- This topic has 5 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Всё перепробывал что то уменя не получается убрать пошлятину HELP ME.
ComboFix 08-12-26.03 — Сергей 2008-12-27 14:14:30.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.513 [GMT 3:00]
Running from: c:downloadsПрограммыComboFix.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsСергейLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataFunWebProducts
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:program filesFunWebProducts
c:program filesFunWebProductsScreenSaverImages0118C939.urr
c:program filesFunWebProductsSharedCacheCursorManiaBtn.html
c:program filesFunWebProductsSharedCacheMailStampBtn.htmlx
c:program filesFunWebProductsSharedCacheMyStationeryBtn.htmlx
c:program filesFunWebProductsSharedCacheSmileyCentralBtn.html.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.2008-12-27 12:37 . 2008-12-27 12:37 54,156 —ah
c:windowsQTFont.qfn
2008-12-27 12:37 . 2008-12-27 12:37 1,409 —a
c:windowsQTFont.for
2008-12-22 20:28 . 2007-04-17 12:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2008-12-22 20:28 . 2007-03-08 08:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2008-12-22 20:22 . 2008-12-27 13:26dr-h
c:documents and settingsСергейRecent
2008-12-22 20:22 . 2008-12-27 13:26dr-h
c:documents and settingsСергейRecent
2008-12-20 19:48 . 2008-12-20 19:48 50 —a
c:windowsMegaManager.INI
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:20 . 2008-12-20 00:20d
c:program filesOpera
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowssystem32ru
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowssystem32bits
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowsl2schemas
2008-12-19 04:39 . 2008-12-19 04:39d
c:windowsServicePackFiles
2008-12-13 12:54 . 2008-12-13 12:54dr-h
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSecuROM
2008-12-13 12:50 . 2008-12-13 12:50d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataLeadertech
2008-12-07 20:42 . 2008-12-25 00:55 58 —a
c:windowsCTACD.INI
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-05 22:10 . 2008-12-05 22:10d
c:program filesDisney Interactive Studios
2008-12-03 19:03 . 2008-12-03 19:03d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:31 . 2008-12-03 14:31d
c:windowssystem32GroupPolicy
2008-12-03 14:31 . 2008-12-03 14:31d
c:program filesWindows Desktop Search
2008-12-02 03:00 . 2008-12-02 03:00d
c:program filesMicrosoft CAPICOM 2.1.0.2
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:46 . 2008-11-30 23:46 582,392 —a—c— C:aimp_radio.wav
2008-11-30 19:00 . 2008-11-30 19:00d
c:program filesFreeze.com
2008-11-30 19:00 . 2005-05-27 12:51 520,192 —a
c:windowsLiving 3D Fireplace 2.scr
2008-11-30 18:59 . 2008-11-30 18:59d—-c— c:documents and settingsAll UsersApplication DataWinferno
2008-11-30 18:58 . 2008-11-30 18:58d
c:program filesFree Offers from Freeze.com
2008-11-30 18:58 . 2006-07-24 08:56 212,240 —a
c:windowssystem32Richtx32.ocx
2008-11-30 18:54 . 2008-11-30 19:12d
c:program filesWinferno
2008-11-30 18:50 . 2008-11-30 18:50d
c:program filesSmart-Shopper
2008-11-30 18:50 . 2008-12-18 22:04d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSmart-Shopper
2008-11-30 17:37 . 2008-11-30 17:36 316,416 —a
c:windowssystem32hiklib.dll
2008-11-30 17:36 . 2008-11-30 17:35 315,904 —a
c:windowssystem32grplib.dll
2008-11-29 19:28 . 2008-11-29 19:28d
c:program filesDivX
2008-11-27 13:52 . 2008-10-24 14:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 22:34 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-12-26 22:34 107,832 —-a-w c:windowssystem32PnkBstrB.exe
2008-12-24 18:28
d
w c:program filesMicrosoft ActiveSync
2008-12-23 16:27
d
w c:program filesEset
2008-12-22 18:53 512,096 —-a-w c:windowssystem32driversamon.sys
2008-12-22 18:53 298,104 —-a-w c:windowssystem32imon.dll
2008-12-22 18:53 15,424 —-a-w c:windowssystem32driversnod32drv.sys
2008-12-20 16:57
d
w c:program filesCommon FilesYandex
2008-12-20 16:46
d—h—w c:program filesInstallShield Installation Information
2008-12-18 19:56
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-06 18:27 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2008-12-05 19:12 413,696 —-a-w c:windowssystem32wrap_oal.dll
2008-12-05 19:12 110,592 —-a-w c:windowssystem32OpenAL32.dll
2008-12-03 10:45 162,816 —-a-w c:windowssystem32fmod.dll
2008-11-30 20:50
d
w c:program filesAIMP MMC PRO
2008-11-12 22:45
d
w c:documents and settingsСергейApplication DataSPORE
2008-11-12 22:45
d
w c:documents and settingsСергейApplication DataSPORE
2008-11-12 22:45
d
w c:documents and settingsСергейApplication DataSPORE
2008-11-12 07:07 328,704 —-a-w c:windowssystem32gwllib.dll
2008-11-10 16:47
d
w c:program filesAncient Castle 3D Screensaver
2008-11-10 16:04
d
w c:program filesScreensaver More
2008-11-06 13:34
d
w c:program filesDigital-Jesters
2008-11-01 17:32
d
w c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSPORE
2008-11-01 15:49
d
w c:program filesНовый Диск
2008-11-01 15:48
d
w c:program filesSpirit
2008-11-01 15:48
d
w c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataInstallShield
2008-11-01 15:44
d
w c:program filesPCGAME
2008-10-31 19:55
d
w c:program filesOpenAL
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-16 20:33 826,368 —-a-w c:windowssystem32wininet.dll
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 11:06 268,648 —-a-w c:windowssystem32mucltui.dll
2008-10-16 11:06 208,744 —-a-w c:windowssystem32muweb.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-04-29 16:05 1,286,949 —-a-w c:program fileswrar371ru.exe
2008-04-29 16:04 5,062,850 —-a-w c:program filesdmaster.exe
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
2008-10-07 18:50 1172952 —a
c:program filesSmart-ShopperBin2.5.1Smrt-Shpr.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{4AC09A5A-8139-4FDF-813B-F6EF2E65FC0B}]
2008-11-30 17:36 316416 —a
c:windowssystem32hiklib.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{99F62063-7F8E-4120-9E94-D2EFD3C772D0}]
2008-11-12 10:07 328704 —a
c:windowssystem32gwllib.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{DEA35A5D-49C2-4D1F-BC60-FBBC0DC0183D}]
2008-11-30 17:35 315904 —a
c:windowssystem32grplib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«RemoteCenter»=»c:program filesCreativeSBLiveRemoteCenterRcRcMan.EXE» [2002-04-03 122880]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-09-17 3294720]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»d:програмыICQ6ICQ.exe» [2008-09-01 173304]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«Jet Detection»=»c:program filesCreativeSBLivePROGRAMADGJDet.exe» [2001-11-29 28672]
«Disc Detector»=»c:program filesCreativeShareDLLCtNotify.exe» [2001-12-26 191488]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-06-01 7618560]
«Trust Gaming mouse»=»c:program filesTrustGM-4200 Gamer Mouse OpticalPanel.exe» [2006-12-28 1232896]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-22 949376]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-10 4428472]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-08-28 77824]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«CTHelper»=»CTHELPER.EXE» [2003-08-28 c:windowssystem32CTHELPER.EXE]
«nwiz»=»nwiz.exe» [2006-06-01 c:windowssystem32nwiz.exe]
«NvMediaCenter»=»NvMCTray.dll» [2006-06-01 c:windowssystem32nvmctray.dll][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2005-03-14 483328]
Windows Search.lnk — c:program filesWindows Desktop SearchWindowsSearch.exe [2008-05-26 123904]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-03-05 11000][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.ctmp3″= c:windowssystem32ctmp3.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Activision\Call of Duty 4 — Modern Warfare\iw3mp.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\Програмы\ICQ6\ICQ.exe»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\PCGAME\FAR CRY 2\bin\FarCry2.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-04-29 15424]
R3 GMFilter Filter;GMFilter Filter;c:windowssystem32DriversGMFilter.sys [2008-04-28 27648][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{38cc0e1d-1541-11dd-ac80-806d6172696f}]
ShellAutoRuncommand — E:ASUSACPI.exe*Newly Created Service* — PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder2008-12-27 c:windowsTasksPCConfidential.job
— c:program filesWinfernoPC ConfidentialPCConfidential.exe []2008-12-27 c:windowsTasksПроверка обновлений для Windows Live Toolbar.job
— c:program filesWindows Live ToolbarMSNTBUP.EXE []
.
— — — — ORPHANS REMOVED — — — —BHO-{8688AD15-2846-4D1E-B53B-29FE7BB095F1} — c:windowssystem32ggrlib.dll
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} — c:progra~1MEGAUP~2MEGAUP~1.DLL
Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} — c:progra~1MEGAUP~2MEGAUP~1.DLL
HKCU-Run-Uniblue RegistryBooster 2 — c:program filesUniblueRegistryBooster 2RegistryBooster.exe
HKLM-Run-MyWebSearch Plugin — c:progra~1MYWEBS~1bar2.binM3PLUGIN.DLL
HKLM-Run-NevoDRM — c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe.
Supplementary Scan
.
uStart Page = http://www.mail.ru
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} — {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} — c:program filesSmart-ShopperBin2.5.1Smrt-Shpr.dll
LSP: c:windowssystem32imon.dll
FF — ProfilePath — c:documents and settingsСергейApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — plugin: c:program filesOperaprogrampluginsnppdf32.dll
FF — plugin: d:documents and settingsЮЛЕЧКА-ЛАПОЧКАМои документыНовая папка (2)DivXDivX Web Playernpdivx32.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 14:17:18
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Disc Detector = c:program filesCreativeShareDLLCtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?P ????B???@?????P?????@?? ??????~?7~??????????@???????????????????B????? ??????????????????????????r?Bscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(1108)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2008-12-27 14:19:01
ComboFix-quarantined-files.txt 2008-12-27 11:18:05Pre-Run: 6 192 898 048 байт свободно
Post-Run: 6,775,238,656 байт свободно286 — E O F — 2008-12-23 00:02:54
Здравствуйте, добро пожаловать на Spyware-ru форум.
Откройте блокнот и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{4AC09A5A-8139-4FDF-813B-F6EF2E65FC0B}]
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{99F62063-7F8E-4120-9E94-D2EFD3C772D0}]
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{DEA35A5D-49C2-4D1F-BC60-FBBC0DC0183D}]
File::
c:windowssystem32grplib.dll
c:windowssystem32hiklib.dll
c:windowssystem32gwllib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript.
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Здравствуйте спасибо что откликнулись ! Прилагаю полученый файл.
ComboFix 08-12-26.03 — Сергей 2008-12-30 12:56:18.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.623 [GMT 3:00]
Running from: c:documents and settingsСергейРабочий столComboFix.exe
Command switches used :: c:documents and settingsСергейРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32grplib.dll
c:windowssystem32gwllib.dll
c:windowssystem32hiklib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsСергейLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsСергейLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsСергейLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsСергейLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowssystem32grplib.dll
c:windowssystem32gwllib.dll
c:windowssystem32hiklib.dll.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.2008-12-29 21:47 . 2008-12-29 21:47
d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataDisney Interactive Studios
2008-12-29 21:37 . 2008-07-12 08:18 3,851,784 —a
c:windowssystem32D3DX9_39.dll
2008-12-29 21:37 . 2008-07-12 08:18 1,493,528 —a
c:windowssystem32D3DCompiler_39.dll
2008-12-29 21:37 . 2008-07-31 10:40 509,448 —a
c:windowssystem32XAudio2_2.dll
2008-12-29 21:37 . 2008-07-12 08:18 467,984 —a
c:windowssystem32d3dx10_39.dll
2008-12-29 21:37 . 2008-07-31 10:41 238,088 —a
c:windowssystem32xactengine3_2.dll
2008-12-29 21:37 . 2008-07-31 10:41 68,616 —a
c:windowssystem32XAPOFX1_1.dll
2008-12-29 21:36 . 2008-12-29 21:37d
c:windowsLastGood
2008-12-29 21:35 . 2008-12-29 21:46 1,026 —a
c:windowsdisney.ini
2008-12-27 18:26 . 2008-12-27 18:27d—-c— C:rsit
2008-12-27 18:26 . 2008-12-27 18:27d
c:program filestrend micro
2008-12-22 20:28 . 2007-04-17 12:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2008-12-22 20:28 . 2007-03-08 08:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2008-12-22 20:22 . 2008-12-30 12:53dr-h
c:documents and settingsСергейRecent
2008-12-22 20:22 . 2008-12-30 12:53dr-h
c:documents and settingsСергейRecent
2008-12-20 19:48 . 2008-12-20 19:48 50 —a
c:windowsMegaManager.INI
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:21 . 2008-12-20 00:21d
c:documents and settingsСергейApplication DataOpera
2008-12-20 00:20 . 2008-12-20 00:20d
c:program filesOpera
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 23:41 . 2008-12-19 23:41d
c:documents and settingsСергейApplication DataWindows Search
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowssystem32ru
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowssystem32bits
2008-12-19 04:41 . 2008-12-19 04:41d
c:windowsl2schemas
2008-12-19 04:39 . 2008-12-19 04:39d
c:windowsServicePackFiles
2008-12-13 12:54 . 2008-12-13 12:54dr-h
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSecuROM
2008-12-13 12:50 . 2008-12-13 12:50d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataLeadertech
2008-12-07 20:42 . 2008-12-25 00:55 58 —a
c:windowsCTACD.INI
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-07 18:53 . 2008-12-07 18:53d
c:documents and settingsСергейApplication DataToshiba
2008-12-05 22:10 . 2008-12-05 22:10d
c:program filesDisney Interactive Studios
2008-12-03 19:03 . 2008-12-03 19:03d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:32 . 2008-12-03 14:32d
c:documents and settingsСергейApplication DataWindows Desktop Search
2008-12-03 14:31 . 2008-12-03 14:31d
c:windowssystem32GroupPolicy
2008-12-03 14:31 . 2008-12-03 14:31d
c:program filesWindows Desktop Search
2008-12-02 03:00 . 2008-12-02 03:00d
c:program filesMicrosoft CAPICOM 2.1.0.2
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:54 . 2008-12-27 13:51d
c:documents and settingsСергейApplication DataSmart-Shopper
2008-11-30 23:46 . 2008-11-30 23:46 582,392 —a—c— C:aimp_radio.wav
2008-11-30 19:00 . 2008-11-30 19:00d
c:program filesFreeze.com
2008-11-30 19:00 . 2005-05-27 12:51 520,192 —a
c:windowsLiving 3D Fireplace 2.scr
2008-11-30 18:59 . 2008-11-30 18:59d—-c— c:documents and settingsAll UsersApplication DataWinferno
2008-11-30 18:58 . 2008-11-30 18:58d
c:program filesFree Offers from Freeze.com
2008-11-30 18:58 . 2006-07-24 08:56 212,240 —a
c:windowssystem32Richtx32.ocx
2008-11-30 18:54 . 2008-11-30 19:12d
c:program filesWinferno
2008-11-30 18:50 . 2008-11-30 18:50d
c:program filesSmart-Shopper
2008-11-30 18:50 . 2008-12-18 22:04d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSmart-Shopper
2008-11-29 19:28 . 2008-11-29 19:28d
c:program filesDivX
2008-11-27 13:52 . 2008-10-24 14:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2008-11-13 01:45 . 2008-11-13 01:45d
c:documents and settingsСергейApplication DataSPORE
2008-11-13 01:45 . 2008-11-13 01:45d
c:documents and settingsСергейApplication DataSPORE
2008-11-13 01:45 . 2008-11-13 01:45d
c:documents and settingsСергейApplication DataSPORE
2008-11-10 19:47 . 2008-11-10 19:47d
c:program filesAncient Castle 3D Screensaver
2008-11-10 19:45 . 2008-11-10 19:45 8,563 —a
c:windowsAlchemy3D.chm
2008-11-10 19:03 . 2008-11-10 19:04d
c:program filesScreensaver More
2008-11-10 18:55 . 2008-12-22 22:52d—-c— C:заставки
2008-11-06 16:34 . 2008-11-06 16:34d
c:program filesDigital-Jesters
2008-11-01 20:32 . 2008-11-01 20:32d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataSPORE
2008-11-01 18:48 . 2008-11-01 18:48d
c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataInstallShield
2008-11-01 18:44 . 2008-11-01 18:44d
c:program filesPCGAME
2008-11-01 18:42 . 2008-09-20 18:01 2,958,433 —a
c:windows_detmp.1
2008-11-01 18:42 . 2007-09-12 15:42 29,696 —a
c:windows_detmp.2.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:08 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-12-29 23:08 107,832 —-a-w c:windowssystem32PnkBstrB.exe
2008-12-29 18:37
d—h—w c:program filesInstallShield Installation Information
2008-12-28 18:42
d
w c:documents and settingsЮЛЕЧКА-ЛАПОЧКАApplication DataDownload Master
2008-12-24 18:28
d
w c:program filesMicrosoft ActiveSync
2008-12-23 16:27
d
w c:program filesEset
2008-12-22 18:53 512,096 —-a-w c:windowssystem32driversamon.sys
2008-12-22 18:53 298,104 —-a-w c:windowssystem32imon.dll
2008-12-22 18:53 15,424 —-a-w c:windowssystem32driversnod32drv.sys
2008-12-20 16:57
d
w c:program filesCommon FilesYandex
2008-12-18 19:56
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 08:50
d
w c:documents and settingsСергейApplication DataMail.Ru
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-10 07:58
d
w c:documents and settingsСергейApplication DataICQ
2008-12-06 18:27 107,888 —-a-w c:windowssystem32CmdLineExt.dll
2008-12-05 19:12 413,696 —-a-w c:windowssystem32wrap_oal.dll
2008-12-05 19:12 110,592 —-a-w c:windowssystem32OpenAL32.dll
2008-12-03 10:45 162,816 —-a-w c:windowssystem32fmod.dll
2008-11-30 20:50
d
w c:program filesAIMP MMC PRO
2008-11-01 15:49
d
w c:program filesНовый Диск
2008-11-01 15:48
d
w c:program filesSpirit
2008-10-31 19:55
d
w c:program filesOpenAL
2008-10-23 12:42 286,720 —-a-w c:windowssystem32gdi32.dll
2008-10-16 20:33 826,368 —-a-w c:windowssystem32wininet.dll
2008-10-16 11:13 202,776 —-a-w c:windowssystem32wuweb.dll
2008-10-16 11:13 1,809,944 —-a-w c:windowssystem32wuaueng.dll
2008-10-16 11:12 561,688 —-a-w c:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w c:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w c:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w c:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w c:windowssystem32wups.dll
2008-10-16 11:06 268,648 —-a-w c:windowssystem32mucltui.dll
2008-10-16 11:06 208,744 —-a-w c:windowssystem32muweb.dll
2008-10-03 10:04 247,326 —-a-w c:windowssystem32strmdll.dll
2008-09-30 13:43 1,286,152 —-a-w c:windowssystem32msxml4.dll
2008-09-19 21:55 200,704 —-a-w c:windowssystem32ssldivx.dll
2008-09-19 21:55 1,044,480 —-a-w c:windowssystem32libdivx.dll
2008-09-18 16:38 43,520 —-a-w c:windowssystem32CmdLineExt03.dll
2008-09-15 15:27 1,846,528 —-a-w c:windowssystem32win32k.sys
2008-09-10 01:15 1,307,648
w c:windowssystem32msxml6.dll
2008-09-04 17:17 1,106,944 —-a-w c:windowssystem32msxml3.dll
2008-04-29 16:05 1,286,949 —-a-w c:program fileswrar371ru.exe
2008-04-29 16:04 5,062,850 —-a-w c:program filesdmaster.exe
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
2008-04-28 22:50 22,328 —-a-w c:documents and settingsСергейApplication DataPnkBstrK.sys
.((((((((((((((((((((((((((((( snapshot@2008-12-27_14.17.42,18 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-12-13 09:40:31 53,248 —-a-w c:windowsassemblyGACMicrosoft.DirectX.AudioVideoPlayback1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-29 18:36:54 53,248 —-a-w c:windowsassemblyGACMicrosoft.DirectX.AudioVideoPlayback1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.AudioVideoPlayback.dll
— 2008-12-13 09:40:31 12,800 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Diagnostics1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Diagnostics.dll
+ 2008-12-29 18:36:55 12,800 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Diagnostics1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Diagnostics.dll
— 2008-12-13 09:40:32 473,600 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3D1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Direct3D.dll
+ 2008-12-29 18:36:55 473,600 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3D1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Direct3D.dll
— 2008-12-13 09:40:27 2,676,224 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:50 2,676,224 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:28 2,846,720 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2903.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:51 2,846,720 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2903.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:28 563,712 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2904.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:51 563,712 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2904.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:29 567,296 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2905.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:52 567,296 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2905.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:29 576,000 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2906.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:52 576,000 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2906.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:30 577,024 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2907.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:53 577,024 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2907.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:30 577,536 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2908.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:53 577,536 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2908.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:30 577,536 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2909.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:53 577,536 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2909.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:30 578,560 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2910.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:54 578,560 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2910.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:32 578,560 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2911.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
+ 2008-12-29 18:36:55 578,560 —-a-w c:windowsassemblyGACMicrosoft.DirectX.Direct3DX1.0.2911.0__31bf3856ad364e35Microsoft.DirectX.Direct3DX.dll
— 2008-12-13 09:40:32 145,920 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectDraw1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectDraw.dll
+ 2008-12-29 18:36:55 145,920 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectDraw1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectDraw.dll
— 2008-12-13 09:40:32 159,232 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectInput1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectInput.dll
+ 2008-12-29 18:36:55 159,232 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectInput1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectInput.dll
— 2008-12-13 09:40:32 364,544 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectPlay1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectPlay.dll
+ 2008-12-29 18:36:55 364,544 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectPlay1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectPlay.dll
— 2008-12-13 09:40:32 178,176 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectSound1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectSound.dll
+ 2008-12-29 18:36:56 178,176 —-a-w c:windowsassemblyGACMicrosoft.DirectX.DirectSound1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.DirectSound.dll
— 2008-12-13 09:40:31 223,232 —-a-w c:windowsassemblyGACMicrosoft.DirectX1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.dll
+ 2008-12-29 18:36:54 223,232 —-a-w c:windowsassemblyGACMicrosoft.DirectX1.0.2902.0__31bf3856ad364e35Microsoft.DirectX.dll
+ 2007-03-12 13:42:30 1,123,696 —-a-w c:windowsLastGoodsystem32D3DCompiler_33.dll
+ 2007-05-16 13:45:16 1,124,720 —-a-w c:windowsLastGoodsystem32D3DCompiler_34.dll
+ 2007-07-19 15:14:42 1,358,192 —-a-w c:windowsLastGoodsystem32D3DCompiler_35.dll
+ 2007-10-12 12:14:00 1,374,232 —-a-w c:windowsLastGoodsystem32D3DCompiler_36.dll
+ 2008-03-05 12:56:58 1,420,824 —-a-w c:windowsLastGoodsystem32D3DCompiler_37.dll
+ 2008-05-30 11:11:46 1,491,992 —-a-w c:windowsLastGoodsystem32D3DCompiler_38.dll
+ 2007-03-15 13:57:58 443,752 —-a-w c:windowsLastGoodsystem32d3dx10_33.dll
+ 2007-05-16 13:45:16 443,752 —-a-w c:windowsLastGoodsystem32d3dx10_34.dll
+ 2007-07-19 15:14:42 444,776 —-a-w c:windowsLastGoodsystem32d3dx10_35.dll
+ 2007-10-02 06:56:34 444,776 —-a-w c:windowsLastGoodsystem32d3dx10_36.dll
+ 2008-02-05 20:07:36 462,864 —-a-w c:windowsLastGoodsystem32d3dx10_37.dll
+ 2008-05-30 11:11:46 467,984 —-a-w c:windowsLastGoodsystem32d3dx10_38.dll
+ 2005-02-05 16:45:26 2,222,800 —-a-w c:windowsLastGoodsystem32d3dx9_24.dll
+ 2005-05-30 09:50:04 2,337,488 —-a-w c:windowsLastGoodsystem32d3dx9_25.dll
+ 2005-05-26 12:34:52 2,297,552 —-a-w c:windowsLastGoodsystem32d3dx9_26.dll
+ 2005-07-22 16:59:04 2,319,568 —-a-w c:windowsLastGoodsystem32d3dx9_27.dll
+ 2005-12-05 15:09:18 2,323,664 —-a-w c:windowsLastGoodsystem32d3dx9_28.dll
+ 2006-02-03 05:43:16 2,332,368 —-a-w c:windowsLastGoodsystem32d3dx9_29.dll
+ 2006-03-31 09:40:58 2,388,176 —-a-w c:windowsLastGoodsystem32d3dx9_30.dll
+ 2006-09-28 13:05:20 2,414,360 —-a-w c:windowsLastGoodsystem32d3dx9_31.dll
+ 2006-11-29 10:06:18 3,426,072 —-a-w c:windowsLastGoodsystem32d3dx9_32.dll
+ 2007-03-12 13:42:30 3,495,784 —-a-w c:windowsLastGoodsystem32d3dx9_33.dll
+ 2007-05-16 13:45:16 3,497,832 —-a-w c:windowsLastGoodsystem32d3dx9_34.dll
+ 2007-07-19 15:14:42 3,727,720 —-a-w c:windowsLastGoodsystem32d3dx9_35.dll
+ 2007-10-12 12:14:00 3,734,536 —-a-w c:windowsLastGoodsystem32d3dx9_36.dll
+ 2008-03-05 12:56:58 3,786,760 —-a-w c:windowsLastGoodsystem32D3DX9_37.dll
+ 2008-05-30 11:11:46 3,850,760 —-a-w c:windowsLastGoodsystem32D3DX9_38.dll
+ 2006-02-03 05:41:26 14,032 —-a-w c:windowsLastGoodsystem32x3daudio1_0.dll
+ 2007-03-05 09:42:18 15,128 —-a-w c:windowsLastGoodsystem32x3daudio1_1.dll
+ 2007-10-22 00:37:16 17,928 —-a-w c:windowsLastGoodsystem32x3daudio1_2.dll
+ 2008-03-05 13:00:06 25,608 —-a-w c:windowsLastGoodsystem32X3DAudio1_3.dll
+ 2008-05-30 11:17:00 25,608 —-a-w c:windowsLastGoodsystem32X3DAudio1_4.dll
+ 2006-02-03 05:42:06 230,096 —-a-w c:windowsLastGoodsystem32xactengine2_0.dll
+ 2006-03-31 09:39:48 229,584 —-a-w c:windowsLastGoodsystem32xactengine2_1.dll
+ 2007-10-22 00:39:54 267,272 —-a-w c:windowsLastGoodsystem32xactengine2_10.dll
+ 2006-05-31 04:24:16 230,168 —-a-w c:windowsLastGoodsystem32xactengine2_2.dll
+ 2006-07-28 06:30:32 236,824 —-a-w c:windowsLastGoodsystem32xactengine2_3.dll
+ 2006-09-28 13:05:56 237,848 —-a-w c:windowsLastGoodsystem32xactengine2_4.dll
+ 2006-12-08 09:02:00 251,672 —-a-w c:windowsLastGoodsystem32xactengine2_5.dll
+ 2007-01-24 12:27:30 255,848 —-a-w c:windowsLastGoodsystem32xactengine2_6.dll
+ 2007-04-04 15:55:00 261,480 —-a-w c:windowsLastGoodsystem32xactengine2_7.dll
+ 2007-06-20 17:46:04 266,088 —-a-w c:windowsLastGoodsystem32xactengine2_8.dll
+ 2007-07-19 21:57:12 267,112 —-a-w c:windowsLastGoodsystem32xactengine2_9.dll
+ 2008-03-05 13:03:20 238,088 —-a-w c:windowsLastGoodsystem32xactengine3_0.dll
+ 2008-05-30 11:18:52 238,088 —-a-w c:windowsLastGoodsystem32xactengine3_1.dll
+ 2008-05-30 11:17:30 65,032 —-a-w c:windowsLastGoodsystem32XAPOFX1_0.dll
+ 2008-03-05 13:03:54 479,752 —-a-w c:windowsLastGoodsystem32XAudio2_0.dll
+ 2008-05-30 11:19:18 507,400 —-a-w c:windowsLastGoodsystem32XAudio2_1.dll
+ 2006-03-31 09:39:24 62,672 —-a-w c:windowsLastGoodsystem32xinput1_1.dll
+ 2006-07-28 06:30:14 62,744 —-a-w c:windowsLastGoodsystem32xinput1_2.dll
+ 2007-04-04 15:53:42 81,768 —-a-w c:windowsLastGoodsystem32xinput1_3.dll
+ 2005-12-05 15:07:30 61,136 —-a-w c:windowsLastGoodsystem32xinput9_1_0.dll
— 2005-03-18 13:23:10 53,248 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 14:23:10 53,248 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.AudioVideoPlayback.dll
— 2005-03-18 13:23:10 12,800 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 14:23:10 12,800 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.Diagnostics.dll
— 2005-03-18 13:23:14 473,600 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 14:23:14 473,600 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.Direct3D.dll
— 2005-03-18 13:23:10 145,920 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 14:23:10 145,920 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectDraw.dll
— 2005-03-18 13:23:10 159,232 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 14:23:10 159,232 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectInput.dll
— 2005-03-18 13:23:14 364,544 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 14:23:14 364,544 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectPlay.dll
— 2005-03-18 13:23:12 178,176 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 14:23:12 178,176 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.DirectSound.dll
— 2005-03-18 13:23:14 223,232 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.dll
+ 2005-03-18 14:23:14 223,232 —-a-w c:windowsMicrosoft.NETDirectX for Managed Code1.0.2902.0Microsoft.DirectX.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
2008-10-07 18:50 1172952 —a
c:program filesSmart-ShopperBin2.5.1Smrt-Shpr.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«RemoteCenter»=»c:program filesCreativeSBLiveRemoteCenterRcRcMan.EXE» [2002-04-03 122880]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-09-17 3294720]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»d:програмыICQ6ICQ.exe» [2008-09-01 173304]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«Jet Detection»=»c:program filesCreativeSBLivePROGRAMADGJDet.exe» [2001-11-29 28672]
«Disc Detector»=»c:program filesCreativeShareDLLCtNotify.exe» [2001-12-26 191488]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-06-01 7618560]
«Trust Gaming mouse»=»c:program filesTrustGM-4200 Gamer Mouse OpticalPanel.exe» [2006-12-28 1232896]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-12-22 949376]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-10 4428472]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-08-28 77824]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«CTHelper»=»CTHELPER.EXE» [2003-08-28 c:windowssystem32CTHELPER.EXE]
«nwiz»=»nwiz.exe» [2006-06-01 c:windowssystem32nwiz.exe]
«NvMediaCenter»=»NvMCTray.dll» [2006-06-01 c:windowssystem32nvmctray.dll][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2005-03-14 483328]
Windows Search.lnk — c:program filesWindows Desktop SearchWindowsSearch.exe [2008-05-26 123904]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-03-05 11000][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.ctmp3″= c:windowssystem32ctmp3.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Activision\Call of Duty 4 — Modern Warfare\iw3mp.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\Програмы\ICQ6\ICQ.exe»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\PCGAME\FAR CRY 2\bin\FarCry2.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [2008-04-29 15424]
R3 GMFilter Filter;GMFilter Filter;c:windowssystem32DriversGMFilter.sys [2008-04-28 27648][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{38cc0e1d-1541-11dd-ac80-806d6172696f}]
ShellAutoRuncommand — E:ASUSACPI.exe
.
Contents of the ‘Scheduled Tasks’ folder2008-12-29 c:windowsTasksPCConfidential.job
— c:program filesWinfernoPC ConfidentialPCConfidential.exe []2008-12-30 c:windowsTasksПроверка обновлений для Windows Live Toolbar.job
— c:program filesWindows Live ToolbarMSNTBUP.EXE []
.
.
Supplementary Scan
.
uStart Page = http://www.mail.ru
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} — {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} — c:program filesSmart-ShopperBin2.5.1Smrt-Shpr.dll
LSP: c:windowssystem32imon.dll
FF — ProfilePath — c:documents and settingsСергейApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — plugin: c:program filesOperaprogrampluginsnppdf32.dll
FF — plugin: d:documents and settingsЮЛЕЧКА-ЛАПОЧКАМои документыНовая папка (2)DivXDivX Web Playernpdivx32.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 12:58:25
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Disc Detector = c:program filesCreativeShareDLLCtNotify.exe?X???4???????????????E?@?Disc Detector?A????? ?A? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?P ????B???@?????P?????@?? ??????~?7~??????????@?’?????????????????B????? ??????????????????????????r?Bscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘lsass.exe'(828)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2008-12-30 12:59:58
ComboFix-quarantined-files.txt 2008-12-30 09:58:56
ComboFix2.txt 2008-12-27 11:56:19
ComboFix3.txt 2008-12-27 11:32:47
ComboFix4.txt 2008-12-27 11:19:02Pre-Run: 3 745 705 984 байт свободно
Post-Run: 3,738,034,176 байт свободно402 — E O F — 2008-12-23 00:02:54
Несколько завершающих действий.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
