- This topic has 5 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Здраствуйте
Уже 3 день, когда я вхожу в интернет с переодичностью в 5-10 минут на странице браузера появляются порно баннеры, а так же текстовая реклама, появляющиеся в виде рамки с текстом сверху или снизу окна браузера.
При сворачивании страницы браузера (Опера 9.64) баннер следует на рабочий стол, появляется на жестком диске, в общем висит в системе, пока по нему не кликнешь.
Помимо антивируса ( Panda Global Protection 2009 со свежими базами) установил так же Ad-Aware и Spyware Doctor, обновив базы у обоих программ и сделав проверку с обоих.
Обе программы нашли и удалили несколько троянов, которых не заметил антивирусник, но баннеры не перестали выскакивать.
Наткнулся на комбофикс, применил его, перезагрузил ПК, удалил его по вашему методу.
Баннеры в итоге никуда не исчезли.Скачал RSIT,получил оба лога, затем применил комбофикс, потерпев фиаско снова включил RSIT, но теперь получил только один лог(log.txt), info.txt больше не выдает, не знаю почему (есть ли другая программа для получения этого файла?).
вот файл log.txt
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-01 21:44:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (16%) free of 20 GB
Total RAM: 3007 MB (79% free)======Scheduled tasks folder======
C:WINDOWStasksAd-Aware Update (Weekly).job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-17 1266992][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4D91-8333-CF10577473F7}]
&Google — C:Documents and SettingsAdminGooglegoogletoolbar1.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-12 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-04-12 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-17 1266992]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-21 3117856]
{af83e43c-dd2b-4787-826b-31b17dee52ed} — QT Breadcrumbs Address Bar — C:WINDOWSsystem32mscoree.dll [2005-09-23 270848]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU5090.dll [2007-07-30 804336][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-05-01 843776]
«ioCentre»=C:GeniusioCentregTaskBar.exe [2006-12-08 241664]
«RemoteControl8″=C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe [2008-03-20 83240]
«PDVD8LanguageShortcut»=C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe [2007-12-14 50472]
«BDRegion»=C:Program FilesCyberlinkShared Filesbrs.exe [2008-05-19 91432]
«RivaTunerStartupDaemon»=C:Program FilesRivaTuner v2.21RivaTuner.exe [2008-12-10 2732032]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-04-12 148888]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-05-01 86016]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-05-01 13750272]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Global Protection 2009APVXDWIN.EXE [2009-07-15 881920]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Global Protection 2009Inicio.exe [2008-07-07 50432]
«Ad Muncher»=C:Program FilesAd MuncherAdMunch.exe [2009-01-27 834560][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2009-02-10 30208]
«Sidebar»=C:Program FilesWindows SidebarSidebar.exe [2008-12-15 1272320]
«UberIcon»=C:WINDOWSXPLifeProgramsUberIconUberIcon.exe [2008-12-15 167936]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-07-25 3271680]
«DumpRuUploader»=C:Program FilesDump.RuDumpRuUploader.exe [2009-06-08 296448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»wbsys.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:WINDOWSsystem32avldr.dll [2008-03-18 58672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWBSrv]
C:Program FilesStardockObject DesktopWindowBlindswbsrv.dll [2008-09-17 210168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
relog_ap[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe»=»C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«D:Games 2Grand Theft Auto IVLaunchGTAIV.exe»=»D:Games 2Grand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«D:Games 2Grand Theft Auto IVGTAIV.exe»=»D:Games 2Grand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»
«C:Program FilesKVIrckvirc.exe»=»C:Program FilesKVIrckvirc.exe:*:Enabled:kvirc»
«C:WINDOWSsystem32usmtmigwiz.exe»=»C:WINDOWSsystem32usmtmigwiz.exe:*:Enabled:Мастер переноса файлов и параметров»
«C:Program FilesCerberusCerberus.exe»=»C:Program FilesCerberusCerberus.exe:*:Enabled:Cerberus FTP Server»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{04e3f2ea-fa85-11dd-93f5-001a92083f94}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d8e3c28-578b-11de-950a-001a92083f94}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
shellExplorecommand — H:autorun.exe
shellOpencommand — H:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f4232e0-d42c-11dd-92c0-001a92083f94}]
shellAutoRuncommand — G:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659d-399b-11de-94ca-001a92083f94}]
shellAutoRuncommand — H:QUARANTINES-53-6-28-3434476501-1644491937-600003330-1213dllview.exe
shellopencommand — H:QUARANTINES-53-6-28-3434476501-1644491937-600003330-1213dllview.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659e-399b-11de-94ca-001a92083f94}]
shellAutoRuncommand — H:QUARANTINES-53-6-28-3434476501-1644491937-600003330-1213dllview.exe
shellopencommand — H:QUARANTINES-53-6-28-3434476501-1644491937-600003330-1213dllview.exe======File associations======
.js — open — C:PROGRA~1PANDAS~1PANDAG~1PAVSCRIP.EXE «%1» %*
.vbs — open — C:PROGRA~1PANDAS~1PANDAG~1PAVSCRIP.EXE «%1» %*======List of files/folders created in the last 1 months======
2009-08-01 21:05:26 —-D—- C:ComboFix
2009-08-01 20:51:20 —-D—- C:Panda Software
2009-08-01 20:18:49 —-SHD—- C:RECYCLER
2009-08-01 20:13:13 —-A—- C:ComboFix.txt
2009-08-01 20:10:52 —-D—- C:WINDOWSERDNT
2009-08-01 19:07:01 —-D—- C:rsit
2009-08-01 19:07:01 —-D—- C:Program Filestrend micro
2009-08-01 17:30:10 —-D—- C:Documents and SettingsAdminApplication DataPCToolsFirewallPlus
2009-08-01 17:25:29 —-D—- C:Program FilesCommon FilesPC Tools
2009-08-01 17:25:25 —-D—- C:Program FilesSpyware Doctor
2009-08-01 17:25:25 —-D—- C:Documents and SettingsAll UsersApplication DataPC Tools
2009-08-01 17:25:25 —-D—- C:Documents and SettingsAdminApplication DataPC Tools
2009-07-31 03:50:13 —-A—- C:WINDOWSsystem32lsdelete.exe
2009-07-31 02:35:53 —-HDC—- C:Documents and SettingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-31 02:35:44 —-D—- C:Program FilesLavasoft
2009-07-31 02:35:44 —-D—- C:Documents and SettingsAll UsersApplication DataLavasoft
2009-07-31 02:26:08 —-D—- C:Program FilesGoogle
2009-07-31 01:28:32 —-D—- C:Program FilesAd Muncher
2009-07-31 01:28:32 —-D—- C:Documents and SettingsAll UsersApplication DataAd Muncher
2009-07-30 23:26:27 —-A—- C:WINDOWSntbtlog.txt
2009-07-26 00:46:48 —-A—- C:WINDOWSsystem32HHActiveX.dll
2009-07-26 00:46:46 —-A—- C:WINDOWSsystem32TpUtil.dll
2009-07-26 00:46:46 —-A—- C:WINDOWSsystem32SYSTOOLS.DLL
2009-07-26 00:46:46 —-A—- C:WINDOWSsystem32PavLspHook.dll
2009-07-26 00:46:46 —-A—- C:WINDOWSsystem32pavipc.dll
2009-07-26 00:46:45 —-A—- C:WINDOWSsystem32PavSHook.dll
2009-07-26 00:46:43 —-D—- C:WINDOWSsystem32PAV
2009-07-26 00:46:43 —-D—- C:Documents and SettingsAdminApplication DataPanda Security
2009-07-26 00:46:43 —-A—- C:WINDOWSsystem32avldr.dll
2009-07-26 00:46:42 —-D—- C:Documents and SettingsAll UsersApplication DataPanda Security
2009-07-26 00:45:53 —-D—- C:Program FilesCommon FilesPanda Security
2009-07-23 12:02:31 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe Systems
2009-07-23 11:59:40 —-D—- C:Program FilesCommon FilesAdobe Systems Shared
2009-07-21 22:43:08 —-D—- C:Documents and SettingsAdminApplication Datarambler.ru
2009-07-21 22:43:01 —-D—- C:Program FilesRambler Assistant
2009-07-21 22:36:59 —-D—- C:Program FilesICQ6.5
2009-07-05 03:01:18 —-A—- C:WINDOWSBlendSettings.ini======List of files/folders modified in the last 1 months======
2009-08-01 21:25:32 —-D—- C:WINDOWSTemp
2009-08-01 21:23:29 —-D—- C:WINDOWSsystem32drivers
2009-08-01 21:23:06 —-D—- C:WINDOWSsystem32
2009-08-01 21:21:26 —-A—- C:WINDOWSSchedLgU.Txt
2009-08-01 21:20:12 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-08-01 21:09:30 —-D—- C:WINDOWSsystem32CatRoot2
2009-08-01 21:05:39 —-D—- C:WINDOWS
2009-08-01 20:50:58 —-RD—- C:Program Files
2009-08-01 20:49:08 —-HD—- C:WINDOWSinf
2009-08-01 20:12:23 —-A—- C:WINDOWSsystem.ini
2009-08-01 20:09:35 —-D—- C:WINDOWSPrefetch
2009-08-01 20:00:08 —-D—- C:WINDOWSXPLife
2009-08-01 20:00:08 —-D—- C:Program FilesWindows Sidebar
2009-08-01 20:00:08 —-D—- C:Program FilesTotal Commander
2009-08-01 20:00:08 —-D—- C:Program FilesSkype
2009-08-01 17:30:13 —-SHD—- C:System Volume Information
2009-08-01 17:30:13 —-D—- C:WINDOWSsystem32Restore
2009-08-01 17:25:29 —-D—- C:Program FilesCommon Files
2009-08-01 16:41:12 —-D—- C:Program FilesMozilla Firefox
2009-08-01 02:12:32 —-ASD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-01 02:12:32 —-AHD—- C:Program FilesWindowsUpdate
2009-07-31 02:53:44 —-SHD—- C:WINDOWSInstaller
2009-07-31 02:53:44 —-SD—- C:WINDOWSTasks
2009-07-31 02:36:11 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-07-31 02:25:52 —-D—- C:WINDOWSWinSxS
2009-07-31 01:04:13 —-D—- C:WINDOWSRegistration
2009-07-31 01:03:28 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-07-30 20:46:23 —-D—- C:Program FilesAdobe
2009-07-27 20:39:55 —-D—- C:Documents and SettingsAdminApplication DataAny DVD Converter Professional
2009-07-26 00:46:43 —-HD—- C:Program FilesInstallShield Installation Information
2009-07-26 00:46:42 —-D—- C:Program FilesPanda Security
2009-07-24 15:49:30 —-D—- C:WINDOWSHelp
2009-07-23 12:03:54 —-D—- C:Documents and SettingsAdminApplication DataAdobe
2009-07-23 11:59:38 —-D—- C:Program FilesCommon FilesAdobe
2009-07-23 11:58:45 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-07-22 20:10:31 —-D—- C:Documents and Settings
2009-07-21 22:37:32 —-D—- C:Program FilesICQ6
2009-07-21 14:23:56 —-D—- C:VKLife
2009-07-03 01:58:12 —-D—- C:Program FilesAudiograbber======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2009-04-24 3110512]
R1 APPFLT;App Filter Plugin; ??C:WINDOWSsystem32DriversAPPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; ??C:WINDOWSsystem32DriversDSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; ??C:WINDOWSsystem32Driversfnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; ??C:WINDOWSsystem32DriversIDSFLT.SYS []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:WINDOWSsystem32DriversNETFLTDI.SYS []
R1 pctgntdi;pctgntdi; ??C:WINDOWSsystem32driverspctgntdi.sys []
R1 ShldDrv;Panda File Shield Driver; C:WINDOWSSystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; ??C:WINDOWSsystem32DriversWNMFLT.SYS []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; ??C:Program FilesCyberLinkPowerDVD8�00.fcl []
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-12-27 278984]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-12-27 25416]
R2 PAVDRV;pavdrv; C:WINDOWSsystem32DRIVERSpavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; ??C:WINDOWSsystem32DRIVERSPavProc.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2008-12-26 44384]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-04-27 93824]
R3 AvFlt;Antivirus Filter Driver; C:WINDOWSsystem32driversav5flt.sys []
R3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
R3 gHidPnp;USB Device Enhanced Function Driver; C:WINDOWSSystem32DriversgHidPnp.Sys [2006-07-14 14848]
R3 gMouUsb;USB Mouse Device Drv; C:WINDOWSsystem32DRIVERSgMouUsb.sys [2006-07-14 9984]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:WINDOWSsystem32DRIVERSneti1634.sys [2008-06-26 197888]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-04-30 8055584]
R3 PavSRK.sys;PavSRK.sys; ??C:WINDOWSsystem32PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; ??C:WINDOWSsystem32PavTPK.sys []
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-05-14 47360]
R3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.21RivaTuner32.sys []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-07-27 83712]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 ayzm9rcw;ayzm9rcw; C:WINDOWSsystem32driversayzm9rcw.sys []
S3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2008-10-24 9216]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2007-11-20 427288]
R2 DigiRefresh;Digidesign MME Refresh Service; C:Program FilesDigidesignDriversMMERefresh.exe [2007-10-31 77824]
R2 Gwmsrv;Panda Goodware Cache Manager; C:WINDOWSsystem32svchost -k Panda []
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-04-12 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-AwareAAWService.exe [2009-07-03 1029456]
R2 nvsvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-05-01 168004]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Global Protection 2009PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Global Protection 2009PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Global Protection 2009pavsrv51.exe [2008-07-04 288512]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-06-13 66872]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda global protection 2009firewallPSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Global Protection 2009PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Global Protection 2009PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:Program FilesPanda SecurityPanda Global Protection 2009TPSrv.exe [2008-07-17 157440]
R2 TryAndDecideService;Acronis Try And Decide Service; C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe [2007-11-21 524272]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2009-04-24 316816]
S2 gupdate1ca1164cae9936c;Google Update Service (gupdate1ca1164cae9936c); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-31 133104]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-07-23 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 digiSPTIService;digiSPTIService; C:Program FilesDigidesignPro ToolsdigiSPTIService.exe [2007-10-31 159744]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-12-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2009-07-22 1097096]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-08-07 575488]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2009-01-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Лог комбофикса
ComboFix 08-12-14.05 — Admin 2009-08-01 21:48:30.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.3007.2457 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.2009-08-01 20:51 . 2009-08-01 20:51
d
C:Panda Software
2009-08-01 19:07 . 2009-08-01 19:07d
C:rsit
2009-08-01 19:07 . 2009-08-01 21:44d
c:program filestrend micro
2009-08-01 17:30 . 2009-08-01 17:30d
c:documents and settingsAdminApplication DataPCToolsFirewallPlus
2009-08-01 17:25 . 2009-08-01 17:56d
c:program filesSpyware Doctor
2009-08-01 17:25 . 2009-08-01 20:53d
c:program filesCommon FilesPC Tools
2009-08-01 17:25 . 2009-08-01 17:25d
c:documents and settingsAll UsersApplication DataPC Tools
2009-08-01 17:25 . 2009-08-01 17:25d
c:documents and settingsAdminApplication DataPC Tools
2009-08-01 17:25 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-08-01 17:25 . 2009-04-03 10:18 130,936 —a
c:windowssystem32driversPCTCore.sys
2009-08-01 17:25 . 2008-12-18 11:16 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-08-01 17:25 . 2008-12-10 11:36 64,392 —a
c:windowssystem32driverspctplsg.sys
2009-07-31 03:50 . 2009-07-03 18:49 15,688 —a
c:windowssystem32lsdelete.exe
2009-07-31 02:36 . 2009-07-03 18:49 64,160 —a
c:windowssystem32driversLbd.sys
2009-07-31 02:35 . 2009-07-31 02:35d
c:program filesLavasoft
2009-07-31 02:35 . 2009-07-31 02:35d
c:documents and settingsAll UsersApplication DataLavasoft
2009-07-31 02:35 . 2009-07-31 02:35d—h-c— c:documents and settingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-31 02:26 . 2009-07-31 02:53d
c:program filesGoogle
2009-07-31 01:28 . 2009-07-31 01:38d
c:program filesAd Muncher
2009-07-31 01:28 . 2009-07-31 01:36d
c:documents and settingsAll UsersApplication DataAd Muncher
2009-07-30 20:43 . 2009-07-30 22:02d
c:documents and settingsAdminGoogle
2009-07-26 00:49 . 2009-08-01 21:23 13,880 —a
c:windowssystem32driversCOMFiltr.sys
2009-07-26 00:47 . 2009-08-01 20:21 254,848 —a
c:windowssystem32driversAPPFCONT.DAT.bck
2009-07-26 00:47 . 2009-08-01 20:21 254,848 —a
c:windowssystem32driversAPPFCONT.DAT
2009-07-26 00:47 . 2008-06-18 16:06 193,792 —a
c:windowssystem32driversidsflt.sys
2009-07-26 00:47 . 2008-07-11 14:58 158,848 —a
c:windowssystem32driversNETFLTDI.SYS
2009-07-26 00:47 . 2008-04-28 17:35 84,024 —a
c:windowssystem32driverspavdrv51.sys
2009-07-26 00:47 . 2008-06-25 15:42 73,728 —a
c:windowssystem32driversAPPFLT.SYS
2009-07-26 00:47 . 2008-06-18 16:06 52,992 —a
c:windowssystem32driversdsaflt.sys
2009-07-26 00:47 . 2008-06-18 16:06 46,720 —a
c:windowssystem32driverswnmflt.sys
2009-07-26 00:47 . 2008-03-28 11:25 22,072 —a
c:windowssystem32driversfnetmon.sys
2009-07-26 00:47 . 2009-08-01 21:23 1,132 —a
c:windowssystem32driversAPPFLTR.CFG.bck
2009-07-26 00:47 . 2009-08-01 21:23 1,132 —a
c:windowssystem32driversAPPFLTR.CFG
2009-07-26 00:47 . 2009-07-26 00:47 261 —a
c:windowssystem32PavCPL.dat
2009-07-26 00:46 . 2009-07-26 00:46d
c:windowssystem32PAV
2009-07-26 00:46 . 2009-07-26 00:46d
c:documents and settingsAll UsersApplication DataPanda Security
2009-07-26 00:46 . 2009-07-26 00:46d
c:documents and settingsAdminApplication DataPanda Security
2009-07-26 00:46 . 2008-06-18 18:03 520,448 —a
c:windowssystem32PavSHook.dll
2009-07-26 00:46 . 2003-10-22 18:23 446,464 —a
c:windowssystem32HHActiveX.dll
2009-07-26 00:46 . 2008-06-26 11:25 197,888 —a
c:windowssystem32driversneti1634.sys
2009-07-26 00:46 . 2008-06-24 14:48 193,280 —a
c:windowssystem32TpUtil.dll
2009-07-26 00:46 . 2007-02-08 11:53 107,568 —a
c:windowssystem32SYSTOOLS.DLL
2009-07-26 00:46 . 2009-03-17 19:07 87,296 —a
c:windowssystem32PavLspHook.dll
2009-07-26 00:46 . 2008-03-18 16:58 58,672 —a
c:windowssystem32avldr.dll
2009-07-26 00:46 . 2008-06-18 18:03 55,552 —a
c:windowssystem32pavipc.dll
2009-07-26 00:46 . 2007-03-15 19:38 54,832 —a
c:windowssystem32pavcpl.cpl
2009-07-26 00:46 . 2008-06-19 17:24 28,544 —a
c:windowssystem32driverspavboot.sys
2009-07-26 00:45 . 2009-07-26 00:45d
c:program filesCommon FilesPanda Security
2009-07-26 00:45 . 2008-02-07 12:03 179,640 —a
c:windowssystem32driversPavProc.sys
2009-07-26 00:45 . 2008-03-04 15:59 41,144 —a
c:windowssystem32driversShlDrv51.sys
2009-07-23 12:02 . 2009-07-23 12:02d
c:documents and settingsAll UsersApplication DataAdobe Systems
2009-07-23 11:59 . 2009-07-23 11:59d
c:program filesCommon FilesAdobe Systems Shared
2009-07-22 20:10 . 2009-07-22 20:10d
c:documents and settingsanimcktfMes documents
2009-07-22 20:10 . 2009-07-22 20:10d
c:documents and settingsanimcktf
2009-07-21 22:43 . 2009-07-21 22:43d
c:program filesRambler Assistant
2009-07-21 22:43 . 2009-07-21 22:43d
c:documents and settingsAdminApplication Datarambler.ru
2009-07-21 22:36 . 2009-07-21 22:47d
c:program filesICQ6.5
2009-07-05 03:01 . 2009-07-05 03:50 23 —a
c:windowsBlendSettings.ini.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 17:20
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-08-01 16:00
d
w c:program filesWindows Sidebar
2009-08-01 16:00
d
w c:program filesTotal Commander
2009-08-01 16:00
d
w c:program filesSkype
2009-07-27 16:39
d
w c:documents and settingsAdminApplication DataAny DVD Converter Professional
2009-07-25 20:46
d—h—w c:program filesInstallShield Installation Information
2009-07-25 20:46
d
w c:program filesPanda Security
2009-07-23 07:59
d
w c:program filesCommon FilesAdobe
2009-07-21 18:37
d
w c:program filesICQ6
2009-07-02 21:58
d
w c:program filesAudiograbber
2009-06-25 10:50
d
w c:program filesUnlocker
2009-06-20 19:35
d
w c:documents and settingsAdminApplication DataSkype
2009-06-20 19:34
d
w c:documents and settingsAdminApplication DataskypePM
2009-06-13 08:43 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2009-06-13 08:43 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-06-13 08:43 103,736 —-a-w c:windowssystem32PnkBstrB.exe
2009-06-08 16:31
d
w c:program filesDump.Ru
2009-06-05 17:05
d
w c:program filesCommon FilesWise Installation Wizard
2009-05-22 23:37 98,304 —-a-w c:windowssystem32qttask.exe
2009-05-14 18:10 87,608 —-a-w c:documents and settingsAdminApplication Datainst.exe
2009-05-14 18:10 47,360 —-a-w c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-05 22:31 2,402,304 —-a-w c:windowssystem32x264vfw.dll
2008-08-03 16:29 1,840,488 —-a-w c:program filesUTool.exe
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
2009-02-10 17:21 7,248 —sha-r c:windowsXPLifeBackupZeroold1.reg
2009-02-10 17:21 32,454 —sha-r c:windowsXPLifeBackupZeroold2.reg
2008-04-14 18:40 1,571,840 —sha-r c:windowsXPLifeBackupZerosfcfiles.dll
2008-04-14 18:40 219,648 —sha-r c:windowsXPLifeBackupZerouxtheme.dll
2008-04-14 18:38 1,054,208 —sha-r c:windowsXPLifeComBackupcomctl32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-17 1266992][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdRouter]
@=»{E2085722-3AC0-4411-A14B-906AFE1A75C4}»
[HKEY_CLASSES_ROOTCLSID{E2085722-3AC0-4411-A14B-906AFE1A75C4}]
2009-07-30 20:46 98304 —a
c:program filesAdobeadrouter.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2009-02-10 30208]
«Sidebar»=»c:program filesWindows SidebarSidebar.exe» [2008-12-15 1272320]
«UberIcon»=»c:windowsXPLifeProgramsUberIconUberIcon.exe» [2008-12-15 167936]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3271680]
«DumpRuUploader»=»c:program filesDump.RuDumpRuUploader.exe» [2009-06-08 296448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-05-01 843776]
«ioCentre»=»c:geniusioCentregTaskBar.exe» [2006-12-08 241664]
«RemoteControl8″=»c:program filesCyberLinkPowerDVD8PDVD8Serv.exe» [2008-03-20 83240]
«PDVD8LanguageShortcut»=»c:program filesCyberLinkPowerDVD8LanguageLanguage.exe» [2007-12-14 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-05-19 91432]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.21RivaTuner.exe» [2008-12-10 2732032]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-12 148888]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-05-01 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-05-01 13750272]
«APVXDWIN»=»c:program filesPanda SecurityPanda Global Protection 2009APVXDWIN.EXE» [2009-07-15 881920]
«SCANINICIO»=»c:program filesPanda SecurityPanda Global Protection 2009Inicio.exe» [2008-07-07 50432]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2009-01-27 834560]
«nwiz»=»nwiz.exe» [2009-05-01 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2009-02-10 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2008-09-17 09:05 210168 c:program filesStardockObject DesktopWindowBlindsWbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 16:58 58672 c:windowssystem32avldr.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=wbsys.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.hfyu»= huffyuv.dll
«msacm.sl_anet»= c:progra~1ACEMEG~1SystemSsl_anet.acm
«msacm.divxa32″= divxa32.acm
«vidc.iyuv»= c:progra~1ACEMEG~1SystemSInteliyuv_32.dll
«vidc.yvu9″= c:progra~1ACEMEG~1SystemSIntelIyvu9_32.dll
«vidc.uyvy»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yuy2″= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yvyu»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«msacm.msaudio1″= c:progra~1ACEMEG~1SystemSMICROS~1msaud32.acm
«vidc.3ivx»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv0″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv1″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv2″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3ivd»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«d:\Games 2\Grand Theft Auto IV\LaunchGTAIV.exe»=
«d:\Games 2\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Golden FTP Server Pro\GFTPpro.exe»=
«c:\Program Files\KVIrc\kvirc.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Program Files\Cerberus\Cerberus.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=R0 DigiFilter;DigiFilter;c:windowssystem32driversDigiFilt.sys [2009-03-31 16384]
R0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys [2009-07-31 64160]
R0 pavboot;Panda boot driver;c:windowssystem32Driverspavboot.sys [2009-07-26 28544]
R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-08-01 130936]
R1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2009-04-24 3110512]
R1 APPFLT;App Filter Plugin;??c:windowssystem32DriversAPPFLT.SYS [2009-07-26 73728]
R1 DSAFLT;DSA Filter Plugin;??c:windowssystem32DriversDSAFLT.SYS [2009-07-26 52992]
R1 FNETMON;NetMon Filter Plugin;??c:windowssystem32Driversfnetmon.SYS [2009-07-26 22072]
R1 IDSFLT;Ids Filter Plugin;??c:windowssystem32DriversIDSFLT.SYS [2009-07-26 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];??c:windowssystem32DriversNETFLTDI.SYS [2009-07-26 00:47:03 158848]
R1 pctgntdi;pctgntdi;??c:windowssystem32driverspctgntdi.sys [2009-08-01 159600]
R1 ShldDrv;Panda File Shield Driver;c:windowssystem32DRIVERSShlDrv51.sys [2009-07-26 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;??c:windowssystem32DriversWNMFLT.SYS [2009-07-26 46720]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};??c:program filesCyberLinkPowerDVD8000.fcl [2008-05-15 13:07:00 61424]
R2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost -k Panda []
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;»c:program filesLavasoftAd-AwareAAWService.exe» [2009-07-03 1029456]
R2 PavProc;Panda Process Protection Driver;??c:windowssystem32DRIVERSPavProc.sys [2009-07-26 179640]
R2 PskSvcRetail;Panda PSK service;»c:program filesPanda SecurityPanda Global Protection 2009PskSvc.exe» [2009-07-26 28928]
R3 AvFlt;Antivirus Filter Driver;c:windowssystem32driversav5flt.sys []
R3 gHidPnp;USB Device Enhanced Function Driver;c:windowssystem32DriversgHidPnp.Sys [2008-12-26 14848]
R3 gMouUsb;USB Mouse Device Drv;c:windowssystem32DRIVERSgMouUsb.sys [2008-12-26 9984]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:windowssystem32DRIVERSneti1634.sys [2009-07-26 197888]
R3 PavSRK.sys;PavSRK.sys;??c:windowssystem32PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;??c:windowssystem32PavTPK.sys []
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc []
S2 gupdate1ca1164cae9936c;Google Update Service (gupdate1ca1164cae9936c);»c:program filesGoogleUpdateGoogleUpdate.exe» /svc [2009-07-31 133104]
S2 kbrrna;Security Center;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-11-13 9216]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2009-08-01 348752][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
panda REG_MULTI_SZ GwmsrvHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
kbrrna[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{04e3f2ea-fa85-11dd-93f5-001a92083f94}]
ShellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d8e3c28-578b-11de-950a-001a92083f94}]
ShellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
ShellExplorecommand — H:autorun.exe
ShellOpencommand — H:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f4232e0-d42c-11dd-92c0-001a92083f94}]
ShellAutoRuncommand — G:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659d-399b-11de-94ca-001a92083f94}]
ShellAutoRuncommand — h:quarantineS-53-6-28-3434476501-1644491937-600003330-1213dllview.exe
Shellopencommand — h:quarantineS-53-6-28-3434476501-1644491937-600003330-1213dllview.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659e-399b-11de-94ca-001a92083f94}]
ShellAutoRuncommand — h:quarantineS-53-6-28-3434476501-1644491937-600003330-1213dllview.exe
Shellopencommand — h:quarantineS-53-6-28-3434476501-1644491937-600003330-1213dllview.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-07-30 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-07-03 18:49]2009-08-01 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]2009-08-01 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru?clid=27130
mStart Page = hxxp://www.yandex.ru?clid=27130
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Перевести — c:program filesArsenal CompanySOCRAT InternetHTMLWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/dic.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe —
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine — Rambler
FF — prefs.js: browser.startup.homepage — http://www.yandex.ru
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 21:48:45
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1236)
c:windowssystem32avldr.dll
c:program filesStardockObject DesktopWindowBlindswbsrv.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(1292)
c:windowssystem32relog_ap.dll
.
Completion time: 2009-08-01 21:49:30
ComboFix-quarantined-files.txt 2009-08-01 17:49:16
ComboFix2.txt 2009-08-01 16:13:13Pre-Run: 3 373 236 224 байт свободно
Post-Run: 3,363,151,872 байт свободно307
Нашел сейчас в корневом каталоге файл info.txt
info.txt logfile of random’s system information tool 1.06 2009-08-01 19:07:46
======Uninstall list======
«Oblivion — Knights of the Nine» версии 1.00.0000—>»E:GamesDataKotnunins000.exe»
«Oblivion — Shivering Isles» версии 1.2.0416—>»E:GamesShIslesunins000.exe»
—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {10B5F4EF-C4DC-47AF-913B-EAF05C69C852}
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {00E877D5-CDF8-4DDC-9AE0-E541B4BB6487}
—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {2A33A0C2-2B09-446E-9022-1508A85ECD2D}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5C395839-FBA5-49C5-923A-787665D5E128}
—>MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A74354BF-086F-40D7-AB20-DB8703FC92C0}Setup.exe» -l0x19
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
50 FREE MP3s +1 Free Audiobook!—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
ACE Mega CoDecS Pack—>»C:Program FilesACE Mega CoDecS Packunins000.exe»
Acronis True Image Home—>MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad Muncher v4.72 Build 30400—>»C:Program FilesAd MuncherAM-Install.exe» /P «InstallerAction=Uninstall» /P «InstallTarget=C:Program FilesAd Muncher»
Ad-Aware—>»C:Documents and SettingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}Ad-AwareAE.exe» REMOVE=TRUE MODIFY=FALSE
Ad-Aware—>C:Documents and SettingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}Ad-AwareAE.exe
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0—>msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AdStopper 1.17—>»C:Program FilesAdStopperunins000.exe»
Alky for Applications—>MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Antares Autotune VST RTAS TDM v5.08—>»C:Program FilesAntares Audio Technologiesunins000.exe»
Antares Autotune VST v5.09—>»C:Program FilesAntares Audio TechnologiesUninstallunins000.exe»
Any DVD Converter Professional 3.5.3—>»C:Program FilesAny DVD Converter Professionalunins000.exe»
ASIO4ALL—>C:Program FilesASIO4ALL v2uninstall.exe
AsusUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
AusLogics BoostSpeed—>»C:Program FilesAuslogicsAusLogics BoostSpeedunins000.exe»
Cerberus FTP Server—>MsiExec.exe /I{6C978B4D-5819-4D13-85BC-89527A7F665E}
Collab—>C:Program FilesImage-LineCollabuninstall.exe
CPU-Z and GPU-Z—>C:Program FilesCPU-ZUninstall.exe
CyberLink PowerDVD 8—>»C:Program FilesInstallShield Installation Information{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}setup.exe» /z-uninstall
Daemon Tools Lite—>rundll32.exe advpack.dll,LaunchINFSection dtools.inf,Uninstall
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
DEVIL MAY CRY 4—>MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
Digidesign Free Bomb Factory Plug-Ins 7.4—>C:Program FilesInstallShield Installation Information{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Pro Tools M-Powered 7.4cs2—>C:Program FilesInstallShield Installation Information{14AA664E-9BFA-44C4-A083-83A2998679BA}setup.exe -runfromtemp -l0x0009 -removeonly
Digidesign Shared Plug-Ins 7.4—>C:Program FilesInstallShield Installation Information{AFE354A5-640F-4A23-94C8-0B441E8967CA}Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Double Vibration Controller 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E22F239F-953C-4C6C-8CAC-2CE1C26CCB2D}Setup.exe» -l0x9
Download Master 5.5.5.1135—>»C:Program FilesDownload Masterunins000.exe»
Dump.ru file uploader—>C:Program FilesDump.RuDumpRuUploader.exe -uninstall
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.0—>»C:Program FilesDVDFab 5unins000.exe»
Fallout 3 v1.0—>»D:Games 2Fallout 3unins000.exe»
Fast Audio Converter version 1.4—>»C:Program FilesLitexMediaFast Audio Converterunins000.exe»
FL Studio 8—>C:Program FilesImage-LineFL Studio 8uninstall.exe
Flash Player Pro—>C:Program FilesFlash Player ProUninstall.exe
Fraps—>»C:Frapsuninstall.exe»
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV—>»C:Program FilesInstallShield Installation Information{579BA58C-F33D-4970-9953-B94B43768AC3}setup.exe» -runfromtemp -l0x0019 -removeonly
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
IL Download Manager—>C:Program FilesImage-LineDownloaderuninstall.exe
Interlok driver setup x32—>MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
ioCentre—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}Setup.exe» -l0x19
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.8.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KVIrc—>»C:Program FilesKVIrcuninstall.exe»
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office Access 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ACCESS /dll OSETUP.DLL
Microsoft Office Access 2007—>MsiExec.exe /X{90120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007—>MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007—>MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio MUI (Russian) 2007—>MsiExec.exe /X{90120000-0054-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007—>MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Профессиональный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 Lite v8.3.6.0—>»C:Program FilesNerounins000.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite—>MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
Norton Security Scan (Symantec Corporation)—>»C:Program FilesCommon FilesSymantec SharedNSSSetup{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0NSSSetup.exe» /X
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Oblivion mod manager 1.1.11—>»E:Gamesobmmuninstallunins000.exe»
Oblivion—>C:Program FilesInstallShield Installation Information{7EE1AAD4-0E84-4A90-8614-AA6E4E9764D4}setup.exe
Opera 9.64—>MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Panda Global Protection 2009—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{81A25967-DB85-4B48-A8A7-D25AC191DEE4}SETUP.exe» -l0x19 -removeonly
PC Connectivity Solution—>MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PC Tools Firewall Plus 5.0—>C:Program FilesPC Tools Firewall Plusunins000.exe /LOG
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PoiZone—>C:Program FilesImage-LinePoiZoneuninstall.exe
Prince of Persia—>»D:Games 2Prince of Persiaunins000.exe»
Rainlendar2 (remove only)—>»C:Program FilesRainlendar2uninst.exe»
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Real Desktop 1.42 Light—>»C:Program FilesReal Desktopunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
RivaTuner v2.21—>»C:Program FilesRivaTuner v2.21uninstall.exe»
River Past Wave@MP3—>C:WINDOWSWave@MP3 Uninstaller.exe
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0019 -removeonly
Skype—>C:Program FilesSkypeUninstall.exe
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Spyware Doctor 6.1—>C:Program FilesSpyware Doctorunins000.exe /LOG
TL Space Native 7.4—>C:Program FilesInstallShield Installation Information{A09ABB28-33D6-4662-8282-C46D480BE863}setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
Toxic Biohazard—>C:Program FilesImage-LineToxic Biohazarduninstall.exe
UltraISO Premium (only 32bit) v9.3.0.2612—>»C:Program FilesUltraISOunins000.exe»
Unlocker—>C:Program FilesUnlockeruninst.exe
Visual C++ 2008 x86 Runtime — (v9.0.30729)—>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime — v9.0.30729.01—>C:WINDOWSsystem32msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=»»
VKLife 1.7.2—>»C:Program FilesVKLifeunins000.exe»
VKLife 1.9—>»C:VKLifeunins000.exe»
VKontakte IE Toolbar 0.1—>»C:Program FilesVKontakte IE Toolbarunins000.exe»
VLC—>C:Program FilesVLCUninstall.exe
Warp VST V1.0—>C:PROGRA~1VSTPLU~1WARPVS~1.0UNWISE.EXE C:PROGRA~1VSTPLU~1WARPVS~1.0INSTALL.LOG
Winamp Remote—>»C:Program FilesWinamp Remoteuninstall.exe»
Winamp Toolbar for Firefox—>»extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}uninstall.exe»
Winamp Toolbar for Internet Explorer—>»C:Program FilesWinamp Toolbaruninstall.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Ведьмак: Дополненное издание — Побочные эффекты—>»C:Program FilesInstallShield Installation Information{6D93BD2D-BA71-491A-926C-37FE1580CEE0}setup.exe» -runfromtemp -l0x0019 -removeonly
Ведьмак: Дополненное издание — Цена нейтралитета—>»C:Program FilesInstallShield Installation Information{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}setup.exe» -runfromtemp -l0x0019 -removeonly
Ведьмак—>»C:Program FilesInstallShield Installation Information{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}setup.exe» -runfromtemp -l0x0019 -removeonly
Интернет помощник MyCentria—>C:Program FilesMyCentriaMyCentriaUninstall.exe
Пакет драйверов Windows — Nokia Modem (05/22/2008 3.8)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181Enokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 7.00.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (10/12/2007 6.85.4.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175pccsmcfd.inf
С.Т.А.Л.К.Е.Р. — Чистое Небо [v1.0009]—>»E:GamesС.Т.А.Л.К.Е.Р. — Чистое Небоunins000.exe»
СОКРАТ Интернет 3.0 Полиглот—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1CE8874-17FC-4646-81F5-BA704330CD72}setup.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удаление драйвера Xerox WorkCentre 3119 Series—>»C:WINDOWSXeroxWC3119setup.exe» /UNINSTALL /L0019
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Hosts File======
127.0.0.1 xxxruzone.com
0.0.0.0 popunder.ru awq.popunder.ru======Security center information======
AV: Panda Global Protection 2009
FW: PC Tools Firewall Plus
FW: Panda Personal Firewall 2009======System event log======
Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 357
Source Name: Service Control Manager
Time Written: 20090623201925.000000+240
Event Type: информация
User:Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.Record Number: 356
Source Name: Service Control Manager
Time Written: 20090623201919.000000+240
Event Type: информация
User:Computer Name: EMZ1T
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».Record Number: 355
Source Name: Service Control Manager
Time Written: 20090623201919.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 354
Source Name: Service Control Manager
Time Written: 20090623200802.000000+240
Event Type: информация
User:Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.Record Number: 353
Source Name: Service Control Manager
Time Written: 20090623200756.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: EMZ1T
Event Code: 64192
Message: Unexpected failure scanning file C:WINDOWSSYSTEM32DRIVERSAV5FLT.SYS.If the problem persists, please contact with support.
Record Number: 1343
Source Name: Sentinel
Time Written: 20090129204107.000000+180
Event Type: ошибка
User:Computer Name: EMZ1T
Event Code: 4000
Message: The Panda Anti-virus Service has started successfully.Record Number: 1342
Source Name: Sentinel
Time Written: 20090129204056.000000+180
Event Type: информация
User:Computer Name: EMZ1T
Event Code: 0
Message:
Record Number: 1341
Source Name: Panda Software Controller
Time Written: 20090129204038.000000+180
Event Type: информация
User:Computer Name: EMZ1T
Event Code: 1000
Message: Ошибка приложения , версия 0.0.0.0, модуль unknown, версия 0.0.0.0, адрес 0x00000000.Record Number: 1340
Source Name: Application Error
Time Written: 20090129203756.000000+180
Event Type: ошибка
User:Computer Name: EMZ1T
Event Code: 1004
Message: Ошибка приложения svchost.exe, версия 0.0.0.0, модуль unknown, версия 0.0.0.0, адрес 0x00000000.Record Number: 1339
Source Name: Application Error
Time Written: 20090129194536.000000+180
Event Type: ошибка
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:PROGRAM FILESPC CONNECTIVITY SOLUTION;%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESALKY FOR APPLICATIONSLIBRARIES;C:Program FilesPanda SecurityPanda Global Protection 2009
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=0f06
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«RGSCLauncher»=C:Program FilesRockstar GamesRockstar Games Social Club
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social Club1_0_0_0
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Компьютер так же заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
kbrrna
NetSvc::
kbrrna
Registry::
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdRouter]
[-HKEY_CLASSES_ROOTCLSID{E2085722-3AC0-4411-A14B-906AFE1A75C4}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{04e3f2ea-fa85-11dd-93f5-001a92083f94}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d8e3c28-578b-11de-950a-001a92083f94}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f4232e0-d42c-11dd-92c0-001a92083f94}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659d-399b-11de-94ca-001a92083f94}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ff15659e-399b-11de-94ca-001a92083f94}]
File::
c:program filesAdobeadrouter.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Использовал Флеш Дезенфектор, перезагрузил, затем использовал комбофикс с текстовым файлом, получил лог:
ComboFix 08-12-14.05 — Admin 2009-08-02 22:10:05.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.3007.2316 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —FILE ::
c:program filesAdobeadrouter.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesAdobeadrouter.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.2009-08-01 20:51 . 2009-08-01 20:51 d
C:Panda Software
2009-08-01 19:07 . 2009-08-01 19:07 d
C:rsit
2009-08-01 19:07 . 2009-08-01 22:17 d
c:program filestrend micro
2009-08-01 17:30 . 2009-08-01 17:30 d
c:documents and settingsAdminApplication DataPCToolsFirewallPlus
2009-08-01 17:25 . 2009-08-01 17:56 d
c:program filesSpyware Doctor
2009-08-01 17:25 . 2009-08-01 20:53 d
c:program filesCommon FilesPC Tools
2009-08-01 17:25 . 2009-08-01 17:25 d
c:documents and settingsAll UsersApplication DataPC Tools
2009-08-01 17:25 . 2009-08-01 17:25 d
c:documents and settingsAdminApplication DataPC Tools
2009-08-01 17:25 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-08-01 17:25 . 2009-04-03 10:18 130,936 —a
c:windowssystem32driversPCTCore.sys
2009-08-01 17:25 . 2008-12-18 11:16 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-08-01 17:25 . 2008-12-10 11:36 64,392 —a
c:windowssystem32driverspctplsg.sys
2009-07-31 03:50 . 2009-07-03 18:49 15,688 —a
c:windowssystem32lsdelete.exe
2009-07-31 02:36 . 2009-07-03 18:49 64,160 —a
c:windowssystem32driversLbd.sys
2009-07-31 02:35 . 2009-07-31 02:35 d
c:program filesLavasoft
2009-07-31 02:35 . 2009-07-31 02:35 d
c:documents and settingsAll UsersApplication DataLavasoft
2009-07-31 02:35 . 2009-07-31 02:35 d—h-c— c:documents and settingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-31 02:26 . 2009-07-31 02:53 d
c:program filesGoogle
2009-07-31 01:28 . 2009-07-31 01:38 d
c:program filesAd Muncher
2009-07-31 01:28 . 2009-07-31 01:36 d
c:documents and settingsAll UsersApplication DataAd Muncher
2009-07-30 20:43 . 2009-07-30 22:02 d
c:documents and settingsAdminGoogle
2009-07-26 00:49 . 2009-08-02 22:07 13,880 —a
c:windowssystem32driversCOMFiltr.sys
2009-07-26 00:47 . 2009-08-02 14:11 252,676 —a
c:windowssystem32driversAPPFCONT.DAT.bck
2009-07-26 00:47 . 2009-08-02 14:11 252,676 —a
c:windowssystem32driversAPPFCONT.DAT
2009-07-26 00:47 . 2008-06-18 16:06 193,792 —a
c:windowssystem32driversidsflt.sys
2009-07-26 00:47 . 2008-07-11 14:58 158,848 —a
c:windowssystem32driversNETFLTDI.SYS
2009-07-26 00:47 . 2008-04-28 17:35 84,024 —a
c:windowssystem32driverspavdrv51.sys
2009-07-26 00:47 . 2008-06-25 15:42 73,728 —a
c:windowssystem32driversAPPFLT.SYS
2009-07-26 00:47 . 2008-06-18 16:06 52,992 —a
c:windowssystem32driversdsaflt.sys
2009-07-26 00:47 . 2008-06-18 16:06 46,720 —a
c:windowssystem32driverswnmflt.sys
2009-07-26 00:47 . 2008-03-28 11:25 22,072 —a
c:windowssystem32driversfnetmon.sys
2009-07-26 00:47 . 2009-08-02 22:07 1,132 —a
c:windowssystem32driversAPPFLTR.CFG.bck
2009-07-26 00:47 . 2009-08-02 22:07 1,132 —a
c:windowssystem32driversAPPFLTR.CFG
2009-07-26 00:47 . 2009-07-26 00:47 261 —a
c:windowssystem32PavCPL.dat
2009-07-26 00:46 . 2009-07-26 00:46 d
c:windowssystem32PAV
2009-07-26 00:46 . 2009-07-26 00:46 d
c:documents and settingsAll UsersApplication DataPanda Security
2009-07-26 00:46 . 2009-07-26 00:46 d
c:documents and settingsAdminApplication DataPanda Security
2009-07-26 00:46 . 2008-06-18 18:03 520,448 —a
c:windowssystem32PavSHook.dll
2009-07-26 00:46 . 2003-10-22 18:23 446,464 —a
c:windowssystem32HHActiveX.dll
2009-07-26 00:46 . 2008-06-26 11:25 197,888 —a
c:windowssystem32driversneti1634.sys
2009-07-26 00:46 . 2008-06-24 14:48 193,280 —a
c:windowssystem32TpUtil.dll
2009-07-26 00:46 . 2007-02-08 11:53 107,568 —a
c:windowssystem32SYSTOOLS.DLL
2009-07-26 00:46 . 2009-03-17 19:07 87,296 —a
c:windowssystem32PavLspHook.dll
2009-07-26 00:46 . 2008-03-18 16:58 58,672 —a
c:windowssystem32avldr.dll
2009-07-26 00:46 . 2008-06-18 18:03 55,552 —a
c:windowssystem32pavipc.dll
2009-07-26 00:46 . 2007-03-15 19:38 54,832 —a
c:windowssystem32pavcpl.cpl
2009-07-26 00:46 . 2008-06-19 17:24 28,544 —a
c:windowssystem32driverspavboot.sys
2009-07-26 00:45 . 2009-07-26 00:45 d
c:program filesCommon FilesPanda Security
2009-07-26 00:45 . 2008-02-07 12:03 179,640 —a
c:windowssystem32driversPavProc.sys
2009-07-26 00:45 . 2008-03-04 15:59 41,144 —a
c:windowssystem32driversShlDrv51.sys
2009-07-23 12:02 . 2009-07-23 12:02 d
c:documents and settingsAll UsersApplication DataAdobe Systems
2009-07-23 11:59 . 2009-07-23 11:59 d
c:program filesCommon FilesAdobe Systems Shared
2009-07-22 20:10 . 2009-07-22 20:10 d
c:documents and settingsanimcktfMes documents
2009-07-22 20:10 . 2009-07-22 20:10 d
c:documents and settingsanimcktf
2009-07-21 22:43 . 2009-07-21 22:43 d
c:program filesRambler Assistant
2009-07-21 22:43 . 2009-07-21 22:43 d
c:documents and settingsAdminApplication Datarambler.ru
2009-07-21 22:36 . 2009-07-21 22:47 d
c:program filesICQ6.5
2009-07-05 03:01 . 2009-07-05 03:50 23 —a
c:windowsBlendSettings.ini.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 18:07
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-08-01 16:00
d
w c:program filesWindows Sidebar
2009-08-01 16:00
d
w c:program filesTotal Commander
2009-08-01 16:00
d
w c:program filesSkype
2009-07-27 16:39
d
w c:documents and settingsAdminApplication DataAny DVD Converter Professional
2009-07-25 20:46
d—h—w c:program filesInstallShield Installation Information
2009-07-25 20:46
d
w c:program filesPanda Security
2009-07-23 07:59
d
w c:program filesCommon FilesAdobe
2009-07-21 18:37
d
w c:program filesICQ6
2009-07-02 21:58
d
w c:program filesAudiograbber
2009-06-25 10:50
d
w c:program filesUnlocker
2009-06-20 19:35
d
w c:documents and settingsAdminApplication DataSkype
2009-06-20 19:34
d
w c:documents and settingsAdminApplication DataskypePM
2009-06-13 08:43 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2009-06-13 08:43 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-06-13 08:43 103,736 —-a-w c:windowssystem32PnkBstrB.exe
2009-06-08 16:31
d
w c:program filesDump.Ru
2009-06-05 17:05
d
w c:program filesCommon FilesWise Installation Wizard
2009-05-22 23:37 98,304 —-a-w c:windowssystem32qttask.exe
2009-05-14 18:10 87,608 —-a-w c:documents and settingsAdminApplication Datainst.exe
2009-05-14 18:10 47,360 —-a-w c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-05 22:31 2,402,304 —-a-w c:windowssystem32x264vfw.dll
2008-08-03 16:29 1,840,488 —-a-w c:program filesUTool.exe
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
2008-04-14 18:40 161,513 —sha-r c:windowssystem32uibudqew.dll
2009-02-10 17:21 7,248 —sha-r c:windowsXPLifeBackupZeroold1.reg
2009-02-10 17:21 32,454 —sha-r c:windowsXPLifeBackupZeroold2.reg
2008-04-14 18:40 1,571,840 —sha-r c:windowsXPLifeBackupZerosfcfiles.dll
2008-04-14 18:40 219,648 —sha-r c:windowsXPLifeBackupZerouxtheme.dll
2008-04-14 18:38 1,054,208 —sha-r c:windowsXPLifeComBackupcomctl32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-17 1266992][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2009-02-10 30208]
«Sidebar»=»c:program filesWindows SidebarSidebar.exe» [2008-12-15 1272320]
«UberIcon»=»c:windowsXPLifeProgramsUberIconUberIcon.exe» [2008-12-15 167936]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3271680]
«DumpRuUploader»=»c:program filesDump.RuDumpRuUploader.exe» [2009-06-08 296448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-05-01 843776]
«ioCentre»=»c:geniusioCentregTaskBar.exe» [2006-12-08 241664]
«RemoteControl8″=»c:program filesCyberLinkPowerDVD8PDVD8Serv.exe» [2008-03-20 83240]
«PDVD8LanguageShortcut»=»c:program filesCyberLinkPowerDVD8LanguageLanguage.exe» [2007-12-14 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-05-19 91432]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.21RivaTuner.exe» [2008-12-10 2732032]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-12 148888]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-05-01 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-05-01 13750272]
«APVXDWIN»=»c:program filesPanda SecurityPanda Global Protection 2009APVXDWIN.EXE» [2009-07-15 881920]
«SCANINICIO»=»c:program filesPanda SecurityPanda Global Protection 2009Inicio.exe» [2008-07-07 50432]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2009-01-27 834560]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2009-07-22 1181064]
«nwiz»=»nwiz.exe» [2009-05-01 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2009-02-10 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2008-09-17 09:05 210168 c:program filesStardockObject DesktopWindowBlindsWbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 16:58 58672 c:windowssystem32avldr.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=wbsys.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.hfyu»= huffyuv.dll
«msacm.sl_anet»= c:progra~1ACEMEG~1SystemSsl_anet.acm
«msacm.divxa32″= divxa32.acm
«vidc.iyuv»= c:progra~1ACEMEG~1SystemSInteliyuv_32.dll
«vidc.yvu9″= c:progra~1ACEMEG~1SystemSIntelIyvu9_32.dll
«vidc.uyvy»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yuy2″= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yvyu»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«msacm.msaudio1″= c:progra~1ACEMEG~1SystemSMICROS~1msaud32.acm
«vidc.3ivx»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv0″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv1″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv2″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3ivd»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«d:\Games 2\Grand Theft Auto IV\LaunchGTAIV.exe»=
«d:\Games 2\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Golden FTP Server Pro\GFTPpro.exe»=
«c:\Program Files\KVIrc\kvirc.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Program Files\Cerberus\Cerberus.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«4020:TCP»= 4020:TCP:deamhkeqR0 DigiFilter;DigiFilter;c:windowssystem32driversDigiFilt.sys [2009-03-31 16384]
R0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys [2009-07-31 64160]
R0 pavboot;Panda boot driver;c:windowssystem32Driverspavboot.sys [2009-07-26 28544]
R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-08-01 130936]
R1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2009-04-24 3110512]
R1 APPFLT;App Filter Plugin;??c:windowssystem32DriversAPPFLT.SYS [2009-07-26 73728]
R1 DSAFLT;DSA Filter Plugin;??c:windowssystem32DriversDSAFLT.SYS [2009-07-26 52992]
R1 FNETMON;NetMon Filter Plugin;??c:windowssystem32Driversfnetmon.SYS [2009-07-26 22072]
R1 IDSFLT;Ids Filter Plugin;??c:windowssystem32DriversIDSFLT.SYS [2009-07-26 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];??c:windowssystem32DriversNETFLTDI.SYS [2009-07-26 00:47:03 158848]
R1 pctgntdi;pctgntdi;??c:windowssystem32driverspctgntdi.sys [2009-08-01 159600]
R1 ShldDrv;Panda File Shield Driver;c:windowssystem32DRIVERSShlDrv51.sys [2009-07-26 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;??c:windowssystem32DriversWNMFLT.SYS [2009-07-26 46720]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};??c:program filesCyberLinkPowerDVD8000.fcl [2008-05-15 13:07:00 61424]
R2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost -k Panda []
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;»c:program filesLavasoftAd-AwareAAWService.exe» [2009-07-03 1029456]
R2 PavProc;Panda Process Protection Driver;??c:windowssystem32DRIVERSPavProc.sys [2009-07-26 179640]
R2 PskSvcRetail;Panda PSK service;»c:program filesPanda SecurityPanda Global Protection 2009PskSvc.exe» [2009-07-26 28928]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2009-08-01 348752]
R3 AvFlt;Antivirus Filter Driver;c:windowssystem32driversav5flt.sys []
R3 gHidPnp;USB Device Enhanced Function Driver;c:windowssystem32DriversgHidPnp.Sys [2008-12-26 14848]
R3 gMouUsb;USB Mouse Device Drv;c:windowssystem32DRIVERSgMouUsb.sys [2008-12-26 9984]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:windowssystem32DRIVERSneti1634.sys [2009-07-26 197888]
R3 PavSRK.sys;PavSRK.sys;??c:windowssystem32PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;??c:windowssystem32PavTPK.sys []
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc []
S2 gupdate1ca1164cae9936c;Google Update Service (gupdate1ca1164cae9936c);»c:program filesGoogleUpdateGoogleUpdate.exe» /svc [2009-07-31 133104]
S2 kbrrna;Security Center;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S2 ocxobwf;Installer Support;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-11-13 9216][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
panda REG_MULTI_SZ GwmsrvHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ocxobwf*Newly Created Service* — CATCHME
.
Contents of the ‘Scheduled Tasks’ folder2009-07-30 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-07-03 18:49]2009-08-02 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]2009-08-02 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru?clid=27130
mStart Page = hxxp://www.yandex.ru?clid=27130
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Перевести — c:program filesArsenal CompanySOCRAT InternetHTMLWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/dic.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe —
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
TCP: {E85B15CC-E148-49DF-B86A-2FFE78AFE8F6} = 172.16.0.4 172.16.0.2
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine — Rambler
FF — prefs.js: browser.startup.homepage — http://www.yandex.ru
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 22:10:24
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1236)
c:windowssystem32avldr.dll
c:windowssystem32cscui.dll
c:program filesStardockObject DesktopWindowBlindswbsrv.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(1292)
c:windowssystem32relog_ap.dll
.
Completion time: 2009-08-02 22:11:13
ComboFix-quarantined-files.txt 2009-08-02 18:11:06
ComboFix2.txt 2009-08-01 17:58:09Pre-Run: 3 451 559 936 байт свободно
Post-Run: 3,440,336,896 байт свободно302
комбофикс все вылечил, спасибо вам и вашему сайту за помощь!
Зашел в Мозиллу Фаерфокс, оттуда порно баннеры никуда не исчезли, хотя при переключении на Оперу (сижу с нее) они пропадают, да и на рабочем столе они больше не появляются
Если возможно-подскажите как вылечить и Мозиллу, поскольку как дополнительный браузер она очень хорошаЧтобы вылечить Firefox его нужно переустановить.
Если нужно сохранить закладки.
Запустите Firefox, кликните Закладки.
Кликните Управление закладками.
Кликните Файл, выберите пункт Экспорт. После переустановки вы можете зайти в это меню и выбрать Импорт для восстановления закладок.
Запишите файл на ваш рабочий стол.Кликните Пуск, Настройки, Панель управления, Панель удаления и добавления программ.
Удалите Firefox.
Зайдите в папку c:Program Files и удалите папку Mozilla Firefox.
Кликните Пуск, выполнить, введите %appdata% и нажмите Enter.
Откроется папка Application Data. Удалите папку Mozilla.
Скачайте свежйю версию Firefox с сайта http://www.getfirefox.com и установите на компьютер.
- Для ответа в этой теме необходимо авторизоваться.
