Re: Re: Всплывающая реклама

[druzh76]

Здравствуйте!Я сделал что вы просили. Вот только не уверен что правильно.Вот результат-

ComboFix 10-03-29.04 — Admin 31.03.2010 22:20:47.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.767.464 [GMT 4:00]
Running from: c:documents and settingsAdminМои документыЗагрузкиComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesMail.RuAgentMradllnewmrasearch.dll
d:наташаviKRoyki-stor.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-29 10:38 . 2010-03-29 10:38

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataUnSofter
2010-03-28 13:33 . 2010-03-28 13:33

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataCriterion Games
2010-03-28 06:33 . 2010-03-28 06:33 52224 —-a-w- c:documents and settingsAdminApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll
2010-03-28 06:33 . 2010-03-28 06:33 117760 —-a-w- c:documents and settingsAdminApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL
2010-03-28 06:31 . 2010-03-28 06:31

---

d

---

w- c:program filesSUPERAntiSpyware
2010-03-28 06:30 . 2010-03-28 06:30

---

d

---

w- c:program filesCommon FilesWise Installation Wizard
2010-03-27 11:33 . 2010-03-27 11:35

---

d

---

w- c:program filesWindows Sidebar
2010-03-27 10:30 . 2010-03-27 10:30

---

d

---

w- c:program filestrend micro
2010-03-27 10:09 . 2010-01-07 13:07 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-03-27 10:09 . 2010-03-27 10:09

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-03-27 10:09 . 2010-01-07 13:07 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-03-27 09:26 . 2010-03-27 09:28

---

d

---

w- c:documents and settingsAll UsersApplication DataAd Muncher
2010-03-26 17:13 . 2010-03-26 17:13

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataChemTable Software
2010-03-26 17:10 . 2010-03-26 17:10

---

d

---

w- c:documents and settingsAdminApplication DataChemTable Software
2010-03-26 17:09 . 2010-03-26 17:25

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataAnVir
2010-03-26 16:28 . 2010-03-26 16:28

---

d

---

r- C:comment.htt
2010-03-26 16:27 . 2010-03-26 16:27

---

d

---

w- c:documents and settingsAdminApplication DataRegrun
2010-03-26 16:17 . 2010-03-26 16:28 2 —shatr- c:windowswinstart.bat
2010-03-26 15:42 . 2010-03-26 16:00

---

d

---

w- c:program filesGridinSoft Trojan Killer
2010-03-23 11:52 . 2000-05-17 06:52 187392 —-a-w- c:windowssystem32JPGUtils.dll
2010-03-23 11:52 . 2010-03-23 11:52

---

d

---

w- c:program filesWinCustomize
2010-03-23 11:52 . 2010-03-23 11:52

---

d

---

w- c:program filesCommon FilesStardock
2010-03-23 10:06 . 2010-03-23 10:06

---

d

---

w- c:documents and settingsAdminApplication DataNero
2010-03-23 10:05 . 2008-06-24 10:45 33576 —-a-w- c:windowssystem32BCGPOleAcc.dll
2010-03-23 10:05 . 2008-06-24 10:45 3036456 —-a-w- c:windowssystem32BCGCBPRO860u80.dll
2010-03-23 10:05 . 2006-03-17 12:49 368640 —-a-w- c:windowssystem32TwnLib4.dll
2010-03-23 10:05 . 2006-03-17 09:45 802816 —-a-w- c:windowssystem32imagXRA7.dll
2010-03-23 10:05 . 2006-03-17 09:45 497296 —-a-w- c:windowssystem32imagXpr7.dll
2010-03-23 10:05 . 2006-03-17 09:45 258048 —-a-w- c:windowssystem32imagXR7.dll
2010-03-23 10:05 . 2006-03-17 09:45 1757184 —-a-w- c:windowssystem32imagX7.dll
2010-03-23 10:05 . 2010-03-23 10:05

---

d

---

w- c:program filesCommon FilesNero
2010-03-23 10:05 . 2010-03-23 10:05

---

d

---

w- c:program filesNero
2010-03-22 13:24 . 2010-03-22 13:24

---

d

---

w- c:documents and settingsAdminAppData
2010-03-22 11:32 . 2010-03-22 11:32

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataHelp
2010-03-22 11:13 . 2010-03-22 11:53

---

d

---

w- c:documents and settingsAdminApplication DataDownload Master
2010-03-22 11:13 . 2007-12-18 10:56 1412608 —-a-w- c:documents and settingsAdminApplication DataDownload Mastertempskin.dll
2010-03-22 07:40 . 2010-03-22 07:40

---

d

---

w- c:windowsERUNT
2010-03-22 07:21 . 2010-03-22 07:21

---

d

---

w- c:documents and settingsAdminApplication DataWinPatrol
2010-03-22 07:21 . 2002-02-02 21:04 0 —-a-w- c:documents and settingsAdminApplication DataWinPatrolConfig.sys
2010-03-22 07:21 . 2002-02-02 21:04 0 —-a-w- c:documents and settingsAdminApplication DataWinPatrolAutoexec.bat
2010-03-22 07:21 . 2010-03-22 07:21

---

d

---

w- c:program filesBillP Studios
2010-03-21 15:08 . 2010-03-21 15:08

---

d

---

w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2010-03-21 15:07 . 2010-03-28 06:31

---

d

---

w- c:documents and settingsAdminApplication DataSUPERAntiSpyware.com
2010-03-21 14:15 . 2010-03-21 14:15

---

d

---

w- c:documents and settingsAdminApplication DataMalwarebytes
2010-03-21 14:15 . 2010-03-21 14:15

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-03-20 14:19 . 2010-03-20 14:19

---

d

---

w- c:documents and settingsAdminApplication DataYandex
2010-03-20 13:45 . 2010-03-20 13:45

---

d

---

w- c:windowssystem32wbemRepository
2010-03-19 17:41 . 2010-03-19 17:41

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2010-03-10 09:17 . 2009-10-23 15:28 3558912 -c—-w- c:windowssystem32dllcachemoviemk.exe
2010-03-04 15:13 . 2010-03-04 15:19

---

d

---

w- c:program filesRocketDock
2010-03-03 12:49 . 2010-03-03 12:49

---

d

---

w- c:program filesAGEIA Technologies
2010-03-03 12:49 . 2010-03-03 12:49

---

d

---

w- c:windowssystem32AGEIA
2010-03-03 12:22 . 2010-03-03 12:22

---

d

---

w- c:documents and settingsAdminLocal SettingsApplication DataWinamp Toolbar
2010-03-03 11:33 . 2010-03-03 11:33

---

d

---

w- c:program filesWinamp Toolbar
2010-03-03 11:33 . 2010-03-03 11:33

---

d

---

w- c:documents and settingsAll UsersApplication DataWinamp Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 18:18 . 2002-02-28 19:38

---

d

---

w- c:documents and settingsAdminApplication DatauTorrent
2010-03-28 11:54 . 2004-08-18 12:00 8494592 —-a-w- c:windowssystem32logonuiX.exe
2010-03-28 05:58 . 2004-08-18 12:00 474518 —-a-w- c:windowssystem32perfh019.dat
2010-03-28 05:58 . 2004-08-18 12:00 79546 —-a-w- c:windowssystem32perfc019.dat
2010-03-27 11:37 . 2002-02-02 21:19 15960 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-27 11:32 . 2010-01-30 20:18

---

d

---

w- c:program filesAlky for Applications
2010-03-26 15:12 . 2002-02-02 21:37

---

d—h—w- c:program filesInstallShield Installation Information
2010-03-23 09:55 . 2010-01-30 18:20

---

d

---

w- c:program filesCommon FilesAhead
2010-03-23 09:03 . 2010-01-30 18:20

---

d

---

w- c:documents and settingsAll UsersApplication DataNero
2010-03-12 12:19 . 2002-02-28 19:39

---

d

---

w- c:program filesuTorrent
2010-03-10 13:30 . 2010-02-21 09:39

---

d

---

w- c:program filesScarab
2010-03-09 11:24 . 2002-02-24 19:13 153184 —-a-w- c:windowssystem32aswBoot.exe
2010-03-09 11:12 . 2002-02-24 19:13 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-03-09 11:12 . 2002-02-24 19:13 162640 —-a-w- c:windowssystem32driversaswSP.sys
2010-03-09 11:09 . 2002-02-24 19:13 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-03-09 11:08 . 2002-02-24 19:13 100432 —-a-w- c:windowssystem32driversaswmon2.sys
2010-03-09 11:08 . 2002-02-24 19:13 94800 —-a-w- c:windowssystem32driversaswmon.sys
2010-03-09 11:08 . 2002-02-24 19:13 19024 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-03-09 11:08 . 2002-02-24 19:13 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-03-04 14:40 . 2010-03-03 11:32

---

d

---

w- c:documents and settingsAdminApplication DataWinamp
2010-03-03 11:33 . 2010-03-03 11:32

---

d

---

w- c:program filesWinamp
2010-03-03 11:10 . 2002-02-02 21:36

---

d

---

w- c:program filesCommon FilesInstallShield
2010-03-03 10:29 . 2010-02-13 10:30

---

d

---

w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2010-02-25 06:19 . 2007-01-11 12:55 916480 —-a-w- c:windowssystem32wininet.dll
2010-02-24 16:01 . 2010-02-23 16:00

---

d

---

w- c:program filesMicrosoft CAPICOM 2.1.0.2
2010-02-24 10:04 . 2010-02-24 07:15

---

d

---

w- c:program filesMicrosoft Windows 7 Upgrade Advisor
2010-02-22 10:22 . 2010-02-22 10:22

---

d

---

w- c:documents and settingsAdminApplication DataWindows Search
2010-02-21 16:18 . 2002-02-24 18:19

---

d

---

w- c:program filesNVIDIA Corporation
2010-02-21 15:40 . 2010-02-21 15:40

---

d

---

w- c:program filesMSBuild
2010-02-21 15:40 . 2010-02-21 15:40

---

d

---

w- c:program filesReference Assemblies
2010-02-21 14:58 . 2010-02-21 14:58

---

d

---

w- c:program filesWindows Media Connect 2
2010-02-21 14:36 . 2010-02-21 14:36

---

d

---

w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2010-02-21 07:25 . 2010-02-21 07:25

---

d

---

w- c:program filesCommon Fileswm
2010-02-13 10:33 . 2010-02-13 10:30

---

d

---

w- c:program filesuGames
2010-02-11 18:53 . 2002-02-24 19:13 38848 —-a-w- c:windowssystem32avastSS.scr
2010-02-11 10:48 . 2010-02-10 10:52

---

d

---

w- c:documents and settingsAdminApplication DataURSE Games
2010-02-06 18:31 . 2002-02-24 19:13

---

d

---

w- c:program filesAlwil Software
2010-02-06 18:29 . 2010-02-06 18:29

---

d

---

w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-02-02 07:28 . 2002-02-28 19:22

---

d

---

w- c:documents and settingsAdminApplication DataMra
2010-02-01 06:51 . 2010-02-01 06:51

---

d

---

w- c:program filesMSXML 6.0
2010-01-23 13:22 . 2002-02-02 21:03 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2010-01-22 18:11 . 2010-01-22 18:11 62800 —-a-w- c:documents and settingsAdminApplication DataMozillaFirefoxProfilesd60js9l0.defaultextensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}componentsWinampTBPlayer.dll
2010-01-22 15:45 . 2002-02-24 18:42 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-01-12 20:34 . 2010-01-12 20:34 281088 —-a-w- c:windowsarcClock.scr
2010-01-11 19:17 . 2010-01-11 19:17 278120 —-a-w- c:windowssystem32nvmccs.dll
2010-01-11 19:17 . 2010-01-11 19:17 154216 —-a-w- c:windowssystem32nvsvc32.exe
2010-01-11 19:17 . 2010-01-11 19:17 145000 —-a-w- c:windowssystem32nvcolor.exe
2010-01-11 19:17 . 2010-01-11 19:17 13666408 —-a-w- c:windowssystem32nvcpl.dll
2010-01-11 19:17 . 2010-01-11 19:17 110696 —-a-w- c:windowssystem32nvmctray.dll
2010-01-11 19:17 . 2010-01-11 19:17 81920 —-a-w- c:windowssystem32nvwddi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-03-10 319792]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools LiteDTLite.exe» [2009-10-30 369200]
«RocketDock»=»c:program filesRocketDockRocketDock.exe» [2007-03-18 630784]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2001-04-17 1231360]
«SUPERAntiSpyware»=»c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe» [2010-02-18 2012912]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2002-02-28 8746680]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-03-09 2769336]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2010-01-11 110696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-01-11 13666408]
«LogonStudio»=»c:program filesWinCustomizeLogonStudiologonstudio.exe» [2002-09-03 987187]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=»c:windowssystem32logonuiX.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2009-09-03 10:21 548352 —-a-w- c:program filesSUPERAntiSpywareSASWINLO.dll

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [24.02.2002 23:13 162640]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [17.02.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [17.02.2010 10:15 66632]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [24.02.2002 23:13 19024]
R3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [17.02.2010 10:15 12872]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [18.08.2004 16:00 12800]
S0 Partizan;Partizan;c:windowssystem32driversPartizan.sys —> c:windowssystem32driversPartizan.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;??c:program filesAnti Trojan EliteATEPMon.sys —> c:program filesAnti Trojan EliteATEPMon.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [24.02.2002 22:42 691696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{D58F39FF-953E-4F45-898F-59F243B9A523}]
2001-04-17 20:38 1231360 —-a-w- c:program filesWindows Sidebarsidebar.exe
.
Contents of the ‘Scheduled Tasks’ folder

2010-03-31 c:windowsTasksUser_Feed_Synchronization-{285FACC5-4AB8-479B-A401-84A9B8098E9F}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://mail.ru/
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {F9C55D63-5FEC-4B05-8304-F490149A403F} = 195.34.31.50 62.112.106.130
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfilesd60js9l0.default
FF — prefs.js: browser.startup.homepage — hxxp://mail.ru/
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
HKLM-Run-WinPatrol Russian v.2 — c:program filesBillP StudiosWinPatrolwinpatrol.exe
ActiveSetup-{BADA65A0-86B7-462B-B720-CE66655C73F5} — c:program filesWindows SidebarVAIO.vshellext.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(636)
c:program filesSUPERAntiSpywareSASWINLO.dll
c:windowssystem32WININET.dll
.
Completion time: 2010-03-31 22:25:42
ComboFix-quarantined-files.txt 2010-03-31 18:25

Pre-Run: 33 033 039 872 байт свободно
Post-Run: 33 361 240 064 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 58DB4B17843D5D231329293BD00E408A