15:54 . 2008-08-09 10:19 413696
w- c:windowssystem32wrap_oal.dll
2008-12-09 15:54 . 2008-08-09 10:19 110592
w- c:windowssystem32OpenAL32.dll
2008-10-07 11:04 . 2008-08-09 11:08
d
w- c:program filesNero
2008-09-22 15:34 . 2008-08-09 10:21
d
w- c:program filesJava
2008-08-24 04:49 . 2008-08-24 04:49 32 —-a-w- c:documents and settingsAll UsersApplication Dataezsid.dat
2008-08-21 23:08 . 2008-05-20 15:54 878592 —-a-w- c:windowssystem32wininet.dll
2008-08-21 23:08 . 2008-05-20 15:48 43008 —-a-w- c:windowssystem32licmgr10.dll
2008-08-21 23:07 . 2008-05-20 15:48 18944 —-a-w- c:windowssystem32corpol.dll
2008-08-21 23:06 . 2008-05-20 15:48 434176 —-a-w- c:windowssystem32vbscript.dll
2008-08-21 23:06 . 2008-05-20 15:48 72704 —-a-w- c:windowssystem32admparse.dll
2008-08-21 23:06 . 2008-05-20 15:48 71680 —-a-w- c:windowssystem32iesetup.dll
2008-08-21 23:05 . 2008-04-15 12:00 35840 —-a-w- c:windowssystem32imgutil.dll
2008-08-21 23:05 . 2008-05-20 15:48 48128 —-a-w- c:windowssystem32mshtmler.dll
2008-08-21 23:04 . 2008-05-20 15:48 45568 —-a-w- c:windowssystem32mshta.exe
2008-08-21 22:57 . 2008-05-20 15:48 156160 —-a-w- c:windowssystem32msls31.dll
2008-08-11 17:37 . 2008-08-09 10:18 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2008-08-09 13:29 . 2008-08-09 13:29
d
w- c:program filesASUS
2008-08-09 13:18 . 2008-08-09 13:18
d
w- c:program filesIntel
2008-08-09 11:08 . 2008-08-09 11:08
d
w- c:program filesCommon FilesNero
2008-08-09 11:08 . 2008-08-09 11:08
d
w- c:program filesTotal Commander
2008-08-09 11:07 . 2008-08-09 11:07
d
w- c:documents and settingsAdminApplication DataFastStone
2008-08-09 11:07 . 2008-08-09 11:07
d
w- c:program filesK-Lite Codec Pack
2008-08-09 11:07 . 2008-08-09 11:07
d
w- c:program filesThe KMPlayer
2008-08-09 11:07 . 2008-08-09 11:07
d
w- c:program filesCommon FilesArsenal Shared
2008-08-09 11:07 . 2008-08-09 11:07
d
w- c:program filesArsenal Company
2008-08-09 11:04 . 2008-08-09 10:28
d
w- c:program filesMicrosoft Works
2008-08-09 11:04 . 2008-08-09 10:27
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-08-09 10:28 . 2008-08-09 10:28
d
w- c:program filesMicrosoft.NET
2008-08-09 10:26 . 2008-08-09 10:26
d
w- c:program filesFoxit Reader
2008-08-09 10:26 . 2008-08-09 10:26
d
w- c:program filesPunto Switcher
2008-08-09 10:21 . 2008-08-09 10:21
d
w- c:program filesmicrosoft frontpage
2008-08-09 10:21 . 2008-08-09 10:21
d
w- c:program filesVistaDriveIcon
2008-08-09 10:21 . 2008-08-09 10:21 717296 —-a-w- c:windowssystem32driverssptd.sys
2008-08-09 10:21 . 2008-08-09 10:21
d
w- c:program filesCommon FilesJava
2008-08-09 10:19 . 2008-08-09 10:19
d—a-w- c:program filesAmlMaple
2008-08-09 10:17 . 2008-08-09 10:17 22564 —-a-w- c:windowssystem32emptyregdb.dat
2008-08-09 10:16 . 2008-08-09 10:16
d
w- c:program filesPaint.NET
2008-08-05 13:55 . 2008-08-05 13:55 265720 —-a-w- c:windowssystem32msdbg2.dll
2008-06-12 07:27 . 2007-10-25 19:02 24576 —-a-w- c:windowssystem32nlsdl.dll
2008-06-12 07:27 . 2007-10-25 19:01 23552 —-a-w- c:windowssystem32normaliz.dll
2008-06-12 07:27 . 2007-10-25 19:01 26112 —-a-w- c:windowssystem32idndl.dll
2008-06-10 10:33 . 2008-05-20 16:31 150568 —-a-w- c:windowssystem32driversmv61xx.sys
2008-06-04 06:55 . 2008-08-09 13:18 53248 —-a-r- c:windowssystem32CSVer.dll
2008-05-20 16:33 . 2008-08-09 10:21 758 —-a-r- c:windowsdel.bat
2008-05-20 16:30 . 2008-05-20 16:30 23040 —-a-w- c:windowssystem32setup.exe
2008-05-20 16:29 . 2008-05-20 16:29 1571840 —-a-w- c:windowssystem32sfcfiles.dll
2008-05-20 15:55 . 2008-05-20 15:55 678912 —-a-w- c:windowssystem32zipfldr.dll
2008-05-20 15:55 . 2008-05-20 15:55 34816 —-a-w- c:windowssystem32wupdmgr.exe
2008-05-20 15:55 . 2008-08-09 10:18 80216 —-a-w- c:windowssystem32wuauclt.exe
2008-05-20 15:55 . 2008-08-09 10:18 596824 —-a-w- c:windowssystem32wuapi.dll
2008-05-20 15:55 . 2008-05-20 15:55 647168 —-a-w- c:windowssystem32wsecedit.dll
2008-05-20 15:55 . 2008-08-09 10:16 31232 —-a-w- c:windowssystem32write.exe
2008-05-20 15:55 . 2008-05-20 15:55 585728 —-a-w- c:windowssystem32wscript.exe
2008-05-20 15:55 . 2008-05-20 15:55 8036352 —-a-w- c:windowssystem32wmploc.dll
2008-05-20 15:53 . 2008-08-09 10:16 131072 —-a-w- c:windowssystem32mshearts.exe
2008-05-20 15:52 . 2008-05-20 15:52 361344 —-a-w- c:windowssystem32driverstcpip.sys
2008-05-20 15:49 . 2008-05-20 15:49 4096 —-a-w- c:windowssystem32wmvdmoe2.dll
2008-05-20 15:49 . 2008-05-20 15:49 4096 —-a-w- c:windowssystem32wmvdmod.dll
2008-05-20 15:49 . 2008-05-20 15:49 1329152 —-a-w- c:windowssystem32wmspdmoe.dll
2008-05-20 15:49 . 2008-05-20 15:49 603648 —-a-w- c:windowssystem32wmspdmod.dll
2008-05-20 15:49 . 2008-05-20 15:49 99840 —-a-w- c:windowssystem32wmpshell.dll
2008-05-20 15:49 . 2008-05-20 15:49 4096 —-a-w- c:windowssystem32wmsdmoe2.dll
2008-05-20 15:49 . 2008-05-20 15:49 4096 —-a-w- c:windowssystem32wmsdmod.dll
2008-05-20 15:49 . 2008-05-20 15:49 314880 —-a-w- c:windowssystem32wmpdxm.dll
2008-05-20 15:49 . 2008-05-20 15:49 242688 —-a-w- c:windowssystem32wmpasf.dll
2008-05-20 15:45 . 2008-08-09 10:21 9480 —-a-r- c:windowssystem32OEMINFO.CMD
2008-05-20 15:42 . 2008-05-20 19:42 141056 —-a-w- c:windowssystem32driversks.sys
2008-05-20 15:41 . 2008-05-20 15:41 66048 —-a-w- c:windowssystem32shimeng.dll
2008-05-10 18:54 . 2008-08-09 10:21 94564 —-a-w- c:windowsinnounp.exe
2008-05-10 15:57 . 2008-05-10 15:57 3138048 —-a-w- c:windowssystem32winntbbu.dll
2008-05-08 22:32 . 2008-05-08 22:32 84480 —-a-w- c:windowssystem32DSPHook.dll
2008-05-05 09:17 . 2008-05-05 09:17 710144 —-a-w- c:windowssystem32ntdll.dll
2008-05-02 12:28 . 2008-08-09 10:16 323624 —-a-w- c:windowssystem32wiaaut.dll
2008-04-21 16:00 . 2008-04-15 12:00 200192 —-a-w- c:windowssystem32notepad.exe
2008-04-17 14:33 . 2008-08-09 14:08 4707328 —-a-w- c:windowssystem32driversRtkHDAud.sys
2008-04-10 14:52 . 2008-08-09 14:08 16861184 —-a-w- c:windowsRTHDCPL.EXE
2008-04-02 07:27 . 2008-08-09 14:08 1196032 —-a-w- c:windowsRtlUpd.exe
2008-03-31 21:25 . 2008-08-09 11:07 682496 —-a-w- c:windowssystem32divx.dll
2008-03-28 17:41 . 2008-08-09 11:07 7680 —-a-w- c:windowssystem32ff_vfw.dll
2008-03-21 20:30 . 2008-08-09 11:07 3596288 —-a-w- c:windowssystem32qt-dx331.dll
2008-03-21 20:28 . 2008-08-09 11:07 81920 —-a-w- c:windowssystem32dpl100.dll
2008-03-12 09:10 . 2008-08-09 10:16 633344 —-a-w- c:windowssystem32gpprefcl.dll
2008-03-05 13:03 . 2008-08-09 10:21 479752 —-a-w- c:windowssystem32XAudio2_0.dll
2008-03-05 13:03 . 2008-08-09 10:21 238088 —-a-w- c:windowssystem32xactengine3_0.dll
2008-03-05 13:00 . 2008-08-09 10:21 25608 —-a-w- c:windowssystem32X3DAudio1_3.dll
2008-03-05 12:56 . 2008-08-09 10:21 3786760 —-a-w- c:windowssystem32d3dx9_37.dll
2008-03-05 12:56 . 2008-08-09 10:21 1420824 —-a-w- c:windowssystem32D3DCompiler_37.dll
2008-02-28 09:26 . 2008-08-09 11:08 33576 —-a-w- c:windowssystem32BCGPOleAcc.dll
2008-02-28 09:26 . 2008-08-09 11:08 3036456 —-a-w- c:windowssystem32BCGCBPRO860u80.dll
2008-02-05 20:07 . 2008-08-09 10:21 462864 —-a-w- c:windowssystem32d3dx10_37.dll
2008-02-04 15:23 . 2008-02-04 15:23 693792 —-a-w- c:windowssystem32OGACheckControl.DLL
2008-02-02 15:54 . 2008-08-09 13:22 36864 —-a-r- c:windowssystem32driversl1e51x86.sys
2008-01-10 12:16 . 2008-08-09 11:07 159839 —-a-w- c:windowssystem32xvidvfw.dll
.
Sigcheck
[-] 2008-05-20 15:54 579072 23B7D3F3F5EC8FEEA75EC381C71CBD5E c:windowssystem32user32.dll
[-] 2008-05-20 15:52 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windowssystem32driverstcpip.sys
[-] 2008-05-20 15:53 1790976 09578676784B218C6D21D1E118C7C4AA c:windowsexplorer.exe
[-] 2008-05-20 15:53 30208 AE0DB25EE10900C73D923AD5880564CF c:windowssystem32ctfmon.exe
[-] 2008-05-20 15:55 80216 5F38B1B965527C6F5C30DEDAB0AB0550 c:windowssystem32wuauclt.exe
[-] 2008-05-20 16:29 1571840 46D60730EE2DF438750B38370425BC74 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~Browser Helper Objects{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-03-16 13:53 87512 —-a-w- c:program filesoovootbdtx.dll
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-11-14 271360]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«Google Update»=»c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-09-21 210928]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-06-01 167936]
«EA Core»=»c:program filesElectronic ArtsEADMCore.exe» [2008-07-22 2850816]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-05 81920]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«Six Engine»=»c:program filesASUSEPU-6 EngineSixEngine.exe» [2008-06-02 5964800]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2006-12-26 274432]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-06-29 356352]
«PAC207_Monitor»=»c:windowsPixArtPAC207Monitor.exe» [2006-11-03 389120]
«Monitor»=»c:windowsPixArtPAC207Monitor.exe» [2006-11-03 389120]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2003-10-31 114688]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 233472]
«fssui»=»c:program filesWindows LiveFamily Safetyfsui.exe» [2008-12-08 527712]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-06-08 7957688]
«avgnt»=»c:program filesAvira Premium Security Suiteavgnt.exe» [2007-04-02 327720]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2001-01-26 949376]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-12-05 1699840]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2008-04-10 16861184]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«PcSync»=»c:program filesSamsungSamsung PC Studio 7PcSync2.exe» [2006-06-27 1449984]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2008-08-21 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-08-21 128512]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFile system]
@=»Driver Group»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvgasave.sys]
@=»Driver»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=»DiskDrive»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=»Hdc»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=»Keyboard»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=»Mouse»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=»System»
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=»Volume»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001
«UacDisableNotify»=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe»=
«c:\Program Files\MSN Messenger\msnmsgr.exe»=
«c:\Program Files\MSN Messenger\livecall.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\WINDOWS\system32\nwiz.exe»=
«c:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe»=
«c:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE»=
«c:\WINDOWS\PixArt\PAC207\Monitor.exe»=
«c:\WINDOWS\RTHDCPL.EXE»=
«c:\Program Files\A4Tech\Mouse\Amoumain.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe»=
«c:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Avira Premium Security Suite\usrreq.exe»=
«c:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«443:TCP»= 443:TCP:*:Disabled:ooVoo TCP порт443
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675
R0 mv61xx;mv61xx;c:windowssystem32driversmv61xx.sys [20.05.2008 19:31 150568]
R1 avfwot;avfwot;c:windowssystem32driversavfwot.sys [04.07.2009 19:24 57344]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [26.01.2001 20:48 15424]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:program filesAvira Premium Security Suiteavfwsvc.exe [04.07.2009 19:24 274472]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [17.12.2008 20:20 55136]
R2 fsssvc;Семейная безопасность Windows Live;c:program filesWindows LiveFamily Safetyfsssvc.exe [08.12.2008 17:01 533344]
R2 hl_mull;hl_mull;c:windowssystem32drivershl_mull.sys [06.11.2008 20:05 67712]
R3 abp470n5;abp470n5;??c:windowssystem32drivershongll.sys —> c:windowssystem32drivershongll.sys [?]
R3 avfwim;AvFw Packet Filter Miniport;c:windowssystem32driversavfwim.sys [04.07.2009 19:24 53504]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:windowssystem32driversl1e51x86.sys [09.08.2008 16:22 36864]
R3 PAC207;e-Messenger 112;c:windowssystem32driversPFC027.SYS [25.09.2008 17:56 616064]
S2 AntiVirMailService;Защита почты Avira Premium Security Suite;c:program filesAvira Premium Security Suiteavmailc.exe [04.07.2009 19:24 221224]
S2 AVEService;Вспомогательная служба Защиты почты Avira Premium Security Suite;c:program filesAvira Premium Security Suiteavesvc.exe [04.07.2009 19:24 45096]
S3 esihdrv;esihdrv;??c:docume~1AdminLOCALS~1Tempesihdrv.sys —> c:docume~1AdminLOCALS~1Tempesihdrv.sys [?]
S3 nmwcdsa;Samsung USB Phone Parent;c:windowssystem32driversnmwcdsa.sys [30.09.2008 19:00 135680]
S3 nmwcdsac;Samsung USB Generic;c:windowssystem32driversnmwcdsac.sys [30.09.2008 19:00 8320]
S3 nmwcdsacj;Samsung USB Port;c:windowssystem32driversnmwcdsacj.sys [30.09.2008 19:00 12288]
S3 nmwcdsacm;Samsung USB Modem;c:windowssystem32driversnmwcdsacm.sys [30.09.2008 19:00 12288]
S3 uteznjcy;AVZ Kernel Driver;c:windowssystem32driversuteznjcy.sys [04.07.2009 19:21 7168]
.
Contents of the ‘Scheduled Tasks’ folder
2009-06-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-06-03 09:42]
2009-07-03 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-796845957-1417001333-682003330-500Core.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-09-21 08:57]
2009-07-04 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-796845957-1417001333-682003330-500UA.job
— c:documents and settingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-09-21 08:57]
2009-07-04 c:windowsTasksUser_Feed_Synchronization-{8380E9F9-E742-4C10-B068-E8C5C1B390E8}.job
— c:windowssystem32msfeedssync.exe [2008-08-09 23:05]
.
.
Supplementary Scan
.
uStart Page = about:blank
mStart Page = hxxp://mail.ru
uInternet Connection Wizard,ShellNext = hxxp://www.samsung.com/us/consumer/learningresources/monitor/magetune/pop_intro.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/dic.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
LSP: avsda.dll
TCP: {04C556A2-47B7-4F16-BAEC-93C64388CF59} = 195.161.15.19
TCP: {1AA94FF5-804D-41C6-A3EC-C35E8CC59594} = 81.25.161.2
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles7r8eus7r.default
FF — prefs.js: browser.search.defaulturl — hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF — prefs.js: browser.search.selectedEngine — hxxp://www.mail.ru/
FF — prefs.js: browser.startup.homepage — hxxp://www.mail.ru/cnt/5087
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMicrosoftOffice LivenpOLW.dll
FF — plugin: c:program filesOperaprogrampluginsNPMetastream3.dll
FF — plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2001-01-30 19:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-796845957-1417001333-682003330-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«659BD8E725A05FDCC64118EA787EAA2B534A94FABE»=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,77,67,bd,b7,4e,3a,4b,94,7f,9b,
«3A77B377802A4B6183DDE08FDE4AD9AF647A702826″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,95,a9,1d,2b,58,d9,4d,90,24,d5,
«B34DEDAE08DEBC3D9AE72E5085B5F343BB2B215141″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,77,67,bd,b7,4e,3a,4b,94,7f,9b,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(860)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll
— — — — — — — > ‘lsass.exe'(916)
c:windowssystem32setupapi.dll
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
c:windowssystem32avsda.dll
.
Completion time: 2001-01-30 20:01
ComboFix-quarantined-files.txt 2001-01-30 17:00
Pre-Run: 17 211 277 312 байт свободно
Post-Run: 17 193 693 184 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /fastdetect
466
