Созданные ответы форума
-
Сообщения
-
Добрый вечер!
Нет я ничего не устанавливал 😳
а компьютером кроме меня никто не пользуетсяВсё сделал как Вы сказали вот результат:
ComboFix 10-02-11.02 — Admin 11.02.2010 23:47:42.4.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.659 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100211-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:њ®ё¤®єг¬ґвлcc_20100131_231722.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_MSVDCYNNTO
Legacy_ORFCK
Legacy_PDBRR
Legacy_VXN
Service_MSVDCYNNTO
Service_ORFCK
Service_PDBRR
Service_VXN((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.2010-02-11 19:28 . 2010-02-11 19:41
d
w- c:program filesGoogle
2010-02-11 19:28 . 2009-11-24 23:49 48560 —-a-w- c:windowssystem32driversaswTdi.sys
2010-02-11 19:28 . 2009-11-24 23:48 23120 —-a-w- c:windowssystem32driversaswRdr.sys
2010-02-11 19:28 . 2009-11-24 23:47 27408 —-a-w- c:windowssystem32driversaavmker4.sys
2010-02-11 19:28 . 2009-11-24 23:47 97480 —-a-w- c:windowssystem32AvastSS.scr
2010-02-11 19:28 . 2009-11-24 23:51 93424 —-a-w- c:windowssystem32driversaswmon.sys
2010-02-11 19:28 . 2009-11-24 23:50 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2010-02-11 19:28 . 2009-11-24 23:50 114768 —-a-w- c:windowssystem32driversaswSP.sys
2010-02-11 19:28 . 2009-11-24 23:50 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-02-11 19:27 . 2009-11-24 23:54 1280480 —-a-w- c:windowssystem32aswBoot.exe
2010-02-08 17:23 . 2010-02-08 17:23
d
w- c:documents and settingsAll UsersApplication DataSymantec
2010-02-08 16:16 . 2006-12-27 21:00 66560 —-a-w- c:windowssystem32eswia7e.dll
2010-02-08 16:16 . 2006-12-27 21:00 208896 —-a-w- c:windowssystem32esint7e.dll
2010-02-08 16:16 . 2006-03-09 21:00 3584 —-a-w- c:windowssystem32eswiaml.dll
2010-02-07 23:13 . 2010-02-11 14:50
d
w- c:documents and settingsAll UsersApplication DataNorton
2010-02-07 22:56 . 2010-02-07 22:56
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2010-02-07 22:36 . 1999-06-18 20:49 165888 —-a-w- c:windowsCkconfig.exe
2010-02-07 22:36 . 1996-05-03 16:21 27648 —-a-r- c:windowsSetup_ck.exe
2010-02-07 22:36 . 1996-05-03 14:36 18432 —-a-w- c:windowsSetup_ck.dll
2010-02-07 22:36 . 1995-07-04 17:33 11776 —-a-w- c:windowsCkrfresh.exe
2010-02-07 22:36 . 2010-02-07 22:36
d
w- c:documents and settingsAll UsersApplication DataPattern Maker for cross stitch
2010-02-06 19:03 . 2010-02-06 19:03
d
w- c:documents and settingsAll UsersApplication DataAzureus
2010-02-06 18:01 . 2010-02-07 23:36
d
w- c:documents and settingsAdminApplication DataAzureus
2010-02-06 18:01 . 2010-02-06 19:09
d
w- c:program filesVuze
2010-02-06 17:00 . 2010-02-06 17:00
d
w- c:program filesStocona
2010-02-06 11:53 . 2010-02-07 20:37 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-02-03 20:06 . 2010-02-04 19:07
d
w- c:documents and settingsAdminApplication DataLavasoft
2010-02-03 20:06 . 2010-02-03 20:06
d
w- c:program filesLavasoft
2010-02-01 20:49 . 2010-02-01 20:49 388096 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}HiJackThis.exe
2010-02-01 20:49 . 2010-02-01 20:49
d
w- c:program filesTrendMicro
2010-02-01 15:03 . 2010-02-01 15:03 7168 —-a-w- c:windowssystem32driversutewote4.sys
2010-02-01 14:27 . 2010-02-01 14:27
d
w- c:program filestrend micro
2010-02-01 11:14 . 2010-02-07 22:50
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-01 06:23 . 2010-02-01 06:23 55624 —-a-w- c:windowssystem32driversMiniIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 51784 —-a-w- c:windowssystem32driversGDTdiIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 27848 —-a-w- c:windowssystem32driversGDBehave.sys
2010-02-01 06:21 . 2010-02-01 09:08
d
w- c:program filesCommon FilesG DATA
2010-02-01 06:21 . 2010-02-01 09:07
d
w- c:documents and settingsAll UsersApplication DataG DATA
2010-01-31 19:49 . 2010-01-31 19:49
d
w- c:program filesCCleaner
2010-01-30 16:41 . 2010-01-30 16:41
d
w- c:documents and settingsAdminApplication DataK-Meleon
2010-01-29 20:41 . 2010-01-29 20:41
d
w- c:program filesAlwil Software
2010-01-27 20:42 . 2009-10-21 15:08 166152 —-a-w- C:KK.exe
2010-01-27 20:40 . 2010-01-27 20:40 164034 —-a-w- C:KK_v3.4.5.zip
2010-01-26 23:30 . 2009-10-21 15:08 166152 —-a-w- c:program filesKK.exe
2010-01-26 16:02 . 2010-01-26 16:02 12552 —-a-w- c:windowssystem32drivershddirect.sys
2010-01-26 15:31 . 2009-12-01 09:57 61440 —-a-w- c:windowssystem32flcss.exe
2010-01-25 21:36 . 2010-01-25 21:36
d—h—w- c:windowssystem32GroupPolicy
2010-01-24 22:43 . 2010-01-24 22:43
d
w- c:documents and settingsAdminLocal SettingsApplication DataCOMODO
2010-01-24 21:16 . 2010-02-11 19:35 850400 —-a-w- c:windowssystem32driverssfi.dat
2010-01-24 21:12 . 2010-01-26 14:33
d
w- c:documents and settingsAdminApplication DataComodo
2010-01-24 21:09 . 2010-01-26 14:35
d
w- c:documents and settingsAll UsersApplication DataComodo
2010-01-24 21:09 . 2010-01-24 21:09 87104 —ha-r- c:windowssystem32driversinspect.sys
2010-01-24 21:09 . 2010-01-24 21:09 25160 —ha-r- c:windowssystem32driverscmdhlp.sys
2010-01-24 21:09 . 2010-01-24 21:09 171552 —ha-r- c:windowssystem32guard32.dll
2010-01-24 21:09 . 2010-01-24 21:09 133064 —ha-r- c:windowssystem32driverscmdguard.sys
2010-01-22 21:00 . 2010-01-22 21:00
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2010-01-22 21:00 . 2010-02-02 15:23
d
w- c:program filesOpera
2010-01-22 00:52 . 2010-01-22 00:52 11264 —ha-r- c:windowssystem32driversuzewote4.sys
2010-01-21 23:28 . 2010-01-21 23:28 0 —-a-w- c:windowsnsreg.dat
2010-01-19 16:55 . 2010-01-19 16:55 76800 —ha-r- c:windowssystem32eGVoM5K.exe
2010-01-19 16:11 . 2010-01-19 16:11 76800 —ha-r- c:windowssystem32mWcAtmQ.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 20:14 . 2009-02-21 12:46 65712 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-02-09 20:04 . 2009-02-13 12:36
d
w- c:program filesAIMP2
2010-02-08 17:16 . 2010-02-08 17:16 0 —-a-w- c:windowssystem32driversSET5.tmp
2010-02-08 16:42 . 2009-02-21 21:42
d—h—w- c:program filesInstallShield Installation Information
2010-02-08 16:37 . 2009-03-02 18:30
d
w- c:documents and settingsAll UsersApplication DataUDL
2010-02-08 16:35 . 2009-03-02 18:24
d
w- c:program filesepson
2010-02-08 16:22 . 2010-02-08 16:22 0 —-a-w- c:windowssystem32driversSET4.tmp
2010-02-06 17:01 . 2010-02-06 17:01 262144 —-a-w- c:documents and settingsAdminApplication DataSA313001.DAT
2010-02-06 06:23 . 2009-06-21 20:57
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-05 19:22 . 2009-08-12 10:04
d
w- c:documents and settingsAdminApplication DataSamsung
2010-02-05 19:22 . 2009-02-13 12:32
d
w- c:program filesPunto Switcher
2010-02-01 09:12 . 2010-02-01 09:12 0 —-a-w- c:windowssystem32driversSET3.tmp
2010-02-01 08:59 . 2010-02-01 08:59 0 —-a-w- c:windowssystem32driversSET2.tmp
2010-02-01 08:47 . 2010-02-01 08:47 0 —-a-w- c:windowssystem32driversSET1.tmp
2010-02-01 07:27 . 2009-04-17 20:13
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-31 17:53 . 2009-04-17 20:11
d
w- c:documents and settingsAdminApplication DataYandex
2010-01-26 12:03 . 2009-11-09 16:37
d
w- c:program filesNeed for Speed ProStreet
2010-01-25 13:29 . 2009-02-13 12:32
d
w- c:program filesThe KMPlayer
2010-01-18 17:10 . 2009-11-22 11:45
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-12-23 20:10 . 2009-12-23 20:10
d
w- c:program filesHobbyWare
2009-12-12 18:43 . 2009-11-09 16:10 138184 —ha-r- c:windowssystem32driversPnkBstrK.sys
2009-12-12 18:42 . 2009-11-09 16:10 183112 —ha-r- c:windowssystem32PnkBstrB.exe
2009-12-01 12:22 . 2010-01-26 23:30 1945 —-a-w- c:program fileseula.txt
2009-11-17 20:22 . 2009-11-17 19:47 2634257288 —-a-w- c:program filesNFS UNDERCOVER.rar
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-11-24 81000][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-06-21 124928][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^K-Meleon Loader.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаK-Meleon Loader.lnk
backup=c:windowspssK-Meleon Loader.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Инструмент проверки носителя Picture Motion Browser.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаИнструмент проверки носителя Picture Motion Browser.lnk
backup=c:windowspssИнструмент проверки носителя Picture Motion Browser.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-06-21 04:47 30208 —ha-r- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus CX4300 Series]
2007-03-01 06:01 180736 —ha-r- c:windowssystem32spooldriversw32x863E_FATICAR.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2007-12-14 14:17 86016 —-a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2007-12-05 01:41 8523776 —ha-r- c:windowssystem32nvcpl.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2007-12-05 01:41 81920 —ha-r- c:windowssystem32nvmctray.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2007-12-05 01:41 1626112 —ha-r- c:windowssystem32nwiz.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
2007-11-14 12:46 201728 —-a-w- c:program filesPunto Switcherps.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2008-04-10 14:52 16861184 —-a-w- c:windowsRTHDCPL.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Vuze\Azureus.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«39379:TCP»= 39379:TCPR0 sptd;sptd;c:windowssystem32driverssptd.sys [13.02.2009 13:45 717296]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [11.02.2010 22:28 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdguard.sys [25.01.2010 0:09 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [25.01.2010 0:09 25160]
R1 uzewote4;AVZ-RK Kernel Driver;c:windowssystem32driversuzewote4.sys [22.01.2010 3:52 11264]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [11.02.2010 22:28 20560]
R2 TTFixerService;NST ToolTipFixer;c:program filesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [27.06.2007 8:20 10240]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [11.02.2010 22:30 133104]
S3 BJADZLZLWUK;BJADZLZLWUK;c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe —> c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe [?]
S3 HDDirect;Hard Disk Direct Control;c:windowssystem32drivershddirect.sys [26.01.2010 19:02 12552]
S3 Slnt7554;USB Soft Modem Driver;c:windowssystem32driversslnt7554.sys [17.12.2009 17:00 129535]
S3 utewote4;AVZ Kernel Driver;c:windowssystem32driversutewote4.sys [01.02.2010 18:03 7168]
.
Contents of the ‘Scheduled Tasks’ folder2010-02-11 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-11 19:28]
.
.
Supplementary Scan
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9bcsxws3.default
FF — prefs.js: browser.startup.homepage — hxxp://vologda.avangard-dsl.ru/
FF — prefs.js: keyword.URL — hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 23:54
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdw.sys >>UNKNOWN [0x86F8B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf74cbf28
DriverACPI -> ACPI.sys @ 0xf7326cb8
Driveratapi -> atapi.sys @ 0xf72bbb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66aa
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e66aa
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(644)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(704)
c:windowssystem32setupapi.dll— — — — — — — > ‘explorer.exe'(2780)
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Other Running Processes
.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32nvsvc32.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-11 23:57:49 — machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 20:57Pre-Run: 15 956 652 032 байт свободно
Post-Run: 15 856 218 112 байт свободноCurrent=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — D767B3A4B123BA6E318006E565ABC551Искренне благодарю за теплый прием !
при попытке пройти на сайт касперского например,через несколько секунд появляется вот это окошко
остальные сайты например Спайваре-ру форум открывается моментальноВсем Здравствуйте!
вот что показалось подозрительным, ещё от гугла бот замечен, это нормально?Дело в том что Combofix был скачан три дня назад, вот результат трехдневной давности на всякий случай:
ComboFix 10-02-07.04 — Admin 08.02.2010 0:18.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.774 [GMT 3:00]
Running from: d:моидокументыЗагрузкиComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:recyclerS-1-5-21-796845957-1202660629-839522115-1003
c:windowssystem32Пузыри.scr
c:windowssystem32ssField Lines.scr
c:windowssystem32ssRibbons.scr
c:windowssystem32SYSINTERNALS_BLUESCREEN.SCR
c:windowssystem32Thumbs.db
d:њ®ё¤®єг¬ґвлcc_20100131_231722.reg
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.2010-02-06 19:03 . 2010-02-06 19:03
d
w- c:documents and settingsAll UsersApplication DataAzureus
2010-02-06 18:01 . 2010-02-06 20:24
d
w- c:documents and settingsAdminApplication DataAzureus
2010-02-06 18:01 . 2010-02-06 19:09
d
w- c:program filesVuze
2010-02-06 17:00 . 2010-02-06 17:00
d
w- c:program filesStocona
2010-02-06 16:59 . 2010-02-06 16:59
d
w- C:антивирус
2010-02-06 11:53 . 2010-02-07 20:37 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-02-06 10:06 . 2010-02-06 10:15 29820528 —-a-w- C:cureit(2).exe
2010-02-03 20:06 . 2010-02-04 19:07
d
w- c:documents and settingsAdminApplication DataLavasoft
2010-02-03 20:06 . 2010-02-03 20:06
d
w- c:program filesLavasoft
2010-02-01 20:49 . 2010-02-01 20:49 388096 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}HiJackThis.exe
2010-02-01 20:49 . 2010-02-01 20:49
d
w- c:program filesTrendMicro
2010-02-01 15:03 . 2010-02-01 15:03 7168 —-a-w- c:windowssystem32driversutewote4.sys
2010-02-01 14:27 . 2010-02-01 14:27
d
w- c:program filestrend micro
2010-02-01 14:27 . 2010-02-01 14:28
d
w- C:rsit
2010-02-01 06:23 . 2010-02-01 06:23 55624 —-a-w- c:windowssystem32driversMiniIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 51784 —-a-w- c:windowssystem32driversGDTdiIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 27848 —-a-w- c:windowssystem32driversGDBehave.sys
2010-02-01 06:21 . 2010-02-01 09:08
d
w- c:program filesG Data
2010-02-01 06:21 . 2010-02-01 09:08
d
w- c:program filesCommon FilesG DATA
2010-02-01 06:21 . 2010-02-01 09:07
d
w- c:documents and settingsAll UsersApplication DataG DATA
2010-01-31 19:49 . 2010-01-31 19:49
d
w- c:program filesCCleaner
2010-01-30 16:41 . 2010-01-30 16:41
d
w- c:documents and settingsAdminApplication DataK-Meleon
2010-01-29 20:41 . 2009-11-24 23:48 23120 —-a-w- c:windowssystem32driversaswRdr.sys
2010-01-29 20:41 . 2009-11-24 23:49 48560 —-a-w- c:windowssystem32driversaswTdi.sys
2010-01-29 20:41 . 2009-11-24 23:47 27408 —-a-w- c:windowssystem32driversaavmker4.sys
2010-01-29 20:41 . 2009-11-24 23:51 93424 —-a-w- c:windowssystem32driversaswmon.sys
2010-01-29 20:41 . 2009-11-24 23:50 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2010-01-29 20:41 . 2009-11-24 23:50 114768 —-a-w- c:windowssystem32driversaswSP.sys
2010-01-29 20:41 . 2009-11-24 23:50 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-01-29 20:41 . 2009-11-24 23:47 97480 —-a-w- c:windowssystem32AvastSS.scr
2010-01-29 20:41 . 2009-11-24 23:54 1280480 —-a-w- c:windowssystem32aswBoot.exe
2010-01-29 20:41 . 2010-01-29 20:41
d
w- c:program filesAlwil Software
2010-01-27 20:42 . 2009-10-21 15:08 166152 —-a-w- C:KK.exe
2010-01-27 20:40 . 2010-01-27 20:40 164034 —-a-w- C:KK_v3.4.5.zip
2010-01-26 23:30 . 2009-10-21 15:08 166152 —-a-w- c:program filesKK.exe
2010-01-26 16:02 . 2010-01-26 16:02 12552 —-a-w- c:windowssystem32drivershddirect.sys
2010-01-26 15:31 . 2009-12-01 09:57 61440 —-a-w- c:windowssystem32flcss.exe
2010-01-25 21:36 . 2010-01-25 21:36
d—h—w- c:windowssystem32GroupPolicy
2010-01-24 22:43 . 2010-01-24 22:43
d
w- c:documents and settingsAdminLocal SettingsApplication DataCOMODO
2010-01-24 22:14 . 2010-01-24 22:14
d
w- c:documents and settingsAdminLocal SettingsApplication DataRunscanner.net
2010-01-24 21:16 . 2010-02-07 19:06 850400 —-a-w- c:windowssystem32driverssfi.dat
2010-01-24 21:12 . 2010-01-26 14:33
d
w- c:documents and settingsAdminApplication DataComodo
2010-01-24 21:09 . 2010-01-26 14:35
d
w- c:documents and settingsAll UsersApplication DataComodo
2010-01-24 21:09 . 2010-01-24 21:09 87104 —ha-r- c:windowssystem32driversinspect.sys
2010-01-24 21:09 . 2010-01-24 21:09 25160 —ha-r- c:windowssystem32driverscmdhlp.sys
2010-01-24 21:09 . 2010-01-24 21:09 171552 —ha-r- c:windowssystem32guard32.dll
2010-01-24 21:09 . 2010-01-24 21:09 133064 —ha-r- c:windowssystem32driverscmdguard.sys
2010-01-22 21:00 . 2010-01-22 21:00
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2010-01-22 21:00 . 2010-02-02 15:23
d
w- c:program filesOpera
2010-01-22 00:52 . 2010-01-22 00:52 11264 —ha-r- c:windowssystem32driversuzewote4.sys
2010-01-21 23:28 . 2010-01-21 23:28 0 —-a-w- c:windowsnsreg.dat
2010-01-19 16:55 . 2010-01-19 16:55 76800 —ha-r- c:windowssystem32eGVoM5K.exe
2010-01-19 16:11 . 2010-01-19 16:11 76800 —ha-r- c:windowssystem32mWcAtmQ.exe
2010-01-12 17:44 . 2010-01-12 17:44
d
w- c:documents and settingsAdminLocal SettingsApplication DataTemp.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 21:17 . 2010-02-01 11:14
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-06 21:21 . 2009-02-13 12:36
d
w- c:program filesAIMP2
2010-02-06 17:01 . 2010-02-06 17:01 262144 —-a-w- c:documents and settingsAdminApplication DataSA313001.DAT
2010-02-06 07:42 . 2010-02-01 11:14
d
w- c:program filesSpyware Doctor
2010-02-06 06:23 . 2009-06-21 20:57
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-05 19:23 . 2009-02-21 21:42
d—h—w- c:program filesInstallShield Installation Information
2010-02-05 19:22 . 2009-08-12 10:04
d
w- c:documents and settingsAdminApplication DataSamsung
2010-02-05 19:22 . 2009-02-13 12:32
d
w- c:program filesPunto Switcher
2010-02-03 20:43 . 2009-03-02 18:24
d
w- c:program filesepson
2010-02-01 11:14 . 2010-02-01 11:14
d
w- c:program filesCommon FilesPC Tools
2010-02-01 11:14 . 2010-02-01 11:14
d
w- c:documents and settingsAll UsersApplication DataPC Tools
2010-02-01 11:14 . 2010-02-01 11:14
d
w- c:documents and settingsAdminApplication DataPC Tools
2010-02-01 09:12 . 2010-02-01 09:12 0 —-a-w- c:windowssystem32driversSET3.tmp
2010-02-01 08:59 . 2010-02-01 08:59 0 —-a-w- c:windowssystem32driversSET2.tmp
2010-02-01 08:47 . 2010-02-01 08:47 0 —-a-w- c:windowssystem32driversSET1.tmp
2010-02-01 07:27 . 2009-04-17 20:13
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-31 17:53 . 2009-04-17 20:11
d
w- c:documents and settingsAdminApplication DataYandex
2010-01-26 12:03 . 2009-11-09 16:37
d
w- c:program filesNeed for Speed ProStreet
2010-01-25 13:29 . 2009-02-13 12:32
d
w- c:program filesThe KMPlayer
2010-01-22 00:33 . 2009-02-21 12:46 65328 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-18 17:10 . 2009-11-22 11:45
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-12-23 20:10 . 2009-12-23 20:10
d
w- c:program filesHobbyWare
2009-12-12 18:43 . 2009-11-09 16:10 138184 —ha-r- c:windowssystem32driversPnkBstrK.sys
2009-12-12 18:42 . 2009-11-09 16:10 183112 —ha-r- c:windowssystem32PnkBstrB.exe
2009-12-01 12:22 . 2010-01-26 23:30 1945 —-a-w- c:program fileseula.txt
2009-11-17 20:22 . 2009-11-17 19:47 2634257288 —-a-w- c:program filesNFS UNDERCOVER.rar
2009-11-10 07:28 . 2010-02-01 11:14 149456 —-a-w- c:windowsSGDetectionTool.dll
2009-11-10 07:28 . 2010-02-01 11:14 165840 —-a-w- c:windowsPCTBDRes.dll
2009-11-10 07:28 . 2010-02-01 11:14 1640400 —-a-w- c:windowsPCTBDCore.dll
2009-11-10 07:26 . 2010-02-01 11:14 767952 —-a-w- c:windowsBDTSupport.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-11-14 201728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-11-24 81000]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-06-21 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Stocona Antivirus.lnk — c:program filesStoconaStocona Antivirus 3.1SA311004.exe [2003-10-31 81920][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^K-Meleon Loader.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаK-Meleon Loader.lnk
backup=c:windowspssK-Meleon Loader.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Инструмент проверки носителя Picture Motion Browser.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаИнструмент проверки носителя Picture Motion Browser.lnk
backup=c:windowspssИнструмент проверки носителя Picture Motion Browser.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-06-21 04:47 30208 —ha-r- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus CX4300 Series]
2007-03-01 06:01 180736 —ha-r- c:windowssystem32spooldriversw32x863E_FATICAR.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2007-12-14 14:17 86016 —-a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2007-12-05 01:41 8523776 —ha-r- c:windowssystem32nvcpl.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2007-12-05 01:41 81920 —ha-r- c:windowssystem32nvmctray.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2007-12-05 01:41 1626112 —ha-r- c:windowssystem32nwiz.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2008-04-10 14:52 16861184 —-a-w- c:windowsRTHDCPL.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Stocona\Stocona Antivirus 3.1\SA315002.exe»=
«c:\Program Files\Vuze\Azureus.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«39379:TCP»= 39379:TCPR0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [01.02.2010 14:14 207792]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [29.01.2010 23:41 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdguard.sys [25.01.2010 0:09 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [25.01.2010 0:09 25160]
R1 uzewote4;AVZ-RK Kernel Driver;c:windowssystem32driversuzewote4.sys [22.01.2010 3:52 11264]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [29.01.2010 23:41 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:program filesSpyware DoctorBDTBDTUpdateService.exe [01.02.2010 14:14 112592]
R2 TTFixerService;NST ToolTipFixer;c:program filesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [27.06.2007 8:20 10240]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [13.02.2009 13:45 717296]
S2 SAV 01 Service;SAV 01 Service;c:program filesStoconaStocona Antivirus 3.1SA315001.exe [11.12.2003 14:09 53248]
S3 BJADZLZLWUK;BJADZLZLWUK;c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe —> c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe [?]
S3 HDDirect;Hard Disk Direct Control;c:windowssystem32drivershddirect.sys [26.01.2010 19:02 12552]
S3 MSVDCYNNTO;MSVDCYNNTO;c:docume~1AdminLOCALS~1TempMSVDCYNNTO.exe —> c:docume~1AdminLOCALS~1TempMSVDCYNNTO.exe [?]
S3 ORFCK;ORFCK;c:docume~1AdminLOCALS~1TempORFCK.exe —> c:docume~1AdminLOCALS~1TempORFCK.exe [?]
S3 PDBRR;PDBRR;c:docume~1AdminLOCALS~1TempPDBRR.exe —> c:docume~1AdminLOCALS~1TempPDBRR.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [01.02.2010 14:14 359624]
S3 Slnt7554;USB Soft Modem Driver;c:windowssystem32driversslnt7554.sys [17.12.2009 17:00 129535]
S3 utewote4;AVZ Kernel Driver;c:windowssystem32driversutewote4.sys [01.02.2010 18:03 7168]
S3 VXN;VXN;c:docume~1AdminLOCALS~1TempVXN.exe —> c:docume~1AdminLOCALS~1TempVXN.exe [?]
.
Contents of the ‘Scheduled Tasks’ folder
.
.
Supplementary Scan
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
IE: {{66A44F37-1AA7-4df0-A0B6-004A50C88E59} — {5A9C1896-666E-4d8b-B1DE-BD34D551B362} — c:program filesStoconaStocona Antivirus 3.1SA033006.dll
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9bcsxws3.default
FF — prefs.js: browser.startup.homepage — hxxp://vologda.avangard-dsl.ru/
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.
— — — — ORPHANS REMOVED — — — —HKU-Default-Run-VistaIcon — c:program filesVistaDriveIconVistaDrv.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 00:22
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(764)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(820)
c:windowssystem32setupapi.dll
.
Completion time: 2010-02-08 00:24:41
ComboFix-quarantined-files.txt 2010-02-07 21:24Pre-Run: 12 798 951 424 байт свободно
Post-Run: 12 811 149 312 байт свободноCurrent=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 1967184CC1EB580479D1628E7427AD24а ComboFix показал следуещее:
ComboFix 10-02-07.04 — Admin 11.02.2010 17:55:36.3.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.770 [GMT 3:00]
Running from: d:моидокументыЗагрузкиComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:њ®ё¤®єг¬ґвлcc_20100131_231722.reg
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.2010-02-08 17:23 . 2010-02-08 17:23
d
w- c:documents and settingsAll UsersApplication DataSymantec
2010-02-08 16:16 . 2006-12-27 21:00 66560 —-a-w- c:windowssystem32eswia7e.dll
2010-02-08 16:16 . 2006-12-27 21:00 208896 —-a-w- c:windowssystem32esint7e.dll
2010-02-08 16:16 . 2006-03-09 21:00 3584 —-a-w- c:windowssystem32eswiaml.dll
2010-02-07 23:13 . 2010-02-11 14:50
d
w- c:documents and settingsAll UsersApplication DataNorton
2010-02-07 22:56 . 2010-02-07 22:56
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2010-02-07 22:36 . 1999-06-18 20:49 165888 —-a-w- c:windowsCkconfig.exe
2010-02-07 22:36 . 1996-05-03 16:21 27648 —-a-r- c:windowsSetup_ck.exe
2010-02-07 22:36 . 1996-05-03 14:36 18432 —-a-w- c:windowsSetup_ck.dll
2010-02-07 22:36 . 1995-07-04 17:33 11776 —-a-w- c:windowsCkrfresh.exe
2010-02-07 22:36 . 2010-02-07 22:36
d
w- c:documents and settingsAll UsersApplication DataPattern Maker for cross stitch
2010-02-06 19:03 . 2010-02-06 19:03
d
w- c:documents and settingsAll UsersApplication DataAzureus
2010-02-06 18:01 . 2010-02-07 23:36
d
w- c:documents and settingsAdminApplication DataAzureus
2010-02-06 18:01 . 2010-02-06 19:09
d
w- c:program filesVuze
2010-02-06 17:00 . 2010-02-06 17:00
d
w- c:program filesStocona
2010-02-06 11:53 . 2010-02-07 20:37 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-02-03 20:06 . 2010-02-04 19:07
d
w- c:documents and settingsAdminApplication DataLavasoft
2010-02-03 20:06 . 2010-02-03 20:06
d
w- c:program filesLavasoft
2010-02-01 20:49 . 2010-02-01 20:49 388096 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}HiJackThis.exe
2010-02-01 20:49 . 2010-02-01 20:49
d
w- c:program filesTrendMicro
2010-02-01 15:03 . 2010-02-01 15:03 7168 —-a-w- c:windowssystem32driversutewote4.sys
2010-02-01 14:27 . 2010-02-01 14:27
d
w- c:program filestrend micro
2010-02-01 14:27 . 2010-02-01 14:28
d
w- C:rsit
2010-02-01 11:14 . 2010-02-07 22:50
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-01 06:23 . 2010-02-01 06:23 55624 —-a-w- c:windowssystem32driversMiniIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 51784 —-a-w- c:windowssystem32driversGDTdiIcpt.sys
2010-02-01 06:22 . 2010-02-01 06:22 27848 —-a-w- c:windowssystem32driversGDBehave.sys
2010-02-01 06:21 . 2010-02-01 09:08
d
w- c:program filesCommon FilesG DATA
2010-02-01 06:21 . 2010-02-01 09:07
d
w- c:documents and settingsAll UsersApplication DataG DATA
2010-01-31 19:49 . 2010-01-31 19:49
d
w- c:program filesCCleaner
2010-01-30 16:41 . 2010-01-30 16:41
d
w- c:documents and settingsAdminApplication DataK-Meleon
2010-01-29 20:41 . 2010-01-29 20:41
d
w- c:program filesAlwil Software
2010-01-27 20:42 . 2009-10-21 15:08 166152 —-a-w- C:KK.exe
2010-01-27 20:40 . 2010-01-27 20:40 164034 —-a-w- C:KK_v3.4.5.zip
2010-01-26 23:30 . 2009-10-21 15:08 166152 —-a-w- c:program filesKK.exe
2010-01-26 16:02 . 2010-01-26 16:02 12552 —-a-w- c:windowssystem32drivershddirect.sys
2010-01-26 15:31 . 2009-12-01 09:57 61440 —-a-w- c:windowssystem32flcss.exe
2010-01-25 21:36 . 2010-01-25 21:36
d—h—w- c:windowssystem32GroupPolicy
2010-01-24 22:43 . 2010-01-24 22:43
d
w- c:documents and settingsAdminLocal SettingsApplication DataCOMODO
2010-01-24 22:14 . 2010-01-24 22:14
d
w- c:documents and settingsAdminLocal SettingsApplication DataRunscanner.net
2010-01-24 21:16 . 2010-02-11 12:43 850400 —-a-w- c:windowssystem32driverssfi.dat
2010-01-24 21:12 . 2010-01-26 14:33
d
w- c:documents and settingsAdminApplication DataComodo
2010-01-24 21:09 . 2010-01-26 14:35
d
w- c:documents and settingsAll UsersApplication DataComodo
2010-01-24 21:09 . 2010-01-24 21:09 87104 —ha-r- c:windowssystem32driversinspect.sys
2010-01-24 21:09 . 2010-01-24 21:09 25160 —ha-r- c:windowssystem32driverscmdhlp.sys
2010-01-24 21:09 . 2010-01-24 21:09 171552 —ha-r- c:windowssystem32guard32.dll
2010-01-24 21:09 . 2010-01-24 21:09 133064 —ha-r- c:windowssystem32driverscmdguard.sys
2010-01-22 21:00 . 2010-01-22 21:00
d
w- c:documents and settingsAdminLocal SettingsApplication DataOpera
2010-01-22 21:00 . 2010-02-02 15:23
d
w- c:program filesOpera
2010-01-22 00:52 . 2010-01-22 00:52 11264 —ha-r- c:windowssystem32driversuzewote4.sys
2010-01-21 23:28 . 2010-01-21 23:28 0 —-a-w- c:windowsnsreg.dat
2010-01-19 16:55 . 2010-01-19 16:55 76800 —ha-r- c:windowssystem32eGVoM5K.exe
2010-01-19 16:11 . 2010-01-19 16:11 76800 —ha-r- c:windowssystem32mWcAtmQ.exe
2010-01-12 17:44 . 2010-01-12 17:44
d
w- c:documents and settingsAdminLocal SettingsApplication DataTemp.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 09:29 . 2009-02-21 12:46 65712 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-02-09 20:04 . 2009-02-13 12:36
d
w- c:program filesAIMP2
2010-02-08 17:16 . 2010-02-08 17:16 0 —-a-w- c:windowssystem32driversSET5.tmp
2010-02-08 16:42 . 2009-02-21 21:42
d—h—w- c:program filesInstallShield Installation Information
2010-02-08 16:37 . 2009-03-02 18:30
d
w- c:documents and settingsAll UsersApplication DataUDL
2010-02-08 16:35 . 2009-03-02 18:24
d
w- c:program filesepson
2010-02-08 16:22 . 2010-02-08 16:22 0 —-a-w- c:windowssystem32driversSET4.tmp
2010-02-06 17:01 . 2010-02-06 17:01 262144 —-a-w- c:documents and settingsAdminApplication DataSA313001.DAT
2010-02-06 06:23 . 2009-06-21 20:57
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-05 19:22 . 2009-08-12 10:04
d
w- c:documents and settingsAdminApplication DataSamsung
2010-02-05 19:22 . 2009-02-13 12:32
d
w- c:program filesPunto Switcher
2010-02-01 09:12 . 2010-02-01 09:12 0 —-a-w- c:windowssystem32driversSET3.tmp
2010-02-01 08:59 . 2010-02-01 08:59 0 —-a-w- c:windowssystem32driversSET2.tmp
2010-02-01 08:47 . 2010-02-01 08:47 0 —-a-w- c:windowssystem32driversSET1.tmp
2010-02-01 07:27 . 2009-04-17 20:13
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2010-01-31 17:53 . 2009-04-17 20:11
d
w- c:documents and settingsAdminApplication DataYandex
2010-01-26 12:03 . 2009-11-09 16:37
d
w- c:program filesNeed for Speed ProStreet
2010-01-25 13:29 . 2009-02-13 12:32
d
w- c:program filesThe KMPlayer
2010-01-18 17:10 . 2009-11-22 11:45
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-12-23 20:10 . 2009-12-23 20:10
d
w- c:program filesHobbyWare
2009-12-12 18:43 . 2009-11-09 16:10 138184 —ha-r- c:windowssystem32driversPnkBstrK.sys
2009-12-12 18:42 . 2009-11-09 16:10 183112 —ha-r- c:windowssystem32PnkBstrB.exe
2009-12-01 12:22 . 2010-01-26 23:30 1945 —-a-w- c:program fileseula.txt
2009-11-17 20:22 . 2009-11-17 19:47 2634257288 —-a-w- c:program filesNFS UNDERCOVER.rar
.((((((((((((((((((((((((((((( SnapShot@2010-02-07_21.22.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-12-04 13:51 . 2001-12-04 13:51 35328 c:windowssystem32lttwn13n.dll
+ 2001-12-04 13:59 . 2001-12-04 13:59 49152 c:windowssystem32Lfwmf13n.dll
+ 2001-12-04 13:59 . 2001-12-04 13:59 20992 c:windowssystem32lftga13n.dll
+ 2001-12-04 13:58 . 2001-12-04 13:58 19456 c:windowssystem32lfras13n.dll
+ 2001-12-04 13:58 . 2001-12-04 13:58 26112 c:windowssystem32lfpcx13n.dll
+ 2001-12-04 13:58 . 2001-12-04 13:58 53760 c:windowssystem32Lfpct13n.dll
+ 2001-12-06 07:00 . 2001-12-06 07:00 19968 c:windowssystem32lfpcd13n.dll
+ 2001-12-04 13:56 . 2001-12-04 13:56 34816 c:windowssystem32lfgif13n.dll
+ 2001-12-04 13:53 . 2001-12-04 13:53 72704 c:windowssystem32lffax13n.dll
+ 2001-12-04 13:56 . 2001-12-04 13:56 37888 c:windowssystem32lfeps13n.dll
+ 2001-12-04 13:53 . 2001-12-04 13:53 29696 c:windowssystem32lfbmp13n.dll
+ 2000-05-02 00:17 . 2000-05-02 00:17 212480 c:windowssystem32PCDLIB32.DLL
+ 2001-12-06 06:58 . 2001-12-06 06:58 415744 c:windowssystem32ltkrn13n.dll
+ 2001-12-06 06:33 . 2001-12-06 06:33 293888 c:windowssystem32ltimg13n.dll
+ 2001-12-04 13:49 . 2001-12-04 13:49 135680 c:windowssystem32ltfil13n.DLL
+ 2001-12-04 13:50 . 2001-12-04 13:50 205312 c:windowssystem32ltefx13n.dll
+ 2001-12-04 13:49 . 2001-12-04 13:49 247296 c:windowssystem32LTDIS13n.dll
+ 2001-12-04 14:05 . 2001-12-04 14:05 145920 c:windowssystem32lftif13n.dll
+ 2001-12-04 14:11 . 2001-12-04 14:11 150016 c:windowssystem32Lfpng13n.dll
+ 2001-12-04 14:06 . 2001-12-04 14:06 336896 c:windowssystem32LFCMP13n.DLL
+ 2002-10-22 08:40 . 2002-10-22 08:40 340050 c:windowssystem32BCDLL.DLL
+ 2010-02-07 22:36 . 2010-02-07 22:36 295936 c:windowsInstaller27547e.msi
+ 2003-08-08 10:48 . 2003-08-08 10:48 1693696 c:windowssystem32LTCLR13n.dll
+ 2010-02-08 16:39 . 2010-02-08 16:39 1129472 c:windowsInstallerd3e8b.msi
— 2009-12-23 20:10 . 2009-12-23 20:10 11402240 c:windowsDownloaded Installations{398CC43C-E78B-4A0D-ACCC-8D108373833E}Pattern Maker for cross stitch — v4.msi
+ 2009-12-23 20:10 . 2010-02-07 22:35 11402240 c:windowsDownloaded Installations{398CC43C-E78B-4A0D-ACCC-8D108373833E}Pattern Maker for cross stitch — v4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-05 8523776][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-21 30208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-06-21 124928][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^K-Meleon Loader.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаK-Meleon Loader.lnk
backup=c:windowspssK-Meleon Loader.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Инструмент проверки носителя Picture Motion Browser.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаИнструмент проверки носителя Picture Motion Browser.lnk
backup=c:windowspssИнструмент проверки носителя Picture Motion Browser.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-06-21 04:47 30208 —ha-r- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus CX4300 Series]
2007-03-01 06:01 180736 —ha-r- c:windowssystem32spooldriversw32x863E_FATICAR.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2007-12-14 14:17 86016 —-a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2007-12-05 01:41 8523776 —ha-r- c:windowssystem32nvcpl.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2007-12-05 01:41 81920 —ha-r- c:windowssystem32nvmctray.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2007-12-05 01:41 1626112 —ha-r- c:windowssystem32nwiz.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
2007-11-14 12:46 201728 —-a-w- c:program filesPunto Switcherps.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2008-04-10 14:52 16861184 —-a-w- c:windowsRTHDCPL.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Vuze\Azureus.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«39379:TCP»= 39379:TCPR1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdguard.sys [25.01.2010 0:09 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [25.01.2010 0:09 25160]
R1 uzewote4;AVZ-RK Kernel Driver;c:windowssystem32driversuzewote4.sys [22.01.2010 3:52 11264]
R2 TTFixerService;NST ToolTipFixer;c:program filesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [27.06.2007 8:20 10240]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [13.02.2009 13:45 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys —> c:windowssystem32DRIVERSaswFsBlk.sys [?]
S3 BJADZLZLWUK;BJADZLZLWUK;c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe —> c:docume~1AdminLOCALS~1TempBJADZLZLWUK.exe [?]
S3 HDDirect;Hard Disk Direct Control;c:windowssystem32drivershddirect.sys [26.01.2010 19:02 12552]
S3 MSVDCYNNTO;MSVDCYNNTO;c:docume~1AdminLOCALS~1TempMSVDCYNNTO.exe —> c:docume~1AdminLOCALS~1TempMSVDCYNNTO.exe [?]
S3 ORFCK;ORFCK;c:docume~1AdminLOCALS~1TempORFCK.exe —> c:docume~1AdminLOCALS~1TempORFCK.exe [?]
S3 PDBRR;PDBRR;c:docume~1AdminLOCALS~1TempPDBRR.exe —> c:docume~1AdminLOCALS~1TempPDBRR.exe [?]
S3 Slnt7554;USB Soft Modem Driver;c:windowssystem32driversslnt7554.sys [17.12.2009 17:00 129535]
S3 utewote4;AVZ Kernel Driver;c:windowssystem32driversutewote4.sys [01.02.2010 18:03 7168]
S3 VXN;VXN;c:docume~1AdminLOCALS~1TempVXN.exe —> c:docume~1AdminLOCALS~1TempVXN.exe [?]
.
.
Supplementary Scan
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9bcsxws3.default
FF — prefs.js: browser.startup.homepage — hxxp://vologda.avangard-dsl.ru/
FF — prefs.js: network.proxy.type — 4
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
c:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 17:59
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(624)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(680)
c:windowssystem32setupapi.dll
.
Completion time: 2010-02-11 18:00:53
ComboFix-quarantined-files.txt 2010-02-11 15:00
ComboFix2.txt 2010-02-07 21:43
ComboFix3.txt 2010-02-07 21:24Pre-Run: 16 072 044 544 байт свободно
Post-Run: 16 062 660 608 байт свободноCurrent=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 1ED806C2A8626AC8C6C4A934AB78EA37
