Созданные ответы форума
-
АвторСообщения
-
ComboFix 09-07-25.04 — user 26.07.2009 10:13.2.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.1023.514 [GMT 3:00]
Running from: c:documents and settingsuserDesktopComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32winio.vxd
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.2009-07-22 12:37 . 2009-07-22 12:37
d-sh—w- c:documents and settingsNetworkServiceIETldCache
2009-07-22 10:53 . 2009-07-22 10:53
d
w- c:documents and settingsuserApplication Datacom.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-07-22 10:50 . 2009-07-22 10:50
d-sh—w- c:windowsftpcache
2009-07-22 10:49 . 2009-07-22 10:52 7829072 —-a-w- c:documents and settingsuserApplication DataRaptrraptr-0.3.0_20090721.exe
2009-07-22 10:49 . 2009-07-22 10:49
d
w- c:program filesCommon FilesAdobe AIR
2009-07-22 10:49 . 2009-07-22 10:53
d
w- c:documents and settingsuserApplication DataRaptr
2009-07-22 08:38 . 2009-07-22 08:38
d
w- c:documents and settingsuserLocal SettingsApplication DataActivision
2009-07-22 07:27 . 2009-07-22 07:27
d
w- c:windowswinfiles
2009-07-22 06:49 . 2009-07-22 08:36 22328 —-a-w- c:documents and settingsuserApplication DataPnkBstrK.sys
2009-07-22 06:49 . 2009-07-22 08:35 682280 —-a-w- c:windowssystem32pbsvc.exe
2009-07-16 15:36 . 2009-07-16 15:36
d
w- c:documents and settingsuserApplication DataSamsung
2009-07-16 15:32 . 2006-05-03 19:53 174592 —-a-w- c:windowssystem32framedyn.dll
2009-07-16 15:31 . 2006-07-24 13:05 5632 —-a-w- c:windowssystem32driversStarOpen.sys
2009-07-16 15:28 . 2005-08-29 22:49 94000 —-a-w- c:windowssystem32driversssm_mdm.sys
2009-07-16 15:28 . 2005-08-29 22:49 8336 —-a-w- c:windowssystem32driversssm_mdfl.sys
2009-07-16 15:28 . 2005-08-29 22:49 6176 —-a-w- c:windowssystem32driversssm_cmnt.sys
2009-07-16 15:28 . 2005-08-29 22:49 6176 —-a-w- c:windowssystem32driversssm_cm.sys
2009-07-16 15:28 . 2005-08-29 22:47 58320 —-a-w- c:windowssystem32driversssm_bus.sys
2009-07-16 15:28 . 2005-08-29 22:47 5840 —-a-w- c:windowssystem32driversssm_whnt.sys
2009-07-16 15:28 . 2005-08-29 22:47 5840 —-a-w- c:windowssystem32driversssm_wh.sys
2009-07-16 15:28 . 2009-07-16 15:31
d
w- c:windowssystem32Samsung_USB_Drivers
2009-07-16 15:27 . 2009-07-16 15:27
d
w- c:program filesSamsung
2009-07-08 18:12 . 2008-11-05 23:03
d
w- C:SDFix
2009-07-08 16:37 . 2009-07-08 16:37
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataNokia
2009-07-08 10:28 . 2009-07-08 10:28
d
w- c:program filesMSXML 6.0
2009-07-08 10:25 . 2009-07-22 11:18
d
w- c:windowsGlobalization
2009-07-07 20:07 . 2008-06-19 14:24 28544 —-a-w- c:windowssystem32driverspavboot.sys
2009-07-07 20:07 . 2009-07-07 20:07
d
w- c:program filesPanda Security
2009-07-02 21:54 . 2009-07-04 16:34 1516310 —-a-w- c:windowsPrototype(TM) v1.0.0.1 + 7 Trainer.exe
2009-07-02 08:32 . 2009-07-02 08:32
d
w- c:documents and settingsuserApplication DataMixMeister Technology
2009-07-02 08:31 . 2009-07-02 08:31 766 —-a-r- c:documents and settingsuserApplication DataMicrosoftInstaller{E89B484C-B913-49A0-959B-89E836001658}ARPPRODUCTICON.exe
2009-06-30 19:03 . 2009-06-30 19:03 152576 —-a-w- c:documents and settingsuserApplication DataSunJavajre1.6.0_14lzma.dll
2009-06-29 14:42 . 2009-06-29 14:42 253952
w- c:windowsSetup1.exe
2009-06-29 14:42 . 2009-06-29 14:42 74752 —-a-w- c:windowsST6UNST.EXE
2009-06-29 13:21 . 2009-03-16 11:18 22360 —-a-w- c:windowssystem32X3DAudio1_6.dll
2009-06-29 13:21 . 2008-10-10 01:52 452440 —-a-w- c:windowssystem32d3dx10_40.dll
2009-06-29 13:21 . 2008-10-10 01:52 2036576 —-a-w- c:windowssystem32D3DCompiler_40.dll
2009-06-29 13:21 . 2008-10-27 07:04 235856 —-a-w- c:windowssystem32xactengine3_3.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 06:47 . 2009-02-26 17:38
d
w- c:documents and settingsuserApplication DataSkype
2009-07-26 05:07 . 2009-02-26 17:40
d
w- c:documents and settingsuserApplication DataskypePM
2009-07-26 03:49 . 2009-02-27 12:06
d
w- c:program filesBitComet
2009-07-24 17:24 . 2009-04-06 16:34
d
w- c:documents and settingsAll UsersApplication DataTest Drive Unlimited
2009-07-22 11:23 . 2009-05-30 15:58
d
w- c:program filesLineage2
2009-07-22 11:18 . 2008-09-05 11:50
d—h—w- c:program filesInstallShield Installation Information
2009-07-22 11:18 . 2009-04-13 13:55
d
w- c:program filesNokia
2009-07-22 11:18 . 2009-04-13 13:38
d
w- c:program filesCommon FilesNokia
2009-07-22 10:38 . 2009-02-27 20:01 111928 —-a-w- c:windowssystem32PnkBstrB.exe
2009-07-22 09:25 . 2009-02-27 20:01 138464 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-07-09 19:34 . 2008-09-05 16:29 94744 —-a-w- c:documents and settingsuserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-08 10:29 . 2009-04-13 13:40
d
w- c:documents and settingsuserApplication DataNokia
2009-07-08 10:28 . 2009-04-13 13:37
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-07-04 09:58 . 2009-04-25 14:43
d
w- c:program filesMetin2_RU
2009-06-30 19:04 . 2009-04-18 17:02
d
w- c:program filesJava
2009-06-24 18:41 . 2009-06-24 18:41
d
w- c:program filesdirectx
2009-06-22 15:06 . 2009-06-22 15:06
d
w- c:program filesFargus
2009-06-16 14:36 . 2004-08-04 12:00 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-05 11:15 . 2009-06-05 11:15
d
w- c:program filesMaxima-5.18.1
2009-06-03 19:09 . 2004-08-04 12:00 1291264 —-a-w- c:windowssystem32quartz.dll
2009-05-31 07:55 . 2009-05-31 07:55
d
w- c:program filesMozilla ActiveX Control v1.7.12
2009-05-29 21:21 . 2009-05-29 21:20
d
w- c:program filesmTC
2009-05-29 11:57 . 2009-05-29 11:57
d
w- c:documents and settingsuserApplication DataInterTrust
2009-05-29 11:57 . 2008-09-05 11:56
d
w- c:program filesCommon FilesAdobe
2009-05-21 08:33 . 2009-04-18 17:02 410984 —-a-w- c:windowssystem32deploytk.dll
2009-05-19 14:23 . 2009-05-19 14:23 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsmsxml6Exec.exe
2009-05-19 14:23 . 2009-05-19 14:23 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsSleep.exe
2009-05-19 14:23 . 2009-05-19 14:23 3181612 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}InstallerCommonCustomActionsvcredistExec.exe
2009-05-19 14:22 . 2009-05-19 14:23 24503944 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{9F59C3AE-81B0-4EF6-9762-D674BB079705}NokiaSoftwareUpdaterSetup_1.6.13RU.exe
2009-05-15 13:49 . 2009-04-06 16:36 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-05-13 05:15 . 2004-08-04 12:00 915456 —-a-w- c:windowssystem32wininet.dll
2009-05-11 10:45 . 2009-05-12 13:55 51200 —-a-w- c:documents and settingsuserApplication DataMozillaFirefoxProfiles9vf96daw.defaultextensions{1835be4f-9123-479d-a452-0c062aac2f8f}componentsFFExternalAlert.dll
2009-05-11 10:45 . 2009-05-12 13:55 114688 —-a-w- c:documents and settingsuserApplication DataMozillaFirefoxProfiles9vf96daw.defaultextensions{1835be4f-9123-479d-a452-0c062aac2f8f}componentsnpmozax.dll
2009-05-09 17:54 . 2009-05-09 17:54 12862 —-a-r- c:documents and settingsuserApplication DataMicrosoftInstaller{0E2B767B-EA6A-489B-BF83-8083FE1DB661}_1EEFFF72773535163E4216.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 —-a-w- c:windowssystem32localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 —-a-w- c:windowssystem32GPhotos.scr
2009-07-22 14:09 . 2009-02-27 16:30 134648 —-a-w- c:program filesmozilla firefoxcomponentsbrwsrcmp.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-12-03 1561864][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-12-03 1561864][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-04-16 24264488]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-03-02 68856]
«BitComet»=»c:program filesBitCometBitComet.exe» [2009-01-20 2523960]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-20 479496]
«PC Suite Tray»=»d:pc sute nokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«Speeder»=»c:program filesSpeed GearSpeedGear.exe» [2008-05-08 561152][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-07-26 13570048]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-08-21 91432]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2007-10-28 72736]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2007-10-11 62760]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-09-05 949376]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-07-26 86016]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-10-25 210472]
«OpwareSE4″=»d:новая папка (2)OpwareSE4.exe» [2007-02-04 79400]
«MULTIMEDIA KEYBOARD»=»c:program filesNetropaMultimedia KeyboardMMKeybd.exe» [2002-07-24 167936]
«mdiction»=»d:progra~1TILDES~1MDICTION.EXE» [2005-06-05 184320]
«Pianists»=»d:progra~1TILDES~1Pianists.exe» [2005-06-05 165400]
«CheckCU»=»d:progra~1TILDES~1CheckCU.exe» [2005-06-04 40960]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-21 148888]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-07-26 1657376]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2006-06-28 16248320]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2006-05-16 2879488][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsuserStart MenuProgramsStartup
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664]c:documents and settingsAll UsersStart MenuProgramsStartup
Exif Launcher S.lnk — c:documents and settingsuserDesktopNew Folder (2)QuickDCF2.exe [2009-3-13 303104][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe»=
«c:\Program Files\BitComet\BitComet.exe»=
«c:\Program Files\Opera\opera.exe»=
«d:\Program Files\Tildes Birojs 2005\TLWS.exe»=
«d:\Program Files\Tildes Birojs 2005\TildesBirojsAutoUpdate.exe»=
«d:\hl2.exe»=
«d:\Program Files\Akella Games\Test Drive Unlimited Gold\TestDriveUnlimited.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=
«c:\Program Files\Metin2_RU\metin2.bin»=
«c:\Program Files\Maxima-5.18.1\bin\xmaxima.exe»=
«d:\xtcs\cstrike.exe»=
«c:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe»=
«c:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«d:\codwow\CoDWaW.exe»=
«d:\codwow\CoDWaWmp.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«23242:TCP»= 23242:TCP:BitComet 23242 TCP
«23242:UDP»= 23242:UDP:BitComet 23242 UDPR0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [07.07.2009 23:07 28544]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:windowssystem32driversMsikbd2k.sys [26.02.2009 20:34 6656]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [05.09.2008 14:50 15424]
R2 nhksrv;Netropa NHK Server;c:program filesNetropaMultimedia Keyboardnhksrv.exe [26.02.2009 20:34 28672]
R2 TwonkyMedia;TwonkyMedia;c:program filesNokiaNokia Home Media ServerMedia ServerTwonkyMedia.exe -serviceversion 0 —> c:program filesNokiaNokia Home Media ServerMedia ServerTwonkyMedia.exe -serviceversion 0 [?]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [14.02.2009 13:35 8192]
S3 PRODIGY;PRODIGY;c:windowssystem32driversprodigy.sys [13.04.2009 17:12 32377]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:windowssystem32driverss115bus.sys [23.04.2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:windowssystem32driverss115mdfl.sys [23.04.2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:windowssystem32driverss115mdm.sys [23.04.2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss115mgmt.sys [23.04.2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:windowssystem32driverss115obex.sys [23.04.2007 13:54 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:windowssystem32driverss716bus.sys [04.04.2007 13:43 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:windowssystem32driverss716mdfl.sys [04.04.2007 13:43 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:windowssystem32driverss716mdm.sys [04.04.2007 13:43 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss716mgmt.sys [04.04.2007 13:43 100360]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:windowssystem32driverss716obex.sys [04.04.2007 12:43 98568][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-07-26 c:windowsTasksUser_Feed_Synchronization-{052271F4-54A7-42DE-BF21-C540F1D68EC3}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZNman000&ptb=RKlC0IRNmrBnmMq2nsYQQQ
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNman000
IE: &Translate with Tilde Computer Dictionary — d:program filesTildes Birojs 2005TDVLauncher.DLL /201
IE: &Tulkot ar Tildes Datorvвrdnоcu — d:program filesTildes Birojs 2005TDVLauncher.DLL /201
IE: &З&агрузить &с помощью BitComet — c:program filesBitCometBitComet.exe/AddLink.htm
IE: &З&агрузить все видео файлы с помощью BitComet — c:program filesBitCometBitComet.exe/AddVideo.htm
IE: &З&агрузить все с помощью BitComet — c:program filesBitCometBitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: c:windowssystem32imon.dll
TCP: {FD4CF425-6F25-410C-9E97-C90ABEB1098B} = 89.201.49.1,159.148.60.20
FF — ProfilePath — c:documents and settingsuserApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT692032&SearchSource=3&q={searchTerms}
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT692032&SearchSource=2&q=
FF — component: c:documents and settingsuserApplication DataMozillaFirefoxProfiles9vf96daw.defaultextensions{1835be4f-9123-479d-a452-0c062aac2f8f}componentsFFExternalAlert.dll
FF — component: d:pc sute nokiaNokia PC Suite 7bkmrksynccomponentsBkMrkExt.dll
FF — plugin: c:program filesOperaprogrampluginsNPDocBox.dll
FF — plugin: c:program filesOperaprogrampluginsnppdf32.dll
FF — plugin: d:picasa3npPicasa3.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 10:22
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD00.fcl»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1645522239-1292428093-839522115-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)[HKEY_USERSS-1-5-21-1645522239-1292428093-839522115-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:fc,de,d3,07,53,31,b2,21,5e,d8,11,08,bb,b6,11,9b,95,f6,4e,6a,52,69,2d,
48,c5,97,1c,58,a8,f9,96,47,77,91,86,32,88,16,9a,ee,d8,43,0a,9e,b8,6c,88,ae,
«??»=hex:9a,a8,ab,4c,dd,7f,86,db,0c,97,8f,0e,ca,97,22,e0[HKEY_USERSS-1-5-21-1645522239-1292428093-839522115-1003SoftwareSecuROMLicense information*]
«datasecu»=hex:c0,15,24,60,a2,14,4d,21,0b,5a,91,78,be,a4,ca,30,91,b3,16,ae,05,
51,90,5d,3e,52,50,4c,b2,a5,34,09,c5,40,a8,d8,34,7b,f9,26,1b,cf,1f,b5,0e,eb,
«rkeysecu»=hex:0d,8a,b4,03,a3,4b,26,cc,26,63,3e,a9,61,7f,c0,df
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(816)
c:windowssystem32imon.dll
.
Completion time: 2009-07-26 10:25
ComboFix-quarantined-files.txt 2009-07-26 07:25
ComboFix2.txt 2009-07-07 06:08Pre-Run: 12 403 912 704 bytes free
Post-Run: 13 398 269 952 bytes free259 — E O F — 2009-07-15 00:03
-
АвторСообщения