Re: Re: Взломали контакт. Помогите!

[Аноним]

результат сканирования:
ComboFix 10-08-24.0C — dom 25.08.2010 22:04:18.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.291 [GMT 4:00]
Running from: c:documents and settingsdomМои документыЗагрузкиComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsdomApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
c:program filesFieryAds
c:windowsInstall
c:windowsInstallBugs7z.exe
c:windowsInstallBugsdevcon.exe
c:windowsInstallBugsreport.cmd
c:windowsInstallBugsSysSpec.exe
c:windowsInstallDelay.exe
c:windowsInstalldocs.rtf
c:windowsInstalllicense.rtf
c:windowsInstallPresetup.exe
c:windowsInstallPresetup.INI
c:windowsInstallreadme.rtf
c:windowsInstallShotsAClock.jpg
c:windowsInstallShotsAIMP.jpg
c:windowsInstallShotsCCleaner.jpg
c:windowsInstallShotsCDBurner.jpg
c:windowsInstallShotsCPL.jpg
c:windowsInstallShotsDefrag.jpg
c:windowsInstallShotsDirectX.jpg
c:windowsInstallShotsDMaster.jpg
c:windowsInstallShotsDotNet.jpg
c:windowsInstallShotsFileMenu.jpg
c:windowsInstallShotsFileZila.jpg
c:windowsInstallShotsFlash.jpg
c:windowsInstallShotsFSImage.jpg
c:windowsInstallShotsHashTab.jpg
c:windowsInstallShotsJavaRE.jpg
c:windowsInstallShotsKCodecs.jpg
c:windowsInstallShotsKMPlayer.jpg
c:windowsInstallShotsNotepad.jpg
c:windowsInstallShotsOpera.jpg
c:windowsInstallShotsPathClip.jpg
c:windowsInstallShotsPCWizard.jpg
c:windowsInstallShotsPROWiSe.jpg
c:windowsInstallShotsPuntoSW.jpg
c:windowsInstallShotsRecuva.jpg
c:windowsInstallShotsRHacker.jpg
c:windowsInstallShotsRnQ.jpg
c:windowsInstallShotsSamLab.jpg
c:windowsInstallShotsSTDU.jpg
c:windowsInstallShotsTaskSw.jpg
c:windowsInstallShotsTotalCmd.jpg
c:windowsInstallShotsTweaker.jpg
c:windowsInstallShotsUltraISO.jpg
c:windowsInstallShotsUnlocker.jpg
c:windowsInstallShotsuTorrent.jpg
c:windowsInstallShotsVistaGUI.jpg
c:windowsInstallShotsWinRAR.jpg
c:windowsInstallShowCmdParam.exe
c:windowsInstallSkinACTIVATE.WAV
c:windowsInstallSkinBACKSND_.MID
c:windowsInstallSkinBREAK.WAV
c:windowsInstallSkinBULB_PICT.BMP
c:windowsInstallSkinBULB_PICT_.BMP
c:windowsInstallSkinCHECKALL_BT.BMP
c:windowsInstallSkinCHECKNONE_BT.BMP
c:windowsInstallSkinCHECKTG_BT.BMP
c:windowsInstallSkinCLICK.WAV
c:windowsInstallSkinCLOSE_BT.BMP
c:windowsInstallSkinCOLLAPSE_BT.BMP
c:windowsInstallSkinDEFAULT_BT.BMP
c:windowsInstallSkinDONE.WAV
c:windowsInstallSkinEXPAND_BT.BMP
c:windowsInstallSkinFINISH_BT.BMP
c:windowsInstallSkinGROUP_BIG.BMP
c:windowsInstallSkinGROUP_SMALL.BMP
c:windowsInstallSkinHELP_BT.BMP
c:windowsInstallSkinINFO_BT.BMP
c:windowsInstallSkinLEFT_BT.BMP
c:windowsInstallSkinLEFTWIZ_LOGO.JPG
c:windowsInstallSkinPRCHECK_PICT.BMP
c:windowsInstallSkinRIGHT_BT.BMP
c:windowsInstallSkinSKIN.INI
c:windowsInstallSkinTOPWIZ_LOGO.JPG
c:windowsInstallSkinTRAY_BT.BMP
c:windowsInstallSkinTREESELECTOR_BIG.BMP
c:windowsInstallSkinTREESELECTOR_SMALL.BMP
c:windowsInstallSkinWALLPAPERS.BMP
c:windowssystem32Install.cmd

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 15:43 . 2010-08-25 15:44

---

d

---

w- c:program filestrend micro
2010-08-25 15:42 . 2010-08-25 15:45

---

d

---

w- C:rsit
2010-08-23 06:52 . 2003-11-25 11:58 38305 —-a-w- c:windowsAFUDOS.exe
2010-08-23 06:51 . 2010-08-23 06:58 452897 —-a-w- c:windowsP4P81010.zip
2010-08-23 06:42 . 2010-08-23 06:52 419202 —-a-w- c:windowsp4p81014.zip
2010-08-22 20:37 . 2010-08-22 20:37 704248 —-a-w- c:documents and settingsdomApplication DataQuickStoresToolbarunins000.exe
2010-08-22 20:37 . 2010-03-31 08:17 45304 —-a-w- c:documents and settingsdomApplication DataQuickStoresToolbarUpdate.exe
2010-08-22 20:37 . 2010-03-31 08:17 40184 —-a-w- c:documents and settingsdomApplication DataQuickStoresToolbarQuickStoresToolbar.dll
2010-08-22 20:37 . 2010-03-31 08:17 126976 —-a-w- c:documents and settingsdomApplication DataQuickStoresToolbarInterop.SHDocVw.dll
2010-08-22 20:37 . 2010-08-23 12:24

---

d

---

w- c:documents and settingsdomApplication DataQuickStoresToolbar
2010-08-22 20:33 . 2009-07-06 06:48 11448 —-a-w- c:windowssystem32driversAsUpIO.sys
2010-08-22 20:32 . 2009-09-30 07:33 24576 —-a-w- c:windowssystem32AsIO.dll
2010-08-22 20:32 . 2009-08-04 06:28 11296 —-a-w- c:windowssystem32driversAsIO.sys
2010-08-22 20:32 . 2010-08-22 20:32

---

d

---

w- c:program filesASUS
2010-08-22 20:32 . 2010-08-22 20:32

---

d—h—w- c:program filesInstallShield Installation Information
2010-08-22 20:31 . 2010-08-22 20:32

---

d

---

w- c:program filesCommon FilesInstallShield
2010-08-22 19:52 . 2010-08-22 19:52

---

d

---

w- c:documents and settingsdomApplication DataUniblue
2010-08-22 19:52 . 2010-08-22 19:52

---

d

---

w- c:program filesUniblue
2010-08-20 20:20 . 2008-08-26 06:26 18816 —-a-w- c:windowssystem32driverspccsmcfd.sys
2010-08-20 20:20 . 2010-08-20 20:20

---

d

---

w- c:program filesPC Connectivity Solution
2010-08-20 20:17 . 2010-08-20 20:17 12212040 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionsWMFDist11-WindowsXP-X86-ENU.exe
2010-08-20 20:17 . 2010-08-20 20:17 13930312 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionsWMFDist11-WindowsXP-X64-ENU.exe
2010-08-20 20:17 . 2010-08-20 20:17 77824 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionsRun_XML6_SP1.exe
2010-08-20 20:17 . 2010-08-20 20:17 50000 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionspcswpc.exe
2010-08-20 20:17 . 2010-08-20 20:17 38912 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionsWMF11Runx86.exe
2010-08-20 20:17 . 2010-08-20 20:17 38912 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}InstallerCommonCustomActionsWMF11Runx64.exe
2010-08-20 20:17 . 2010-08-20 20:07 103412296 —-a-w- c:documents and settingsAll UsersApplication DataNokiaInstallerCacheProductCache{D5878294-C113-43c5-A24F-FC333C52015A}Installer.exe
2010-08-20 20:16 . 2010-08-20 20:16

---

d

---

w- c:documents and settingsAll UsersApplication DataNokiaInstallerCache
2010-08-15 19:30 . 2010-08-15 19:30

---

d

---

w- c:program filesNOS
2010-08-15 19:30 . 2010-07-26 12:01 37184 —-a-w- c:documents and settingsdomApplication DataMozillaFirefoxProfiles9r0spd4g.defaultextensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}pluginsnp_gp.dll
2010-08-15 19:30 . 2010-07-26 12:01 32032 —-a-w- c:documents and settingsdomApplication DataMozillaFirefoxProfiles9r0spd4g.defaultextensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}chromecontentgetPlusPlus_Adobe_reg.exe
2010-08-15 19:27 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe
2010-08-15 19:27 . 2010-07-27 06:30 8479744 -c—-w- c:windowssystem32dllcacheshell32.dll
2010-08-15 19:13 . 2010-08-15 19:13

---

d

---

w- c:windowssystem32configsystemprofileApplication DataPC Suite
2010-08-15 19:09 . 2010-08-15 19:09

---

d

---

w- c:windowssystem32wbemRepository
2010-08-15 19:08 . 2010-08-15 19:08

---

d—h—w- c:windowsie8
2010-08-15 19:08 . 2010-08-15 19:35

---

d

---

w- c:documents and settingsAll UsersApplication DataNOS
2010-08-15 19:06 . 2010-08-15 19:06

---

d

---

w- c:documents and settingsAll UsersApplication DataNOS(2)
2010-07-29 15:43 . 2010-07-29 15:43

---

d

---

w- c:documents and settingsAll UsersApplication DataMcAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 21:03 . 2009-03-29 12:47

---

d

---

w- c:program filesLast.fm
2010-08-22 20:37 . 2009-03-02 15:13

---

d

---

w- c:program filesUnlocker
2010-08-22 07:46 . 2010-06-12 20:58

---

d

---

w- c:documents and settingsdomApplication DatauTorrent
2010-08-21 12:19 . 2010-06-12 20:58

---

d

---

w- c:program filesuTorrent
2010-08-20 20:21 . 2009-04-01 13:38

---

d

---

w- c:program filesCommon FilesNokia
2010-08-20 20:19 . 2009-04-01 13:36

---

d

---

w- c:program filesNokia
2010-08-20 09:46 . 2008-04-15 12:00 98538 —-a-w- c:windowssystem32perfc019.dat
2010-08-20 09:46 . 2008-04-15 12:00 519054 —-a-w- c:windowssystem32perfh019.dat
2010-08-19 12:12 . 2009-08-20 08:29

---

d

---

w- c:program filesOpera
2010-06-30 12:24 . 2008-04-15 12:00 149504 —-a-w- c:windowssystem32schannel.dll
2010-06-26 10:30 . 2010-06-26 10:30 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsmsxml6Exec.exe
2010-06-26 10:30 . 2010-06-26 10:30 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsSleep.exe
2010-06-26 10:30 . 2010-06-26 10:30 3203453 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsvcredistExec.exe
2010-06-26 10:28 . 2010-06-26 10:31 35768328 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}NokiaSoftwareUpdaterSetup_2.5.2RU.exe
2010-06-24 12:26 . 2008-10-25 09:56 916480 —-a-w- c:windowssystem32wininet.dll
2010-06-24 09:02 . 2008-10-25 09:56 1852032 —-a-w- c:windowssystem32win32k.sys
2010-06-21 14:18 . 2008-10-25 09:56 354304 —-a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2008-04-15 12:00 80384 —-a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2009-03-02 14:49 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:43 . 2008-04-15 12:00 1172480 —-a-w- c:windowssystem32msxml3.dll
2010-06-04 07:55 . 2010-06-04 07:55 229312 —-a-w- c:windowssystem32driverscmdGuard.sys
2010-06-01 15:00 . 2010-06-01 15:00 278288 —-a-w- c:windowssystem32guard32.dll
2010-06-01 15:00 . 2010-06-01 15:00 87824 —-a-w- c:windowssystem32driversinspect.sys
2010-06-01 15:00 . 2010-06-01 15:00 25240 —-a-w- c:windowssystem32driverscmdhlp.sys
2010-06-01 15:00 . 2010-06-01 15:00 15464 —-a-w- c:windowssystem32driverscmderd.sys
.

---

Sigcheck

---

[-] 2008-10-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys

[-] 2008-10-25 . A3894F6EF8499A997A60F83F562DCC15 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll

c:windowsSystem32termsrv.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccleaner»=»c:program filesCCleanerCCleaner.exe» [2009-05-07 1561840]
«AlfaClock Classic»=»c:program filesAlfaClock Free EditionAlfaClock.exe» [2005-07-13 405504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«COMODO Internet Security»=»c:program filesCOMODOCOMODO Internet Securitycfp.exe» [2010-06-01 2039240]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«Rebuild Icon Cache»=»REBUILDI.EXE» [2007-11-04 172032]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2009-03-08 128512]
«IE7_012″=»advpack.dll» [2009-03-08 128512]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32guard32.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg0PCTFW
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Watch

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokiaMServer]
c:program filesCommon FilesNokiaMPlatformNokiaMServer [X]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Update Checker]
2009-12-28 13:49 121472 —-a-w- c:program filesASUSASUSUpdateUpdateCheckerUpdateChecker.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2010-03-26 14:28 3787776 —-a-w- c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDSLAGENTEXE]
2005-08-25 09:47 65536

---

w- c:program filesD-LinkDSL-200dslagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDSLSTATEXE]
2005-12-12 07:44 344064

---

w- c:program filesD-LinkDSL-200dslstat.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
2009-11-29 23:26 135664 —-atw- c:documents and settingsdomLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
2005-05-11 20:12 49152 —-a-w- c:program filesHPHP Software UpdatehpwuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
2008-12-03 08:47 1205760 —-a-w- c:program filesNokiaNokia PC Suite 7PCSuite.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
2008-10-30 09:56 734504 —-a-w- c:program filesPunto Switcherpunto.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2010-03-17 17:53 421888 —-a-w- c:program filesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2009-06-02 08:56 24264488 —-a-r- c:program filesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2009-11-29 23:11 39408 —-a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
2010-07-04 19:51 17408 —-a-w- c:program filesUnlockerUnlockerAssistant.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
2010-08-20 20:58 327472 —-a-w- c:program filesuTorrentuTorrent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableNotifications»= 1 (0x1)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=

R1 AsUpIO;AsUpIO;c:windowssystem32driversAsUpIO.sys [23.08.2010 0:33 11448]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdGuard.sys [04.06.2010 11:55 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [01.06.2010 19:00 25240]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [29.05.2010 18:48 108289]
S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys —> c:windowssystem32DRIVERSLbd.sys [?]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [30.11.2009 3:12 133104]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc —> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:windowsSystem32svchost.exe -k nosGetPlusHelper [15.04.2008 16:00 14336]
S3 pctNDIS;PC Tools Driver;c:windowssystem32driverspctNdis.sys [29.10.2009 19:32 58816]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the ‘Scheduled Tasks’ folder

2010-08-25 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-11-29 23:11]

2010-03-22 c:windowsTasksGoogleUpdateTaskMachineCore1cac9b7693fd1ce.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-29 23:12]

2010-06-15 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1078081533-602162358-1644491937-1004Core1cb0c5565b5656.job
— c:documents and settingsdomLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-02-20 23:26]

2009-03-21 c:windowsTasksUser_Feed_Synchronization-{9D32F4B5-5938-4A89-9621-536843EDBE30}.job
— c:windowssystem32msfeedssync.exe [2009-03-02 01:31]

2010-02-27 c:windowsTasksWGASetup.job
— c:windowssystem32KB905474wgasetup.exe [2010-01-19 19:18]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: {{8B2D996F-B7D1-4961-A929-414D9CF5BA7B} — http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
TCP: {9E1A85CC-9DCC-498E-9D26-461B53209E55} = 212.48.193.37 213.158.7.2
FF — ProfilePath — c:documents and settingsdomApplication DataMozillaFirefoxProfiles9r0spd4g.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/
FF — component: c:program filesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtensioncomponentsFirefoxExtension.dll
FF — plugin: c:documents and settingsdomApplication DataMozillaFirefoxProfiles9r0spd4g.defaultextensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}pluginsnp_gp.dll
FF — plugin: c:documents and settingsdomLocal SettingsApplication DataGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1739.5352npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesOperaprogrampluginsnp_gp.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbaam7a8h», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.count», 24);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.size», 4096);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 22:09
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-25 22:12:26
ComboFix-quarantined-files.txt 2010-08-25 18:12

Pre-Run: 4 930 191 360 байт свободно
Post-Run: 4 891 463 680 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=alwaysoff /fastdetect

— — End Of File — — 1D2E0B6585605AA8A8F40DF1022EB673