SPYWARE-RU.COM

Созданные ответы форума

Просмотр 4 сообщений - с 1 по 4 (из 4 всего)

Автор

Сообщения
24 апреля, 2009 в 10:52 дп в ответ на: Некоректно работает Диспетчер задач #23570
Shin
Participant
- Темы:1
- Сообщений:5
Все работает нормально. Большое спасибо за помощь 🙂
23 апреля, 2009 в 4:29 пп в ответ на: Некоректно работает Диспетчер задач #23569
Shin
Participant
- Темы:1
- Сообщений:5
Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver «ovfsthxnhbdexxr» found!
ImagePath: systemrootsystem32driversovfsthxqocvkebe.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver «ovfsthxnhbdexxr» deleted successfully.

Error: registry key «HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr» not found!
Deletion of registry key «HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

File «c:windowssystem32driversovfsthxqocvkebe.sys» deleted successfully.
File «c:windowssystem32ovfsthxofnscogv.dll» deleted successfully.
File «c:windowssystem32ovfsthxpiksfbax.dll» deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix:
ComboFix 09-04-23.A3 — 1 23.04.2009 20:21.9 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1307 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.

2009-04-23 15:37 . 2009-04-23 15:52 23552 —-a-w c:windowssystem32ruts.exe
2009-04-23 15:13 . 2009-04-23 15:13

d

w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45

d

w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01

d

w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 16:17 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 16:17 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 16:17 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 16:17 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06

d

w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 16:18 65536

w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08

d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49

d

w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33

d

w c:users1AppDataRoamingInstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:23 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 16:23 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 16:18 . 2009-04-23 16:18 2280 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09

d

w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00

d

w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20

d

w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48

d

w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32

d

w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09

d

w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09

d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38

d

w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18

d

w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00

d

w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09

d

w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43

d

w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22

d

w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22

d

w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48

d

w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47

d

w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40

d

w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50

d

w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41

d

w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((( SnapShot_200 .
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 + 2008-01-21 01:56 . 2009-04-23 16:20 38816 + 2006-11-02 13:03 . 2009-04-23 16:20 98984 + 2006-11-02 07:29 . 2006-09-18 21:27 19429 — 2008-12-10 16:01 . 2009-04-23 15:26 16384 + 2008-12-10 16:01 . 2009-04-23 16:20 16384 + 2008-12-10 16:01 . 2009-04-23 16:20 32768 — 2008-12-10 16:01 . 2009-04-23 15:26 32768 — 2008-12-10 16:01 . 2009-04-23 15:26 16384 + 2008-12-10 16:01 . 2009-04-23 16:20 16384 + 2008-12-10 16:04 . 2009-04-23 16:20 7988 — 2009-04-23 15:22 . 2009-04-23 15:22 2048 + 2009-04-23 16:17 . 2009-04-23 16:18 2048 + 2009-04-23 16:17 . 2009-04-23 16:18 2048 — 2009-04-23 15:22 . 2009-04-23 15:22 2048 + 2006-11-02 10:33 . 2009-04-23 16:02 586980 — 2006-11-02 10:33 . 2009-04-23 14:56 586980 + 2006-11-02 10:33 . 2009-04-23 16:02 101052 — 2006-11-02 10:33 . 2009-04-23 14:56 101052 + 2006-11-02 12:42 . 2009-04-23 15:53 262144 — 2006-11-02 12:42 . 2009-04-22 14:31 262144 — 2006-11-02 12:46 . 2009-04-23 15:25 262144 + 2006-11-02 12:46 . 2009-04-23 16:20 262144 — 2006-11-02 12:46 . 2009-04-23 15:24 262144 + 2006-11-02 12:46 . 2009-04-23 16:21 262144 .
((((((((((((((((((((((((((((((((((((( .
.
*Note* empty entries & legit default REGEDIT4 9-04-23_15.27.36 )))))))))))))))))))))))))))))))))))))))))
c:windowswinsxsx86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440msdtcvtr.bat
c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
c:windowsSystem32MsdtcTracemsdtcvtr.bat
c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2572017069-2101235274-472651915-1000_UserData.bin
c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
c:windowsSystem32perfh009.dat
c:windowsSystem32perfh009.dat
c:windowsSystem32perfc009.dat
c:windowsSystem32perfc009.dat
c:windowsSystem32configsystemprofilentuser.dat
c:windowsSystem32configsystemprofilentuser.dat
c:windowsServiceProfilesNetworkServiceNTUSER.DAT
c:windowsServiceProfilesNetworkServiceNTUSER.DAT
c:windowsServiceProfilesLocalServiceNTUSER.DAT
c:windowsServiceProfilesLocalServiceNTUSER.DAT
Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
entries are not shown

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872]

.
Contents of the ‘Scheduled Tasks’ folder

2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]

2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.

Supplementary Scan

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {5D70B13B-2A9C-49A3-9786-879696C7D2F8} = 195.34.32.116 212.188.4.10
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 20:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘Explorer.exe'(3284)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Completion time: 2009-04-23 20:24
ComboFix-quarantined-files.txt 2009-04-23 16:24
ComboFix2.txt 2009-04-23 16:00
ComboFix3.txt 2009-04-23 15:28
ComboFix4.txt 2009-04-23 09:54
ComboFix5.txt 2009-04-23 16:21

Pre-Run: 24 604 323 840 байт свободно
Post-Run: 24 455 213 056 байт свободно

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,4,5,6
287 — E O F — 2009-04-23 15:17
23 апреля, 2009 в 4:07 пп в ответ на: Некоректно работает Диспетчер задач #23567
Shin
Participant
- Темы:1
- Сообщений:5
ComboFix 09-04-23.A3 — 1 23.04.2009 19:53.8 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1254 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
Command switches used :: c:users1DesktopCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxcwtcbtcj.dat
c:windowssystem32ovfsthxofnscogv.dll
c:windowssystem32ovfsthxpgujrsbp.dll
c:windowssystem32ovfsthxpiksfbax.dll
c:windowssystem32ovfsthxviqnfiwe.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxcwtcbtcj.dat
c:windowssystem32ovfsthxpgujrsbp.dll
c:windowssystem32ovfsthxviqnfiwe.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.

2009-04-23 15:37 . 2009-04-23 15:52 23552 —-a-w c:windowssystem32ruts.exe
2009-04-23 15:13 . 2009-04-23 15:13

d

w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45

d

w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01

d

w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 15:56 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 15:56 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 15:56 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 15:56 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06

d

w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 15:57 0

w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08

d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49

d

w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33

d

w c:users1AppDataRoamingInstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:29 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 15:29 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 14:32 . 2009-04-23 14:32 1166 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09

d

w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00

d

w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20

d

w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48

d

w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32

d

w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09

d

w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09

d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38

d

w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18

d

w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00

d

w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09

d

w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43

d

w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22

d

w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22

d

w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48

d

w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47

d

w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40

d

w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50

d

w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41

d

w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((( SnapShot_2009-04-23_15.27.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowswinsxsx86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440msdtcvtr.bat
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowsSystem32MsdtcTracemsdtcvtr.bat
— 2006-11-02 10:33 . 2009-04-23 14:56 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 15:29 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 15:29 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-04-23 14:56 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 12:42 . 2009-04-22 14:31 262144 c:windowsSystem32configsystemprofilentuser.dat
+ 2006-11-02 12:42 . 2009-04-23 15:53 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:46 . 2009-04-23 15:25 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:57 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:57 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
— 2006-11-02 12:46 . 2009-04-23 15:24 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872]

— Other Services/Drivers In Memory —

*Deregistered* — sptd
.
Contents of the ‘Scheduled Tasks’ folder

2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]

2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.

Supplementary Scan

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {5D70B13B-2A9C-49A3-9786-879696C7D2F8} = 195.34.32.116 212.188.4.10
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:windowssystem32driversovfsthxqocvkebe.sys 84992 bytes executable
c:windowssystem32ovfsthxofnscogv.dll 19456 bytes executable
c:windowssystem32ovfsthxpiksfbax.dll 19456 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr]
«imagepath»=»systemrootsystem32driversovfsthxqocvkebe.sys»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘Explorer.exe'(2864)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.

Other Running Processes

.
c:windowsSystem32nvvsvc.exe
c:windowsSystem32audiodg.exe
c:windowsSystem32rundll32.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowsSystem32PnkBstrA.exe
c:windowsSystem32iashost.exe
c:windowsSystem32conime.exe
c:windowsSystem32rundll32.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:windowsservicingTrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-23 20:00 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 16:00
ComboFix2.txt 2009-04-23 15:28
ComboFix3.txt 2009-04-23 09:54
ComboFix4.txt 2009-04-22 14:35
ComboFix5.txt 2009-04-23 15:53

Pre-Run: 24 811 577 344 байт свободно
Post-Run: 24 557 723 648 байт свободно

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
313 — E O F — 2009-04-23 15:17
23 апреля, 2009 в 3:30 пп в ответ на: Некоректно работает Диспетчер задач #23564
Shin
Participant
- Темы:1
- Сообщений:5
ComboFix 09-04-22.A23 — 1 23.04.2009 19:24.7 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1404 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-23 15:13 . 2009-04-23 15:13

d

w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45

d

w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01

d

w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 15:20 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 15:20 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 15:20 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 15:20 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32

d

w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29

d

w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49

d

w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06

d

w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 15:22 65536

w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08

d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49

d

w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33

d

w c:users1AppDataRoamingInstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 14:56 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 14:56 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 14:32 . 2009-04-23 14:32 1166 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09

d

w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00

d

w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20

d

w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48

d

w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58

d

w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32

d

w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09

d

w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09

d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38

d

w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18

d

w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00

d

w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09

d

w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43

d

w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22

d

w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22

d

w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48

d

w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47

d

w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40

d

w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50

d

w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41

d

w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_10.28.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-04-23 15:24 38558 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-04-23 15:24 98512 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-12-10 16:01 . 2009-04-23 15:26 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-03 12:33 . 2008-12-03 12:33 47960 c:windowsMicrosoft.NETFrameworkv3.5ruMSBuild.resources.exe
+ 2008-12-03 12:33 . 2008-12-03 12:33 31576 c:windowsMicrosoft.NETFrameworkv3.5ruEdmGen.Resources.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 17248 c:windowsMicrosoft.NETFrameworkv3.5ruDataSvcUtil.resources.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 97280 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusDeleteTemp.exe
+ 2008-12-03 12:30 . 2008-12-03 12:30 27912 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusbaseline.dat
+ 2009-04-23 15:16 . 2009-04-23 15:16 53248 c:windowsassemblyGAC_MSILSystem.Web.Extensions.Design.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Extensions.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 28672 c:windowsassemblyGAC_MSILSystem.Web.Entity.resources3.5.0.0_ru_b77a5c561934e089System.Web.Entity.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILSystem.Web.Entity.Design.resources3.5.0.0_ru_b77a5c561934e089System.Web.Entity.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 32768 c:windowsassemblyGAC_MSILSystem.Web.DynamicData.resources3.5.0.0_ru_31bf3856ad364e35System.Web.DynamicData.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 94208 c:windowsassemblyGAC_MSILSystem.ServiceModel.Web.resources3.5.0.0_ru_31bf3856ad364e35System.ServiceModel.Web.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 36864 c:windowsassemblyGAC_MSILSystem.Net.resources3.5.0.0_ru_b03f5f7f11d50a3aSystem.Net.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILSystem.Management.Instrumentation.resources3.5.0.0_ru_b77a5c561934e089System.Management.Instrumentation.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 40960 c:windowsassemblyGAC_MSILSystem.DirectoryServices.AccountManagement.resources3.5.0.0_ru_b77a5c561934e089System.DirectoryServices.AccountManagement.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 81920 c:windowsassemblyGAC_MSILSystem.Data.Services.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 40960 c:windowsassemblyGAC_MSILSystem.Data.Services.Client.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.Client.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 65536 c:windowsassemblyGAC_MSILSystem.Data.Linq.resources3.5.0.0_ru_b77a5c561934e089System.Data.Linq.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 19456 c:windowsassemblyGAC_MSILSystem.Data.Entity.Design.resources3.5.0.0_ru_b77a5c561934e089System.Data.Entity.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 73728 c:windowsassemblyGAC_MSILSystem.Core.resources3.5.0.0_ru_b77a5c561934e089System.Core.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILMicrosoft.Build.Utilities.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Utilities.v3.5.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 81920 c:windowsassemblyGAC_MSILMicrosoft.Build.Engine.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Engine.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13824 c:windowsassemblyGAC_MSILMicrosoft.Build.Conversion.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Conversion.v3.5.resources.dll
+ 2008-12-10 16:04 . 2009-04-23 15:24 7596 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2572017069-2101235274-472651915-1000_UserData.bin
— 2009-04-22 09:37 . 2009-04-22 09:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2009-04-22 09:37 . 2009-04-22 09:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2008-12-03 12:33 . 2008-12-03 12:33 6144 c:windowsMicrosoft.NETFrameworkv3.5ruMicrosoft.Data.Entity.Build.Tasks.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 9216 c:windowsassemblyGAC_MSILSystem.Xml.Linq.resources3.5.0.0_ru_b77a5c561934e089System.Xml.Linq.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 3584 c:windowsassemblyGAC_MSILSystem.Windows.Presentation.resources3.5.0.0_ru_b77a5c561934e089System.Windows.Presentation.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 8704 c:windowsassemblyGAC_MSILSystem.Web.Routing.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Routing.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 4096 c:windowsassemblyGAC_MSILSystem.Web.DynamicData.Design.resources3.5.0.0_ru_31bf3856ad364e35System.Web.DynamicData.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 3584 c:windowsassemblyGAC_MSILSystem.Web.Abstractions.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Abstractions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 8704 c:windowsassemblyGAC_MSILSystem.Data.Services.Design.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.Design.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 5632 c:windowsassemblyGAC_MSILSystem.Data.DataSetExtensions.resources3.5.0.0_ru_b77a5c561934e089System.Data.DataSetExtensions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 9216 c:windowsassemblyGAC_MSILSystem.ComponentModel.DataAnnotations.resources3.5.0.0_ru_31bf3856ad364e35System.ComponentModel.DataAnnotations.Resources.dll
+ 2006-11-02 10:33 . 2009-04-23 14:56 586980 c:windowsSystem32perfh009.dat
— 2006-11-02 10:33 . 2009-04-22 09:44 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 14:56 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-04-22 09:44 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 12:42 . 2009-04-21 19:58 262144 c:windowsSystem32configsystemprofilentuser.dat
+ 2006-11-02 12:42 . 2009-04-22 14:31 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:46 . 2009-04-22 10:18 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:25 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
— 2006-11-02 12:46 . 2009-04-22 10:18 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:24 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2008-12-03 12:33 . 2008-12-03 12:33 180224 c:windowsMicrosoft.NETFrameworkv3.5ruMicrosoft.Build.Tasks.v3.5.resources.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 984056 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusWapUI.dll
+ 2008-12-03 08:41 . 2008-12-03 08:41 104768 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusWapRes.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 689152 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvsscenario.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 413184 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvsbasereqs.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 632320 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvs70uimgr.dll
+ 2008-12-03 08:41 . 2008-12-03 08:41 121672 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetupres.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 269304 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
+ 2008-12-03 12:33 . 2008-12-03 12:33 181064 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusRebootStub.exe
+ 2008-12-03 08:39 . 2008-12-03 08:39 177152 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusHtmlLite.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 276984 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusdlmgr.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 250688 c:windowsMicrosoft.NETFrameworkv3.51049vbc7ui.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 185160 c:windowsMicrosoft.NETFrameworkv3.51049cscompui.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 114688 c:windowsassemblyGAC_MSILSystem.WorkflowServices.resources3.5.0.0_ru_31bf3856ad364e35System.WorkflowServices.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 659456 c:windowsassemblyGAC_MSILSystem.Web.Extensions.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Extensions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 475136 c:windowsassemblyGAC_MSILSystem.Data.Entity.resources3.5.0.0_ru_b77a5c561934e089System.Data.Entity.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 180224 c:windowsassemblyGAC_MSILMicrosoft.Build.Tasks.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Tasks.v3.5.resources.dll
— 2006-11-02 10:22 . 2009-04-21 12:23 6553600 c:windowsSystem32SMIStoreMachineSCHEMA.DAT
+ 2006-11-02 10:22 . 2009-04-23 15:20 6553600 c:windowsSystem32SMIStoreMachineSCHEMA.DAT
+ 2008-12-03 08:39 . 2008-12-03 08:39 1054208 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvs_setup.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 1364992 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusSITSetup.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 1064448 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusgencomp.dll
+ 2008-01-21 05:28 . 2009-04-23 15:20 93227918 c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872]

.
Contents of the ‘Scheduled Tasks’ folder

2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]

2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.

Supplementary Scan

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:windowssystem32driversovfsthxqocvkebe.sys 84992 bytes executable
c:windowssystem32ovfsthxcwtcbtcj.dat 491245 bytes
c:windowssystem32ovfsthxofnscogv.dll 19456 bytes executable
c:windowssystem32ovfsthxpgujrsbp.dll 61952 bytes executable
c:windowssystem32ovfsthxpiksfbax.dll 19456 bytes executable
c:windowssystem32ovfsthxviqnfiwe.dat 43 bytes
c:users1AppDataLocalTempcatchme.dll 53248 bytes executable

scan completed successfully
hidden files: 7

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr]
«imagepath»=»systemrootsystem32driversovfsthxqocvkebe.sys»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘Explorer.exe'(2996)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Completion time: 2009-04-23 19:28
ComboFix-quarantined-files.txt 2009-04-23 15:28
ComboFix2.txt 2009-04-23 09:54
ComboFix3.txt 2009-04-22 14:35
ComboFix4.txt 2009-04-22 10:44
ComboFix5.txt 2009-04-23 15:24

Pre-Run: 23 446 769 664 байт свободно
Post-Run: 23 312 302 080 байт свободно

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
347 — E O F — 2009-04-23 15:17
Автор

Сообщения

Просмотр 4 сообщений - с 1 по 4 (из 4 всего)

Shin

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Этот параметр включен администратором

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Установлено в соответствии с корпоративным правилом (Удалить из Хрома)

Удалить вирус, всплывающие окна и рекламу в Mac OS X

Как удалить вредоносные программы, лучшие утилиты

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки