Созданные ответы форума
-
Сообщения
-
Скрипт выполнил, результаты ниже. Правда пришлось заново скачивать Комбофикс, т.к. Касперский его или удалил, или упрятал на карантин.
ComboFix 08-09-16.05 — user 2008-09-18 19:57:14.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.466 [GMT 4:00]
Running from: C:DistПротив псевдоантивирусовComboFix.exe
Command switches used :: C:DistПротив псевдоантивирусовCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Program FilesCommon Filesukerajite.scr
C:WINDOWSgybimo._sy
C:WINDOWSQTFont.for
C:WINDOWSQTFont.qfn
C:WINDOWSsystem32azuzesu.bat
C:WINDOWSsystem32bysocuroqe.vbs
C:WINDOWSsystem32drivers500.exe
C:WINDOWSsystem32drivers687.exe
C:WINDOWSsystem32drivers859.exe
C:WINDOWSsystem32drivers93.exe
C:WINDOWSsystem32drivers953.exe
C:WINDOWSsystem32drivers984.exe
C:WINDOWSsystem32lewuj.com
C:WINDOWSsystem32ohyjovavip.dat
C:WINDOWSsystem32olyzuvip.dl
C:WINDOWSsystem32ycun._dl
.
—- Previous Run
.
C:WINDOWSsystem32dllcachebeep.sys
C:Documents and SettingsuserCookiesbinolesi.dll
C:Documents and SettingsuserCookiesbyqucyp.bat
C:Documents and SettingsuserCookiescujyxiv._sy
C:Documents and SettingsuserCookiesrikybyz.bat
C:Documents and SettingsuserCookiesuser@ads.stardoll[17].txt
C:Documents and SettingsuserCookiesuser@ads.stardoll[4].txt
C:Documents and SettingsuserCookiesuser@ads.stardoll[8].txt
C:Documents and SettingsuserCookiesuser@ehg-adidas.hitbox[2].txt
C:Documents and SettingsuserCookiesuser@ehg-dig.hitbox[2].txt
C:Documents and SettingsuserCookiesuser@ehg-dig.hitbox[3].txt
C:Documents and SettingsuserCookiesuser@engine.adnet[3].txt
C:Documents and SettingsuserCookiesuser@medialand.relax[2].txt
C:Documents and SettingsuserCookiesuser@www.mp3search[1].txt
C:Documents and SettingsuserCookiesyhaxid.vbs
C:Documents and SettingsuserLocal SettingsTemporary Internet Filesibozeda.dll
C:RecycledRecycled
C:WINDOWSsystem32~.exe
C:WINDOWSsystem32blphc1arj0eg7e.scr
C:WINDOWSsystem32DelSelf.bat
C:WINDOWSsystem32driversWinel74.sys
C:WINDOWSsystem32lphc1arj0eg7e.exe
C:WINDOWSsystem32phc1arj0eg7e.bmp
C:WINDOWSsystem32WinCtrl32.dl_
C:WINDOWSsystem32WinCtrl32.dll
C:WINDOWSufdata2000.log.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_WINEL74
Service_Winel74
Legacy_WINWD28
Service_Winel51
Service_Wintb30
Service_Winwd28
Service_Winxe41((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.2008-09-16 20:44 . 2008-09-16 20:44 221 —a
C:WINDOWSNCLogConfig.ini
2008-09-15 21:25 . 2008-09-15 21:25d
C:Program FilesTrend Micro
2008-09-14 21:47 . 2008-09-14 21:52d
C:Program FilesSpybot — Search & Destroy
2008-09-14 21:47 . 2008-09-14 22:13d
C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2008-09-14 20:36 . 2008-09-14 20:41d
C:SmitfraudFix
2008-09-14 19:45 . 2008-09-15 21:41 3,244 —a
C:WINDOWSsystem32tmp.reg
2008-09-14 18:14 . 2008-09-14 18:14 91,700 —a
C:WINDOWSsystem32driversklin.dat
2008-09-14 18:14 . 2008-09-14 18:14 85,860 —a
C:WINDOWSsystem32driversklick.dat
2008-09-14 18:13 . 2008-09-18 20:05 2,277,664 —ahs—- C:WINDOWSsystem32driversfidbox.dat
2008-09-14 18:13 . 2008-09-18 20:08 28,960 —ahs—- C:WINDOWSsystem32driversfidbox2.dat
2008-09-14 18:13 . 2008-09-18 20:05 28,916 —ahs—- C:WINDOWSsystem32driversfidbox.idx
2008-09-14 18:13 . 2008-09-18 20:05 3,692 —ahs—- C:WINDOWSsystem32driversfidbox2.idx
2008-09-14 17:15 . 2008-09-14 17:15d—h
C:WINDOWSsystem32GroupPolicy
2008-09-13 22:44 . 2008-09-13 22:44 287 —a
C:WINDOWSsystem32MRT.INI
2008-09-05 22:26 . 2008-09-05 22:27d
C:Documents and SettingsuserApplication DataTMInc
2008-09-01 13:53 . 2008-09-01 13:53d
C:Documents and SettingsAll UsersApplication DataApple Computer
2008-09-01 13:02 . 2004-06-04 18:33 314,368 —a
C:WINDOWSIsUninstR.Exe
2008-09-01 12:59 . 2008-09-01 12:59d
C:Program FilesDisney Interactive Studios
2008-09-01 12:56 . 2008-09-01 12:56d
C:Documents and SettingsuserWINDOWS
2008-08-31 14:26 . 2008-08-31 15:59d
C:SAVES
2008-08-31 14:26 . 2008-08-31 16:06d
C:Program FilesRussobit-M
2008-08-29 18:29 . 2008-08-29 18:29d
C:Documents and SettingsAll UsersApplication DataHipSoft
2008-08-27 22:05 . 2008-08-27 22:07d
C:Documents and SettingsuserApplication DataBeachPartyCraze
2008-08-24 21:32 . 2008-09-07 10:56d
C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-08-24 20:47 . 2008-08-24 20:58d
C:Documents and SettingsuserApplication DataMysteryville2.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 14:47
d
w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-09-14 14:43
d
w C:Program FilesRed Kings Poker
2008-09-14 14:13
d
w C:Program FilesKaspersky Lab
2008-09-14 13:45 19,381 —-a-w C:Program FilesCommon Filesopicera._sy
2008-09-14 09:53
d
w C:Program FilesGames.Mail.Ru
2008-09-13 18:43 30,592 —-a-w C:WINDOWSsystem32driversWinwd28.sys
2008-09-06 09:44
d
w C:Program FilesQuickTime
2008-09-05 17:15
d
w C:Program FilesGames.Rambler.ru
2008-08-31 12:06
d—h—w C:Program FilesInstallShield Installation Information
2008-08-10 14:16
d
w C:Documents and SettingsuserApplication DataMail.Ru
2008-07-27 07:23
d
w C:Program FilesДекларация 2006
2008-07-19 14:25
d
w C:Documents and SettingsAll UsersApplication DataFriday’s games
2008-05-14 03:32 39,552 —-a-w C:Documents and SettingsuserApplication DataGDIPFONTCACHEV1.DAT
2005-07-12 18:25 457 —-a-w C:Program FilesINSTALL.LOG
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe» [2004-08-04 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Smapp»=»C:Program FilesAnalog DevicesSoundMAXSMTray.exe» [2003-07-30 143360]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2004-07-26 4481024]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2004-07-26 86016]
«NeroFilterCheck»=»C:WINDOWSsystem32NeroCheck.exe» [2001-07-09 155648]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2006-05-19 1734880]
«HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2006-02-19 49152]
«NSLauncher»=»C:Program FilesNokiaNokia Software LauncherNSLauncher.exe» [2006-11-28 2658304]
«SMSTray»=»C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe» [2007-09-20 132624]
«MAAgent»=»C:Program FilesMarkAnyContentSaferMAAgent.exe» [2007-01-30 57344]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-09-06 282624]
«AVP»=»C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe» [2008-02-08 227856]
«nwiz»=»nwiz.exe» [2004-07-15 C:WINDOWSsystem32nwiz.exe]
«AdslTaskBar»=»stmctrl.dll» [2004-08-31 C:WINDOWSsystem32stmctrl.dll]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2004-08-04 C:WINDOWSsystem32bthprops.cpl][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2004-08-04 15360][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{88485281-8b4b-4f8d-9ede-82e29a064277}»= «C:PROGRA~1MarkAnyCONTEN~1MACSMA~1.DLL» [2004-11-23 192512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.XVID»= xvid.dll
«vidc.3ivx»= 3ivxVfWCodec.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«msacm.divxa32″= divxa32.acm
«VIDC.HFYU»= huffyuv.dll
«VIDC.i263″= i263_32.drv
«msacm.imc»= imc32.acm
«VIDC.VP31″= vp31vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinel74.sys]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\ICQ\Icq.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«C:\Documents and Settings\user\Desktop\ICQ6\ICQ.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=
«C:\WINDOWS\system32\muzapp.exe»=R2 PDRJNDL;PDRJNDL;C:Program FilesDekartPrivate DiskPDRJNDL.SYS [2003-04-22 16384]
R2 PRVDISK;PRVDISK;C:Program FilesDekartPrivate DiskPRVDISK.SYS [2004-01-16 14464]
R3 ALI5261;ALi Based Ethernet NT Driver;C:WINDOWSsystem32DRIVERSALI5261.SYS [2001-08-17 27678]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-12-13 24592]
R3 Stmatm;ATM/ADSL miniport;C:WINDOWSsystem32DRIVERSstmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service;C:WINDOWSsystem32DRIVERStorususb.sys [2004-05-12 542893]
S3 PAC207;VideoCAM GE111;C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:08:34
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32PAStiSvc.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesHPDigital Imagingbinhpqste08.exe
.
**************************************************************************
.
Completion time: 2008-09-18 20:20:12 — machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-09-18 16:19:38Pre-Run: 20,071,571,456 bytes free
Post-Run: 20,058,222,592 Ў ©в бў®Ў®¤®209 — E O F — 2008-09-13 18:44:12
Сделал все как Вы сказали. Назойливая заставка пропала, скринсейвер видимо тоже. Спасибо еще раз большое за помощь!
Ниже выкладываю лог. Что то еще нужно делать? Как я понял Комбофикс создал точку восстановления, значит штатными средствами Виндовс ее уже не нужно создавать? Как использовать точку восстановления в если в будущем снова будет заражение?ComboFix 08-09-16.05 — user 2008-09-17 19:59:10.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.446 [GMT 4:00]
Running from: C:DistПротив псевдоантивирусовComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:WINDOWSsystem32dllcachebeep.sys
C:Documents and SettingsuserCookiesbinolesi.dll
C:Documents and SettingsuserCookiesbyqucyp.bat
C:Documents and SettingsuserCookiescujyxiv._sy
C:Documents and SettingsuserCookiesrikybyz.bat
C:Documents and SettingsuserCookiesuser@ads.stardoll[17].txt
C:Documents and SettingsuserCookiesuser@ads.stardoll[4].txt
C:Documents and SettingsuserCookiesuser@ads.stardoll[8].txt
C:Documents and SettingsuserCookiesuser@ehg-adidas.hitbox[2].txt
C:Documents and SettingsuserCookiesuser@ehg-dig.hitbox[2].txt
C:Documents and SettingsuserCookiesuser@ehg-dig.hitbox[3].txt
C:Documents and SettingsuserCookiesuser@engine.adnet[3].txt
C:Documents and SettingsuserCookiesuser@medialand.relax[2].txt
C:Documents and SettingsuserCookiesuser@www.mp3search[1].txt
C:Documents and SettingsuserCookiesyhaxid.vbs
C:Documents and SettingsuserLocal SettingsTemporary Internet Filesibozeda.dll
C:RecycledRecycled
C:WINDOWSsystem32~.exe
C:WINDOWSsystem32blphc1arj0eg7e.scr
C:WINDOWSsystem32DelSelf.bat
C:WINDOWSsystem32driversWinel74.sys
C:WINDOWSsystem32lphc1arj0eg7e.exe
C:WINDOWSsystem32phc1arj0eg7e.bmp
C:WINDOWSsystem32WinCtrl32.dl_
C:WINDOWSsystem32WinCtrl32.dll
C:WINDOWSufdata2000.log.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_WINEL74
Service_Winel74((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.2008-09-17 19:54 . 2008-09-17 19:54 73,728 —a
C:WINDOWSsystem32drivers859.exe
2008-09-17 19:36 . 2008-09-17 19:36 73,728 —a
C:WINDOWSsystem32drivers687.exe
2008-09-16 20:44 . 2008-09-16 20:44 221 —a
C:WINDOWSNCLogConfig.ini
2008-09-15 21:25 . 2008-09-15 21:25d
C:Program FilesTrend Micro
2008-09-14 21:47 . 2008-09-14 21:52d
C:Program FilesSpybot — Search & Destroy
2008-09-14 21:47 . 2008-09-14 22:13d
C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2008-09-14 21:07 . 2008-09-17 19:36 199,168 —a
C:WINDOWSsystem32drivers93.exe
2008-09-14 20:36 . 2008-09-14 20:41d
C:SmitfraudFix
2008-09-14 19:45 . 2008-09-15 21:41 3,244 —a
C:WINDOWSsystem32tmp.reg
2008-09-14 18:24 . 2008-09-14 18:24 199,168 —a
C:WINDOWSsystem32drivers953.exe
2008-09-14 18:14 . 2008-09-14 18:14 91,700 —a
C:WINDOWSsystem32driversklin.dat
2008-09-14 18:14 . 2008-09-14 18:14 85,860 —a
C:WINDOWSsystem32driversklick.dat
2008-09-14 18:13 . 2008-09-17 20:12 1,969,440 —ahs—- C:WINDOWSsystem32driversfidbox.dat
2008-09-14 18:13 . 2008-09-17 20:09 27,404 —ahs—- C:WINDOWSsystem32driversfidbox.idx
2008-09-14 18:13 . 2008-09-17 20:10 23,584 —ahs—- C:WINDOWSsystem32driversfidbox2.dat
2008-09-14 18:13 . 2008-09-17 20:09 3,212 —ahs—- C:WINDOWSsystem32driversfidbox2.idx
2008-09-14 17:45 . 2008-09-14 17:45 19,072 —a
C:WINDOWSsystem32ycun._dl
2008-09-14 17:45 . 2008-09-14 17:45 17,126 —a
C:WINDOWSsystem32lewuj.com
2008-09-14 17:45 . 2008-09-14 17:45 16,496 —a
C:WINDOWSsystem32ohyjovavip.dat
2008-09-14 17:45 . 2008-09-14 17:45 15,216 —a
C:WINDOWSgybimo._sy
2008-09-14 17:45 . 2008-09-14 17:45 13,852 —a
C:Program FilesCommon Filesukerajite.scr
2008-09-14 17:45 . 2008-09-14 17:45 11,861 —a
C:WINDOWSsystem32bysocuroqe.vbs
2008-09-14 17:45 . 2008-09-14 17:45 11,633 —a
C:WINDOWSsystem32olyzuvip.dl
2008-09-14 17:45 . 2008-09-14 17:45 10,803 —a
C:WINDOWSsystem32azuzesu.bat
2008-09-14 17:36 . 2008-09-14 17:36 199,168 —a
C:WINDOWSsystem32drivers500.exe
2008-09-14 17:15 . 2008-09-14 17:15d—h
C:WINDOWSsystem32GroupPolicy
2008-09-14 17:05 . 2008-09-15 21:16 199,168 —a
C:WINDOWSsystem32drivers984.exe
2008-09-13 22:44 . 2008-09-13 22:44 287 —a
C:WINDOWSsystem32MRT.INI
2008-09-06 13:43 . 2008-09-07 11:46 54,156 —ah
C:WINDOWSQTFont.qfn
2008-09-06 13:43 . 2008-09-06 13:43 1,409 —a
C:WINDOWSQTFont.for
2008-09-05 22:26 . 2008-09-05 22:27d
C:Documents and SettingsuserApplication DataTMInc
2008-09-01 13:53 . 2008-09-01 13:53d
C:Documents and SettingsAll UsersApplication DataApple Computer
2008-09-01 13:02 . 2004-06-04 18:33 314,368 —a
C:WINDOWSIsUninstR.Exe
2008-09-01 12:59 . 2008-09-01 12:59d
C:Program FilesDisney Interactive Studios
2008-09-01 12:56 . 2008-09-01 12:56d
C:Documents and SettingsuserWINDOWS
2008-08-31 14:26 . 2008-08-31 15:59d
C:SAVES
2008-08-31 14:26 . 2008-08-31 16:06d
C:Program FilesRussobit-M
2008-08-29 18:29 . 2008-08-29 18:29d
C:Documents and SettingsAll UsersApplication DataHipSoft
2008-08-27 22:05 . 2008-08-27 22:07d
C:Documents and SettingsuserApplication DataBeachPartyCraze
2008-08-24 21:32 . 2008-09-07 10:56d
C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-08-24 20:47 . 2008-08-24 20:58d
C:Documents and SettingsuserApplication DataMysteryville2.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 15:49
d
w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-09-14 14:43
d
w C:Program FilesRed Kings Poker
2008-09-14 14:13
d
w C:Program FilesKaspersky Lab
2008-09-14 13:45 19,381 —-a-w C:Program FilesCommon Filesopicera._sy
2008-09-14 09:53
d
w C:Program FilesGames.Mail.Ru
2008-09-13 18:43 30,592 —-a-w C:WINDOWSsystem32driversWinwd28.sys
2008-09-06 09:44
d
w C:Program FilesQuickTime
2008-09-05 17:15
d
w C:Program FilesGames.Rambler.ru
2008-08-31 12:06
d—h—w C:Program FilesInstallShield Installation Information
2008-08-10 14:16
d
w C:Documents and SettingsuserApplication DataMail.Ru
2008-07-27 07:23
d
w C:Program FilesДекларация 2006
2008-07-19 14:25
d
w C:Documents and SettingsAll UsersApplication DataFriday’s games
2008-05-14 03:32 39,552 —-a-w C:Documents and SettingsuserApplication DataGDIPFONTCACHEV1.DAT
2005-07-12 18:25 457 —-a-w C:Program FilesINSTALL.LOG
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe» [2004-08-04 00:56 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Smapp»=»C:Program FilesAnalog DevicesSoundMAXSMTray.exe» [2003-07-30 10:08 143360]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2004-07-26 19:12 4481024]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2004-07-26 19:12 86016]
«NeroFilterCheck»=»C:WINDOWSsystem32NeroCheck.exe» [2001-07-09 11:50 155648]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2006-05-19 22:28 1734880]
«HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2006-02-19 03:41 49152]
«NSLauncher»=»C:Program FilesNokiaNokia Software LauncherNSLauncher.exe» [2006-11-28 02:12 2658304]
«SMSTray»=»C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe» [2007-09-20 17:21 132624]
«MAAgent»=»C:Program FilesMarkAnyContentSaferMAAgent.exe» [2007-01-30 20:36 57344]
«QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-09-06 13:43 282624]
«AVP»=»C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe» [2008-02-08 18:36 227856]
«nwiz»=»nwiz.exe» [2004-07-15 13:42 843776 C:WINDOWSsystem32nwiz.exe]
«AdslTaskBar»=»stmctrl.dll» [2004-08-31 15:53 159744 C:WINDOWSsystem32stmctrl.dll]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2004-08-04 00:56 110592 C:WINDOWSsystem32bthprops.cpl][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2004-08-04 00:56 15360]C:Documents and SettingsAll UsersStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe [2006-02-19 05:21:22 288472][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{88485281-8b4b-4f8d-9ede-82e29a064277}»= «C:PROGRA~1MarkAnyCONTEN~1MACSMA~1.DLL» [2004-11-23 16:51 192512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.XVID»= xvid.dll
«vidc.3ivx»= 3ivxVfWCodec.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«msacm.divxa32″= divxa32.acm
«VIDC.HFYU»= huffyuv.dll
«VIDC.i263″= i263_32.drv
«msacm.imc»= imc32.acm
«VIDC.VP31″= vp31vfw.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah17.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci06.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindk41.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinel51.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingm30.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinhn30.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinlr27.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintb30.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwd28.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxe41.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\ICQ\Icq.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«C:\Documents and Settings\user\Desktop\ICQ6\ICQ.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=
«C:\WINDOWS\system32\muzapp.exe»=R2 PDRJNDL;PDRJNDL;C:Program FilesDekartPrivate DiskPDRJNDL.SYS [2003-04-22 13:04 16384]
R2 PRVDISK;PRVDISK;C:Program FilesDekartPrivate DiskPRVDISK.SYS [2004-01-16 16:43 14464]
R3 ALI5261;ALi Based Ethernet NT Driver;C:WINDOWSsystem32DRIVERSALI5261.SYS [2001-08-17 16:11 27678]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-12-13 13:28 24592]
R3 Stmatm;ATM/ADSL miniport;C:WINDOWSsystem32DRIVERSstmatm.sys [2003-08-12 13:51 60255]
R3 TaurusUsb;ADSL Modem USB Service;C:WINDOWSsystem32DRIVERStorususb.sys [2004-05-12 18:16 542893]
S0 Winel51;Winel51;C:WINDOWSsystem32DriversWinel51.sys [ ]
S0 Wintb30;Wintb30;C:WINDOWSsystem32DriversWintb30.sys [ ]
S0 Winwd28;Winwd28;C:WINDOWSsystem32DriversWinwd28.sys [2008-09-13 22:43 30592]
S0 Winxe41;Winxe41;C:WINDOWSsystem32DriversWinxe41.sys [ ]
S3 PAC207;VideoCAM GE111;C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 11:46 162176][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand — D:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{11d6c7bb-6ccd-11dc-a54b-00112f72259b}]
Shell1Command — autorun.pif
Shell2Command — autorun.pif
ShellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c3e27732-3ada-11da-9a36-00112f72259b}]
shellSetupcommand — setup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d99253e9-ff45-11dc-83b4-00112f72259b}]
ShellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e0325b90-f2fb-11d9-a6c6-00112f72259b}]
shellSetupcommand — E:setup.exe
.
.
Supplementary Scan
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 -: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentMAgent.exeO16 -: Microsoft XML Parser for Java — file://C:WINDOWSJavaclassesxmldso.cab
C:WINDOWSDownloaded Program FilesMicrosoft XML Parser for Java.osd
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 20:12:26
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32PAStiSvc.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesHPDigital Imagingbinhpqste08.exe
.
**************************************************************************
.
Completion time: 2008-09-17 20:24:42 — machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-09-17 16:24:03Pre-Run: 19,632,300,032 bytes free
Post-Run: 20,099,502,080 Ў ©в бў®Ў®¤®245 — E O F — 2008-09-13 18:44:12
