Созданные ответы форума
-
Сообщения
-
Здравствуйте Valeri.
просканировал комп.
вот результаты:
ComboFix 10-03-05.03 — Maz 06.03.2010 12:35:55.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1665 [GMT 6:00]
Running from: d:documents and settingsMazРабочий столComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:documents and settingsAll Users.WINDOWS.0Application DataMicrosoftNetworkDownloaderqmgr0.dat
d:documents and settingsAll Users.WINDOWS.0Application DataMicrosoftNetworkDownloaderqmgr1.dat
d:program filesINSTALL.LOG
d:program filesMail.RuAgentMradllnewmrasearch.dll
d:recyclerS-1-5-21-789336058-1844823847-682003330-1003
d:windows.0Delete.bat
d:windows.0system32Пузыри.scr
d:windows.0system32ssField Lines.scr
d:windows.0system32ssRibbons.scr
d:windows.0system32SYSINTERNALS_BLUESCREEN.SCR
d:windows.0system32Vb40016.dll
d:windows.0system32Vb40032.dll
d:windows.0system32VB6KO.DLL
d:windows.0system32vbrun100.dll
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.2010-03-05 22:04 . 2010-03-05 22:04
d
w- d:documents and settingsMazLocal SettingsApplication DataABBYY
2010-03-05 16:01 . 2010-03-05 20:37
d
w- d:documents and settingsEmelyaApplication DatauTorrent
2010-03-05 14:22 . 2010-03-05 14:31
d
w- d:documents and settingsEmelyaApplication DataAIMP
2010-03-05 13:59 . 2010-03-05 13:59
d
w- d:documents and settingsEmelyaApplication DataCorel
2010-03-05 13:57 . 2010-03-05 13:57
d
w- d:documents and settingsEmelyaLocal SettingsApplication DataMozilla
2010-03-05 13:55 . 2010-03-05 13:55
d
w- d:documents and settingsEmelyaApplication DataCyberLink
2010-03-05 13:09 . 2010-03-05 13:09
d
w- d:documents and settingsEmelyaLocal SettingsApplication DataOpera
2010-03-05 13:06 . 2008-07-09 07:58 26488 —-a-w- d:windows.0system32spupdsvc.exe
2010-03-05 13:05 . 2007-04-09 10:23 28552 —-a-w- d:windows.0system32Spoolprtprocsw32x86mdippr.dll
2010-03-05 13:05 . 2007-04-09 10:23 28040 —-a-w- d:windows.0system32mdimon.dll
2010-03-05 12:57 . 2010-03-05 12:57
d
w- d:program filesMSXML 4.0
2010-03-05 12:54 . 2010-03-05 21:01
d—h—w- d:windows.0$hf_mig$
2010-03-05 12:41 . 2009-06-15 10:45 79872 -c—-w- d:windows.0system32dllcachetelnet.exe
2010-03-05 12:41 . 2009-12-08 09:25 474112 -c—-w- d:windows.0system32dllcacheshlwapi.dll
2010-03-05 12:40 . 2009-11-27 17:13 17920 -c—-w- d:windows.0system32dllcachemsyuv.dll
2010-03-05 12:40 . 2009-11-27 17:13 1293312 -c—-w- d:windows.0system32dllcachequartz.dll
2010-03-05 12:40 . 2009-11-27 16:09 8704 -c—-w- d:windows.0system32dllcachetsbyuv.dll
2010-03-05 12:40 . 2009-11-27 16:09 48128 -c—-w- d:windows.0system32dllcacheiyuv_32.dll
2010-03-05 12:33 . 2009-12-04 18:22 455424 -c—-w- d:windows.0system32dllcachemrxsmb.sys
2010-03-05 12:29 . 2009-08-04 17:23 2147328 -c—-w- d:windows.0system32dllcachentkrnlmp.exe
2010-03-05 12:29 . 2009-08-04 17:23 2191104 -c—-w- d:windows.0system32dllcachentoskrnl.exe
2010-03-05 12:29 . 2009-08-04 17:23 2025984 -c—-w- d:windows.0system32dllcachentkrpamp.exe
2010-03-05 12:29 . 2009-07-31 04:35 1172480 -c—-w- d:windows.0system32dllcachemsxml3.dll
2010-03-05 12:28 . 2008-04-21 21:15 218624 -c—-w- d:windows.0system32dllcachewordpad.exe
2010-03-05 12:27 . 2010-03-05 12:46
d
w- d:program filestrend micro
2010-03-05 12:27 . 2010-03-05 12:28
d
w- D:rsit
2010-03-05 11:14 . 2010-03-05 11:14 80400 —-a-w- d:documents and settingsAll Users.WINDOWS.0Application DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736fssync.dll
2010-03-05 11:14 . 2010-03-05 11:14 80400 —-a-w- d:documents and settingsAll Users.WINDOWS.0Application DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736fssync.dll
2010-03-05 11:11 . 2010-03-05 11:11
d
w- d:documents and settingsMazApplication DataDivX
2010-03-05 11:11 . 2010-03-05 11:11
d
w- d:documents and settingsMazApplication DataMedia Player Classic
2010-03-05 11:08 . 2010-03-06 06:04
d
w- d:documents and settingsMazApplication DataAIMP
2010-03-05 06:53 . 2010-03-05 06:53
d
w- d:documents and settingsMazLocal SettingsApplication DataMozilla
2010-03-05 06:26 . 2010-03-05 06:30
d
w- d:documents and settingsMazApplication DatauTorrent
2010-03-05 06:22 . 2010-03-05 06:22
d
w- d:documents and settingsMazApplication DataCorel
2010-03-05 06:21 . 2010-03-05 20:41 65360 —-a-w- d:documents and settingsMazLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-05 06:21 . 2010-03-05 11:14
d
w- d:documents and settingsMazApplication DataMRA
2010-03-05 06:19 . 2010-01-28 20:20
d
r- d:documents and settingsMazГлавное меню
2010-03-05 06:19 . 2010-01-28 17:28
d—h—w- d:documents and settingsMazШаблоны
2010-03-05 06:19 . 2010-03-05 06:19
d
w- d:documents and settingsMaz
2010-03-04 21:21 . 2009-12-12 14:15 178176 —-a-w- d:windows.0system32unrar.dll
2010-03-04 21:21 . 2009-07-14 00:15 90112 —-a-w- d:windows.0system32dpl100.dll
2010-03-04 21:21 . 2009-07-14 00:15 685056 —-a-w- d:windows.0system32divx.dll
2010-03-04 21:21 . 2009-05-29 21:37 205824 —-a-w- d:windows.0system32xvidvfw.dll
2010-03-04 21:21 . 2009-05-29 21:31 881664 —-a-w- d:windows.0system32xvidcore.dll
2010-03-04 21:21 . 2008-11-06 16:37 3596288 —-a-w- d:windows.0system32qt-dx331.dll
2010-03-04 21:21 . 2004-01-25 16:18 217088 —-a-w- d:windows.0system32yv12vfw.dll
2010-03-04 21:21 . 2010-02-02 18:00 85504 —-a-w- d:windows.0system32ff_vfw.dll
2010-03-03 22:13 . 2010-03-03 22:13
d
w- d:documents and settingsAdminLocal SettingsApplication DataYandex
2010-03-03 22:13 . 2010-03-03 22:13
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataYandex
2010-03-03 22:13 . 2010-03-04 15:03
d
w- d:documents and settingsAdminApplication DataYandex
2010-03-03 22:13 . 2010-03-03 22:13
d
w- d:program filesYandex
2010-03-03 22:13 . 2010-03-03 22:13
d
w- d:documents and settingsAdminLocal SettingsApplication DataGoogle
2010-03-03 22:12 . 2010-03-05 16:01
d
w- d:program filesuTorrent
2010-03-03 22:12 . 2010-03-05 06:17
d
w- d:documents and settingsAdminApplication DatauTorrent
2010-03-03 14:26 . 2010-03-03 14:26 95259 —-a-w- d:windows.0system32driversklick.dat
2010-03-03 14:26 . 2010-03-03 14:26 108059 —-a-w- d:windows.0system32driversklin.dat
2010-03-03 14:26 . 2010-03-06 06:45
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataKaspersky Lab
2010-03-03 14:26 . 2010-03-03 14:26
d
w- d:program filesKaspersky Lab
2010-03-03 14:25 . 2010-03-03 14:25
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataKaspersky Lab Setup Files
2010-03-03 14:22 . 2010-03-03 16:35
d
w- d:documents and settingsAdminApplication DataMra
2010-03-03 14:22 . 2010-03-03 14:22
d
w- d:program filesMail.Ru
2010-03-03 12:42 . 2010-03-03 12:42
d
w- d:documents and settingsAdminApplication DataAVG8
2010-03-02 08:53 . 2010-03-05 22:05
d
w- d:program filesGarena
2010-03-02 06:36 . 2010-03-02 06:36
d
w- D:$AVG
2010-03-02 06:35 . 2010-03-02 06:35
d
w- d:program filesAVG
2010-03-02 06:35 . 2010-03-02 09:51
d
w- d:documents and settingsAll Users.WINDOWS.0Application Dataavg9
2010-03-02 05:28 . 2010-03-02 05:28 0 —-a-w- d:windows.0nsreg.dat
2010-03-02 05:28 . 2010-03-02 05:28
d
w- d:documents and settingsAdminLocal SettingsApplication DataMozilla
2010-03-02 04:41 . 2010-03-02 04:41
d
w- d:documents and settingsAdminLocal SettingsApplication DataOpera
2010-03-02 04:41 . 2010-03-02 04:41
d
w- d:program filesOpera
2010-02-25 12:03 . 2010-03-03 12:22
d
w- d:program filesCS16
2010-02-19 15:47 . 2010-02-19 15:47
d
w- d:documents and settingsAdminApplication DataCorel
2010-02-19 15:30 . 2010-02-19 15:30
d
w- d:program filesCommon FilesCorel
2010-02-19 15:30 . 2010-02-19 15:30
d
w- d:program filesCorel
2010-02-19 14:41 . 2007-10-23 06:27 110592 —-a-w- d:documents and settingsAdminApplication DataU3tempcleanup.exe
2010-02-19 14:41 . 2007-10-23 06:22 3350528 —ha-w- d:documents and settingsAdminApplication DataU3tempLaunchpad Removal.exe
2010-02-19 14:41 . 2010-02-20 17:19
d
w- d:documents and settingsAdminApplication DataU3
2010-02-18 23:25 . 2010-02-18 23:25
d
w- d:windows.0Sun
2010-02-14 18:56 . 2010-02-14 18:56
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataElectronic Arts
2010-02-14 16:22 . 2008-04-14 18:40 159232 —-a-w- d:windows.0system32ptpusd.dll
2010-02-14 16:22 . 2008-04-13 21:15 15104 -c—a-w- d:windows.0system32dllcacheusbscan.sys
2010-02-14 16:22 . 2008-04-13 21:15 15104 —-a-w- d:windows.0system32driversusbscan.sys
2010-02-14 16:22 . 2001-10-19 18:06 5632 —-a-w- d:windows.0system32ptpusb.dll
2010-02-14 16:17 . 2010-02-14 16:17
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataDAEMON Tools Lite
2010-02-14 15:53 . 2010-02-14 15:53
d
w- d:windows.0Logs
2010-02-07 09:34 . 2010-02-07 09:34 2915944 —-a-w- d:windows.0system32driversappdrv01.sys
2010-02-07 09:34 . 2010-02-07 09:34 304528 —-a-w- d:windows.0system32appdrvrem01.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 06:46 . 2008-04-15 12:00 76880 —-a-w- d:windows.0system32perfc019.dat
2010-03-06 06:46 . 2008-04-15 12:00 448696 —-a-w- d:windows.0system32perfh019.dat
2010-03-06 06:45 . 2010-01-28 21:05
d
w- d:program fileslg_fwupdate
2010-03-06 06:43 . 2010-01-28 21:19 17488 —-a-w- d:windows.0gdrv.sys
2010-03-06 06:26 . 2010-01-28 21:23
d
w- d:program filesdistr
2010-03-05 13:37 . 2010-03-05 06:29
d
w- d:documents and settingsEmelyaApplication DataMRA
2010-03-05 13:09 . 2010-03-05 06:29 65360 —-a-w- d:documents and settingsEmelyaLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-05 11:09 . 2009-12-29 10:46
d
w- d:program filesAIMP2
2010-03-05 06:29 . 2010-03-05 06:29
d
w- d:documents and settingsEmelyaApplication DataATI
2010-03-05 06:20 . 2010-03-05 06:20
d
w- d:documents and settingsMazApplication DataATI
2010-03-05 05:56 . 2010-01-30 15:40
d
w- d:documents and settingsAdminApplication DataAIMP
2010-03-04 21:22 . 2010-01-15 15:12
d
w- d:program filesK-Lite Codec Pack
2010-03-02 08:33 . 2009-12-29 10:29
d—h—w- d:program filesInstallShield Installation Information
2010-02-22 02:25 . 2010-01-30 14:12 138184 —-a-w- d:windows.0system32driversPnkBstrK.sys
2010-02-22 02:25 . 2010-01-30 14:12 183112 —-a-w- d:windows.0system32PnkBstrB.exe
2010-02-20 01:58 . 2009-12-30 08:57
d
w- d:program filesElectronic Arts
2010-02-19 15:47 . 2010-01-28 19:03 65360 —-a-w- d:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-02-19 15:30 . 2009-12-29 10:28
d
w- d:program filesCommon FilesInstallShield
2010-02-19 01:24 . 2009-12-29 10:43
d
w- d:program filesCoD6
2010-02-02 05:45 . 2010-01-28 19:19
d
w- d:program filesLight Alloy
2010-01-30 19:43 . 2010-01-28 17:32 86339 —-a-w- d:windows.0pchealthhelpctrOfflineCacheindex.dat
2010-01-30 15:15 . 2010-01-30 15:15
d
w- d:documents and settingsAdminApplication DataNero
2010-01-30 15:14 . 2010-01-30 15:14
d
w- d:program filesAhead
2010-01-30 15:14 . 2010-01-30 15:14
d
w- d:program filesCommon FilesAhead
2010-01-30 14:12 . 2010-01-30 14:12 66872 —-a-w- d:windows.0system32PnkBstrA.exe
2010-01-29 10:14 . 2010-01-29 10:14
d
w- d:program filesDirectX
2010-01-29 10:08 . 2010-01-29 10:08
d
w- d:documents and settingsAdminApplication DataeCity2_1
2010-01-28 21:59 . 2010-01-28 21:59
d
w- d:documents and settingsAdminApplication DataMedia Player Classic
2010-01-28 21:54 . 2010-01-28 21:49
d
w- d:program filesABBYY Lingvo 12
2010-01-28 21:51 . 2010-01-28 21:51
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataABBYY
2010-01-28 21:41 . 2010-01-28 20:59
d
w- d:documents and settingsAdminApplication DataCyberLink
2010-01-28 21:30 . 2010-01-28 20:57
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataCyberLink
2010-01-28 21:27 . 2010-01-28 21:27
d
w- d:program filesCommon FilesAdobe
2010-01-28 21:14 . 2010-01-28 21:14 53319 —-a-w- d:documents and settingsAll Users.WINDOWS.0Application DataTemp{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}PostBuild.exe
2010-01-28 21:13 . 2010-01-28 21:13
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataNorton
2010-01-28 21:12 . 2010-01-28 21:12
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataNortonInstaller
2010-01-28 21:03 . 2010-01-28 21:03
d
w- d:program filesNero
2010-01-28 21:03 . 2010-01-28 21:03
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataNero
2010-01-28 21:01 . 2010-01-28 21:01 36864 —-a-w- d:documents and settingsAll Users.WINDOWS.0Application DataTemp{01FB4998-33C4-4431-85ED-079E3EEFE75D}PostBuild.exe
2010-01-28 20:56 . 2010-01-28 20:56
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataTemp
2010-01-28 20:56 . 2010-01-28 20:56 53319 —-a-w- d:documents and settingsAll Users.WINDOWS.0Application DataTemp{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}PostBuild.exe
2010-01-28 19:59 . 2010-01-28 19:59 8854 —-a-r- d:documents and settingsAdminApplication DataMicrosoftInstaller{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}UNINST_Uninstall_Gam_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2010-01-28 19:59 . 2010-01-28 19:59 40960 —-a-r- d:documents and settingsAdminApplication DataMicrosoftInstaller{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}NewShortcut1_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2010-01-28 19:59 . 2010-01-28 19:59 40960 —-a-r- d:documents and settingsAdminApplication DataMicrosoftInstaller{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}HUD.exe_8FE4D08663BD44EB882CC7EA5A1EF016.exe
2010-01-28 19:59 . 2010-01-28 19:59 1150 —-a-r- d:documents and settingsAdminApplication DataMicrosoftInstaller{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}ARPPRODUCTICON.exe
2010-01-28 19:03 . 2010-01-28 19:03
d
w- d:documents and settingsAll Users.WINDOWS.0Application DataATI
2010-01-28 19:03 . 2010-01-28 19:03
d
w- d:documents and settingsAdminApplication DataATI
2010-01-28 19:02 . 2010-01-28 19:02 0 —-a-w- d:windows.0ativpsrm.bin
2010-01-28 18:54 . 2010-01-28 18:54 9158 —-a-r- d:documents and settingsAdminApplication DataMicrosoftInstaller{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}ARPPRODUCTICON.exe
2010-01-28 17:44 . 2010-01-28 17:44 552 —-a-w- d:windows.0system32d3d8caps.dat
2010-01-28 17:36 . 2010-01-28 17:36
d
w- d:program filesVistaDriveIcon
2010-01-28 17:36 . 2010-01-28 17:36 717296 —-a-w- d:windows.0system32driverssptd.sys
2010-01-28 17:36 . 2010-01-28 17:36
d—a-w- d:program filesPaint.NET
2010-01-28 17:35 . 2010-01-28 17:35 410976 —-a-w- d:windows.0system32deploytk.dll
2010-01-28 17:35 . 2010-01-28 17:35
d
w- d:program filesJava
2010-01-28 17:29 . 2010-01-28 17:29 22564 —-a-w- d:windows.0system32emptyregdb.dat
2010-01-28 17:29 . 2010-01-28 17:28
d
w- d:program filesWindows Media Connect 2
2010-01-17 18:21 . 2010-01-17 18:21
d
w- d:program filesBuka
2010-01-12 15:10 . 2010-01-12 15:10
d
w- d:program filesPES 2009
2010-01-12 09:35 . 2010-01-12 09:35
d
w- d:program filesМои документы
2010-01-12 08:37 . 2010-01-12 08:37
d
w- d:program filesMicrosoft Works
2010-01-12 08:37 . 2010-01-12 08:37
d
w- d:program filesMicrosoft.NET
2010-01-08 00:48 . 2009-12-29 12:59
d
w- d:program filesCommon FilesNero
2010-01-06 19:20 . 2010-01-06 19:20
d
w- d:program filesPCGAME
2010-01-06 19:16 . 2010-01-06 19:16
d
w- d:program filesLG Electronics
2010-01-05 09:48 . 2008-10-24 20:38 841216 —-a-w- d:windows.0system32wininet.dll
2010-01-05 09:48 . 2008-04-15 12:00 78336 —-a-w- d:windows.0system32ieencode.dll
2010-01-05 09:48 . 2008-10-24 20:32 17408 —-a-w- d:windows.0system32corpol.dll
2010-01-01 07:58 . 2008-10-24 20:27 353792 —-a-w- d:windows.0system32driverssrv.sys
2009-12-14 07:10 . 2008-04-15 12:00 33280 —-a-w- d:windows.0system32csrsrv.dll
.
Sigcheck
[-] 2008-10-24 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . d:windows.0system32driverstcpip.sys[-] 2008-10-24 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . d:windows.0system32user32.dll
[-] 2008-10-24 . 89F87645A856F6712E6225079B7931F4 . 1721344 . . [6.00.2900.5512] . . d:windows.0explorer.exe
[-] 2008-10-24 . E52BB415E3A7106E0308A6EE75219F30 . 1571840 . . [5.1.2600.5512] . . d:windows.0system32sfcfiles.dll
[-] 2008-10-24 . 08DD489E663B992B188166951AD131E0 . 30208 . . [5.1.2600.5512] . . d:windows.0system32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «d:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersNBHShellExt]
@=»{8D2223A2-B3C6-4e32-B096-CDD11F628C60}»
[HKEY_CLASSES_ROOTCLSID{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 14:39 97064 —-a-w- d:program filesNeroNero8InCDNBHShx.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»d:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«StartCCC»=»d:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2009-01-13 18084864]
«UpdateLBPShortCut»=»d:program filesCyberLinkLabelPrintMUITransferMUIStartMenu.exe» [2008-12-03 218408]
«RemoteControl»=»d:program filesCyberLinkPowerDVDPDVDServ.exe» [2007-03-14 71216]
«LanguageShortcut»=»d:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-08 52256]
«UCam_Menu»=»d:program filesCyberLinkYouCamMUITransferMUIStartMenu.exe» [2008-12-03 218408]
«NeroFilterCheck»=»d:windows.0system32NeroCheck.exe» [2006-01-12 155648]
«LGODDFU»=»d:program fileslg_fwupdatefwupdate.exe» [2008-10-01 548864]
«SecurDisc»=»d:program filesNeroNero8InCDNBHGui.exe» [2008-02-28 2049320]
«UpdatePSTShortCut»=»d:program filesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe» [2009-05-07 210216]
«ioCentre»=»d:geniusioCentregTaskBar.exe» [2006-12-08 241664]
«Adobe Reader Speed Launcher»=»d:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 40048]
«Lingvo Launcher»=»d:program filesABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«MAgent»=»d:program filesMail.RuAgentMAgent.exe» [2010-03-03 8746680]
«AVP»=»d:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe» [2009-10-20 340456][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windows.0system32CTFMON.EXE» [2008-10-24 30208]
«VistaIcon»=»d:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2010-01-05 124928]
«IE7_012″=»advpack.dll» [2010-01-05 124928]d:documents and settingsAdminѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
GIGABYTE Gamer HUD Lite.lnk — d:program filesGigabyteGamer HUD LiteHUD.exe [2009-1-9 1687552][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Electronic Arts\EADM\Core.exe»=
«d:\Program Files\Garena\Garena.exe»=
«d:\Program Files\Opera\opera.exe»=
«d:\Program Files\uTorrent\uTorrent.exe»=
«d:\Program Files\CS16\hl.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;d:windows.0system32driversklbg.sys [14.10.2009 20:18 36880]
R0 sptd;sptd;d:windows.0system32driverssptd.sys [28.01.2010 23:36 717296]
R1 appdrv01;Application Driver (01);d:windows.0system32driversappdrv01.sys [07.02.2010 15:34 2915944]
R2 ES lite Service;ES lite Service for program management.;d:program filesGigabyteEasySaveressvr.exe [29.12.2009 16:36 68136]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:program filesNeroNero8InCDNBHRegInCDSrv.exe [28.02.2008 20:39 53032]
R3 gMouPS2;PS2 Scroll Mouse Device;d:windows.0system32driversgMouPS2.sys [29.01.2010 3:16 17408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:windows.0system32driversklim5.sys [14.09.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:windows.0system32driversklmouflt.sys [02.10.2009 18:39 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;d:windows.0system32driversl1c51x86.sys [29.01.2010 2:13 39424]
S2 appdrvrem01;Application Driver Auto Removal Service (01);d:windows.0System32appdrvrem01.exe svc —> d:windows.0System32appdrvrem01.exe svc [?]
S3 GarenaPEngine;GarenaPEngine;??d:docume~1MazLOCALS~1TempTZZD5.tmp —> d:docume~1MazLOCALS~1TempTZZD5.tmp [?]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yandex.ru/
IE: &Экспорт в Microsoft Excel — d:progra~1MICROS~3OFFICE11EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — d:program filesMail.RuAgentmagent.exe
FF — ProfilePath — d:documents and settingsMazApplication DataMozillaFirefoxProfiles8n7zz0wm.default
FF — component: d:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: d:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: d:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: d:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: d:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: d:program filesOperaprogrampluginsnprpjplug.dll
FF — plugin: d:program filesOperaprogrampluginsnprpjplug.dll—- FIREFOX POLICIES —-
d:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
d:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
d:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
d:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
d:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
d:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
d:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
d:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
d:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
d:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
d:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
d:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
d:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
d:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.
— — — — ORPHANS REMOVED — — — —Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 12:44
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spak.sys >>UNKNOWN [0x89BC1938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf763bf28
DriverACPI -> ACPI.sys @ 0xf7496cb8
Driveratapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66b2
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66b2
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Atheros AR8131 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7b3abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47a21
SendHandler -> NDIS.sys @ 0xf7b2587b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1072)
d:windows.0system32SETUPAPI.dll
d:windows.0system32Ati2evxx.dll
d:windows.0system32COMRes.dll
d:windows.0system32cscui.dll— — — — — — — > ‘lsass.exe'(1128)
d:windows.0system32setupapi.dll— — — — — — — > ‘explorer.exe'(832)
d:windows.0system32SHDOCVW.dll
d:windows.0system32WININET.dll
d:windows.0system32COMRes.dll
d:program filesNeroNero8InCDNBHShx.dll
d:program filesNeroNero8InCDNBHStr.dll
d:program filesCommon FilesNeroSharedNL3AdvrCntr3.dll
d:windows.0system32SETUPAPI.dll
d:windows.0System32cscui.dll
d:program filesABBYY Lingvo 12LvHook.dll
d:windows.0system32msi.dll
d:windows.0system32NETSHELL.dll
d:windows.0system32wpdshserviceobj.dll
d:windows.0system32portabledevicetypes.dll
d:windows.0system32portabledeviceapi.dll
.
Other Running Processes
.
d:windows.0system32Ati2evxx.exe
d:windows.0system32Ati2evxx.exe
d:program filesNeroNero8InCDInCDsrv.exe
d:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
d:windows.0system32PnkBstrA.exe
d:program filesCyberLinkShared FilesRichVideo.exe
d:windows.0system32wscntfy.exe
d:windows.0RTHDCPL.EXE
d:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
d:geniusioCentregMouseTask.exe
d:geniusioCentregKbdTask.exe
d:geniusioCentregAutoPan.exe
d:geniusioCentregAutoScroll.exe
d:geniusioCentregZoom.exe
d:geniusioCentregMGlass.exe
d:geniusioCentregIMMgm.exe
d:geniusioCentregDeskMgm.exe
d:geniusioCentregTaskSwitch.exe
d:program filesATI TechnologiesATI.ACECore-Staticccc.exe
.
**************************************************************************
.
Completion time: 2010-03-06 12:49:50 — machine was rebooted
ComboFix-quarantined-files.txt 2010-03-06 06:49Pre-Run: 203 929 952 256 байт свободно
Post-Run: 205 002 059 776 байт свободно— — End Of File — — F1858747AC594D416AB8C30C1814E956
