Созданные ответы форума
-
Сообщения
-
антивирь нашел одного несчастного трояна удалил и успокоился) комп работает нормально. СПАСИБО. Куда коньяк высылать 😛 И два вопроса стоит ли удалять с компа этот комбофикс? и какой антивирус посоветуете?
Вот лог
ComboFix 09-09-21.04 — udins 22.09.2009 19:42.2.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.954.596 [GMT 4:00]
Running from: c:documents and settingsudinsРабочий столComboFix.exe
Command switches used :: c:documents and settingsudinsРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::
«c:documents and settingsLocalServiceLocal SettingsApplication Dataovotil.dat»
«c:documents and settingsLocalServiceLocal SettingsApplication Datatuceb.dat»
«c:documents and settingsLocalServiceLocal SettingsApplication Datatyvaridih.dat»
«c:documents and settingsudinsLocal SettingsApplication Dataalucicebes.dat»
«c:program filesCommon Filesehajenyri.db»
«c:program filesCommon Filesfipoz._sy»
«c:program filesCommon Fileshalyxes.dat»
«c:program filesCommon Fileshufyleje.dat»
«c:program filesCommon Fileslehoh.lib»
«c:program filesCommon Filesodanewo.lib»
«c:program filesCommon Filesodymej.db»
«c:program filesCommon Filessokyroje.lib»
«c:program filesCommon Filesupehosev.db»
«c:program filesCommon Filesydas.lib»
«c:windowsazuk.com»
«c:windowscicojojun.com»
«c:windowscisa.com»
«c:windowsemeryqi.com»
«c:windowsevawefa.dat»
«c:windowsezequr.dat»
«c:windowsigeqydu.com»
«c:windowsoken.dat»
«c:windowsrogafiwyte.com»
«c:windowssystem32dllcachebeep.sys»
«c:windowssystem32jepu.com»
«c:windowssystem32sawocyt.dat»
«c:windowsxegyj.dat»
«c:windowsxepi.com»
«c:windowszikosihez.com»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:AntivirusPro_2010
c:antiviruspro_2010AntivirusPro_2010.lnk
c:antiviruspro_2010Uninstall.lnk
c:documents and settingsAll Users„®Єг¬Ґвлehifuhoca.vbs
c:documents and settingsAll Users„®Єг¬Ґвлejow.inf
c:documents and settingsAll Users„®Єг¬Ґвлnexopinit.vbs
c:documents and settingsAll Users„®Єг¬Ґвлozoly.bat
c:documents and settingsAll Users„®Єг¬Ґвлxelosy.bat
c:documents and settingsLocalServiceLocal SettingsApplication Dataovotil.dat
c:documents and settingsLocalServiceLocal SettingsApplication Datatuceb.dat
c:documents and settingsLocalServiceLocal SettingsApplication Datatyvaridih.dat
c:documents and settingsudinsLocal SettingsApplication Dataalucicebes.dat
C:PC_Antispyware2010
c:pc_antispyware2010PC_Antispyware2010.lnk
c:pc_antispyware2010Uninstall.lnk
c:program filesCommon Filesehajenyri.db
c:program filesCommon Filesfipoz._sy
c:program filesCommon Fileshalyxes.dat
c:program filesCommon Fileshufyleje.dat
c:program filesCommon Fileslehoh.lib
c:program filesCommon Filesodanewo.lib
c:program filesCommon Filesodymej.db
c:program filesCommon Filessokyroje.lib
c:program filesCommon Filesupehosev.db
c:program filesCommon Filesydas.lib
c:windowsazuk.com
c:windowscicojojun.com
c:windowscisa.com
c:windowsemeryqi.com
c:windowsevawefa.dat
c:windowsezequr.dat
c:windowsigeqydu.com
c:windowsoken.dat
c:windowsrogafiwyte.com
c:windowssystem32jepu.com
c:windowssystem32sawocyt.dat
c:windowsxegyj.dat
c:windowsxepi.com
c:windowszikosihez.com.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.2009-09-20 14:49 . 2003-08-18 00:00 4224
w- c:windowssystem32driversbeep.sys
2009-09-15 16:21 . 2009-09-15 16:21
d
w- c:program filestrend micro
2009-09-15 16:21 . 2009-09-15 16:21
d
w- C:rsit
2009-09-14 20:04 . 2009-09-16 04:49 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-14 20:04 . 2009-09-16 04:49 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-14 20:03 . 2009-09-22 06:25
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-09-14 20:03 . 2009-09-21 19:20 32 —sha-w- c:windowssystem32driversfidbox2.dat
2009-09-14 20:03 . 2009-09-21 19:20 32 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-14 20:03 . 2009-09-14 20:03
d
w- c:program filesKaspersky Lab
2009-09-14 18:44 . 2009-09-14 18:44
d
w- c:documents and settingsudinsApplication DataMalwarebytes
2009-09-14 18:44 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-14 18:44 . 2009-09-14 18:52
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-14 18:44 . 2009-09-14 18:44
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-14 18:44 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 13:58 . 2009-03-14 22:46
d
w- c:documents and settingsAll UsersApplication DataGoogle Updater
2009-09-21 19:20 . 2009-09-14 20:03 32 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-21 19:20 . 2009-09-14 20:03 32 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-17 04:39 . 2009-09-17 04:39 18247 —-a-w- c:documents and settingsAll UsersApplication Dataidot.dat
2009-09-16 04:49 . 2008-01-29 13:29 33808 —-a-w- c:windowssystem32driversklbg.sys
2009-09-10 04:43 . 2009-09-10 04:43 12113 —-a-w- c:program filesCommon Filesboziv.db
2009-09-07 20:36 . 2004-08-03 23:07 42368
w- c:windowssystem32driversAGP440.sys
2009-09-04 08:33 . 2009-03-06 20:03 60567 —-a-w- C:report.zip
2009-08-27 17:02 . 2009-07-03 18:41
d
w- c:program filesDrWeb
2009-08-23 18:46 . 2009-02-15 13:22
d
w- c:documents and settingsudinsApplication DataZoomBrowser EX
2009-08-09 16:58 . 2004-08-18 12:00 70534 —-a-w- c:windowssystem32perfc019.dat
2009-08-09 16:58 . 2004-08-18 12:00 433034 —-a-w- c:windowssystem32perfh019.dat
2009-07-30 18:43 . 2009-01-31 09:01
d
w- c:documents and settingsudinsApplication DataMra
2009-07-06 06:18 . 2009-02-15 16:26 42232 —-a-w- c:documents and settingsudinsLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-03 17:17 . 2009-07-03 17:17 482 —-a-w- C:kfuninst.bat
2009-07-03 16:00 . 2009-01-30 20:06 23804 —-a-w- c:windowssystem32emptyregdb.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-11-16 139264]
«adsm»=»c:program filesKlipFolioadsm.exe» [2008-06-25 223232][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Broadcom Wireless Manager UI»=»c:windowssystem32WLTRAY.exe» [2008-02-01 1863680]
«AzMixerSel»=»c:program filesRealtekAudioInstallShieldAzMixerSel.exe» [2008-06-26 53248]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-07-30 7975608]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-01-22 36352]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2008-05-27 413696]
«ContentTransferWMDetector.exe»=»c:program filesSonyContent TransferContentTransferWMDetector.exe» [2008-07-11 423200]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-10-14 49152]
«hpqSRMon»=»c:program filesHPDigital ImagingbinhpqSRMon.exe» [2007-08-22 80896]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2008-07-01 150040]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2008-07-01 170520]
«Persistence»=»c:windowssystem32igfxpers.exe» [2008-07-01 141848]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-09-16 208616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2008-06-26 16872448][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]c:documents and settingsudinsѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-4-8 830248]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2007-10-14 214360]
ImageMixer 3 SE Camera Monitor for SD.lnk — c:program filesPIXELAImageMixer 3 SE for SDCameraMonitor.exe [2009-2-15 253952]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\Winamp\winamp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\WINDOWS\system32\igfxpers.exe»=
«c:\WINDOWS\system32\igfxsrvc.exe»=
«c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe»=
«c:\WINDOWS\system32\drwtsn32.exe»=
«c:\WINDOWS\System32\winhlp32.exe»=
«c:\Program Files\Google\Update\GoogleUpdate.exe»=
«c:\Program Files\KlipFolio\adsm.exe»=
«c:\WINDOWS\system32\dllhost.exe»=
«c:\WINDOWS\system32\wscntfy.exe»=
«c:\Program Files\HP\HP Software Update\HPWuSchd2.exe»=
«c:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe»=
«c:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe»=
«c:\WINDOWS\system32\defrag.exe»=
«c:\WINDOWS\system32\dfrgntfs.exe»=
«c:\WINDOWS\system32\imapi.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\WINDOWS\system32\igfxtray.exe»=
«c:\Program Files\Winamp\winampa.exe»=
«c:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe»=
«c:\WINDOWS\system32\hkcmd.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe»=
«c:\WINDOWS\system32\dumprep.exe»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\WINDOWS\system32\savedump.exe»=
«c:\WINDOWS\system32\spoolsv.exe»=
«c:\WINDOWS\System32\WLTRYSVC.EXE»=
«c:\WINDOWS\System32\bcmwltry.exe»=
«c:\Program Files\Canon\CAL\CALMAIN.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\msiexec.exe»=
«c:\WINDOWS\system32\wbem\wmiadap.exe»=
«c:\WINDOWS\system32\wbem\wmiprvse.exe»=
«c:\WINDOWS\system32\cmd.exe»=
«c:\WINDOWS\system32\netsh.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 17:29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [30.04.2008 17:06 24592]
S2 gupdate1c9a4f6bc6c0278;Служба Google Update (gupdate1c9a4f6bc6c0278);c:program filesGoogleUpdateGoogleUpdate.exe [15.03.2009 2:46 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder2009-09-02 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-04-11 14:57]2009-09-22 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-14 10:32]2009-09-22 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-14 22:46]2009-09-22 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-14 22:46]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
FF — ProfilePath — c:documents and settingsudinsApplication DataMozillaFirefoxProfiles3w56brxf.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40316
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 19:47
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1196)
c:windowsSystem32BCMLogon.dll
.
Completion time: 2009-09-22 19:48
ComboFix-quarantined-files.txt 2009-09-22 15:48
ComboFix2.txt 2009-09-20 14:59Pre-Run: 32 774 074 368 байт свободно
Post-Run: 32 744 108 032 байт свободно250 — E O F — 2009-04-15 09:00
вот лог. И еще такой вопрос, была нелицензионная винда,теперь т.к. программой пользовались какие то обновления винды, мне выдает вместо заставки черный рабочий стол и надпись что винда не прошла проверку на лецензионность. Можно ли как то это убрать?
ComboFix 09-09-18.02 — udins 20.09.2009 18:43.1.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.954.531 [GMT 4:00]
Running from: c:documents and settingsudinsРабочий столComboFix.exe
Command switches used :: c:documents and settingsudinsРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersДокументыagarubax.dll
c:documents and settingsAll UsersДокументыakeb.exe
c:documents and settingsAll UsersДокументыanusevely.ban
c:documents and settingsAll UsersДокументыbilucasuw.com
c:documents and settingsAll UsersДокументыepypymy.pif
c:documents and settingsAll UsersДокументыeritegaqo.sys
c:documents and settingsAll UsersДокументыfofi.scr
c:documents and settingsAll UsersДокументыgifo.bin
c:documents and settingsAll UsersДокументыifyr._dl
c:documents and settingsAll UsersДокументыixygedy.scr
c:documents and settingsAll UsersДокументыjereh.dll
c:documents and settingsAll UsersДокументыnuja.scr
c:documents and settingsAll UsersДокументыoruqa.sys
c:documents and settingsAll UsersДокументыpojyqagece.dll
c:documents and settingsAll UsersДокументыragugocum.exe
c:documents and settingsAll UsersДокументыtaguhoja.dll
c:documents and settingsAll UsersДокументыuxypec.pif
c:documents and settingsAll UsersДокументыwudodowugu.scr
c:documents and settingsAll UsersДокументыwymuqy.ban
c:documents and settingsAll UsersДокументыyjij.com
c:documents and settingsAll UsersДокументыynafuqo.com
c:documents and settingsAll UsersДокументыzuho.sys
c:documents and settingsAll UsersApplication Dataaferono.exe
c:documents and settingsAll UsersApplication Dataamekamib.bat
c:documents and settingsAll UsersApplication Dataamyrikul.bin
c:documents and settingsAll UsersApplication Datacuzikuxiqu.dl
c:documents and settingsAll UsersApplication Datacytiwucucy.pif
c:documents and settingsAll UsersApplication Dataekoge.reg
c:documents and settingsAll UsersApplication Dataenylet.bin
c:documents and settingsAll UsersApplication Dataeqahyfosus._sy
c:documents and settingsAll UsersApplication Dataitarigapys.lib
c:documents and settingsAll UsersApplication Datakofe.bat
c:documents and settingsAll UsersApplication Datalumopije.scr
c:documents and settingsAll UsersApplication Datalunecetug.dll
c:documents and settingsAll UsersApplication Datalywura.exe
c:documents and settingsAll UsersApplication Datamofovy.com
c:documents and settingsAll UsersApplication Datamutyfura._sy
c:documents and settingsAll UsersApplication Dataogynabat.lib
c:documents and settingsAll UsersApplication Dataovawacuvi.dll
c:documents and settingsAll UsersApplication Dataovybih.sys
c:documents and settingsAll UsersApplication Dataoxihyjegeq.reg
c:documents and settingsAll UsersApplication Datapabacym.sys
c:documents and settingsAll UsersApplication Datapupubax.reg
c:documents and settingsAll UsersApplication Dataqihyqevo.com
c:documents and settingsAll UsersApplication Datasoqubef.bin
c:documents and settingsAll UsersApplication Datasumitohype.inf
c:documents and settingsAll UsersApplication Datatixyzun.bat
c:documents and settingsAll UsersApplication Datatuqivoja.sys
c:documents and settingsAll UsersApplication Dataujohi.dl
c:documents and settingsAll UsersApplication Datavymyhec.vbs
c:documents and settingsAll UsersApplication Datayduzope.reg
c:documents and settingsAll UsersApplication Dataywubape.inf
c:documents and settingsAll UsersApplication Datazojevew.sys
c:documents and settingsAll Users„®Єг¬Ґвлehifuhoca.vbs
c:documents and settingsAll Users„®Єг¬Ґвлejow.inf
c:documents and settingsAll Users„®Єг¬Ґвлnexopinit.vbs
c:documents and settingsAll Users„®Єг¬Ґвлozoly.bat
c:documents and settingsAll Users„®Єг¬Ґвлxelosy.bat
c:documents and settingsLocalServiceApplication Dataeguca._sy
c:documents and settingsLocalServiceApplication Dataemyjip.com
c:documents and settingsLocalServiceApplication Dataepynated._sy
c:documents and settingsLocalServiceApplication Datafuxuhynol.sys
c:documents and settingsLocalServiceApplication Datagunosemaro.pif
c:documents and settingsLocalServiceApplication Dataikibywi.sys
c:documents and settingsLocalServiceApplication Datairycily.inf
c:documents and settingsLocalServiceApplication Dataixiloxiwig.sys
c:documents and settingsLocalServiceApplication Dataluzobyt.bin
c:documents and settingsLocalServiceApplication Dataoparolo.exe
c:documents and settingsLocalServiceApplication Datapyxo.exe
c:documents and settingsLocalServiceApplication Datarywodawexu.com
c:documents and settingsLocalServiceApplication Dataumudyqofe._dl
c:documents and settingsLocalServiceApplication Datauqinoponod.com
c:documents and settingsLocalServiceApplication Datausiwujyze.pif
c:documents and settingsLocalServiceApplication Datauvimygozo._dl
c:documents and settingsLocalServiceApplication Datawovi.exe
c:documents and settingsLocalServiceCookiesibadikah.com
c:documents and settingsLocalServiceCookiesmagakosyl.dat
c:documents and settingsLocalServiceCookiesnipameb.dat
c:documents and settingsLocalServiceCookiesnore.bin
c:documents and settingsLocalServiceCookiesojitun.reg
c:documents and settingsLocalServiceCookiespohaqi.scr
c:documents and settingsLocalServiceCookiesqavatag.bat
c:documents and settingsLocalServiceCookiessaxewequbo.ban
c:documents and settingsLocalServiceCookiestekuhum.scr
c:documents and settingsLocalServiceCookiesukep.dl
c:documents and settingsLocalServiceCookiesulujatym.scr
c:documents and settingsLocalServiceCookiesycoqybi.bin
c:documents and settingsLocalServiceCookiesyfekitixa.sys
c:documents and settingsLocalServiceLocal SettingsApplication Dataabyvig._sy
c:documents and settingsLocalServiceLocal SettingsApplication Dataaligyzugi.sys
c:documents and settingsLocalServiceLocal SettingsApplication Datadokowep.exe
c:documents and settingsLocalServiceLocal SettingsApplication Datagixemi._dl
c:documents and settingsLocalServiceLocal SettingsApplication Dataibeqy.ban
c:documents and settingsLocalServiceLocal SettingsApplication Dataizehafys.dl
c:documents and settingsLocalServiceLocal SettingsApplication Datalefy.inf
c:documents and settingsLocalServiceLocal SettingsApplication Dataliqudiry.inf
c:documents and settingsLocalServiceLocal SettingsApplication Datamygy.dll
c:documents and settingsLocalServiceLocal SettingsApplication Dataogywofyr.exe
c:documents and settingsLocalServiceLocal SettingsApplication Datapaletygipi.com
c:documents and settingsLocalServiceLocal SettingsApplication Datatewucevyte.vbs
c:documents and settingsLocalServiceLocal SettingsApplication Dataufyg.dll
c:documents and settingsLocalServiceLocal SettingsApplication Datayhunyneg.dl
c:documents and settingsLocalServiceLocal SettingsApplication Datayjop.com
c:documents and settingsLocalServiceLocal SettingsApplication Datayrakuhezir.exe
c:documents and settingsLocalServiceLocal SettingsApplication Datazemuko.reg
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesalor.dl
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesgyderoquj.inf
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesgyfuhog.reg
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Fileshokeret.db
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesijabu.vbs
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesogomam.db
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesolewaripox.scr
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesovowepino.bin
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filespibumocyku._sy
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesryhacab.vbs
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesteqynoq.bat
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesutogome.vbs
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesvahus.dll
c:documents and settingsLocalServiceLocal SettingsTemporary Internet Filesyfufot.bin
c:documents and settingsLocalServiceoashdihasidhasuidhiasdhiashdiuasdhasd
c:documents and settingsudinsApplication Databyker.pif
c:documents and settingsudinsApplication Dataderypy.scr
c:documents and settingsudinsApplication Datagamy._sy
c:documents and settingsudinsApplication Datagebyfeqabu.com
c:documents and settingsudinsApplication Datailaboxaxoh.sys
c:documents and settingsudinsApplication Datakidymimulo.bin
c:documents and settingsudinsApplication Dataolyru.pif
c:documents and settingsudinsApplication Datapexowuby.pif
c:documents and settingsudinsApplication Dataqovezur.lib
c:documents and settingsudinsApplication Datatidutozexa.bat
c:documents and settingsudinsApplication Datawewubyda.inf
c:documents and settingsudinsApplication Dataybuti.pif
c:documents and settingsudinsApplication Datayqys.pif
c:documents and settingsudinsApplication Dataysirasu.scr
c:documents and settingsudinsApplication Dataysuwagox.pif
c:documents and settingsudinsApplication Datazevuqamov.exe
c:documents and settingsudinsCookiesapis.lib
c:documents and settingsudinsCookiesawomapocel.bat
c:documents and settingsudinsCookiesbotymebaca.dll
c:documents and settingsudinsCookiesciqohohupu.com
c:documents and settingsudinsCookiescupaz.dll
c:documents and settingsudinsCookiesdagiziro.bin
c:documents and settingsudinsCookiesecugifaw.vbs
c:documents and settingsudinsCookieseval.lib
c:documents and settingsudinsCookiesfaqeju.inf
c:documents and settingsudinsCookiesfepywu.ban
c:documents and settingsudinsCookiesfuzixedaqa.com
c:documents and settingsudinsCookiesgedy.dll
c:documents and settingsudinsCookiesidelyqar.bin
c:documents and settingsudinsCookiesikifehuta.scr
c:documents and settingsudinsCookiesobocylugi.vbs
c:documents and settingsudinsCookiespize.db
c:documents and settingsudinsCookiesrucijulo.com
c:documents and settingsudinsCookiessejoboduju.dl
c:documents and settingsudinsCookiessymywirima.db
c:documents and settingsudinsCookiestofyfotaj.sys
c:documents and settingsudinsCookiestogagyhuw._dl
c:documents and settingsudinsCookiestoja.com
c:documents and settingsudinsCookiestuma._dl
c:documents and settingsudinsCookiestygotud.lib
c:documents and settingsudinsCookiesuxejyj.scr
c:documents and settingsudinsCookiesviwihemeh.vbs
c:documents and settingsudinsCookieswowygynov.com
c:documents and settingsudinsCookiesylelaze.inf
c:documents and settingsudinsCookiesynigij.inf
c:documents and settingsudinsLocal SettingsApplication Databagycike.pif
c:documents and settingsudinsLocal SettingsApplication Databerutum._sy
c:documents and settingsudinsLocal SettingsApplication Datacixumima.exe
c:documents and settingsudinsLocal SettingsApplication Datacuvyxojyr.inf
c:documents and settingsudinsLocal SettingsApplication Dataexor.dl
c:documents and settingsudinsLocal SettingsApplication Datafawyhiqyw.exe
c:documents and settingsudinsLocal SettingsApplication Datagoji.dll
c:documents and settingsudinsLocal SettingsApplication Datahebovuf._dl
c:documents and settingsudinsLocal SettingsApplication Datalavecuxyre.exe
c:documents and settingsudinsLocal SettingsApplication Dataludydyde.exe
c:documents and settingsudinsLocal SettingsApplication Datanojazizahe.reg
c:documents and settingsudinsLocal SettingsApplication Dataokyly.vbs
c:documents and settingsudinsLocal SettingsApplication Dataqywuzykeru.exe
c:documents and settingsudinsLocal SettingsApplication Datasowusyjyba.ban
c:documents and settingsudinsLocal SettingsApplication Datasyjefawiny.com
c:documents and settingsudinsLocal SettingsApplication Datawosenyhymi._sy
c:documents and settingsudinsLocal SettingsApplication Dataxahaqywido.exe
c:documents and settingsudinsLocal SettingsApplication Dataxajafif.reg
c:documents and settingsudinsLocal SettingsTemporary Internet Filesagemeca.reg
c:documents and settingsudinsLocal SettingsTemporary Internet Filesawuhypiv.vbs
c:documents and settingsudinsLocal SettingsTemporary Internet Filesazepimi.db
c:documents and settingsudinsLocal SettingsTemporary Internet Filesbibalyloq.lib
c:documents and settingsudinsLocal SettingsTemporary Internet Filesewyd.com
c:documents and settingsudinsLocal SettingsTemporary Internet Filesexohidub.ban
c:documents and settingsudinsLocal SettingsTemporary Internet Filesgadypaqel.reg
c:documents and settingsudinsLocal SettingsTemporary Internet Filesgazu.lib
c:documents and settingsudinsLocal SettingsTemporary Internet Filesivej.ban
c:documents and settingsudinsLocal SettingsTemporary Internet Fileskicukebu.com
c:documents and settingsudinsLocal SettingsTemporary Internet Filesmaqy.dl
c:documents and settingsudinsLocal SettingsTemporary Internet Filesocimihive.vbs
c:documents and settingsudinsLocal SettingsTemporary Internet Filesoxodeji.scr
c:documents and settingsudinsLocal SettingsTemporary Internet Filesqererimise.db
c:documents and settingsudinsLocal SettingsTemporary Internet Filessejytanad.reg
c:documents and settingsudinsLocal SettingsTemporary Internet Filessovax.dl
c:documents and settingsudinsLocal SettingsTemporary Internet Filessypowicom.dat
c:documents and settingsudinsLocal SettingsTemporary Internet Filesuhehyjazy.db
c:documents and settingsudinsLocal SettingsTemporary Internet Filesvijedyw.dl
c:documents and settingsudinsLocal SettingsTemporary Internet Filesxeviqig.dl
c:program filesAntivirusPro_2010
c:program filesAntivirusPro_2010AntivirusPro_2010.cfg
c:program filesAntivirusPro_2010AntivirusPro_2010.exe
c:program filesAntivirusPro_2010AVEngn.dll
c:program filesAntivirusPro_2010datadaily.cvd
c:program filesAntivirusPro_2010htmlayout.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTMicrosoft.VC80.CRT.manifest
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcm80.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcp80.dll
c:program filesAntivirusPro_2010Microsoft.VC80.CRTmsvcr80.dll
c:program filesAntivirusPro_2010pthreadVC2.dll
c:program filesAntivirusPro_2010Uninstall.exe
c:program filesAntivirusPro_2010wscui.cpl
c:program filesCommon Filesajimyqyh.bat
c:program filesCommon Filesetafavywap.bat
c:program filesCommon Filesexul.com
c:program filesCommon Filesfaqydemu.vbs
c:program filesCommon Filesfizusubobi.sys
c:program filesCommon Fileskegur.exe
c:program filesCommon Fileskojosynupi.vbs
c:program filesCommon Fileskopohu.sys
c:program filesCommon Fileslefymobat.dll
c:program filesCommon Filesorufabak.exe
c:program filesCommon Filesoxetatenoq.inf
c:program filesCommon Filesozare.ban
c:program filesCommon Filesqezeju.ban
c:program filesCommon Filesqizokycory.dll
c:program filesCommon Filesubepevuvol._dl
c:program filesCommon Filesuciloxemu.ban
c:program filesCommon Filesutifyfihu.ban
c:program filesCommon Filesutivureb.exe
c:program filesCommon Filesvyqijygy.dl
c:program filesCommon Filesywyx.dll
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:windowsalopy.pif
c:windowsbemoxy.reg
c:windowscamerad._dl
c:windowscexy.sys
c:windowsfowe.sys
c:windowsguxety.dl
c:windowshuwulidify.reg
c:windowsideqacu.bat
c:windowsidozuteg.scr
c:windowsihafuzirug.sys
c:windowsikuvam.pif
c:windowsInstaller460e9.msi
c:windowsitorev.dl
c:windowsitup.bin
c:windowskexytyloq._dl
c:windowskisanavuhu.dll
c:windowskizamon._dl
c:windowslaqyqiciky.exe
c:windowslatupihamo.ban
c:windowsocowyc.vbs
c:windowsodupety.scr
c:windowsoqabiritor.sys
c:windowsoqyzikyziz.exe
c:windowspejuzuluty.exe
c:windowspiga.bin
c:windowsqexyxa.dll
c:windowsqisijevu.vbs
c:windowsrity.dl
c:windowsrofameb.reg
c:windowssystem_sv_CMD_
c:windowssystem32_000110_.tmp.dll
c:windowssystem32_scui.cpl
c:windowssystem32acuw.pif
c:windowssystem32asiquhilis.bin
c:windowssystem32binaxuqaxe.pif
c:windowssystem32braviax.exe
c:windowssystem32dllcachefigaro.sys
c:windowssystem32dogy.inf
c:windowssystem32drivers87126833.sys
c:windowssystem32edamutoger.pif
c:windowssystem32icejapyke.vbs
c:windowssystem32icubobibad.pif
c:windowssystem32ieuinit.inf
c:windowssystem32ifoxalagoc.pif
c:windowssystem32isasokus.pif
c:windowssystem32ixahusuf.inf
c:windowssystem32lyqicuxo.sys
c:windowssystem32mynovoj.dl
c:windowssystem32ojanatac.exe
c:windowssystem32qeniz.scr
c:windowssystem32rawa.inf
c:windowssystem32sutysohy.sys
c:windowssystem32uhewiqoq.bat
c:windowssystem32umypisyp.sys
c:windowssystem32uxubegiw.inf
c:windowssystem32uzora.inf
c:windowssystem32voqijama.exe
c:windowssystem32wisdstr.exe
c:windowssystem32ysodevob.sys
c:windowstuqogan.scr
c:windowsufoboceg.reg
c:windowsuhoxe.vbs
c:windowsxivi.dll
c:windowsycoqad.pif
c:windowsydep.inf
c:windowsyfixotaxah.exe
c:windowsysune.exe
c:windowszivupo.exe
c:windowszuro._dlInfected copy of c:windowssystem32driversntfs.sys was found and disinfected
Restored copy from — c:system volume information_restore{C2116C02-AC9D-4BA8-A6FD-820A35C7911A}RP36A0004077.sysInfected copy of c:windowssystem32driversbeep.sys was found and disinfected
Restored copy from — c:system volume information_restore{C2116C02-AC9D-4BA8-A6FD-820A35C7911A}RP36A0004075.sysInfected copy of c:windowssystem32driversAGP440.sys was found and disinfected
Restored copy from — c:system volume information_restore{C2116C02-AC9D-4BA8-A6FD-820A35C7911A}RP44A0006540.sys.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ACPI32
Legacy_FIPS32CUP
Legacy_I386SI
Legacy_NETSIK
Legacy_NICSK32
Legacy_PORT135SIK
Legacy_SECURENTM
Legacy_SYSTEMNTMI
Legacy_WS2_32SIK
Service_87126833((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.2009-09-20 14:49 . 2003-08-18 00:00 4224 —-a-w- c:windowssystem32driversbeep.sys
2009-09-20 12:15 . 2009-09-20 12:15 19851 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Datatuceb.dat
2009-09-20 12:15 . 2009-09-20 12:15 16494 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Datatyvaridih.dat
2009-09-20 12:15 . 2009-09-20 12:15 10690 —-a-w- c:windowscicojojun.com
2009-09-20 12:12 . 2009-09-20 12:12 28672 -c—a-w- c:windowssystem32dllcachebeep.sys
2009-09-17 04:39 . 2009-09-17 04:39 17943 —-a-w- c:windowsxepi.com
2009-09-17 04:39 . 2009-09-17 04:39
d
w- C:AntivirusPro_2010
2009-09-15 16:21 . 2009-09-15 16:21
d
w- c:program filestrend micro
2009-09-15 16:21 . 2009-09-15 16:21
d
w- C:rsit
2009-09-14 20:04 . 2009-09-16 04:49 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-14 20:04 . 2009-09-16 04:49 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-14 20:03 . 2009-09-20 14:53 32 —sha-w- c:windowssystem32driversfidbox2.dat
2009-09-14 20:03 . 2009-09-20 14:53 32 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-14 20:03 . 2009-09-20 12:10
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-09-14 20:03 . 2009-09-14 20:03
d
w- c:program filesKaspersky Lab
2009-09-14 20:03 . 2009-09-14 20:04
d
w- c:windowsLastGood.Tmp
2009-09-14 18:44 . 2009-09-14 18:44
d
w- c:documents and settingsudinsApplication DataMalwarebytes
2009-09-14 18:44 . 2009-09-10 10:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-14 18:44 . 2009-09-14 18:52
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-14 18:44 . 2009-09-14 18:44
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-09-14 18:44 . 2009-09-10 10:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-10 04:43 . 2009-09-10 04:43 10091 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication Dataovotil.dat
2009-09-03 04:39 . 2009-09-03 04:39 17874 —-a-w- c:windowsazuk.com
2009-09-03 04:39 . 2009-09-03 04:39 17362 —-a-w- c:program filesCommon Fileshufyleje.dat
2009-09-03 04:39 . 2009-09-03 04:39 16589 —-a-w- c:windowszikosihez.com
2009-09-03 04:39 . 2009-09-03 04:39 15104 —-a-w- c:windowscisa.com
2009-08-27 17:05 . 2009-08-27 17:05 17831 —-a-w- c:program filesCommon Fileshalyxes.dat
2009-08-27 17:05 . 2009-08-27 17:05 12047 —-a-w- c:windowsevawefa.dat
2009-08-27 17:05 . 2009-08-27 17:05 11098 —-a-w- c:windowssystem32sawocyt.dat
2009-08-27 17:04 . 2009-08-27 17:04 14136 —-a-w- c:windowsxegyj.dat
2009-08-27 17:04 . 2009-08-27 17:04 11884 —-a-w- c:windowssystem32jepu.com
2009-08-27 17:04 . 2009-08-27 17:04 15941 —-a-w- c:windowsigeqydu.com
2009-08-26 07:43 . 2009-08-26 07:43 17588 —-a-w- c:windowsrogafiwyte.com
2009-08-26 07:43 . 2009-08-26 07:43 12232 —-a-w- c:windowsoken.dat
2009-08-26 07:42 . 2009-08-26 07:42 10182 —-a-w- c:windowsemeryqi.com
2009-08-26 07:41 . 2009-08-26 07:41
d
w- C:PC_Antispyware2010
2009-08-25 14:58 . 2009-08-25 14:58 11825 —-a-w- c:documents and settingsudinsLocal SettingsApplication Dataalucicebes.dat
2009-08-25 14:58 . 2009-08-25 14:58 11618 —-a-w- c:windowsezequr.dat.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 14:53 . 2009-09-14 20:03 32 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-20 14:53 . 2009-09-14 20:03 32 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-20 12:15 . 2009-09-20 12:15 19548 —-a-w- c:program filesCommon Filesupehosev.db
2009-09-20 12:15 . 2009-09-20 12:15 15834 —-a-w- c:program filesCommon Filesodymej.db
2009-09-20 11:56 . 2009-03-14 22:46
d
w- c:documents and settingsAll UsersApplication DataGoogle Updater
2009-09-17 04:39 . 2009-09-17 04:39 18247 —-a-w- c:documents and settingsAll UsersApplication Dataidot.dat
2009-09-16 04:49 . 2008-01-29 13:29 33808 —-a-w- c:windowssystem32driversklbg.sys
2009-09-10 04:43 . 2009-09-10 04:43 12113 —-a-w- c:program filesCommon Filesboziv.db
2009-09-07 20:36 . 2004-08-03 23:07 42368 —-a-w- c:windowssystem32driversAGP440.sys
2009-09-04 08:33 . 2009-03-06 20:03 60567 —-a-w- C:report.zip
2009-09-03 04:39 . 2009-09-03 04:39 16054 —-a-w- c:program filesCommon Filesehajenyri.db
2009-08-27 17:05 . 2009-08-27 17:05 11483 —-a-w- c:program filesCommon Filesodanewo.lib
2009-08-27 17:04 . 2009-08-27 17:04 10302 —-a-w- c:program filesCommon Fileslehoh.lib
2009-08-27 17:02 . 2009-07-03 18:41
d
w- c:program filesDrWeb
2009-08-26 07:43 . 2009-08-26 07:43 15562 —-a-w- c:program filesCommon Filesydas.lib
2009-08-26 07:42 . 2009-08-26 07:42 10149 —-a-w- c:program filesCommon Filessokyroje.lib
2009-08-25 14:58 . 2009-08-25 14:58 12372 —-a-w- c:program filesCommon Filesfipoz._sy
2009-08-23 18:46 . 2009-02-15 13:22
d
w- c:documents and settingsudinsApplication DataZoomBrowser EX
2009-08-09 16:58 . 2004-08-18 12:00 70534 —-a-w- c:windowssystem32perfc019.dat
2009-08-09 16:58 . 2004-08-18 12:00 433034 —-a-w- c:windowssystem32perfh019.dat
2009-07-30 18:43 . 2009-01-31 09:01
d
w- c:documents and settingsudinsApplication DataMra
2009-07-06 06:18 . 2009-02-15 16:26 42232 —-a-w- c:documents and settingsudinsLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-03 17:17 . 2009-07-03 17:17 482 —-a-w- C:kfuninst.bat
2009-07-03 16:00 . 2009-01-30 20:06 23804 —-a-w- c:windowssystem32emptyregdb.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-11-16 139264]
«adsm»=»c:program filesKlipFolioadsm.exe» [2008-06-25 223232][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Broadcom Wireless Manager UI»=»c:windowssystem32WLTRAY.exe» [2008-02-01 1863680]
«AzMixerSel»=»c:program filesRealtekAudioInstallShieldAzMixerSel.exe» [2008-06-26 53248]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-07-30 7975608]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-01-22 36352]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2008-05-27 413696]
«ContentTransferWMDetector.exe»=»c:program filesSonyContent TransferContentTransferWMDetector.exe» [2008-07-11 423200]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-10-14 49152]
«hpqSRMon»=»c:program filesHPDigital ImagingbinhpqSRMon.exe» [2007-08-22 80896]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2008-07-01 150040]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2008-07-01 170520]
«Persistence»=»c:windowssystem32igfxpers.exe» [2008-07-01 141848]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-09-16 208616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2008-06-26 16872448][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360]c:documents and settingsudinsѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-4-8 830248]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2007-10-14 214360]
ImageMixer 3 SE Camera Monitor for SD.lnk — c:program filesPIXELAImageMixer 3 SE for SDCameraMonitor.exe [2009-2-15 253952]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\Winamp\winamp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\WINDOWS\system32\igfxpers.exe»=
«c:\WINDOWS\system32\igfxsrvc.exe»=
«c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe»=
«c:\WINDOWS\system32\drwtsn32.exe»=
«c:\WINDOWS\System32\winhlp32.exe»=
«c:\Program Files\Google\Update\GoogleUpdate.exe»=
«c:\Program Files\KlipFolio\adsm.exe»=
«c:\WINDOWS\system32\dllhost.exe»=
«c:\WINDOWS\system32\wscntfy.exe»=
«c:\Program Files\HP\HP Software Update\HPWuSchd2.exe»=
«c:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe»=
«c:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe»=
«c:\WINDOWS\system32\defrag.exe»=
«c:\WINDOWS\system32\dfrgntfs.exe»=
«c:\WINDOWS\system32\imapi.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\WINDOWS\system32\igfxtray.exe»=
«c:\Program Files\Winamp\winampa.exe»=
«c:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe»=
«c:\WINDOWS\system32\hkcmd.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe»=
«c:\WINDOWS\system32\dumprep.exe»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\WINDOWS\system32\savedump.exe»=
«c:\WINDOWS\system32\spoolsv.exe»=
«c:\WINDOWS\System32\WLTRYSVC.EXE»=
«c:\WINDOWS\System32\bcmwltry.exe»=
«c:\Program Files\Canon\CAL\CALMAIN.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\WINDOWS\system32\msiexec.exe»=
«c:\WINDOWS\system32\wbem\wmiadap.exe»=
«c:\WINDOWS\system32\wbem\wmiprvse.exe»=
«c:\WINDOWS\system32\cmd.exe»=
«c:\WINDOWS\system32\netsh.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 17:29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [30.04.2008 17:06 24592]
S2 gupdate1c9a4f6bc6c0278;Служба Google Update (gupdate1c9a4f6bc6c0278);c:program filesGoogleUpdateGoogleUpdate.exe [15.03.2009 2:46 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder2009-09-02 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-04-11 14:57]2009-09-20 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-14 10:32]2009-09-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-14 22:46]2009-09-20 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-03-14 22:46]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
FF — ProfilePath — c:documents and settingsudinsApplication DataMozillaFirefoxProfiles3w56brxf.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40316
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 18:55
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1192)
c:windowsSystem32BCMLogon.dll— — — — — — — > ‘explorer.exe'(3612)
c:program filesYandexPunto Switcherpshook.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32savedump.exe
c:windowssystem32WgaTray.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32BCMWLTRY.EXE
c:program filesCanonCALCALMAIN.exe
c:windowssystem32igfxsrvc.exe
c:program filesCommon FilesAheadLibNMIndexStoreSvr.exe
c:windowssystem32wscntfy.exe
c:program filesHPDigital Imagingbinhpqste08.exe
c:progra~1HPDIGITA~1binhpqbam08.exe
c:progra~1HPDIGITA~1binhpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-09-20 18:59 — machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 14:59Pre-Run: 30 500 126 720 байт свободно
Post-Run: 33 177 358 336 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect566 — E O F — 2009-04-15 09:00
Вот что выдалось
Running from: C:Documents and SettingsudinsÐàáî÷èé ñòîëWin32kDiag.exe
Log file at : C:Documents and SettingsudinsРабочий столWin32kDiag.txt
WARNING: Could not get backup privileges!
Searching ‘C:WINDOWS’…
Cannot access: C:WINDOWSsystem32drivers87126833.sys
[1] 2009-09-18 20:30:41 47744 C:WINDOWSsystem32drivers87126833.sys ()
Finished!
