[loki]

Спасибо огромное за помощь! Вот лог
ComboFix 09-07-13.01 — Mufasa 14.07.2009 3:24.2.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1022.493 [GMT 4:00]
Running from: c:documents and settingsMufasaРабочий столComboFix.exe
Command switches used :: c:documents and settingsMufasaРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_RKHIT

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 23:27 . 2009-07-13 23:27 60416 —-a-w- c:tempPerflib_Perfdata__755.dat
2009-07-13 21:42 . 2009-04-06 07:37 704384 —-a-w- c:windowssystem32driversSandBox.sys
2009-07-13 21:42 . 2009-02-10 12:15 257432 —-a-w- c:windowssystem32driversafwcore.sys
2009-07-13 21:40 . 2009-02-18 13:30 31128 —-a-w- c:windowssystem32driversafw.sys
2009-07-13 21:40 . 2009-07-13 23:27

---

d

---

w- c:tempsdi
2009-07-13 21:40 . 2009-07-13 21:48

---

d

---

w- c:windowssystem32Filt
2009-07-13 21:40 . 2009-07-13 21:40

---

d

---

w- c:program filesAgnitum
2009-07-13 21:40 . 2009-07-13 21:48

---

d

---

w- c:tempis-99D41.tmp
2009-07-13 21:40 . 2009-07-13 21:40

---

d

---

w- c:tempis-1EVPI.tmp
2009-07-13 15:03 . 2009-07-13 15:03

---

d

---

w- C:VBARESCUE
2009-07-13 12:47 . 2009-07-13 12:45 42112 —-a-w- c:windowssystem32driversSDTHOOK.SYS
2009-07-12 09:12 . 2009-07-12 09:12

---

d

---

w- c:tempnro.log
2009-07-11 11:35 . 2009-07-12 08:19 4212 —h—w- c:windowssystem32zllictbl.dat
2009-07-11 11:34 . 2009-07-13 23:27

---

d

---

w- c:temp71109153419
2009-07-11 11:34 . 2009-07-12 08:30

---

d

---

w- c:windowsInternet Logs
2009-07-10 18:43 . 2009-07-10 18:44

---

d

---

w- C:rsit
2009-07-10 18:20 . 2009-07-10 18:20

---

d

---

w- C:VundoFix Backups
2009-07-10 17:30 . 2009-07-10 17:30

---

d

---

w- c:documents and settingsMufasaApplication DataMalwarebytes
2009-07-10 17:30 . 2009-07-10 17:30

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-07-10 14:29 . 2009-07-13 23:27

---

d

---

w- c:tempTRTEMP-SPT_38_DB_3.007.009.0000_patch_3.007.008.000
2009-07-10 14:27 . 2009-07-10 14:27

---

d

---

w- c:documents and settingsAdminApplication DataSimply Super Software
2009-07-10 14:27 . 2009-04-18 08:14 2937720 —-a-w- c:documents and settingsAdminApplication DataSimply Super SoftwareTrojan Removerjmc36.exe
2009-07-10 14:07 . 2009-07-10 14:07

---

d

---

w- c:documents and settingsAdminApplication DataSpyware Terminator
2009-07-10 14:07 . 2009-07-10 14:07 117760 —-a-w- c:documents and settingsAdminApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL
2009-07-10 14:06 . 2009-07-10 14:06

---

d

---

w- c:documents and settingsAdminApplication DataSUPERAntiSpyware.com
2009-07-10 12:43 . 2009-07-13 19:52

---

d

---

w- c:program filesAnti Trojan Elite
2009-07-10 10:58 . 2009-07-13 23:27

---

d

---

w- c:tempis-CE74L.tmp
2009-07-10 10:58 . 2009-07-10 10:58

---

d

---

w- c:tempis-54C2T.tmp
2009-07-09 22:07 . 2009-07-09 22:09

---

d

---

w- c:documents and settingsMufasaApplication DataAuslogics
2009-07-09 22:07 . 2009-07-09 22:07

---

d

---

w- c:program filesAuslogics
2009-07-09 21:26 . 2009-07-10 14:27

---

d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-07-09 21:20 . 2009-07-13 19:56

---

d

---

w- c:program filesTrojan Remover
2009-07-09 17:26 . 2009-07-09 17:26

---

d

---

w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2009-07-09 17:26 . 2009-07-13 19:56

---

d

---

w- c:documents and settingsMufasaApplication DataSUPERAntiSpyware.com
2009-07-09 17:26 . 2009-07-13 19:56

---

d

---

w- c:program filesSUPERAntiSpyware
2009-07-09 08:51 . 2009-07-13 23:27

---

d-sh—w- c:tempCookies
2009-07-09 08:51 . 2009-07-09 08:51

---

d-sh—w- c:tempTemporary Internet Files
2009-07-09 08:51 . 2009-07-09 08:51

---

d-sh—w- c:tempHistory
2009-07-08 19:36 . 2009-07-10 20:10

---

d

---

w- c:program filesTrend Micro
2009-07-08 14:13 . 2009-07-13 23:28 146022432 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-08 14:13 . 2008-07-08 10:54 148496 —-a-w- c:windowssystem32drivers39900678.sys
2009-07-08 10:45 . 2009-07-10 19:07

---

d

---

w- C:RootkitNO
2009-07-08 10:11 . 2009-07-08 10:11

---

d

---

w- c:windowsRestoreSafeDeleted
2009-07-08 09:30 . 2009-07-10 16:03 2 —shatr- c:windowswinstart.bat
2009-07-08 09:29 . 2009-07-13 19:56

---

d

---

w- c:program filesUnHackMe
2009-07-08 09:27 . 2009-07-08 09:27

---

d

---

r- c:documents and settingsLocalServiceИзбранное
2009-07-07 22:56 . 2009-07-13 19:55

---

d

---

w- c:program filesSpybot — Search & Destroy
2009-07-07 22:56 . 2009-07-13 19:55

---

d

---

w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-07-07 22:38 . 2009-07-07 22:38

---

d

---

w- c:program filesCrawler
2009-07-07 22:14 . 2009-07-07 22:14

---

d

---

w- c:documents and settingsMufasaApplication DataPanda Security
2009-07-07 22:13 . 2009-07-07 22:13

---

d

---

w- c:documents and settingsAll UsersApplication DataPanda Security
2009-07-07 22:03 . 2009-07-07 22:10

---

d

---

w- c:program filesvnd
2009-07-07 21:31 . 2009-07-07 21:31

---

d

---

w- c:documents and settingsMufasaApplication DataUniblue
2009-07-07 20:32 . 2009-07-07 20:32

---

d

---

w- c:documents and settingsMufasaLocal SettingsApplication DataHelp
2009-07-04 17:23 . 2009-07-05 17:38

---

d

---

w- c:documents and settingsMufasaLocal SettingsApplication DataAdobe
2009-07-04 12:59 . 2009-07-04 12:59

---

d

---

w- c:windowsLogs
2009-07-04 12:59 . 2009-07-04 12:59 22328 —-a-w- c:documents and settingsMufasaApplication DataPnkBstrK.sys
2009-07-04 12:59 . 2009-07-04 12:59

---

d

---

w- c:windowssystem32LogFiles
2009-07-04 12:50 . 2009-07-04 12:50

---

d

---

w- c:program filesActivision
2009-07-04 12:43 . 2009-07-04 12:43

---

d-sh—w- c:windowsftpcache
2009-07-04 12:42 . 2009-07-04 17:13

---

d

---

w- c:documents and settingsMufasaApplication DataDAEMON Tools Pro
2009-07-04 12:42 . 2009-07-04 12:42

---

d

---

w- c:documents and settingsMufasaApplication DataDAEMON Tools
2009-07-04 12:41 . 2009-07-04 12:41

---

d

---

w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-07-04 12:41 . 2009-07-04 12:41

---

d

---

w- c:program filesDAEMON Tools Toolbar
2009-07-04 12:41 . 2009-07-04 13:06

---

d

---

w- c:program filesDAEMON Tools Lite
2009-07-04 12:39 . 2009-07-04 12:43

---

d

---

w- c:documents and settingsMufasaApplication DataDAEMON Tools Lite
2009-07-04 12:39 . 2009-07-04 12:39 717296 —-a-w- c:windowssystem32driverssptd.sys
2009-07-04 10:10 . 2009-07-04 10:11

---

d

---

w- c:program filesAIMP2
2009-07-04 10:00 . 2009-07-04 10:00

---

d

---

w- c:windowssystem32Lang
2009-07-04 09:52 . 2008-04-13 20:15 6272 —-a-w- c:windowssystem32driverssplitter.sys
2009-07-04 09:52 . 2008-04-13 20:47 83072 —-a-w- c:windowssystem32driverswdmaud.sys
2009-07-04 09:52 . 2008-04-13 20:15 52864 —-a-w- c:windowssystem32driversDMusic.sys
2009-07-04 09:52 . 2008-04-13 20:15 56576 —-a-w- c:windowssystem32driversswmidi.sys
2009-07-04 09:52 . 2008-04-13 20:15 172416 —-a-w- c:windowssystem32driverskmixer.sys
2009-07-04 09:52 . 2008-04-13 18:09 142592 —-a-w- c:windowssystem32driversaec.sys
2009-07-03 21:02 . 2009-07-03 21:02

---

d

---

w- c:program filesCommon FilesDirectX
2009-07-03 20:29 . 2008-07-29 09:33 446464 —-a-w- c:windowssystem32nvunrm.exe
2009-07-03 20:29 . 2008-07-07 21:45 4984 —-a-w- c:windowssystem32driversnvphy.bin
2009-07-03 20:24 . 2009-07-03 20:24

---

d

---

w- c:windowssystem32AGEIA
2009-07-03 20:24 . 2009-07-03 20:24

---

d

---

w- c:program filesAGEIA Technologies
2009-07-03 20:23 . 2009-07-13 19:56

---

d

---

w- c:program filesCommon FilesWise Installation Wizard
2009-07-03 20:13 . 2009-07-03 20:13

---

d

---

w- c:windowsnview
2009-07-03 20:13 . 2009-06-10 02:03 457248 —-a-w- c:windowssystem32nvudisp.exe
2009-07-03 20:12 . 2009-07-03 20:12

---

d

---

w- c:program filesCommon FilesInstallShield
2009-07-03 18:42 . 2009-07-03 18:47

---

d

---

w- C:КАРАОКЕ
2009-07-03 18:39 . 2009-07-03 18:40

---

d

---

w- C:БАКСОВЫ ДЕТКИ
2009-07-03 18:04 . 2009-07-13 19:59

---

d

---

w- C:ПРОГИ
2009-07-03 17:53 . 2009-07-03 18:03

---

d

---

w- C:КИНО
2009-07-03 14:09 . 2009-07-03 20:22

---

d

---

w- C:NVIDIA
2009-07-03 12:05 . 2009-07-03 12:07

---

d

---

w- c:documents and settingsMufasaApplication DataMra
2009-07-03 12:05 . 2009-07-03 12:05

---

d

---

w- c:program filesMail.Ru
2009-07-03 09:06 . 2009-07-03 10:30

---

d

---

w- c:program filesSMSDV
2009-07-03 08:06 . 2009-07-12 16:58

---

d

---

w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-07-03 08:06 . 2009-07-03 10:43

---

d

---

w- c:program filesAlawar.ru
2009-07-03 06:20 . 2009-07-03 06:20

---

d

---

w- c:program filesDisney Interactive
2009-07-03 06:19 . 1998-01-23 09:22 304128 —-a-w- c:windowsIsUninst.exe
2009-07-03 06:19 . 2009-07-03 06:19

---

d

---

w- c:documents and settingsMufasaWINDOWS
2009-07-02 19:07 . 2009-07-02 19:07

---

d—h—w- c:windowsPIF
2009-07-02 18:41 . 2009-07-02 18:41

---

d

---

w- c:documents and settingsMufasaApplication DataQIP
2009-07-02 18:41 . 2009-07-02 18:41

---

d

---

w- c:program filesQIP Infium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 23:27 . 2009-07-08 14:13 1713080 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-13 19:53 . 2008-04-15 10:00 49350 —-a-w- c:windowssystem32perfc019.dat
2009-07-13 19:53 . 2008-04-15 10:00 346144 —-a-w- c:windowssystem32perfh019.dat
2009-07-10 14:51 . 2009-07-02 15:34 664 —-a-w- c:windowssystem32d3d9caps.dat
2009-07-07 23:34 . 2009-07-02 14:38

---

d

---

w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-07-07 20:24 . 2009-07-02 14:38

---

d

---

w- c:program filesDrWeb
2009-07-04 17:23 . 2009-07-02 12:38

---

d

---

w- c:program filesCommon FilesAdobe
2009-07-04 17:14 . 2009-07-04 17:14

---

d

---

w- c:program filesНовый Диск
2009-07-04 17:14 . 2009-07-04 09:51

---

d—h—w- c:program filesInstallShield Installation Information
2009-07-04 17:13 . 2009-07-04 17:13

---

d

---

w- c:documents and settingsMufasaApplication DataInstallShield
2009-07-04 14:20 . 2009-07-04 14:20

---

d

---

w- c:program filesNeroInstall.bak
2009-07-04 14:16 . 2009-07-04 14:16

---

d

---

w- c:documents and settingsMufasaApplication DataNero
2009-07-04 14:15 . 2009-07-04 14:14

---

d

---

w- c:program filesCommon FilesNero
2009-07-04 14:14 . 2009-07-04 14:14

---

d

---

w- c:program filesNero
2009-07-04 14:14 . 2009-07-04 14:14

---

d

---

w- c:documents and settingsAll UsersApplication DataNero
2009-07-04 09:51 . 2009-07-04 09:51

---

d

---

w- c:program filesRealtek
2009-07-03 14:09 . 2009-07-02 13:53

---

d

---

w- c:program filesDC++
2009-07-03 12:44 . 2009-07-02 12:36 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-07-02 18:34 . 2009-07-02 13:14

---

d

---

w- c:program filesOpera
2009-07-02 14:26 . 2009-07-02 14:26

---

d

---

w- c:documents and settingsAll UsersApplication DataAgnitum
2009-07-02 14:07 . 2009-07-02 14:07

---

d

---

w- c:program filesVirtualDubMod
2009-07-02 13:49 . 2009-07-02 13:49 43984 —-a-w- c:documents and settingsMufasaLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-02 13:05 . 2009-07-02 13:05 552 —-a-w- c:windowssystem32d3d8caps.dat
2009-07-02 12:42 . 2009-07-02 12:42

---

d

---

w- c:program filesmicrosoft frontpage
2009-07-02 12:39 . 2009-07-02 12:39

---

d

---

w- c:program filesUkraine
2009-07-02 12:34 . 2009-07-02 12:34 22564 —-a-w- c:windowssystem32emptyregdb.dat
2009-07-02 12:34 . 2009-07-02 12:34

---

d

---

w- c:program filesWindows Media Connect 2
2009-06-21 04:46 . 2009-07-02 15:31 485920 —-a-w- c:windowssystem32nvuninst.exe
2009-06-16 14:15 . 2009-07-04 09:51 5095936 —-a-w- c:windowssystem32driversRtkHDAud.sys
2009-06-12 07:10 . 2009-07-04 09:51 17887232 —-a-w- c:windowsRTHDCPL.EXE
2009-06-10 04:28 . 2009-06-10 04:28 3510272 —-a-w- c:windowssystem32nvgames.dll
2009-06-10 04:28 . 2009-06-10 04:28 5890048 —-a-w- c:windowssystem32nvdispsr.dll
2009-06-10 04:28 . 2009-06-10 04:28 4022272 —-a-w- c:windowssystem32nvdisps.dll
2009-06-10 04:28 . 2009-06-10 04:28 86016 —-a-w- c:windowssystem32nvmctray.dll
2009-06-10 04:28 . 2009-06-10 04:28 168004 —-a-w- c:windowssystem32nvsvc32.exe
2009-06-10 04:28 . 2009-06-10 04:28 143360 —-a-w- c:windowssystem32nvcolor.exe
2009-06-10 04:28 . 2009-06-10 04:28 13758464 —-a-w- c:windowssystem32nvcpl.dll
2009-06-10 04:28 . 2009-06-10 04:28 229376 —-a-w- c:windowssystem32nvmccs.dll
2009-06-10 02:03 . 2009-06-10 02:03 671744 —-a-w- c:windowssystem32nvcuvid.dll
2009-06-10 02:03 . 2009-06-10 02:03 1720320 —-a-w- c:windowssystem32nvcuda.dll
2009-06-10 02:03 . 2009-06-10 02:03 1580550 —-a-w- c:windowssystem32nvdata.bin
2009-06-10 02:03 . 2009-06-10 02:03 1310720 —-a-w- c:windowssystem32nvcuvenc.dll
2009-06-10 02:03 . 2007-04-20 06:05 9998336 —-a-w- c:windowssystem32nvoglnt.dll
2009-06-10 02:03 . 2007-04-20 06:05 815104 —-a-w- c:windowssystem32nvapi.dll
2009-06-10 02:03 . 2007-04-20 06:05 8087712 —-a-w- c:windowssystem32driversnv4_mini.sys
2009-06-10 02:03 . 2007-04-20 06:05 5908608 —-a-w- c:windowssystem32nv4_disp.dll
2009-06-10 02:03 . 2007-04-20 06:05 151552 —-a-w- c:windowssystem32nvcodins.dll
2009-06-10 02:03 . 2007-04-20 06:05 151552 —-a-w- c:windowssystem32nvcod.dll
2009-06-09 10:43 . 2009-07-04 09:51 37376 —-a-w- c:windowssystem32RtkCoInstXP.dll
2009-06-03 10:02 . 2009-07-04 09:51 1482752 —-a-w- c:windowsRtlUpd.exe
2009-05-18 14:33 . 2009-05-18 14:33 23040 —-a-w- c:windowssystem32setup.exe
2009-05-18 14:33 . 2009-05-18 14:33 1571840 —-a-w- c:windowssystem32sfcfiles.dll
2009-05-18 14:31 . 2001-10-19 21:06 77891 —-a-w- c:windowssystem32usrmlnka.exe
2009-05-18 14:22 . 2009-05-18 14:22 330752 —-a-w- c:windowssystem32dmconfig.dll
2009-05-18 14:22 . 2009-05-18 14:22 799872 —-a-w- c:windowssystem32driversdmboot.sys
2009-05-18 14:22 . 2009-05-18 14:22 4096 —-a-w- c:windowssystem32wmvdmoe2.dll
2009-05-18 14:22 . 2009-05-18 14:22 4096 —-a-w- c:windowssystem32wmvdmod.dll
2009-05-18 14:22 . 2009-05-18 14:22 224768 —-a-w- c:windowssystem32dmadmin.exe
2009-05-18 14:22 . 2009-05-18 14:22 1329152 —-a-w- c:windowssystem32wmspdmoe.dll
2009-05-18 14:22 . 2009-05-18 14:22 603648 —-a-w- c:windowssystem32wmspdmod.dll
2009-05-18 14:22 . 2009-05-18 14:22 99840 —-a-w- c:windowssystem32wmpshell.dll
2009-05-18 14:22 . 2009-05-18 14:22 8273920 —-a-w- c:windowssystem32wmploc.dll
2009-05-18 14:22 . 2009-05-18 14:22 4096 —-a-w- c:windowssystem32wmsdmoe2.dll
2009-05-18 14:22 . 2009-05-18 14:22 4096 —-a-w- c:windowssystem32wmsdmod.dll
2009-05-18 14:22 . 2009-05-18 14:22 314880 —-a-w- c:windowssystem32wmpdxm.dll
2009-05-18 14:22 . 2009-05-18 14:22 242688 —-a-w- c:windowssystem32wmpasf.dll
2009-05-18 14:20 . 2009-07-02 12:35 561688 —-a-w- c:windowssystem32wuapi.dll
2009-05-18 14:19 . 2009-07-02 12:35 691712 —-a-w- c:windowssystem32inetcomm.dll
2009-05-18 08:40 . 2009-05-18 08:40 998400 —-a-w- c:windowssystem32syssetup.dll
2009-05-18 08:40 . 2009-05-18 08:40 219648 —-a-w- c:windowssystem32uxtheme.dll
2009-05-18 08:40 . 2009-05-18 08:40 991744 —-a-w- c:windowssystem32setupapi.dll
2009-05-06 22:57 . 2009-05-06 22:57 361600 —-a-w- c:windowssystem32driverstcpip.sys
2009-04-28 05:55 . 2009-04-28 05:55 70936 —-a-w- c:windowssystem32PhysXLoader.dll
2009-04-16 13:23 . 2009-07-04 09:51 540672 —-a-w- c:windowsRtlExUpd.dll
2009-04-15 04:32 . 2009-04-15 04:32 3072 —-a-w- c:windowssystem32xpsp4res.dll
2008-04-15 10:00 . 2009-07-02 12:40 251152 —ha-r- c:program filesntldr
2006-12-10 18:30 . 2009-07-02 12:40 225 —-a-r- c:program filesboot.ini
.

---

Sigcheck

---

[-] 2009-05-06 22:57 361600 B8F35C9F3938FCF8131E64918D2D447E c:windowssystem32driverstcpip.sys

[-] 2009-05-18 14:33 1571840 23B7818F8EAA620D51C6B8A46DE829CC c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-02-28 1828136]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-07-03 7975096]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-06-10 13758464]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-06-10 86016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-02-28 570664]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2009-04-15 1229640]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-04-14 433480]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2009-06-10 1657376]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2009-06-12 17887232]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE8_01″=»shell32» [X]
«IE8_02″=»advpack.dll» — c:windowssystem32advpack.dll [2009-05-18 128512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\DC++\DCPlusPlus.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=

R1 is-RKLLLdrv;is-RKLLLdrv;c:windowssystem32drivers39900678.sys [08.07.2009 18:13 148496]
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [14.07.2009 1:42 704384]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [14.07.2009 1:40 1267528]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [14.07.2009 1:40 31128]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [14.07.2009 1:42 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [14.07.2009 1:42 33888]
S1 SASKUTIL;SASKUTIL;??c:program filesSUPERAntiSpywareSASKUTIL.sys —> c:program filesSUPERAntiSpywareSASKUTIL.sys [?]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [04.07.2009 13:51 1684736]
S3 ATE_PROCMON;ATE_PROCMON;??c:program filesAnti Trojan EliteATEPMon.sys —> c:program filesAnti Trojan EliteATEPMon.sys [?]
S3 SDTHOOK;SDTHOOK;c:windowssystem32driversSDTHOOK.SYS [13.07.2009 16:47 42112]
S3 XenAntiSpywareFilter;10.07.200922:31;??c:tempRar$EX01.984XAS_4.4.2_Light ruXAF.sys —> c:tempRar$EX01.984XAS_4.4.2_Light ruXAF.sys [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsNewUserCustom]
%SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSectionEx c:windowsINFcustom.inf,NewUserFirstLogonInstall,,4,N
.
— — — — ORPHANS REMOVED — — — —

Toolbar-ITBar7Position — (no file)

.

---

Supplementary Scan

---

.
uStart Page = hxxp://DreamLair.net
mStart Page = hxxp://DreamLair.net
IE: crawler search — tbr:iemenu
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {FEFCA3F8-E6B0-4FE9-A99F-134664B82F0F} = 213.135.128.2,213.135.128.9
Handler: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — c:progra~1CrawlerToolbarctbr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 03:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-329068152-492894223-1417001333-1004SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(2868)
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32webcheck.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.

---

Other Running Processes

---

.
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32IoctlSvc.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-07-13 3:30 — machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 23:30

Pre-Run: 3 535 118 336 байт свободно
Post-Run: 3 595 001 856 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
309

.

[Автор]

Сообщения