Созданные ответы форума
-
Сообщения
-
ComboFix 09-06-29.04 — Baruzdin 03.07.2009 18:18.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1280.814 [GMT 4:00]
Running from: c:documents and settingsBaruzdinРабочий столComboFix.exe
Command switches used :: c:documents and settingsBaruzdinРабочий столCFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsBaruzdinApplication DataAdSubscribe
c:documents and settingsBaruzdinApplication DataAdSubscribeAdSubscribe.dat
c:documents and settingsBaruzdinApplication DataAdSubscribeAdSubscribe.dll
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed1.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed10.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed11.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed12.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed13.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed14.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed15.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed2.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed3.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed4.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed5.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed6.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed7.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed8.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeed9.jpg
c:documents and settingsBaruzdinApplication DataAdSubscribeFeedfeed.xml
c:documents and settingsBaruzdinApplication DataAdSubscribeUninstall.exe.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.2009-07-02 10:51 . 2009-07-02 10:51
d
w- c:program filesCommon FilesPCSuite
2009-07-02 10:50 . 2009-07-02 10:50
d
w- c:program filesPC Connectivity Solution
2009-07-02 10:49 . 2009-07-02 10:49 34045136 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}Nokia_PC_Suite_7_1_30_9_rus.exe
2009-07-02 10:49 . 2009-07-02 10:49 95232 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionspcswpcsi.exe
2009-07-02 10:49 . 2009-07-02 10:49 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstCCD.exe
2009-07-02 10:49 . 2009-07-02 10:49 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-07-02 10:49 . 2009-07-02 10:49 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCS.exe
2009-07-01 07:45 . 2009-07-01 07:45
d
w- c:program filesMSXML 4.0
2009-06-30 17:30 . 2009-06-30 17:30
d
w- c:documents and settingsAll UsersApplication DataNokia
2009-06-30 17:27 . 2009-06-30 17:14 24503944 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}NokiaSoftwareUpdaterSetup_ru.exe
2009-06-30 17:27 . 2009-06-30 17:27
d
w- c:program filesMSXML 6.0
2009-06-30 17:27 . 2009-06-30 17:27 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsSleep.exe
2009-06-30 17:27 . 2009-06-30 17:27 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsmsxml6Exec.exe
2009-06-30 17:27 . 2009-06-30 17:27 3181612 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsvcredistExec.exe
2009-06-30 17:10 . 2009-06-30 17:10
d
w- c:documents and settingsBaruzdin??? ?????????
2009-06-30 17:07 . 2009-06-30 17:39
d-sh—w- c:documents and settingsBaruzdinPhone Browser
2009-06-30 17:05 . 2009-07-02 10:51
d
w- c:program filesCommon FilesNokia
2009-06-30 17:04 . 2009-07-02 10:51
d
w- c:program filesNokia
2009-06-30 11:47 . 2009-06-30 11:47
d
w- C:rsit
2009-06-29 14:11 . 2009-06-29 14:11
d
w- c:documents and settingsBaruzdinApplication DataThe Bat!
2009-06-29 14:11 . 2004-04-17 17:59 51200 —-a-w- c:windowstbat_del.exe
2009-06-29 13:57 . 2009-06-29 13:57
d
w- c:program filesNETBYNET
2009-06-29 13:22 . 2009-06-30 19:15
d
w- c:program filestrend micro
2009-06-23 12:05 . 2009-06-28 08:03
d
w- c:documents and settingsBaruzdinApplication DataFieryAds
2009-06-23 12:05 . 2009-06-23 12:05 293376 —-a-w- c:documents and settingsBaruzdinApplication DataFieryAdsFieryAdsUninstall.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 17:08 . 2009-02-15 13:41
d
w- c:program filesPartyGaming
2009-07-02 10:49 . 2009-05-31 14:46
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-07-01 16:18 . 2009-02-14 19:13
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-06-30 17:35 . 2009-05-31 14:51
d
w- c:documents and settingsBaruzdinApplication DataNokia
2009-06-30 12:34 . 2009-04-02 06:53
d
w- c:program filesOpera 10 Preview
2009-06-27 08:30 . 2009-04-20 09:34 87837 —-a-w- c:documents and settingsBaruzdinApplication Datafieryads.dat
2009-06-15 15:18 . 2009-05-13 06:53
d
w- c:documents and settingsBaruzdinApplication DataWebMoney
2009-06-04 13:18 . 2009-03-03 17:08
d
w- c:program filesWorld of Warcraft
2009-06-01 16:31 . 2009-05-31 14:51
d
w- c:documents and settingsBaruzdinApplication DataPC Suite
2009-05-31 18:51 . 2009-02-15 07:36 17928 —-a-w- c:documents and settingsBaruzdinLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-31 18:24 . 2009-02-21 16:54
d—h—w- c:program filesInstallShield Installation Information
2009-05-31 17:45 . 2009-05-31 17:44
d
w- c:documents and settingsBaruzdinApplication Dataavidemux
2009-05-31 17:40 . 2009-05-31 17:40
d
w- c:program filesAviSynth 2.5
2009-05-31 15:04 . 2001-10-20 12:00 70134 —-a-w- c:windowssystem32perfc019.dat
2009-05-31 15:04 . 2001-10-20 12:00 432488 —-a-w- c:windowssystem32perfh019.dat
2009-05-31 15:02 . 2009-05-31 15:02 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2009-05-31 15:02 . 2009-05-31 15:02 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-31 14:51 . 2009-05-31 14:51
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-05-31 14:49 . 2009-05-31 14:49
d
w- c:program filesDIFX
2009-05-31 14:48 . 2009-05-31 14:48 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstCCD.exe
2009-05-31 14:48 . 2009-05-31 14:48 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-05-31 14:48 . 2009-05-31 14:48 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstPCS.exe
2009-05-13 06:23 . 2009-05-13 06:23
d
w- c:program filesMicrosoft.NET
2009-05-13 05:49 . 2009-05-13 05:49
d
w- c:program filesWebMoney Advisor
2009-05-13 05:49 . 2009-05-13 05:49
d
w- c:program filesWebMoney Agent
2009-05-13 05:49 . 2009-05-13 05:47
d
w- c:program filesWebMoney
2009-05-12 14:09 . 2009-05-04 12:55
d
w- c:program filesInterVideo
2009-05-11 17:17 . 2009-05-11 17:17 304528 —-a-w- c:windowssystem32appdrvrem01.exe
2009-05-11 16:46 . 2009-05-11 16:46
d
w- c:documents and settingsBaruzdinApplication DataCapcom
2009-05-11 16:40 . 2009-05-11 16:40 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-05-07 15:44 . 2004-08-17 12:04 345088 —-a-w- c:windowssystem32localspl.dll
2009-04-29 04:47 . 2004-08-17 12:04 827392 —-a-w- c:windowssystem32wininet.dll
2009-04-29 04:47 . 2004-08-17 12:04 78336 —-a-w- c:windowssystem32ieencode.dll
2009-04-20 09:34 . 2009-04-20 09:34 30208 —-a-w- c:windowssystem32borlndmm.dll
2009-04-19 20:11 . 2004-08-17 11:54 1846784 —-a-w- c:windowssystem32win32k.sys
2009-04-15 15:18 . 2004-08-17 12:04 584192 —-a-w- c:windowssystem32rpcrt4.dll
.((((((((((((((((((((((((((((( SnapShot@2009-06-30_12.21.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 20:46 . 2006-12-01 20:46 65536 c:windowsWinSxSx86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549avcomp.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 49152 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80KOR.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 49152 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80JPN.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ITA.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80FRA.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ESP.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 57344 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ENU.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 65536 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80DEU.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 45056 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80CHT.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 40960 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80CHS.dll
+ 2008-09-30 12:45 . 2008-09-30 12:45 91656 c:windowsWinSxSx86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bcebmsxml4r.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 82432 c:windowsWinSxSx86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6amsxml4r.dll
+ 2009-07-03 14:22 . 2009-07-03 14:22 16384 c:windowsTempPerflib_Perfdata_648.dat
+ 2009-07-03 07:36 . 2009-07-03 07:36 16384 c:windowsTempPerflib_Perfdata_638.dat
+ 2009-05-31 14:49 . 2009-02-09 04:37 91136 c:windowssystem32nmwcdcls.dll
— 2009-05-31 14:49 . 2008-09-15 03:56 91136 c:windowssystem32nmwcdcls.dll
+ 2006-10-05 00:31 . 2006-10-05 00:31 79872 c:windowssystem32msxml6r.dll
+ 2003-04-18 12:29 . 2003-04-18 12:29 82432 c:windowssystem32msxml4r.dll
+ 2009-07-02 10:50 . 2008-08-26 06:26 18816 c:windowssystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 22016 c:windowssystem32DRVSTOREccdcmbo_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cccdcmbo.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 91136 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdcls.dll
+ 2009-07-02 10:50 . 2009-02-09 04:37 17664 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cccdcmb.sys
+ 2009-05-31 14:49 . 2008-08-26 06:26 18816 c:windowssystem32driverspccsmcfd.sys
— 2009-05-31 14:49 . 2008-08-26 05:26 18816 c:windowssystem32driverspccsmcfd.sys
+ 2009-06-30 17:27 . 2009-06-30 17:27 10134 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}ARPPRODUCTICON.exe
+ 2009-07-01 07:45 . 2009-07-01 07:45 32768 c:windowsInstaller{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}icon.exe
+ 2009-07-02 10:52 . 2009-07-02 10:52 15086 c:windowsInstaller{3D39E775-DDDA-4327-B747-0BDC5F191331}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-07-02 10:50 10134 c:windowsInstaller{0C973594-7DDF-4BD0-84ED-3517F7622037}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-03-19 10:48 8320 c:windowssystem32DRVSTOREnmwcdnsuc_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdnsuc.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 7808 c:windowssystem32DRVSTOREccdcmbm_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cusbser_lowerflt.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 7808 c:windowssystem32DRVSTOREccdcmbcj_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cusbser_lowerfltj.sys
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut34_E2CBBE559A074AF98E8596196B075190.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2009-07-02 10:50 . 2009-07-02 10:50 3262 c:windowsInstaller{52D02A2B-03D2-4E34-A358-DC5D951FD296}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-05-11 09:30 547840 c:windowssystem32DRVSTOREpccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBFPCCSWpdDriver.dll
+ 2009-07-02 10:50 . 2009-03-19 10:48 136704 c:windowssystem32DRVSTOREnmwcdnsu_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdnsu.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 659968 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdcocls.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 458752 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 458752 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-09-30 12:42 . 2008-09-30 12:42 1286152 c:windowsWinSxSx86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cfmsxml4.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 1233920 c:windowsWinSxSx86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5dmsxml4.dll
+ 2008-08-29 16:06 . 2008-08-29 16:06 1350664 c:windowssystem32msxml6.dll
+ 2008-09-30 12:43 . 2008-09-30 12:43 1286152 c:windowssystem32msxml4.dll
+ 2009-07-02 10:50 . 2009-05-11 08:47 1302600 c:windowssystem32DRVSTOREpccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBFWUDFUpdate_01007.dll
+ 2009-07-02 10:50 . 2009-02-09 04:32 1112288 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cwdfcoinstaller01007.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-09-05 12:42 2409472 —-a-w- c:program filesWebMoney Advisorwmadvisor.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-03 36352]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«Launch LGDCore»=»c:program filesCommon FilesLogitechG-series SoftwareLGDCore.exe» [2006-07-23 1126400]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2002-06-18 46592]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-05-03 1630208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2009-5-4 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\World of Warcraft\BackgroundDownloader.exe»=
«c:\Program Files\World of Warcraft\Launcher.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3724:TCP»= 3724:TCP:Blizzard Downloader: 3724R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [15.02.2009 12:42 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [15.02.2009 12:42 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filesPostgreSQL8.3binpg_ctl.exe [19.09.2008 4:03 65536]
S3 epstw2k;Драйвер SCM параллельного порта SCSI;c:windowssystem32driversepstw2k.sys [24.03.2009 20:53 114944]
S3 scsiscan;Драйвер сканера SCSI;c:windowssystem32driversscsiscan.sys [24.03.2009 20:53 10880]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.rambler.ru/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 18:23
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(692)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:windowssystem32wdfmgr.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesPostgreSQL8.3binpostgres.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-03 18:26 — machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 14:26
ComboFix2.txt 2009-07-03 14:06
ComboFix3.txt 2009-06-30 12:22Pre-Run: 129 816 891 392 байт свободно
Post-Run: 129 796 075 520 байт свободно245 — E O F — 2009-07-01 07:45
ComboFix 09-06-29.04 — Baruzdin 03.07.2009 18:01.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1280.842 [GMT 4:00]
Running from: c:documents and settingsBaruzdinРабочий столComboFix.exe
Command switches used :: c:documents and settingsBaruzdinРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.2009-07-02 10:51 . 2009-07-02 10:51
d
w- c:program filesCommon FilesPCSuite
2009-07-02 10:50 . 2009-07-02 10:50
d
w- c:program filesPC Connectivity Solution
2009-07-02 10:49 . 2009-07-02 10:49 34045136 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}Nokia_PC_Suite_7_1_30_9_rus.exe
2009-07-02 10:49 . 2009-07-02 10:49 95232 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionspcswpcsi.exe
2009-07-02 10:49 . 2009-07-02 10:49 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstCCD.exe
2009-07-02 10:49 . 2009-07-02 10:49 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-07-02 10:49 . 2009-07-02 10:49 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCS.exe
2009-07-01 07:45 . 2009-07-01 07:45
d
w- c:program filesMSXML 4.0
2009-06-30 17:30 . 2009-06-30 17:30
d
w- c:documents and settingsAll UsersApplication DataNokia
2009-06-30 17:27 . 2009-06-30 17:14 24503944 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}NokiaSoftwareUpdaterSetup_ru.exe
2009-06-30 17:27 . 2009-06-30 17:27
d
w- c:program filesMSXML 6.0
2009-06-30 17:27 . 2009-06-30 17:27 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsSleep.exe
2009-06-30 17:27 . 2009-06-30 17:27 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsmsxml6Exec.exe
2009-06-30 17:27 . 2009-06-30 17:27 3181612 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsvcredistExec.exe
2009-06-30 17:10 . 2009-06-30 17:10
d
w- c:documents and settingsBaruzdin??? ?????????
2009-06-30 17:07 . 2009-06-30 17:39
d-sh—w- c:documents and settingsBaruzdinPhone Browser
2009-06-30 17:05 . 2009-07-02 10:51
d
w- c:program filesCommon FilesNokia
2009-06-30 17:04 . 2009-07-02 10:51
d
w- c:program filesNokia
2009-06-30 11:47 . 2009-06-30 11:47
d
w- C:rsit
2009-06-29 14:11 . 2009-06-29 14:11
d
w- c:documents and settingsBaruzdinApplication DataThe Bat!
2009-06-29 14:11 . 2004-04-17 17:59 51200 —-a-w- c:windowstbat_del.exe
2009-06-29 13:57 . 2009-06-29 13:57
d
w- c:program filesNETBYNET
2009-06-29 13:22 . 2009-06-30 19:15
d
w- c:program filestrend micro
2009-06-23 12:05 . 2009-06-28 08:03
d
w- c:documents and settingsBaruzdinApplication DataFieryAds
2009-06-23 12:05 . 2009-06-23 12:05 293376 —-a-w- c:documents and settingsBaruzdinApplication DataFieryAdsFieryAdsUninstall.exe
2009-06-23 12:05 . 2009-06-23 12:05
d
w- c:documents and settingsBaruzdinApplication DataAdSubscribe
2009-06-23 12:05 . 2009-06-23 12:05 807424 —-a-w- c:documents and settingsBaruzdinApplication DataAdSubscribeUninstall.exe
2009-06-23 12:05 . 2009-06-23 12:05 750080 —-a-w- c:documents and settingsBaruzdinApplication DataAdSubscribeAdSubscribe.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 17:08 . 2009-02-15 13:41
d
w- c:program filesPartyGaming
2009-07-02 10:49 . 2009-05-31 14:46
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-07-01 16:18 . 2009-02-14 19:13
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-06-30 17:35 . 2009-05-31 14:51
d
w- c:documents and settingsBaruzdinApplication DataNokia
2009-06-30 12:34 . 2009-04-02 06:53
d
w- c:program filesOpera 10 Preview
2009-06-27 08:30 . 2009-04-20 09:34 87837 —-a-w- c:documents and settingsBaruzdinApplication Datafieryads.dat
2009-06-15 15:18 . 2009-05-13 06:53
d
w- c:documents and settingsBaruzdinApplication DataWebMoney
2009-06-04 13:18 . 2009-03-03 17:08
d
w- c:program filesWorld of Warcraft
2009-06-01 16:31 . 2009-05-31 14:51
d
w- c:documents and settingsBaruzdinApplication DataPC Suite
2009-05-31 18:51 . 2009-02-15 07:36 17928 —-a-w- c:documents and settingsBaruzdinLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-31 18:24 . 2009-02-21 16:54
d—h—w- c:program filesInstallShield Installation Information
2009-05-31 17:45 . 2009-05-31 17:44
d
w- c:documents and settingsBaruzdinApplication Dataavidemux
2009-05-31 17:40 . 2009-05-31 17:40
d
w- c:program filesAviSynth 2.5
2009-05-31 15:04 . 2001-10-20 12:00 70134 —-a-w- c:windowssystem32perfc019.dat
2009-05-31 15:04 . 2001-10-20 12:00 432488 —-a-w- c:windowssystem32perfh019.dat
2009-05-31 15:02 . 2009-05-31 15:02 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2009-05-31 15:02 . 2009-05-31 15:02 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-31 14:51 . 2009-05-31 14:51
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-05-31 14:49 . 2009-05-31 14:49
d
w- c:program filesDIFX
2009-05-31 14:48 . 2009-05-31 14:48 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstCCD.exe
2009-05-31 14:48 . 2009-05-31 14:48 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-05-31 14:48 . 2009-05-31 14:48 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}InstallerCommonCustomActionsUninstPCS.exe
2009-05-13 06:23 . 2009-05-13 06:23
d
w- c:program filesMicrosoft.NET
2009-05-13 05:49 . 2009-05-13 05:49
d
w- c:program filesWebMoney Advisor
2009-05-13 05:49 . 2009-05-13 05:49
d
w- c:program filesWebMoney Agent
2009-05-13 05:49 . 2009-05-13 05:47
d
w- c:program filesWebMoney
2009-05-12 14:09 . 2009-05-04 12:55
d
w- c:program filesInterVideo
2009-05-11 17:17 . 2009-05-11 17:17 304528 —-a-w- c:windowssystem32appdrvrem01.exe
2009-05-11 16:46 . 2009-05-11 16:46
d
w- c:documents and settingsBaruzdinApplication DataCapcom
2009-05-11 16:40 . 2009-05-11 16:40 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-05-07 15:44 . 2004-08-17 12:04 345088 —-a-w- c:windowssystem32localspl.dll
2009-04-29 04:47 . 2004-08-17 12:04 827392 —-a-w- c:windowssystem32wininet.dll
2009-04-29 04:47 . 2004-08-17 12:04 78336 —-a-w- c:windowssystem32ieencode.dll
2009-04-20 09:34 . 2009-04-20 09:34 30208 —-a-w- c:windowssystem32borlndmm.dll
2009-04-19 20:11 . 2004-08-17 11:54 1846784 —-a-w- c:windowssystem32win32k.sys
2009-04-15 15:18 . 2004-08-17 12:04 584192 —-a-w- c:windowssystem32rpcrt4.dll
.((((((((((((((((((((((((((((( SnapShot@2009-06-30_12.21.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 20:46 . 2006-12-01 20:46 65536 c:windowsWinSxSx86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549avcomp.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 49152 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80KOR.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 49152 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80JPN.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ITA.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80FRA.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 61440 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ESP.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 57344 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80ENU.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 65536 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80DEU.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 45056 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80CHT.dll
+ 2006-12-01 20:08 . 2006-12-01 20:08 40960 c:windowsWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303mfc80CHS.dll
+ 2008-09-30 12:45 . 2008-09-30 12:45 91656 c:windowsWinSxSx86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bcebmsxml4r.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 82432 c:windowsWinSxSx86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6amsxml4r.dll
+ 2009-07-03 07:36 . 2009-07-03 07:36 16384 c:windowsTempPerflib_Perfdata_638.dat
— 2009-05-31 14:49 . 2008-09-15 03:56 91136 c:windowssystem32nmwcdcls.dll
+ 2009-05-31 14:49 . 2009-02-09 04:37 91136 c:windowssystem32nmwcdcls.dll
+ 2006-10-05 00:31 . 2006-10-05 00:31 79872 c:windowssystem32msxml6r.dll
+ 2003-04-18 12:29 . 2003-04-18 12:29 82432 c:windowssystem32msxml4r.dll
+ 2009-07-02 10:50 . 2008-08-26 06:26 18816 c:windowssystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 22016 c:windowssystem32DRVSTOREccdcmbo_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cccdcmbo.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 91136 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdcls.dll
+ 2009-07-02 10:50 . 2009-02-09 04:37 17664 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cccdcmb.sys
— 2009-05-31 14:49 . 2008-08-26 05:26 18816 c:windowssystem32driverspccsmcfd.sys
+ 2009-05-31 14:49 . 2008-08-26 06:26 18816 c:windowssystem32driverspccsmcfd.sys
+ 2009-06-30 17:27 . 2009-06-30 17:27 10134 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}ARPPRODUCTICON.exe
+ 2009-07-01 07:45 . 2009-07-01 07:45 32768 c:windowsInstaller{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}icon.exe
+ 2009-07-02 10:52 . 2009-07-02 10:52 15086 c:windowsInstaller{3D39E775-DDDA-4327-B747-0BDC5F191331}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-07-02 10:50 10134 c:windowsInstaller{0C973594-7DDF-4BD0-84ED-3517F7622037}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-03-19 10:48 8320 c:windowssystem32DRVSTOREnmwcdnsuc_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdnsuc.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 7808 c:windowssystem32DRVSTOREccdcmbm_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cusbser_lowerflt.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 7808 c:windowssystem32DRVSTOREccdcmbcj_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cusbser_lowerfltj.sys
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut34_E2CBBE559A074AF98E8596196B075190.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 8854 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2009-07-02 10:50 . 2009-07-02 10:50 3262 c:windowsInstaller{52D02A2B-03D2-4E34-A358-DC5D951FD296}ARPPRODUCTICON.exe
+ 2009-07-02 10:50 . 2009-05-11 09:30 547840 c:windowssystem32DRVSTOREpccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBFPCCSWpdDriver.dll
+ 2009-07-02 10:50 . 2009-03-19 10:48 136704 c:windowssystem32DRVSTOREnmwcdnsu_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdnsu.sys
+ 2009-07-02 10:50 . 2009-02-09 04:37 659968 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cnmwcdcocls.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 458752 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2009-06-30 17:27 . 2009-06-30 17:27 458752 c:windowsInstaller{9F59C3AE-81B0-4EF6-9762-D674BB079705}NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-09-30 12:42 . 2008-09-30 12:42 1286152 c:windowsWinSxSx86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cfmsxml4.dll
+ 2009-06-30 17:27 . 2009-06-30 17:27 1233920 c:windowsWinSxSx86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5dmsxml4.dll
+ 2008-08-29 16:06 . 2008-08-29 16:06 1350664 c:windowssystem32msxml6.dll
+ 2008-09-30 12:43 . 2008-09-30 12:43 1286152 c:windowssystem32msxml4.dll
+ 2009-07-02 10:50 . 2009-05-11 08:47 1302600 c:windowssystem32DRVSTOREpccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBFWUDFUpdate_01007.dll
+ 2009-07-02 10:50 . 2009-02-09 04:32 1112288 c:windowssystem32DRVSTOREccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729Cwdfcoinstaller01007.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-09-05 12:42 2409472 —-a-w- c:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAdSubscribe]
@=»{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}»
[HKEY_CLASSES_ROOTCLSID{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}]
2009-06-23 12:05 750080 —-a-w- c:documents and settingsBaruzdinApplication DataAdSubscribeAdSubscribe.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-03 36352]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«Launch LGDCore»=»c:program filesCommon FilesLogitechG-series SoftwareLGDCore.exe» [2006-07-23 1126400]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2002-06-18 46592]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-05-03 1630208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2009-5-4 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\World of Warcraft\BackgroundDownloader.exe»=
«c:\Program Files\World of Warcraft\Launcher.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3724:TCP»= 3724:TCP:Blizzard Downloader: 3724R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [15.02.2009 12:42 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [15.02.2009 12:42 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filesPostgreSQL8.3binpg_ctl.exe [19.09.2008 4:03 65536]
S3 epstw2k;Драйвер SCM параллельного порта SCSI;c:windowssystem32driversepstw2k.sys [24.03.2009 20:53 114944]
S3 scsiscan;Драйвер сканера SCSI;c:windowssystem32driversscsiscan.sys [24.03.2009 20:53 10880]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.rambler.ru/
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 18:04
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2452)
c:documents and settingsBaruzdinApplication DataAdSubscribeAdSubscribe.dll
c:windowssystem32msi.dll
.
Completion time: 2009-07-03 18:06
ComboFix-quarantined-files.txt 2009-07-03 14:06
ComboFix2.txt 2009-06-30 12:22Pre-Run: 129 704 861 696 байт свободно
Post-Run: 129 808 031 744 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(b3bf7591)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
signature(b3bf7591)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect211 — E O F — 2009-07-01 07:45
