Созданные ответы форума
-
Сообщения
-
ComboFix 09-10-05.01 — Anton 06.10.2009 18:37.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1545 [GMT 4:00]
Running from: c:downloadsComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAntonApplication DataMicrosoftClip Organizermstore10.mgc
c:documents and settingsAntonApplication DataMicrosoftClip OrganizerOffic10.MGC
c:documents and settingsAntonCookiesuserlib.dll
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney AdvisortbHElper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:windowsFonts.reg
c:windowssystem32sm.exe
c:windowsTasks{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:windowsTemptmp3.tmp
d:docume~1EXBooksEro7BAB~1.exe.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_gxvxcserv.sys
Legacy_NPF
Service_gxvxcserv.sys((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.2009-10-05 19:14 . 2009-10-05 19:14
d
w- c:documents and settingsAntonLocal SettingsApplication DataLabcenter Electronics
2009-10-05 19:12 . 2009-10-05 19:12
d
w- c:program filesCommon FilesLabcenter Electronics
2009-10-05 19:12 . 2007-06-24 08:19 1048576 —-a-w- c:windowssystem32ROBOEX32.DLL
2009-10-05 19:12 . 2007-06-24 08:19 54784 —-a-w- c:windowssystem32INETWH32.DLL
2009-10-05 19:11 . 2009-10-05 19:11
d
w- c:program filesLabcenter Electronics
2009-10-05 19:10 . 2009-10-05 19:10
d
w- c:documents and settingsAntonApplication DataInstallShield
2009-10-05 18:01 . 2001-02-28 22:15 6144 —-a-w- c:windowssystem32driversIOPORT.SYS
2009-10-05 18:01 . 2009-10-05 18:01
d
w- C:cvavr
2009-10-05 18:00 . 1997-03-25 01:02 906784 —-a-w- c:windowssystem32OWL52F.DLL
2009-10-05 18:00 . 1997-03-25 01:02 82976 —-a-w- c:windowssystem32BDS52F.DLL
2009-10-05 18:00 . 1997-03-25 01:02 303104 —-a-w- c:windowssystem32CW3230.DLL
2009-10-05 18:00 . 2009-10-05 19:05
d
w- C:VMLAB
2009-10-05 18:00 . 1996-11-05 12:13 299008 —-a-w- c:windowsuninst.exe
2009-10-05 17:59 . 2009-10-05 17:59
d
w- c:documents and settingsAntonWINDOWS
2009-10-04 15:39 . 2009-10-04 15:39
d
w- C:rsit
2009-10-04 15:12 . 2009-10-04 15:12
d
w- c:program filesTrend Micro
2009-10-01 16:08 . 2009-09-04 13:44 515416 —-a-w- c:windowssystem32XAudio2_5.dll
2009-10-01 16:08 . 2009-09-04 13:44 238936 —-a-w- c:windowssystem32xactengine3_5.dll
2009-10-01 16:08 . 2009-09-04 13:29 1974616 —-a-w- c:windowssystem32D3DCompiler_42.dll
2009-10-01 16:08 . 2009-09-04 13:29 5501792 —-a-w- c:windowssystem32d3dcsx_42.dll
2009-10-01 16:08 . 2009-09-04 13:29 235344 —-a-w- c:windowssystem32d3dx11_42.dll
2009-10-01 16:08 . 2009-09-04 13:29 453456 —-a-w- c:windowssystem32d3dx10_42.dll
2009-10-01 16:08 . 2009-09-04 13:29 1892184 —-a-w- c:windowssystem32D3DX9_42.dll
2009-10-01 13:57 . 2009-10-01 14:06
d
w- c:tempnokio
2009-09-29 17:09 . 2009-09-29 17:09
d
w- c:tempKaspersky Internet Security 8
2009-09-28 13:17 . 2009-09-28 13:23 10272432 —-a-w- c:tempRumus2setupQT.exe
2009-09-26 12:04 . 2009-09-26 12:04
d
w- c:program filesCommon FilesBlizzard Entertainment
2009-09-23 17:34 . 2009-09-23 17:34
d
w- c:tempzzz
2009-09-16 13:24 . 2003-11-25 03:58 315392 —-a-w- c:windowsSETUPX32.EXE
2009-09-16 13:21 . 2001-10-19 16:33 12160 —-a-w- c:windowssystem32driversmouhid.sys
2009-09-16 13:21 . 2008-04-13 20:15 10368 —-a-w- c:windowssystem32drivershidusb.sys
2009-09-15 19:54 . 2005-10-01 08:00 76288 —-a-w- c:windowssystem32driversSENTINEL.SYS
2009-09-15 19:54 . 2005-10-01 08:00 50176 —-a-w- c:windowssystem32SNTI386.DLL
2009-09-15 19:54 . 2005-10-01 08:00 18432 —-a-w- c:windowssystem32RNBOVDD.DLL
2009-09-15 19:54 . 2005-10-01 08:00 26120 —-a-w- c:windowssystem32driversSNTNLUSB.SYS
2009-09-15 19:54 . 2009-09-15 19:54
d
w- c:windowssystem32RNBOSENT
2009-09-15 19:54 . 2009-09-29 14:43
d
w- c:program filesCommon FilesPrognosisUDS
2009-09-15 19:54 . 2009-09-15 19:54
d
w- c:program filesELWAVE
2009-09-15 19:53 . 2005-10-01 08:00 204902 —-a-w- c:windowssystem32msfl80.dll
2009-09-15 19:53 . 2005-10-01 08:00 167936 —-a-w- c:windowssystem32ezelwave.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 14:46 . 2009-07-23 18:09 9268256 —sha-w- c:windowssystem32driversfidbox.dat
2009-10-06 14:46 . 2009-07-23 18:09 77680 —sha-w- c:windowssystem32driversfidbox.idx
2009-10-06 14:46 . 2009-07-23 18:09
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-10-06 14:45 . 2009-07-23 18:09 1040416 —sha-w- c:windowssystem32driversfidbox2.dat
2009-10-06 14:44 . 2009-07-23 18:09 6732 —sha-w- c:windowssystem32driversfidbox2.idx
2009-10-06 14:31 . 2008-12-06 18:49
d
w- c:program filesuTorrent
2009-10-05 19:11 . 2008-12-07 09:38
d—h—w- c:program filesInstallShield Installation Information
2009-10-03 18:52 . 2008-12-30 14:29
d
w- c:documents and settingsAntonApplication DataAIMP
2009-10-02 16:44 . 2009-06-16 13:50
d
w- c:program filesMetatrader — FXstart
2009-10-01 15:58 . 2008-12-06 18:46 444952 —-a-w- c:windowssystem32wrap_oal.dll
2009-10-01 15:58 . 2008-12-06 18:46 109080 —-a-w- c:windowssystem32OpenAL32.dll
2009-09-29 17:14 . 2009-07-23 18:10 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-29 17:14 . 2009-07-23 18:10 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-26 07:04 . 2009-03-02 15:16
d
w- c:documents and settingsAntonApplication DataDownload Master
2009-09-19 15:42 . 2008-12-16 16:53
d
w- c:program filesCommon FilesWise Installation Wizard
2009-09-19 15:41 . 2008-12-16 16:53
d
w- c:program filesAGEIA Technologies
2009-09-19 15:02 . 2009-06-21 15:38 25 —-a-w- c:windowspopcinfot.dat
2009-09-15 20:59 . 2008-12-14 18:24 45880 —-a-w- c:documents and settingsAntonLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-10 17:11 . 2009-07-26 09:56
d
w- c:program filesDOSBox-0.72
2009-09-05 12:18 . 2009-07-13 15:27
d
w- c:program filesYarxi
2009-09-04 13:44 . 2009-05-09 15:39 69464 —-a-w- c:windowssystem32XAPOFX1_3.dll
2009-08-31 17:44 . 2009-02-23 16:56
d
w- c:documents and settingsAntonApplication DataSkype
2009-08-31 17:41 . 2009-02-23 16:58
d
w- c:documents and settingsAntonApplication DataskypePM
2009-08-29 10:44 . 2009-08-27 18:29
d
w- c:program filesWakan
2009-08-27 16:35 . 2009-08-27 16:35
d
w- c:documents and settingsAll UsersApplication DataABBYY
2009-08-27 14:41 . 2009-07-09 16:39
d
w- c:program filesJardicPro
2009-08-24 11:34 . 2009-08-24 11:34
d
w- c:program filesAtari
2009-08-23 08:24 . 2009-08-23 08:24
d
w- c:program filesCity 3D
2009-08-20 11:35 . 2009-07-15 20:40
d
w- c:documents and settingsAll UsersApplication DataRosetta Stone
2009-08-19 10:34 . 2009-08-19 10:33
d
w- c:program filesSolo9
2009-08-19 10:34 . 2009-02-17 19:01
d
w- c:documents and settingsAll UsersApplication DataSolo9
2009-08-19 08:53 . 2009-07-15 20:40
d
w- c:program filesRosetta Stone
2009-08-18 19:53 . 2009-08-18 19:53
d
w- c:program filesLavalys
2009-08-18 13:24 . 2008-12-06 18:47
d
w- c:program filesTotal Commander
2009-08-18 13:20 . 2009-08-18 13:20 112640 —-a-w- c:windowslsb_un20.exe
2009-08-18 07:55 . 2009-02-23 09:29
d
w- c:program filesQIP
2009-08-17 18:11 . 2009-08-17 18:10
d
w- c:program filesRivaTuner v2.24
2009-08-17 16:50 . 2009-07-02 16:40 664 —-a-w- c:windowssystem32d3d9caps.dat
2009-08-17 16:38 . 2008-12-16 17:05
d
w- c:program filesNVIDIA Corporation
2009-08-17 16:38 . 2009-08-17 16:38
d
w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
2009-08-14 09:36 . 2009-08-14 09:36 70936 —-a-w- c:windowssystem32PhysXLoader.dll
2009-08-13 15:47 . 2009-08-13 15:47
d
w- c:documents and settingsAll UsersApplication DataSeva
2009-08-13 15:20 . 2009-08-13 15:20
d
w- c:documents and settingsAntonApplication DataYarxi
2009-08-12 16:24 . 2009-08-12 16:24
d
w- c:documents and settingsAntonApplication DataVitySoft
2009-08-02 20:21 . 2009-08-02 20:21 23320 —-a-w- c:windowssystem32PhysXDevice.dll
2009-07-27 15:43 . 2008-01-29 13:29 33808 —-a-w- c:windowssystem32driversklbg.sys
2009-07-14 18:54 . 2009-08-17 16:58 485920 —-a-w- c:windowssystem32nvudisp.exe
2009-07-14 18:54 . 2009-08-17 16:57 868352 —-a-w- c:windowssystem32nvapi.dll
2009-07-14 18:54 . 2009-08-17 16:57 7741664 —-a-w- c:windowssystem32driversnv4_mini.sys
2009-07-14 18:54 . 2009-08-17 16:57 2189856 —-a-w- c:windowssystem32nvcuvid.dll
2009-07-14 18:54 . 2009-08-17 16:57 2002944 —-a-w- c:windowssystem32nvcuda.dll
2009-07-14 18:54 . 2009-08-17 16:57 1706528 —-a-w- c:windowssystem32nvcuvenc.dll
2009-07-14 18:54 . 2009-08-17 16:57 151552 —-a-w- c:windowssystem32nvcodins.dll
2009-07-14 18:54 . 2009-08-17 16:57 151552 —-a-w- c:windowssystem32nvcod.dll
2009-07-14 18:54 . 2009-08-17 16:57 10457088 —-a-w- c:windowssystem32nvoglnt.dll
2009-07-14 18:54 . 2009-08-17 16:57 5842816 —-a-w- c:windowssystem32nv4_disp.dll
2009-07-14 18:54 . 2009-08-17 16:57 1597690 —-a-w- c:windowssystem32nvdata.bin
2009-07-14 09:34 . 2009-07-14 09:34 86016 —-a-w- c:windowssystem32nvmctray.dll
2009-07-14 09:34 . 2009-07-14 09:34 8085504 —-a-w- c:windowssystem32nvdispsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 4923392 —-a-w- c:windowssystem32nvdisps.dll
2009-07-14 09:34 . 2009-07-14 09:34 4640768 —-a-w- c:windowssystem32nvgamesr.dll
2009-07-14 09:34 . 2009-07-14 09:34 458752 —-a-w- c:windowssystem32nvmccssr.dll
2009-07-14 09:34 . 2009-07-14 09:34 3547136 —-a-w- c:windowssystem32nvgames.dll
2009-07-14 09:34 . 2009-07-14 09:34 2854912 —-a-w- c:windowssystem32nvmoblsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 188416 —-a-w- c:windowssystem32nvmccss.dll
2009-07-14 09:34 . 2009-07-14 09:34 168004 —-a-w- c:windowssystem32nvsvc32.exe
2009-07-14 09:34 . 2009-07-14 09:34 143360 —-a-w- c:windowssystem32nvcolor.exe
2009-07-14 09:34 . 2009-07-14 09:34 13877248 —-a-w- c:windowssystem32nvcpl.dll
2009-07-14 09:34 . 2009-07-14 09:34 1286144 —-a-w- c:windowssystem32nvmobls.dll
2009-07-14 09:34 . 2009-07-14 09:34 229376 —-a-w- c:windowssystem32nvmccs.dll
2009-07-13 14:40 . 2008-12-06 18:41 1744200 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-07-10 03:01 . 2009-08-17 16:57 485920 —-a-w- c:windowssystem32NVUNINST.EXE
2007-10-04 08:00 . 2007-10-04 08:00 3134 —sha-r- c:program filesCommon FilesLogo.ico
.
Sigcheck
[-] 2008-10-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys[-] 2008-10-25 . 69E458FC0B51F9EACB926FCAFE6C2A02 . 2137600 . . [5.1.2600.5657] . . c:windowssystem32ntoskrnl.exe
[-] 2008-10-25 . A3894F6EF8499A997A60F83F562DCC15 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
[-] 2008-10-24 . CDB13F1E48540E19F4B961E77904F168 . 295936 . . [5.1.2600.5512] . . c:windowssystem32termsrv.dll
[-] 2008-10-25 . 202725D9FEF1EA7D81D5B252429FE5C9 . 2016256 . . [5.1.2600.5657] . . c:windowssystem32ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-03-16 868352]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-14 39792]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-07-27 208616]
«nwiz»=»c:program filesNVIDIA CorporationnViewnwiz.exe» [2009-07-08 1657376]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-07-14 13877248]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-07-14 86016]
«RivaTuner»=»c:program filesRivaTuner v2.24RivaTuner.exe» [2009-02-25 2781184][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2008-06-23 65536][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«Rebuild Icon Cache»=»REBUILDI.EXE» — c:windowssystem32REBUILDI.EXE [2007-11-04 172032]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]c:documents and settingsAntonѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2008-5-1 1083848]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ELWAVE UDS.lnk — c:program filesCommon FilesPrognosisUDSUDS.exe [2009-9-15 630784][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ[HKLM~startupfolderC:^Documents and Settings^Anton^Главное меню^Программы^Автозагрузка^HDDlife.lnk]
path=c:documents and settingsAntonГлавное менюПрограммыАвтозагрузкаHDDlife.lnk
backup=c:windowspssHDDlife.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4
«»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 17:29 33808]
R2 IOPort;IOPort;c:windowssystem32driversIOPORT.SYS [05.10.2009 22:01 6144]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [13.03.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [30.04.2008 17:06 24592]
S3 PortTalk;PortTalk;c:windowssystem32driversPortTalk.sys [07.03.2009 13:37 3567]
.
.
Supplementary Scan
.
uStart Page = hxxp://start.qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All with Rapidshare Downloader — c:progra~1RAPIDS~1jc_all.htm
IE: &Download with Rapidshare Downloader — c:progra~1RAPIDS~1jc_link.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8B2D996F-B7D1-4961-A929-414D9CF5BA7B} — http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
TCP: {AB9F839B-8E9B-4A75-8178-E32373A6F437} = 85.234.99.250,85.234.96.10
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.
— — — — ORPHANS REMOVED — — — —BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
HKLM-Run-Flashget — c:program filesRapidshare DownloaderRD.exe
Notify-geBuSJaa — geBuSJaa.dll
Notify-NavLogon — (no file)
AddRemove-DAEMON Tools Toolbar — c:program filesDAEMON Tools Toolbaruninst.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 18:44
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3876)
c:windowssystem32WININET.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32webcheck.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32PnkBstrB.exe
c:windowssystem32locator.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32rundll32.exe
c:program filesCommon FilesPrognosisUDSesignal.ude
c:program filesCommon FilesPrognosisUDSFXtrek.ude
c:program filesCommon FilesPrognosisUDStaipanrt.ude
c:program filesCommon FilesPrognosisUDStenfore.ude
.
**************************************************************************
.
Completion time: 2009-10-06 18:49 — machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 14:49Pre-Run: 4 439 752 704 байт свободно
Post-Run: 4 874 342 400 байт свободно294
