Созданные ответы форума
-
Сообщения
-
ComboFix 08-12-05.06 — Артур 2008-12-06 15:32:17.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.381 [GMT 3:00]
Running from: c:usersАртурDesktopПрогиComboFix.exe
.((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.2008-12-06 15:11 . 2008-12-06 15:11
d
C:rsit
2008-12-06 14:35 . 2008-12-06 14:35d
c:program filesTrend Micro
2008-12-06 13:23 . 2008-12-06 13:23d
c:windowsLastGood
2008-12-06 13:23 . 2008-12-06 13:23 82,258 —a
c:windowsSystem32driversklin.dat
2008-12-06 13:23 . 2008-12-06 13:23 82,258 —a
c:windowsSystem32driversklick.dat
2008-12-06 13:22 . 2008-12-06 13:22d
c:program filesKaspersky Lab
2008-12-06 13:21 . 2008-12-06 15:37 466,976 —ahs—- c:windowsSystem32driversfidbox.dat
2008-12-06 13:21 . 2008-12-06 13:21 32 —ahs—- c:windowsSystem32driversfidbox.idx
2008-12-04 02:47 . 2008-12-04 02:47d
c:windowsuscripts
2008-12-04 02:47 . 2008-12-04 02:49 69,632 —a
c:windowsSystem32djlib.dll
2008-12-03 03:32 . 2008-12-03 03:32 4,247,552 —a
c:windowsSystem32GameUXLegacyGDFs.dll
2008-12-03 03:32 . 2008-12-03 03:32 1,686,528 —a
c:windowsSystem32gameux.dll
2008-12-03 03:32 . 2008-12-03 03:32 28,160 —a
c:windowsSystem32Apphlpdm.dll
2008-12-03 03:31 . 2008-12-03 03:31 1,244,672 —a
c:windowsSystem32mcmde.dll
2008-12-03 03:31 . 2008-12-03 03:31 428,032 —a
c:windowsSystem32EncDec.dll
2008-12-03 03:31 . 2008-12-03 03:31 292,352 —a
c:windowsSystem32psisdecd.dll
2008-12-03 03:31 . 2008-12-03 03:31 217,088 —a
c:windowsSystem32psisrndr.ax
2008-12-03 03:31 . 2008-12-03 03:31 177,152 —a
c:windowsSystem32mpg2splt.ax
2008-12-03 03:31 . 2008-12-03 03:31 80,896 —a
c:windowsSystem32MSNP.ax
2008-12-03 03:31 . 2008-12-03 03:31 68,608 —a
c:windowsSystem32Mpeg2Data.ax
2008-12-03 03:31 . 2008-12-03 03:31 57,856 —a
c:windowsSystem32MSDvbNP.ax
2008-12-03 03:27 . 2008-12-03 03:27 2,048 —a
c:windowsSystem32tzres.dll
2008-12-03 03:26 . 2008-12-03 03:26 303,616 —a
c:windowsSystem32wmpeffects.dll
2008-12-03 03:25 . 2008-12-03 03:25 1,194,496 —a
c:windowsSystem32msxml3.dll
2008-12-03 03:25 . 2008-12-03 03:25 2,048 —a
c:windowsSystem32msxml3r.dll
2008-12-03 03:21 . 2008-12-03 03:21 12,240,896 —a
c:windowsSystem32NlsLexicons0007.dll
2008-12-03 03:17 . 2008-12-03 03:17 944,184 —a
c:windowsSystem32winload.exe
2008-12-03 03:17 . 2008-12-03 03:17 620,088 —a
c:windowsSystem32ci.dll
2008-12-03 03:17 . 2008-12-03 03:17 371,712 —a
c:windowsSystem32srcore.dll
2008-12-03 03:17 . 2008-12-03 03:17 313,856 —a
c:windowsSystem32rstrui.exe
2008-12-03 03:17 . 2008-12-03 03:17 40,960 —a
c:windowsSystem32srclient.dll
2008-12-03 03:17 . 2008-12-03 03:17 19,000 —a
c:windowsSystem32kd1394.dll
2008-12-03 03:17 . 2008-12-03 03:17 16,384 —a
c:windowsSystem32srdelayed.exe
2008-12-03 03:17 . 2008-12-03 03:17 7,168 —a
c:windowsSystem32f3ahvoas.dll
2008-12-03 03:17 . 2008-12-03 03:17 6,656 —a
c:windowsSystem32kbd106n.dll
2008-12-03 03:15 . 2008-12-03 03:15 712,192 —a
c:windowsSystem32WindowsCodecs.dll
2008-12-03 03:15 . 2008-12-03 03:15 425,472 —a
c:windowsSystem32PhotoMetadataHandler.dll
2008-12-03 03:15 . 2008-12-03 03:15 347,136 —a
c:windowsSystem32WindowsCodecsExt.dll
2008-12-03 03:06 . 2008-12-03 03:06 3,505,208 —a
c:windowsSystem32ntkrnlpa.exe
2008-12-03 03:06 . 2008-12-03 03:06 3,470,904 —a
c:windowsSystem32ntoskrnl.exe
2008-12-03 03:03 . 2008-12-03 03:03 826,368 —a
c:windowsSystem32wininet.dll
2008-12-02 23:39 . 2008-12-02 23:39 361,984 —a
c:windowsSystem32IPSECSVC.DLL
2008-12-02 23:39 . 2008-12-02 23:39 272,896 —a
c:windowsSystem32polstore.dll
2008-12-02 23:39 . 2008-12-02 23:39 241,152 —a
c:windowsSystem32PortableDeviceApi.dll
2008-12-02 23:39 . 2008-12-02 23:39 160,768 —a
c:windowsSystem32PortableDeviceTypes.dll
2008-12-02 23:39 . 2008-12-02 23:39 95,232 —a
c:windowsSystem32PortableDeviceClassExtension.dll
2008-12-02 23:39 . 2008-12-02 23:39 61,440 —a
c:windowsSystem32winipsec.dll
2008-12-02 23:39 . 2008-12-02 23:39 28,672 —a
c:windowsSystem32FwRemoteSvr.dll
2008-12-02 23:37 . 2008-12-02 23:37 211,456 —a
c:windowsSystem32driversmrxsmb10.sys
2008-12-02 23:36 . 2008-12-02 23:36 268,800 —a
c:windowsSystem32es.dll
2008-12-02 23:35 . 2008-12-02 23:35 2,027,520 —a
c:windowsSystem32win32k.sys
2008-12-02 23:34 . 2008-12-02 23:34 803,328 —a
c:windowsSystem32driverstcpip.sys
2008-12-02 23:34 . 2008-12-02 23:34 216,632 —a
c:windowsSystem32driversnetio.sys
2008-12-02 23:34 . 2008-12-02 23:34 167,424 —a
c:windowsSystem32tcpipcfg.dll
2008-12-02 23:34 . 2008-12-02 23:34 24,064 —a
c:windowsSystem32netcfg.exe
2008-12-02 23:34 . 2008-12-02 23:34 22,016 —a
c:windowsSystem32netiougc.exe
2008-12-02 23:33 . 2008-12-02 23:33 220,160 —a
c:windowsSystem32driversbthport.sys
2008-12-02 23:33 . 2008-12-02 23:33 181,760 —a
c:windowsSystem32fsquirt.exe
2008-12-02 23:33 . 2008-12-02 23:33 29,184 —a
c:windowsSystem32driversBTHUSB.SYS
2008-12-02 23:33 . 2008-12-02 23:33 19,456 —a
c:windowsSystem32driversbthenum.sys
2008-12-02 23:32 . 2008-12-02 23:32 290,304 —a
c:windowsSystem32driverssrv.sys
2008-12-02 23:30 . 2008-12-02 23:30 441,856 —a
c:windowsSystem32win32spl.dll
2008-12-02 23:30 . 2008-12-02 23:30 296,448 —a
c:windowsSystem32gdi32.dll
2008-12-02 23:30 . 2008-12-02 23:30 37,376 —a
c:windowsSystem32printcom.dll
2008-12-02 23:29 . 2008-12-02 23:29 113,664 —a
c:windowsSystem32driversrmcast.sys
2008-12-02 23:29 . 2008-12-02 23:29 83,968 —a
c:windowsSystem32dnsrslvr.dll
2008-12-02 23:29 . 2008-12-02 23:29 24,576 —a
c:windowsSystem32dnscacheugc.exe
2008-12-02 23:29 . 2008-12-02 23:29 14,848 —a
c:windowsSystem32wshrm.dll
2008-12-02 23:27 . 2008-12-02 23:27 1,645,568 —a
c:windowsSystem32connect.dll
2008-12-02 23:27 . 2008-12-02 23:27 737,792 —a
c:windowsSystem32inetcomm.dll
2008-12-02 23:27 . 2008-12-02 23:27 84,480 —a
c:windowsSystem32INETRES.dll
2008-12-02 23:24 . 2008-12-02 23:24 1,327,104 —a
c:windowsSystem32quartz.dll
2008-12-02 23:22 . 2008-12-02 23:22 1,341,440 —a
c:windowsSystem32msxml6.dll
2008-12-02 23:22 . 2008-12-02 23:22 2,048 —a
c:windowsSystem32msxml6r.dll
2008-12-01 21:55 . 2008-12-01 21:55d
c:program filesQIP
2008-12-01 20:42 . 2008-12-02 10:04d
c:usersАртурAppDataRoaminguTorrent
2008-12-01 20:42 . 2008-12-01 20:42d
c:program filesuTorrent
2008-12-01 17:28 . 2008-12-01 17:28 1,809,944 —a
c:windowsSystem32wuaueng.dll
2008-12-01 17:28 . 2008-12-01 17:28 1,524,736 —a
c:windowsSystem32wucltux.dll
2008-12-01 17:28 . 2008-12-01 17:28 51,224 —a
c:windowsSystem32wuauclt.exe
2008-12-01 17:28 . 2008-12-01 17:28 43,544 —a
c:windowsSystem32wups2.dll
2008-12-01 17:27 . 2008-12-01 17:27 561,688 —a
c:windowsSystem32wuapi.dll
2008-12-01 17:27 . 2008-12-01 17:27 83,456 —a
c:windowsSystem32wudriver.dll
2008-12-01 17:27 . 2008-12-01 17:27 34,328 —a
c:windowsSystem32wups.dll
2008-12-01 17:26 . 2008-12-01 17:26 162,064 —a
c:windowsSystem32wuwebv.dll
2008-12-01 17:26 . 2008-12-01 17:26 31,232 —a
c:windowsSystem32wuapp.exe
2008-12-01 13:30 . 2008-12-01 13:30d
c:usersАртурAppDataRoamingQIP
2008-12-01 13:30 . 2008-12-01 13:30d
c:program filesQIP Infium
2008-12-01 13:21 . 2008-12-01 13:21d
c:usersАртурAppDataRoamingOpera
2008-12-01 13:21 . 2008-12-01 13:21d
c:program filesOpera
2008-11-30 13:16 . 2008-11-30 13:18d
c:usersэльвираAppDataRoamingSPORE
2008-11-10 20:39 . 2008-11-10 20:40d
c:usersАртурAppDataRoamingSPORE
2008-11-07 21:25 . 2004-02-23 02:00 1,386,496 —a
c:windowsSystem32temp.036
2008-11-07 21:25 . 2000-04-12 15:00 598,288 —a
c:windowsSystem32temp.034
2008-11-07 21:25 . 2004-08-04 00:56 413,696 —a
c:windowsSystem32temp.035
2008-11-07 21:25 . 1999-03-01 21:44 266,293 —a
c:windowsSystem32temp.031
2008-11-07 21:25 . 1999-03-08 13:50 164,112 —a
c:windowsSystem32temp.033
2008-11-07 21:25 . 1999-03-08 13:50 147,728 —a
c:windowsSystem32temp.038
2008-11-07 21:25 . 1998-12-09 13:52 22,288 —a
c:windowsSystem32temp.037
2008-11-07 21:25 . 2000-03-28 17:58 17,920 —a
c:windowsSystem32temp.032.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 12:37 2,359,296 —sha-w c:usersАртурntuser.dat
2008-12-06 12:37 2,359,296 —sha-w c:usersАртурntuser.dat
2008-12-06 12:31 2,097,152 —sha-w c:usersэльвираntuser.dat
2008-12-06 12:31 2,097,152 —sha-w c:usersэльвираntuser.dat
2008-12-06 10:24
d
w c:programdataKaspersky Lab
2008-12-06 10:19
d
w c:program filesESET
2008-12-05 19:43
d
w c:usersэльвираAppDataRoamingSkype
2008-12-05 17:49
d
w c:usersэльвираAppDataRoamingskypePM
2008-12-03 01:04 174 —sha-w c:program filesdesktop.ini
2008-12-03 00:59
d
w c:program filesWindows Mail
2008-12-03 00:32 537,600 —-a-w c:windowsAppPatchAcLayers.dll
2008-12-03 00:32 449,536 —-a-w c:windowsAppPatchAcSpecfc.dll
2008-12-03 00:32 2,560 —-a-w c:windowsAppPatchAcRes.dll
2008-12-03 00:32 2,144,256 —-a-w c:windowsAppPatchAcGenral.dll
2008-12-03 00:32 173,056 —-a-w c:windowsAppPatchAcXtrnal.dll
2008-12-03 00:21 9,892,864 —-a-w c:windowsSystem32NlsLexicons000a.dll
2008-12-03 00:10
d
w c:program filesMicrosoft Works
2008-12-03 00:03 52,736 —-a-w c:windowsAppPatchiebrshim.dll
2008-12-03 00:02 56,320 —-a-w c:windowsSystem32iesetup.dll
2008-12-03 00:02 26,624 —-a-w c:windowsSystem32ieUnatt.exe
2008-12-02 07:04
d
w c:usersАртурAppDataRoaminguTorrent
2008-12-01 10:44
d
w c:usersАртурAppDataRoamingAdobe
2008-12-01 10:30
d
w c:usersАртурAppDataRoamingQIP
2008-12-01 10:21
d
w c:usersАртурAppDataRoamingOpera
2008-12-01 10:20
d
w c:usersАртурAppDataRoamingDownload Master
2008-12-01 10:14
d
w c:usersАртурAppDataRoamingGoogle
2008-11-30 20:27
d
w c:program filesAcer GameZone
2008-11-30 10:18
d
w c:usersэльвираAppDataRoamingSPORE
2008-11-25 14:22
d—h—w c:program filesInstallShield Installation Information
2008-11-10 17:40
d
w c:usersАртурAppDataRoamingSPORE
2008-10-29 08:51
d
w c:usersэльвираAppDataRoamingGoogle
2008-10-18 10:53 56 —ha-w c:usersAll Usersezsidmv.dat
2008-10-18 10:53 56 —ha-w c:programdataezsidmv.dat
2008-10-18 10:41
d
w c:program filesGoogle
2008-10-18 10:40
d
w c:programdataSkype
2008-10-18 10:40
d
w c:program filesSkype
2008-10-18 10:40
d
w c:program filesCommon FilesSkype
2008-10-17 17:00
d-s—w c:usersэльвираAppDataRoamingMicrosoft
2008-10-01 10:35 298,104 —-a-w c:windowsSystem32imon.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowsSystem32msxml4.dll
2008-07-31 17:11 22,328 —-a-w c:usersАртурAppDataRoamingPnkBstrK.sys
2007-06-09 14:50 65,536 —-a-w c:usersAll Usersaccdump.exe
2007-06-09 14:50 65,536 —-a-w c:programdataaccdump.exe
.((((((((((((((((((((((((((((( snapshot@2008-12-06_14.24.11,52 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-12-06 10:23:05 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-06 11:28:58 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2008-12-06 10:23:05 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-12-06 11:28:58 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-12-06 10:23:05 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-12-06 11:28:58 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-11-14 201728]
«swg»=»c:program filesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe» [2008-10-18 171448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2008-01-02 166424]
«MMTray2K»=»c:windowssystem32MMTray2k.exe» [2003-03-25 57344]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-06-06 159744]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-07-06 c:windowsRtHDVCpl.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:usersн«мўЁа AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-07-31 535336][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=eNetHook.dll,c:progra~1KASPER~1KASPER~1.0r3hook.dll,c:progra~1KASPER~1KASPER~1.0adialhk.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3acm»= L3codecp.acm
«vidc.XVID»= xvid.dll
«vidc.asv2″= asusasv2.dll
«vidc.div3″= DivXc32.dll
«vidc.div4″= DivXc32f.dll
«vidc.ap41″= DivXc32f.dll
«vidc.mjpg»= m3jpeg32.dll
«vidc.dmb1″= m3jpeg32.dll
«vidc.rud0″= rududu.dll
«vidc.mj2c»= M3JP2K32.dll
«vidc.mmes»= DigiVCap.dll
«vidc.vixl»= Miroxl32.dll
«vidc.sony»= sonydv.dll
«vidc.dv25″= DigiVCap.dll
«vidc.dv50″= DigiVCap.dll
«vidc.msmc»= DigiVCap.dll
«vidc.mmjp»= DigiVCap.dll
«vidc.3ivx»= 3ivxVfWCodec.dll
«vidc.vssv»= vsscodec.dll
«vidc.pim1″= pclepim1.dll
«vidc.advs»= Dvc.dll
«vidc.asv1″= asusasv1.dll
«vidc.aflc»= flccodec32.dll
«vidc.aasc»= Aasc32.dll
«vidc.avrn»= AvidAVICodec.dll
«VIDC.mszh»= avimszh.dll
«vidc.zlib»= avizlib.dll
«vidc.mwv1″= icmw_32.dll
«vidc.bt20″= btvvc32.drv
«vidc.y41p»= btvvc32.drv
«vidc.cscd»= camcodec.dll
«vidc.cdvc»= CSCCDVC.DLL
«vidc.ddvc»= CSCdvsd.DLL
«vidc.dps0″= DpsAviCC.dll
«MSVideo»= DPSVidCap.drv
«vidc.dvx4″= divx4.dll
«vidc.em2v»= EtxCodec.dll
«vidc.frwd»= frwd.dll
«vidc.frwt»= frwt.dll
«vidc.frwu»= frwu.dll
«vidc.glzw»= GLZW.dll
«vidc.gpeg»= GPEG.dll
«vidc.hfyu»= huffyuv.dll
«vidc.i263″= i263_32.drv
«vidc.iv41″= ir41_32.dll
«vidc.ir21″= IR21_R.DLL
«vidc.rt21″= IR21_R.DLL
«vidc.dcmj»= MCMJPG32.DLL
«vidc.tvmj»= MMTVMJ.dll
«vidc.fljp»= MMTVMJ.dll
«vidc.nt00″= NTCodec.dll
«vidc.vp31″= vp31vfw.dll
«vidc.pdvc»= idvcodec.dll
«vidc.ipdv»= idvcodec.dll
«vidc.sjpg»= pmjpeg32.dll
«vidc.pvw2″= pvwv220.dll
«vidc.pimj»= pvljpg20.dll
«vidc.mjpx»= pvmjpg21.dll
«vidc.miro»= mirodv2avi.dll
«vidc.mjpa»= rtmjpgcdc.dll
«msacm.qmpeg»= qmpeg.acm
«vidc.qpeg»= Qpeg32.dll
«vidc.rmp4″= rmp4.dll
«vidc.s422″= tekyuv.dll
«vidc.wnv1″= WNVPLAY1.DLL
«msacm.pcdv»= pcdv.acm
«msacm.imc»= IMC32.ACM
«msacm.wrpr»= aviwrap.dll
«vidc.wrpr»= aviwrap.dll
«msacm.divxa32″= DivXa32.acm
«vidc.png1″= CorePNG_vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2733851960-2245304582-4211937297-1000]
«EnableNotificationsRef»=dword:00000002[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{EF7C7406-094E-48CD-9051-2718E2D1228A}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{80FCC6EF-479E-4EDE-8FDC-4B202CCE2B54}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{2C4C0FB0-61F3-4C41-8E77-E20AF56202AA}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{AE9684F4-BFCE-4583-9052-FE1795BB4BBB}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{D1A876C6-5249-43AA-9006-9AF0348F50B9}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{0E6BF0AA-CE6B-4F17-A065-F5FFD9EFFD36}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{928DD7C2-9C88-46FC-8509-F77F89D1694C}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{AE9C09C2-CD57-4034-BCDD-A161F55879D3}»= c:program filesCyberlinkPowerDVDPowerDVD.EXE:CyberLink PowerDVD
«{FDB3F532-0767-42C4-81FE-975595247C4F}»= UDP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{9026164D-764E-4F71-BCE3-D6E95EE8E59D}»= TCP:c:windowsSystem32PnkBstrA.exe:PnkBstrA
«{0DA8155D-AC18-4D48-A78F-ECDB7E2C0661}»= UDP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{2DFAE9FA-AD87-4225-8FBF-4DA67F4B15BD}»= TCP:c:windowsSystem32PnkBstrB.exe:PnkBstrB
«{518849B9-C977-43F0-90C3-248F6E547C30}»= c:program filesSkypePhoneSkype.exe:Skype
«{84DED502-0683-46A4-8FFE-1F61ED0C8CD1}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{A773DDF7-CE40-4DF0-B31D-0E8267C3253C}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{88C40CCD-650F-4F82-A14C-1BF9608070C8}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{2528F97B-19B4-4AC9-9A29-2D5B28D796A2}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«c:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe»= c:acerEmpowering TechnologyeDataSecurityeDSfsu.exe:*:Enabled:eDSfsu
«c:\Acer\Empowering Technology\eDataSecurity\encryption.exe»= c:acerEmpowering TechnologyeDataSecurityencryption.exe:*:Enabled:encryption
«c:\Acer\Empowering Technology\eDataSecurity\decryption.exe»= c:acerEmpowering TechnologyeDataSecuritydecryption.exe:*:Enabled:decryptionR1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2007-04-04 20760]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};??c:program filesAcer Arcade DeluxePlay Movie000.fcl [2007-10-25 21:27:48 13560]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};??c:program filesCyberLinkPowerDVD000.fcl [2006-11-02 16:51:58 13560]
R2 ALaunchService;ALaunch Service;c:acerALaunchALaunchSvc.exe [2007-07-31 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowssystem32DRIVERSb57nd60x.sys [2007-08-01 179712][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{278dfbdf-e2ad-11dc-9780-001b38671443}]
shell1Command — f:runaut~1autorun.pif
shell2Command — f:runaut~1autorun.pif
shellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:runaut~1autorun.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f67150d1-f121-11dc-b732-001b38671443}]
shellAutoRuncommand — G:oufddh.exe
shellexploreCommand — G:oufddh.exe
shellopenCommand — G:oufddh.exe*Newly Created Service* — CATCHME
*Newly Created Service* — KLIM6
*Newly Created Service* — PROCEXP90
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 15:37:25
Windows 6.0.6000 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(612)
c:windowssystem32eNetHook.dll
.
Completion time: 2008-12-06 15:39:55
ComboFix-quarantined-files.txt 2008-12-06 12:39:48
ComboFix2.txt 2008-12-06 11:25:59Pre-Run: 1 961 005 056 байт свободно
Post-Run: 1,932,324,864 байт свободно335 — E O F — 2008-12-04 17:55:21
