Созданные ответы форума
-
Сообщения
-
спасибо огромное)) (Pro Antispywarw уже исчес.. ) вот лог:
ComboFix 08-10-24.02 — йц 2008-10-25 15:43:40.3 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.1.1049.18.1027 [GMT 4:00]
Running from: C:UsersйцDesktopComboFix.exe
Command switches used :: C:UsersйцDesktopCFScript.txt
* Created a new restore point
.((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.2008-10-20 23:13 . 2008-10-20 23:13
d
C:Program FilesTrend Micro
2008-10-20 19:27 . 2008-10-20 19:27d
C:UsersйцAppDataRoamingMalwarebytes
2008-10-20 19:27 . 2008-10-20 19:27d
C:UsersAll UsersMalwarebytes
2008-10-20 19:27 . 2008-10-20 19:27d
C:ProgramDataMalwarebytes
2008-10-20 19:27 . 2008-10-20 19:27d
C:Program FilesMalwarebytes’ Anti-Malware
2008-10-20 19:27 . 2008-10-16 20:25 38,496 —a
C:WindowsSystem32driversmbamswissarmy.sys
2008-10-20 19:27 . 2008-10-16 20:25 15,504 —a
C:WindowsSystem32driversmbam.sys
2008-10-18 13:28 . 2008-07-27 08:32d
C:UsersAll UsersEgoset
2008-10-18 13:28 . 2008-07-27 08:32d
C:ProgramDataEgoset
2008-10-18 13:28 . 2008-10-18 13:28d
C:Program FilesAlawar.ru
2008-10-18 13:15 . 2008-10-18 13:15 79,085 —a
C:WindowsSystem32gdvylsimzkfdoaeld.exe
2008-10-18 13:14 . 2008-10-18 13:14d
C:UsersAll UsersSolt Lake Software
2008-10-18 13:14 . 2008-10-18 13:14d
C:ProgramDataSolt Lake Software
2008-10-18 10:47 . 2008-10-18 10:47d
C:UsersAll UsersFarmFrenzy2
2008-10-18 10:47 . 2008-10-18 10:47d
C:ProgramDataFarmFrenzy2
2008-10-18 10:46 . 2008-10-18 10:46d
C:Program FilesGamesBar
2008-10-18 10:31 . 2008-10-18 10:31d
C:UsersйцAppDataRoamingESET
2008-10-15 09:05 . 2008-09-18 06:16 2,032,640 —a
C:WindowsSystem32win32k.sys
2008-10-15 09:05 . 2008-10-02 05:32 1,383,424 —a
C:WindowsSystem32mshtml.tlb
2008-10-15 09:05 . 2008-10-02 07:49 827,392 —a
C:WindowsSystem32wininet.dll
2008-10-15 09:01 . 2008-09-18 09:09 3,601,464 —a
C:WindowsSystem32ntkrnlpa.exe
2008-10-15 09:01 . 2008-09-18 09:09 3,549,240 —a
C:WindowsSystem32ntoskrnl.exe
2008-10-15 08:50 . 2008-08-27 05:06 288,768 —a
C:WindowsSystem32driverssrv.sys
2008-10-14 17:55 . 2008-10-14 17:55d
C:Program FilesDivXCodec
2008-10-14 17:53 . 2008-10-14 17:53d
C:Program FilesАкелла
2008-10-13 14:03 . 2008-10-13 14:03d
C:Windowspfziusb
2008-10-13 14:03 . 2008-10-13 14:03d
C:Program FilesZebra
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileVideos
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileSearches
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileSaved Games
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofilePictures
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileMusic
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileLinks
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileDownloads
2008-10-13 14:02 . 2008-10-13 14:02dr
C:WindowsSystem32configsystemprofileDocuments
2008-10-13 08:52 . 2008-10-13 08:52d—h
C:WindowsSystem32CanonMF Uninstaller Information
2008-10-13 08:52 . 2005-12-05 15:49 196,608 —a
C:WindowsSystem32CNCC3200.DLL
2008-10-13 08:52 . 2005-12-05 15:49 131,072 —a
C:WindowsSystem32CNCLSD21.DLL
2008-10-13 08:52 . 2005-12-05 15:49 110,592 —a
C:WindowsSystem32CNCLST21.DLL
2008-10-13 08:52 . 2005-12-05 15:49 110,592 —a
C:WindowsSystem32CNCLSI21.DLL
2008-10-13 08:52 . 2005-12-05 15:49 98,304 —a
C:WindowsSystem32CNCLSU21.DLL
2008-10-13 08:52 . 2005-12-05 15:49 77,824 —a
C:WindowsSystem32CNCLSC21.DLL
2008-10-13 08:52 . 2005-12-05 15:49 69,632 —a
C:WindowsSystem32CNCL3200.DLL
2008-10-13 08:52 . 2005-12-05 15:49 69,632 —a
C:WindowsSystem32CNCI3200.DLL
2008-10-13 08:52 . 2005-12-05 15:50 49,152 —a
C:WindowsSystem32cncilsc.dll
2008-10-13 08:52 . 2005-08-11 15:37 332 —a
C:WindowsSystem32CNCMFP21.INI
2008-10-13 08:51 . 2008-10-13 08:51d—h
C:CanonMF
2008-10-13 08:51 . 2005-07-22 09:34 53,248 —a
C:WindowsSystem32CnAS0MMK.DLL
2008-10-13 08:33 . 2008-10-13 08:33d
C:Program FilesCommon FilesMotorola Shared
2008-10-13 08:33 . 2008-10-13 08:33 0 —ah
C:WindowsSystem32driversMsft_Kernel_motmodem_01005.Wdf
2008-10-12 18:16 . 2008-10-12 18:53d
C:secondlife
2008-10-12 15:03 . 2008-10-23 14:13d
C:qwer
2008-09-29 22:35 . 2008-10-08 21:01d
C:UsersйцAppDataRoamingskypePM
2008-09-29 22:35 . 2008-09-29 22:35 56 —ah
C:UsersAll Usersezsidmv.dat
2008-09-29 22:35 . 2008-09-29 22:35 56 —ah
C:ProgramDataezsidmv.dat
2008-09-29 22:11 . 2008-10-08 21:01d
C:UsersйцAppDataRoamingSkype
2008-09-29 22:04 . 2008-09-29 22:04d
C:UsersAll UsersSkype
2008-09-29 22:04 . 2008-09-29 22:04d
C:ProgramDataSkype
2008-09-29 22:04 . 2008-09-29 22:04d
C:Program FilesSkype
2008-09-29 22:04 . 2008-09-29 22:04d
C:Program FilesCommon FilesSkype
2008-09-28 14:45 . 2008-09-28 14:45d
C:dvdXsoftoutput
2008-09-28 14:44 . 2008-09-28 14:44d
C:UsersйцAppDataRoamingDownload Manager
2008-09-26 18:40 . 2008-09-26 18:44d
C:Program FilesИгры
2008-09-26 01:44 . 2008-09-26 01:50 13,030 —a
C:PDOXUSRS.NET
2008-09-26 01:02 . 2008-09-26 01:02d
C:UsersAll UsersAdobe Systems
2008-09-26 01:02 . 2008-09-26 01:02d
C:ProgramDataAdobe Systems
2008-09-26 01:02 . 2008-09-26 01:02d
C:Program FilesCommon FilesAdobe Systems Shared
2008-09-25 23:41 . 2008-09-25 23:42d
C:Program FilesCardFive
2008-09-25 23:41 . 2001-06-04 02:32 208,896 —a
C:WindowsSystem32sccpanel.cpl
2008-09-25 23:41 . 2002-04-15 11:42 110,592 —a
C:WindowsSystem32scos3api.dll
2008-09-25 23:41 . 2003-10-27 15:22 21,132 —a
C:WindowsSystem32driversn5lpt.sys
2008-09-25 23:41 . 2009-04-22 19:24 10,240 —a
C:WindowsSystem32driversSTLD.SYS
2008-09-25 23:41 . 2003-10-23 17:02 8,284 —a
C:WindowsSystem32N5LPT.vxd
2008-09-25 23:38 . 2002-05-13 19:31 17,332 —a
C:WindowsSystem32driverskey5usb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 11:47 2,883,584 —sha-w C:Usersйцntuser.dat
2008-10-25 11:47 2,883,584 —sha-w C:Usersйцntuser.dat
2008-10-25 10:19
d
w C:UsersйцAppDataRoaminguTorrent
2008-10-24 12:54
d
w C:ProgramDataCyberLink
2008-10-20 15:27
d
w C:UsersйцAppDataRoamingMalwarebytes
2008-10-18 09:19 27,554 —-a-w C:UsersйцAppDataRoamingnvModes.dat
2008-10-18 08:16
d
w C:Program FilesAcer GameZone
2008-10-18 06:46
d
w C:Program FilesCommon FilesOberon Media
2008-10-18 06:42
d
w C:ProgramDataeMule
2008-10-18 06:36
d
w C:Program FilesESET
2008-10-18 06:31
d
w C:UsersйцAppDataRoamingESET
2008-10-18 06:30
d
w C:ProgramDataESET
2008-10-14 13:53
d—h—w C:Program FilesInstallShield Installation Information
2008-10-14 13:53
d
w C:Program FilesАкелла
2008-10-14 07:25
d
w C:UsersйцAppDataRoamingCanon
2008-10-13 06:58
d
w C:Program FilesCyberLink
2008-10-13 05:59
d-s—w C:UsersйцAppDataRoamingMicrosoft
2008-10-13 04:54
d
w C:Program FilesCanon
2008-10-08 17:01
d
w C:UsersйцAppDataRoamingskypePM
2008-10-08 17:01
d
w C:UsersйцAppDataRoamingSkype
2008-09-28 10:44
d
w C:UsersйцAppDataRoamingDownload Manager
2008-09-26 14:44
d
w C:Program FilesИгры
2008-09-25 21:05
d
w C:UsersйцAppDataRoamingAdobe
2008-09-25 20:58
d
w C:Program FilesCommon FilesAdobe
2008-09-25 18:44
d
w C:Program FilesGuitar Pro 5
2008-09-24 14:07
d
w C:Program FilesAIMP2
2008-09-24 14:04
d
w C:UsersйцAppDataRoamingWinamp
2008-09-24 13:36
d
w C:Program FilesWinamp
2008-09-21 08:36
d
w C:ProgramData{29833BD5-6998-47CC-8DDC-50D0C5E3A531}
2008-09-21 08:34
d
w C:Program FilesCommon FilesEuroPlus Shared
2008-09-21 08:33
d
w C:ProgramDataEuroPlus
2008-09-21 08:33
d
w C:Program FilesEuroPlus
2008-09-19 12:21
d
w C:Program FilesCommon FilesSymantec Shared
2008-09-19 12:00
d
w C:ProgramDataSymantec
2008-09-19 12:00
d
w C:Program FilesSymantec
2008-09-18 14:44
d
w C:Program FilesFlashGet
2008-09-13 21:04
d
w C:Program FilesSecondLife
2008-09-13 21:03
d
w C:UsersйцAppDataRoamingSecondLife
2008-09-13 20:34
d
w C:UsersйцAppDataRoamingMozilla
2008-09-13 08:49
d
w C:UsersйцAppDataRoamingNokia
2008-09-13 08:46 0 —ha-w C:Windowssystem32driversMsft_User_PCCSWpdDriver_01_05_00.Wdf
2008-09-13 08:46 0 —ha-w C:Windowssystem32driversMsft_Kernel_ccdcmb_01005.Wdf
2008-09-13 08:46
d
w C:UsersйцAppDataRoamingPC Suite
2008-09-13 08:46
d
w C:ProgramDataPC Suite
2008-09-13 07:16
d
w C:Program FilesNokia
2008-09-13 07:16
d
w C:Program FilesCommon FilesPCSuite
2008-09-13 07:16
d
w C:Program FilesCommon FilesNokia
2008-09-13 07:15
d
w C:Program FilesDIFX
2008-09-13 07:14
d
w C:Program FilesPC Connectivity Solution
2008-09-13 07:00
d
w C:ProgramDataDownloaded Installations
2008-09-09 14:02
d
w C:Program FilesCommon FilesCanon
2008-09-09 12:09
d
w C:UsersйцAppDataRoamingACD Systems
2008-09-09 12:08
d
w C:ProgramDataACD Systems
2008-09-09 12:08
d
w C:Program FilesCommon FilesACD Systems
2008-09-09 12:07
d
w C:Program FilesACD Systems
2008-09-08 21:22
d
w C:Program FilesPhase One
2008-09-07 17:12
d
w C:Program FilesPortable Adobe Photoshop CS3
2008-09-07 13:50
d
w C:ProgramDataMicrosoft Help
2008-09-07 13:44
d
w C:Program FilesMSBuild
2008-09-07 13:44
d
w C:Program FilesMicrosoft Works
2008-09-07 13:43
d
w C:Program FilesMicrosoft.NET
2008-09-07 13:38
d
w C:Program FilesMicrosoft Visual Studio 8
2008-09-04 21:08
d
w C:Program Filescitysvyaz
2008-09-01 15:51 0 —ha-w C:Windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2008-08-27 10:05 174 —sha-w C:Program Filesdesktop.ini
2008-08-27 09:55
d
w C:Program FilesWindows Sidebar
2008-08-27 09:55
d
w C:Program FilesWindows Mail
2008-08-27 09:55
d
w C:Program FilesWindows Journal
2008-08-27 09:55
d
w C:Program FilesWindows Collaboration
2008-08-27 09:55
d
w C:Program FilesWindows Calendar
2008-08-27 09:54
d
w C:Program FilesWindows Photo Gallery
2008-08-27 09:54
d
w C:Program FilesWindows Defender
2008-08-27 09:45
d
w C:ProgramDataNVIDIA
2008-08-27 06:58 82,432 —-a-w C:WindowsSystem32axaltocm.dll
2008-08-27 06:58 101,888 —-a-w C:WindowsSystem32ifxcardm.dll
2008-08-02 03:26 36,864 —-a-w C:WindowsSystem32cdd.dll
.((((((((((((((((((((((((((((( snapshot@2008-10-25_12.56.56,66 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-10-25 08:31:12 2,048 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2008-10-25 11:37:59 2,048 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
— 2008-10-25 08:31:12 2,048 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2008-10-25 11:37:59 2,048 —sha-w C:WindowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2008-10-25 08:32:01 262,144 —sha-w C:WindowsServiceProfilesLocalServicentuser.dat
+ 2008-10-25 11:39:48 262,144 —sha-w C:WindowsServiceProfilesLocalServicentuser.dat
— 2008-10-25 08:55:54 262,144 —sha-w C:WindowsServiceProfilesNetworkServicentuser.dat
+ 2008-10-25 11:46:58 262,144 —sha-w C:WindowsServiceProfilesNetworkServicentuser.dat
+ 2008-10-25 11:46:58 262,144 —ha-w C:WindowsServiceProfilesNetworkServicentuser.dat.LOG1
— 2008-10-25 08:31:15 16,384 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-10-25 10:51:51 16,384 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2008-10-25 08:31:15 49,152 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-10-25 10:51:51 49,152 —sha-w C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-10-25 08:31:15 16,384 —sha-w C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-10-25 10:51:51 16,384 —sha-w C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-10-25 08:37:46 101,250 —-a-w C:WindowsSystem32perfc009.dat
+ 2008-10-25 11:45:17 101,250 —-a-w C:WindowsSystem32perfc009.dat
— 2008-10-25 08:37:46 125,800 —-a-w C:WindowsSystem32perfc019.dat
+ 2008-10-25 11:45:17 125,800 —-a-w C:WindowsSystem32perfc019.dat
— 2008-10-25 08:37:46 587,178 —-a-w C:WindowsSystem32perfh009.dat
+ 2008-10-25 11:45:17 587,178 —-a-w C:WindowsSystem32perfh009.dat
— 2008-10-25 08:37:46 653,312 —-a-w C:WindowsSystem32perfh019.dat
+ 2008-10-25 11:45:17 653,312 —-a-w C:WindowsSystem32perfh019.dat
— 2008-10-25 08:33:08 10,108 —-a-w C:WindowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-240411459-683746978-4204776879-1000_UserData.bin
+ 2008-10-25 11:40:37 10,124 —-a-w C:WindowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-240411459-683746978-4204776879-1000_UserData.bin
— 2008-10-25 08:33:08 101,614 —-a-w C:WindowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 11:40:37 101,912 —-a-w C:WindowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
— 2008-10-25 08:33:06 61,102 —-a-w C:WindowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 11:40:35 61,224 —-a-w C:WindowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2008-05-04 1549576][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2008-05-04 1549576][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»C:Program FilesWindows Sidebarsidebar.exe» [2008-01-19 1233920]
«swg»=»C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe» [2008-06-21 155896]
«Yupdate!»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe» [2008-05-07 459528]
«DAEMON Tools Lite»=»C:Program FilesDAEMON Tools Litedaemon.exe» [2008-04-01 486856]
«ehTray.exe»=»C:WindowsehomeehTray.exe» [2008-01-19 125952]
«Nokia.PCSync»=»C:Program FilesNokiaNokia PC Suite 7PCSync2.exe» [2008-06-17 1249280]
«PC Suite Tray»=»C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» [2008-08-11 1124352]
«WMPNSCFG»=»C:Program FilesWindows Media PlayerWMPNSCFG.exe» [2008-01-19 202240]
«Acer Tour Reminder»=»» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-04-25 457216]
«eAudio»=»C:AcerEmpowering TechnologyeAudioeAudio.exe» [2007-08-31 1286144]
«PLFSetL»=»C:WindowsPLFSetL.exe» [2007-07-05 94208]
«LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 768520]
«PlayMovie»=»C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-12-05 200704]
«PLFSetI»=»C:WindowsPLFSetI.exe» [2007-10-23 200704]
«Apoint»=»C:Program FilesApoint2KApoint.exe» [2007-07-21 159744]
«Acer Tour Reminder»=»C:AcerAcerTourReminder.exe» [2007-08-01 151552]
«WarReg_PopUp»=»C:AcerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«Symantec PIF AlertEng»=»C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2008-01-29 583048]
«citysvyaz»=»C:Program Filescitysvyazcitysvyaz.exe» [2007-12-28 1941504]
«NvSvc»=»C:Windowssystem32nvsvc.dll» [2007-10-09 86016]
«NvCplDaemon»=»C:Windowssystem32NvCpl.dll» [2007-10-09 8501792]
«NvMediaCenter»=»C:Windowssystem32NvMcTray.dll» [2007-10-09 81920]
«GrooveMonitor»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«Phase One Media Reader»=»C:PROGRA~1PHASEO~1CAPTUR~1DCIMImp.exe» [2008-01-31 229376]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«WinampAgent»=»C:Program FilesWinampwinampa.exe» [2008-08-04 36352]
«egui»=»C:Program FilesESETESET Smart Securityegui.exe» [2008-03-13 1443072]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-07-06 C:WindowsRtHDVCpl.exe]
«Skytel»=»Skytel.exe» [2007-06-15 C:WindowsSkyTel.exe]C:Users©жAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [2007-08-28 739880]
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe [2007-12-26 535336][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableStatusMessages»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UacDisableNotify»=dword:00000001
«InternetSettingsDisableNotify»=dword:00000001
«AutoUpdateDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{A2C16C38-689F-4ACA-A12D-2AE6AD3E5CC5}»= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{C17E2B9C-0D85-4D64-8699-FD3A9378EF32}»= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{767EDBDD-446A-4EC2-88B8-5D99273F2814}»= C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{C9CB821B-EE0F-4ED9-BEFB-93C2C4F48A5D}»= C:Program FilesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{048CD3DA-0FCD-4DFF-9C1F-E968A0B13069}»= C:Program FilesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{EFE506DE-0526-4FBA-AF1D-B8F1A3B71477}»= C:Program FilesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{AB61C6B0-4459-4802-9724-BA7C12E2A593}»= C:Program FilesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{D165C034-FDE4-438A-A52B-F28A7E819166}»= C:Program FilesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{7EFED61A-92F4-42BC-AFEF-F72A88892F08}»= C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{7D030C90-3C46-4EBE-8EDF-AF176D59CF5C}»= UDP:C:Program FilesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{5A13C791-D141-4FA2-B75B-5AEDCE41ECF2}»= TCP:C:Program FilesuTorrentuTorrent.exe:µTorrent (UDP-In)
«{C7A88CD8-F50E-4E3C-BD47-0B5316B3BB76}»= UDP:C:Program FilesEmpire InteractiveFlatOut Ultimate CarnageFouc.exe:FlatOut Ultimate Carnage
«{430A0E8A-58A5-49D9-925E-46EB6F7EE8FC}»= TCP:C:Program FilesEmpire InteractiveFlatOut Ultimate CarnageFouc.exe:FlatOut Ultimate Carnage
«{700A4B1D-F991-4883-A3B4-56284FD02E4C}»= TCP:6004|C:Program FilesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{479CC6DE-B5BD-4728-961E-FEDB47F8D896}»= UDP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{DEB1CBE9-8795-4CD3-8C49-4C75B67AD4EB}»= TCP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{C54F1E86-CDAA-415C-9ABC-8C564A396B31}»= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{58ACAE2D-5E7D-4B04-90C3-0CCBACA3EA44}»= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{62E58C39-F7F3-4410-A827-ED220AEDA3D0}»= C:Program FilesSkypePhoneSkype.exe:Skype[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:Program FilesAcer Arcade DeluxePlay Movie000.fcl [2007-12-05 11:48 41456]
R2 ALaunchService;ALaunch Service;C:AcerALaunchALaunchSvc.exe [2007-09-19 51200]
R2 LabelServices;Label Services;C:Program FilesCommon FilesEuroPlus SharedLblServices.exe [2007-03-06 1494112]
R2 n5lpt.sys;N5 Print Device;C:Windowssystem32Driversn5lpt.sys [2003-10-27 21132]
R2 P1C1394;Phase One 1394 Camera Driver;C:Windowssystem32Driversp1c1394.sys [2005-10-27 23168]
R2 Stld;Stld;C:Windowssystem32driversStld.sys [2009-04-22 10240]
R3 enecir;ENE CIR Receiver;C:Windowssystem32DRIVERSenecir.sys [2007-05-16 32256]
S3 btwaudio;Аудиоустройствоi Bluetooth;C:Windowssystem32driversbtwaudio.sys [2007-08-29 81448]
S3 btwavdt;Bluetooth AVDT;C:Windowssystem32driversbtwavdt.sys [2007-08-29 99880]
S3 btwl2cap;Bluetooth L2CAP Service;C:Windowssystem32DRIVERSbtwl2cap.sys [2007-05-17 28464]
S3 btwrchid;btwrchid;C:Windowssystem32DRIVERSbtwrchid.sys [2007-08-29 17448][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
.
— — — — ORPHANS REMOVED — — — —HKU-Default-RunOnce-
— (no file) **************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 15:47:22
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-10-25 15:49:22
ComboFix-quarantined-files.txt 2008-10-25 11:48:55
ComboFix2.txt 2008-10-25 08:57:39Pre-Run: 44,172,275,712 байт свободно
Post-Run: 44,141,244,416 байт свободно319 — E O F — 2008-10-25 08:29:25
запустил HijackThis
отметил галочкой O4 — HKCU..Run: [Pro Antispyware 2009] «C:Documents and SettingsAll UsersApplication DataSolt Lake SoftwarePro Antispyware 2009proas2009.exe» /autorun
нажал Fix checkedзапустил COMBOFIX
получил вот такой лог:ComboFix 08-10-24.02 — йц 2008-10-25 12:51:43.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.1.1049.18.1171 [GMT 4:00]
Running from: C:qwerlogoComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:install.exe
C:Program FilesFlashGet Network
C:Program FilesFlashGet NetworkFlashGet universalbtcore.dll
C:Program FilesFlashGet NetworkFlashGet universalbtwrap.dll
C:Program FilesFlashGet NetworkFlashGet universalBugReport.dll
C:Program FilesFlashGet NetworkFlashGet universalBugReport.exe
C:Program FilesFlashGet NetworkFlashGet universalComDllsBhoall.htm
C:Program FilesFlashGet NetworkFlashGet universalComDllsbhoCATCH.dll
C:Program FilesFlashGet NetworkFlashGet universalComDllsBhocfg.ini
C:Program FilesFlashGet NetworkFlashGet universalComDllsBholink.htm
C:Program FilesFlashGet NetworkFlashGet universalComDllsComDlls.ini
C:Program FilesFlashGet NetworkFlashGet universalComDllsflashget.xpi
C:Program FilesFlashGet NetworkFlashGet universalComDllsFlashgetXpi.dll
C:Program FilesFlashGet NetworkFlashGet universalComDllsIFlashgetXpi.xpt
C:Program FilesFlashGet NetworkFlashGet universaldbghelp.dll
C:Program FilesFlashGet NetworkFlashGet universalDBTrans.dll
C:Program FilesFlashGet NetworkFlashGet universaldbtrans_verbose.log
C:Program FilesFlashGet NetworkFlashGet universalDBTransC.exe
C:Program FilesFlashGet NetworkFlashGet universaled2kwrap.dll
C:Program FilesFlashGet NetworkFlashGet universalexplorerbar.dll
C:Program FilesFlashGet NetworkFlashGet universalfgoption.ini
C:Program FilesFlashGet NetworkFlashGet universalFGVer.dll
C:Program FilesFlashGet NetworkFlashGet universalflashget.exe
C:Program FilesFlashGet NetworkFlashGet universalgt.exe
C:Program FilesFlashGet NetworkFlashGet universalhashgen.dll
C:Program FilesFlashGet NetworkFlashGet universalHelplicense.txt
C:Program FilesFlashGet NetworkFlashGet universalHelpReadme.txt
C:Program FilesFlashGet NetworkFlashGet universalHelpWHATSNEW.TXT
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddBatchLinksDlg.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddBTTask.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAdded.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddEMTask.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddHpFpLink.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddLinksDlg.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddLinksDlgEx.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGAddLinksModern.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGBrowserPlugins.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGBTOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGCategoryView.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGComfirmWhenExitDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGCommonDlg.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGConfirmInvalidLinks.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGContextMenu.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGDefaultDownloadsDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGDeleteFilesDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGDetailStatus.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGEMOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGEMServers.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGExplorerPane.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGExtensionRuleDlg.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFG2SearchTopPlugin.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFileListCtrl.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFileRemovedDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFindTaskDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFlashgetAbout.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFlashGetDlg.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGFSUStatusBar.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGGarageLoginDialog.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGGarageView.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGHotResource.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGHpFpOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGLogsOutput.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGMACReader.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGMainMenu.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGMainToolbar.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGMonitorOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGNormalOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGNotifyOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGP4PPluginMain.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGProxySetting.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGSearchBar.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGSecurity.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGSecurityOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGSecurityScan.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGSecurityToolbar.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGShutdown.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGStatusBar.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGTaskDefOption.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGTaskListView.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGTaskNotify.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGUserListCtrl.ini
C:Program FilesFlashGet NetworkFlashGet universalLangsFGXL_ENGXpEnhance.ini
C:Program FilesFlashGet NetworkFlashGet universallibupnp.dll
C:Program FilesFlashGet NetworkFlashGet universalLiveUpdateUI.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesComHelperComHelper.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesComHelperInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesDownstatDownstat.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesDownstatInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesP4pclientInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesP4pclientP4pclient.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesP4pclientThumbs.db
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResource.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourceiexplorer.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourceresource.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourceresource.xml
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourcesearch.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourcesubscribe.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopResourceThumbs.db
C:Program FilesFlashGet NetworkFlashGet universalmodulesSearchTopSearchTop.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecurityFunctionalRepair.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecurityInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecurityScanning.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecuritySecurity.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecuritySECURITY.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecuritySecurity.xml
C:Program FilesFlashGet NetworkFlashGet universalmodulesSecuritySystemFix.bmp
C:Program FilesFlashGet NetworkFlashGet universalmodulesSnapShotInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulesSnapShotSamplerCli.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulesSnapShotSnapShot.dll
C:Program FilesFlashGet NetworkFlashGet universalmodulestasknotifierInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalmodulestasknotifiertasknotifier.dll
C:Program FilesFlashGet NetworkFlashGet universalP2PCfg.ini
C:Program FilesFlashGet NetworkFlashGet universalP2PCore.dll
C:Program FilesFlashGet NetworkFlashGet universalp2pprot.dll
C:Program FilesFlashGet NetworkFlashGet universalp2snetio.dll
C:Program FilesFlashGet NetworkFlashGet universalp2spmgr.dll
C:Program FilesFlashGet NetworkFlashGet universalp2spmgr.ini
C:Program FilesFlashGet NetworkFlashGet universalp2sprot.dll
C:Program FilesFlashGet NetworkFlashGet universalp2spwrap.dll
C:Program FilesFlashGet NetworkFlashGet universalp4spmgr.ini
C:Program FilesFlashGet NetworkFlashGet universalProfilesconfig.dat
C:Program FilesFlashGet NetworkFlashGet universalProfilestasks.dat
C:Program FilesFlashGet NetworkFlashGet universalSkinsclose_default.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsclose_press.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsclose_select.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmax_default.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmax_press.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmax_select.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmin_default.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmin_press.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsmin_select.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsnotify.wav
C:Program FilesFlashGet NetworkFlashGet universalSkinsnotify_board.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsnotify_icon.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTBack.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTBackward.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTBrowserBarCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTFlashgetResource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTForward.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarCTHome.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarDisableCTBackward.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarDisableCTBrowserBarDisableCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarDisableCTForward.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarDisableCTHome.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueBrowserBarDisableCTResource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTAvailable.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTCategoryTreeCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTDownloaded.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTDownloading.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTFavorite.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTFlashget.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTRelease.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTRubbish.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueCategoryTreeCTSearch.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueExpBarExpbar.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueExpBargarage.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueExpBarresource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueExpBartransfer.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTBT.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTEM.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTGlobalOptionCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTHpFp.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTMonitor.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTNormal.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTNotify.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTProxy.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueGlobalOptionCTTaskDef.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueInfo.ini
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTAbout.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTDeleteTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTfolder.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTMainMenuCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTMoveDownTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTMoveUpTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTNewTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTopen.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTOption.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTPauseTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTResource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTStartTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainMenuCTTaskProperties.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTAbout.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTDeleteTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTFolder.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTMainToolbarCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTNewTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTOpen.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTOption.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTPauseTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTResource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTStartTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarCTTaskProperties.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTAbout.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTDeleteTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTFolder.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTMainToolbarDisableCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTNewTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTOpen.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTOption.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTPauseTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTResource.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTStartTask.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMainToolbarDisableCTTaskProperties.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMonitorInfoBkg.Bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueMonitorMonitorBkg.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueOutpuLogCTDown.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueOutpuLogCTError.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueOutpuLogCTNormal.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueOutpuLogCTOutpuLogCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueOutpuLogCTUp.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTAll.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTBook.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTBt.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTGame.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTMovie.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTMusic.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTPhone.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTPicture.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTSobarIconCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueSobarIconCTSoftware.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTError.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCThashing.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTOK.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTPause.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTPin.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTSchedule.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTStart.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTTaskListCT.xml
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTUpload.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsShadowGrayBlueTaskListCTWait.bmp
C:Program FilesFlashGet NetworkFlashGet universalSkinsThumbs.db
C:Program FilesFlashGet NetworkFlashGet universalstorage.dll
C:Program FilesFlashGet NetworkFlashGet universalSysOpt.exe
C:Program FilesFlashGet NetworkFlashGet universaltransaction.log
C:Program FilesFlashGet NetworkFlashGet universaluninst.exe
C:Program FilesFlashGet NetworkFlashGet universalzlib.dll
C:ProgramDataMicrosoftNetworkDownloaderqmgr0.dat
C:ProgramDataMicrosoftNetworkDownloaderqmgr1.dat
C:ProgramDataVistaLib32.dll
C:UsersйцAppDataRoamingBITS
C:UsersйцAppDataRoamingBITSBITS.ini
C:UsersйцAppDataRoamingBITSDHTTable.dat
C:UsersйцAppDataRoamingBITSProxyList.ini
C:Windowssystem32x64
C:Windowssystem32x64csnp2uvc.dll
C:Windowssystem32x64rsnpvc64.dll
C:Windowssystem32x64sncduvc.sys
C:Windowssystem32x64snp2uvc.sys
C:Windowssystem32x64vsnpvc64.dll
BITS: Possible infected sites
hxxp://bar.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 15:24 10,240 —-a-w C:Windowssystem32driversSTLD.SYS
2008-10-25 08:56 2,883,584 —sha-w C:Usersйцntuser.dat
2008-10-25 08:56 2,883,584 —sha-w C:Usersйцntuser.dat
2008-10-25 08:28
d
w C:UsersйцAppDataRoaminguTorrent
2008-10-24 12:54
d
w C:ProgramDataCyberLink
2008-10-20 19:13
d
w C:Program FilesTrend Micro
2008-10-20 15:27
d
w C:UsersйцAppDataRoamingMalwarebytes
2008-10-20 15:27
d
w C:ProgramDataMalwarebytes
2008-10-20 15:27
d
w C:Program FilesMalwarebytes’ Anti-Malware
2008-10-18 09:28
d
w C:Program FilesAlawar.ru
2008-10-18 09:19 27,554 —-a-w C:UsersйцAppDataRoamingnvModes.dat
2008-10-18 09:15 79,085 —-a-w C:WindowsSystem32gdvylsimzkfdoaeld.exe
2008-10-18 09:14
d
w C:ProgramDataSolt Lake Software
2008-10-18 08:16
d
w C:Program FilesAcer GameZone
2008-10-18 06:47
d
w C:ProgramDataFarmFrenzy2
2008-10-18 06:46
d
w C:Program FilesGamesBar
2008-10-18 06:46
d
w C:Program FilesCommon FilesOberon Media
2008-10-18 06:42
d
w C:ProgramDataeMule
2008-10-18 06:36
d
w C:Program FilesESET
2008-10-18 06:31
d
w C:UsersйцAppDataRoamingESET
2008-10-18 06:30
d
w C:ProgramDataESET
2008-10-16 16:25 38,496 —-a-w C:Windowssystem32driversmbamswissarmy.sys
2008-10-16 16:25 15,504 —-a-w C:Windowssystem32driversmbam.sys
2008-10-14 13:55
d
w C:Program FilesDivXCodec
2008-10-14 13:53
d—h—w C:Program FilesInstallShield Installation Information
2008-10-14 13:53
d
w C:Program FilesАкелла
2008-10-14 07:25
d
w C:UsersйцAppDataRoamingCanon
2008-10-13 10:03
d
w C:Program FilesZebra
2008-10-13 06:58
d
w C:Program FilesCyberLink
2008-10-13 05:59
d-s—w C:UsersйцAppDataRoamingMicrosoft
2008-10-13 04:54
d
w C:Program FilesCanon
2008-10-13 04:33 0 —ha-w C:Windowssystem32driversMsft_Kernel_motmodem_01005.Wdf
2008-10-13 04:33
d
w C:Program FilesCommon FilesMotorola Shared
2008-10-08 17:01
d
w C:UsersйцAppDataRoamingskypePM
2008-10-08 17:01
d
w C:UsersйцAppDataRoamingSkype
2008-10-02 03:49 827,392 —-a-w C:WindowsSystem32wininet.dll
2008-09-29 18:35 56 —ha-w C:UsersAll Usersezsidmv.dat
2008-09-29 18:35 56 —ha-w C:ProgramDataezsidmv.dat
2008-09-29 18:04
d
w C:ProgramDataSkype
2008-09-29 18:04
d
w C:Program FilesSkype
2008-09-29 18:04
d
w C:Program FilesCommon FilesSkype
2008-09-28 10:44
d
w C:UsersйцAppDataRoamingDownload Manager
2008-09-26 14:44
d
w C:Program FilesИгры
2008-09-25 21:05
d
w C:UsersйцAppDataRoamingAdobe
2008-09-25 21:02
d
w C:ProgramDataAdobe Systems
2008-09-25 21:02
d
w C:Program FilesCommon FilesAdobe Systems Shared
2008-09-25 20:58
d
w C:Program FilesCommon FilesAdobe
2008-09-25 19:42
d
w C:Program FilesCardFive
2008-09-25 18:44
d
w C:Program FilesGuitar Pro 5
2008-09-24 14:07
d
w C:Program FilesAIMP2
2008-09-24 14:04
d
w C:UsersйцAppDataRoamingWinamp
2008-09-24 13:36
d
w C:Program FilesWinamp
2008-09-21 08:36
d
w C:ProgramData{29833BD5-6998-47CC-8DDC-50D0C5E3A531}
2008-09-21 08:34
d
w C:Program FilesCommon FilesEuroPlus Shared
2008-09-21 08:33
d
w C:ProgramDataEuroPlus
2008-09-21 08:33
d
w C:Program FilesEuroPlus
2008-09-19 12:21
d
w C:Program FilesCommon FilesSymantec Shared
2008-09-19 12:00
d
w C:ProgramDataSymantec
2008-09-19 12:00
d
w C:Program FilesSymantec
2008-09-18 14:44
d
w C:Program FilesFlashGet
2008-09-18 05:09 3,601,464 —-a-w C:WindowsSystem32ntkrnlpa.exe
2008-09-18 05:09 3,549,240 —-a-w C:WindowsSystem32ntoskrnl.exe
2008-09-18 02:16 2,032,640 —-a-w C:WindowsSystem32win32k.sys
2008-09-13 21:04
d
w C:Program FilesSecondLife
2008-09-13 21:03
d
w C:UsersйцAppDataRoamingSecondLife
2008-09-13 20:34
d
w C:UsersйцAppDataRoamingMozilla
2008-09-13 08:49
d
w C:UsersйцAppDataRoamingNokia
2008-09-13 08:46 0 —ha-w C:Windowssystem32driversMsft_User_PCCSWpdDriver_01_05_00.Wdf
2008-09-13 08:46 0 —ha-w C:Windowssystem32driversMsft_Kernel_ccdcmb_01005.Wdf
2008-09-13 08:46
d
w C:UsersйцAppDataRoamingPC Suite
2008-09-13 08:46
d
w C:ProgramDataPC Suite
2008-09-13 07:16
d
w C:Program FilesNokia
2008-09-13 07:16
d
w C:Program FilesCommon FilesPCSuite
2008-09-13 07:16
d
w C:Program FilesCommon FilesNokia
2008-09-13 07:15
d
w C:Program FilesDIFX
2008-09-13 07:14
d
w C:Program FilesPC Connectivity Solution
2008-09-13 07:00
d
w C:ProgramDataDownloaded Installations
2008-09-09 14:02
d
w C:Program FilesCommon FilesCanon
2008-09-09 12:09
d
w C:UsersйцAppDataRoamingACD Systems
2008-09-09 12:08
d
w C:ProgramDataACD Systems
2008-09-09 12:08
d
w C:Program FilesCommon FilesACD Systems
2008-09-09 12:07
d
w C:Program FilesACD Systems
2008-09-08 21:22
d
w C:Program FilesPhase One
2008-09-07 17:12
d
w C:Program FilesPortable Adobe Photoshop CS3
2008-09-07 13:50
d
w C:ProgramDataMicrosoft Help
2008-09-07 13:44
d
w C:Program FilesMSBuild
2008-09-07 13:44
d
w C:Program FilesMicrosoft Works
2008-09-07 13:43
d
w C:Program FilesMicrosoft.NET
2008-09-07 13:38
d
w C:Program FilesMicrosoft Visual Studio 8
2008-09-04 21:08
d
w C:Program Filescitysvyaz
2008-09-01 15:51 0 —ha-w C:Windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2008-08-27 10:05 174 —sha-w C:Program Filesdesktop.ini
2008-08-27 09:55
d
w C:Program FilesWindows Sidebar
2008-08-27 09:55
d
w C:Program FilesWindows Mail
2008-08-27 09:55
d
w C:Program FilesWindows Journal
2008-08-27 09:55
d
w C:Program FilesWindows Collaboration
2008-08-27 09:55
d
w C:Program FilesWindows Calendar
2008-08-27 09:54
d
w C:Program FilesWindows Photo Gallery
2008-08-27 09:54
d
w C:Program FilesWindows Defender
2008-08-27 09:45
d
w C:ProgramDataNVIDIA
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2008-05-04 1549576][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2008-05-04 1549576][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»C:Program FilesWindows Sidebarsidebar.exe» [2008-01-19 1233920]
«swg»=»C:Program FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe» [2008-06-21 155896]
«Yupdate!»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe» [2008-05-07 459528]
«DAEMON Tools Lite»=»C:Program FilesDAEMON Tools Litedaemon.exe» [2008-04-01 486856]
«ehTray.exe»=»C:WindowsehomeehTray.exe» [2008-01-19 125952]
«Nokia.PCSync»=»C:Program FilesNokiaNokia PC Suite 7PCSync2.exe» [2008-06-17 1249280]
«PC Suite Tray»=»C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» [2008-08-11 1124352]
«WMPNSCFG»=»C:Program FilesWindows Media PlayerWMPNSCFG.exe» [2008-01-19 202240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-04-25 457216]
«eAudio»=»C:AcerEmpowering TechnologyeAudioeAudio.exe» [2007-08-31 1286144]
«PLFSetL»=»C:WindowsPLFSetL.exe» [2007-07-05 94208]
«LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 768520]
«PlayMovie»=»C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-12-05 200704]
«PLFSetI»=»C:WindowsPLFSetI.exe» [2007-10-23 200704]
«Apoint»=»C:Program FilesApoint2KApoint.exe» [2007-07-21 159744]
«Acer Tour Reminder»=»C:AcerAcerTourReminder.exe» [2007-08-01 151552]
«WarReg_PopUp»=»C:AcerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«Symantec PIF AlertEng»=»C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2008-01-29 583048]
«citysvyaz»=»C:Program Filescitysvyazcitysvyaz.exe» [2007-12-28 1941504]
«NvSvc»=»C:Windowssystem32nvsvc.dll» [2007-10-09 86016]
«NvCplDaemon»=»C:Windowssystem32NvCpl.dll» [2007-10-09 8501792]
«NvMediaCenter»=»C:Windowssystem32NvMcTray.dll» [2007-10-09 81920]
«GrooveMonitor»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«Phase One Media Reader»=»C:PROGRA~1PHASEO~1CAPTUR~1DCIMImp.exe» [2008-01-31 229376]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«WinampAgent»=»C:Program FilesWinampwinampa.exe» [2008-08-04 36352]
«egui»=»C:Program FilesESETESET Smart Securityegui.exe» [2008-03-13 1443072]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-07-06 C:WindowsRtHDVCpl.exe]
«Skytel»=»Skytel.exe» [2007-06-15 C:WindowsSkyTel.exe]C:Users©жAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [2007-08-28 739880]
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe [2007-12-26 535336][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableStatusMessages»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UacDisableNotify»=dword:00000001
«InternetSettingsDisableNotify»=dword:00000001
«AutoUpdateDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{A2C16C38-689F-4ACA-A12D-2AE6AD3E5CC5}»= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{C17E2B9C-0D85-4D64-8699-FD3A9378EF32}»= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{767EDBDD-446A-4EC2-88B8-5D99273F2814}»= C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{C9CB821B-EE0F-4ED9-BEFB-93C2C4F48A5D}»= C:Program FilesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{048CD3DA-0FCD-4DFF-9C1F-E968A0B13069}»= C:Program FilesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{EFE506DE-0526-4FBA-AF1D-B8F1A3B71477}»= C:Program FilesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{AB61C6B0-4459-4802-9724-BA7C12E2A593}»= C:Program FilesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{D165C034-FDE4-438A-A52B-F28A7E819166}»= C:Program FilesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{7EFED61A-92F4-42BC-AFEF-F72A88892F08}»= C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{7D030C90-3C46-4EBE-8EDF-AF176D59CF5C}»= UDP:C:Program FilesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{5A13C791-D141-4FA2-B75B-5AEDCE41ECF2}»= TCP:C:Program FilesuTorrentuTorrent.exe:µTorrent (UDP-In)
«{C7A88CD8-F50E-4E3C-BD47-0B5316B3BB76}»= UDP:C:Program FilesEmpire InteractiveFlatOut Ultimate CarnageFouc.exe:FlatOut Ultimate Carnage
«{430A0E8A-58A5-49D9-925E-46EB6F7EE8FC}»= TCP:C:Program FilesEmpire InteractiveFlatOut Ultimate CarnageFouc.exe:FlatOut Ultimate Carnage
«{700A4B1D-F991-4883-A3B4-56284FD02E4C}»= TCP:6004|C:Program FilesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{479CC6DE-B5BD-4728-961E-FEDB47F8D896}»= UDP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{DEB1CBE9-8795-4CD3-8C49-4C75B67AD4EB}»= TCP:C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{C54F1E86-CDAA-415C-9ABC-8C564A396B31}»= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{58ACAE2D-5E7D-4B04-90C3-0CCBACA3EA44}»= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{62E58C39-F7F3-4410-A827-ED220AEDA3D0}»= C:Program FilesSkypePhoneSkype.exe:Skype[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe»= C:Program FilesFlashGet NetworkFlashGet universalFlashGet.exe:*:Enabled:Flashget2
«C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe»= C:Program FilesFlashGet NetworkFlashGet universalLiveUpdate.exe:*:Enabled:FGLiveUpdate
«C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe»= C:Program FilesFlashGet NetworkFlashGet universalLiveUpdateEx.exe:*:Enabled:FGLiveUpdateExR2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:Program FilesAcer Arcade DeluxePlay Movie000.fcl [2007-12-05 11:48 41456]
R2 ALaunchService;ALaunch Service;C:AcerALaunchALaunchSvc.exe [2007-09-19 51200]
R2 LabelServices;Label Services;C:Program FilesCommon FilesEuroPlus SharedLblServices.exe [2007-03-06 1494112]
R2 n5lpt.sys;N5 Print Device;C:Windowssystem32Driversn5lpt.sys [2003-10-27 21132]
R2 P1C1394;Phase One 1394 Camera Driver;C:Windowssystem32Driversp1c1394.sys [2005-10-27 23168]
R2 Stld;Stld;C:Windowssystem32driversStld.sys [2009-04-22 10240]
R3 enecir;ENE CIR Receiver;C:Windowssystem32DRIVERSenecir.sys [2007-05-16 32256]
S3 btwaudio;Аудиоустройствоi Bluetooth;C:Windowssystem32driversbtwaudio.sys [2007-08-29 81448]
S3 btwavdt;Bluetooth AVDT;C:Windowssystem32driversbtwavdt.sys [2007-08-29 99880]
S3 btwl2cap;Bluetooth L2CAP Service;C:Windowssystem32DRIVERSbtwl2cap.sys [2007-05-17 28464]
S3 btwrchid;btwrchid;C:Windowssystem32DRIVERSbtwrchid.sys [2007-08-29 17448][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9d0c8224-796f-11dd-a571-001b38d30b68}]
shellAutoRuncommand — G:d6fagcs8.cmd
shellexploreCommand — G:d6fagcs8.cmd
shellopenCommand — G:d6fagcs8.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a638847f-99ec-11dd-a86e-9e1125bd7fe2}]
shellAutoRuncommand — H:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cbd729c7-45df-11dd-ae9c-001b38d30b68}]
shellAutoRuncommand — F:autorun.exe
shellsetupcommand — F:autorun.exe*Newly Created Service* — CATCHME
*Newly Created Service* — PROCEXP90
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-Acer Tour Reminder — (no file)
HKLM-Run-ALaunch — C:AcerALaunchAlaunchClient.exe
HKLM-Run-Acer Tour — (no file)
HKLM-Run-eRecoveryService — (no file)
HKU-Default-RunOnce-— (no file) .
Supplementary Scan
.
FireFox -: Profile — C:UsersйцAppDataRoamingMozillaFirefoxProfilesmkpz1xba.default
FF -: plugin — C:Program FilesOperaprogrampluginsNPOFF12.DLL
.
.
File Associations
.
inifile=%SystemRoot%System32NOTEPAD.EXE %1″
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 12:56:00
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-10-25 12:57:38
ComboFix-quarantined-files.txt 2008-10-25 08:57:25Pre-Run: Не удается найти текст сообщения с номером 0x2379 в файле сообщений Application.
Post-Run: 44,888,915,968 байт свободно522 — E O F — 2008-10-25 08:29:25
