ComboFix 11-02-07.02 - slir 08.02.2011 18:04:52.2.8 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.3063.2652 [GMT 5:00] Running from: C:\Combofix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\regedit.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 ))))))))))))))))))))))))))))))) . 2011-02-08 13:07 . 2011-02-08 13:07 53248 ----a-w- c:\temp\catchme.dll 2011-02-08 01:52 . 2011-02-08 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-07 02:15 . 2011-02-07 02:15 -------- d-----w- C:\20110207 2011-02-06 06:09 . 2011-02-07 02:19 13312 ----a-w- c:\windows\system32\drivers\vdexmtm1.sys 2011-02-06 05:14 . 2011-02-07 02:55 -------- d-----w- c:\program files\trend micro 2011-02-06 05:14 . 2011-02-06 05:14 -------- d-----w- c:\program files\RSIT 2011-02-06 04:21 . 2011-02-07 03:29 -------- d-----w- C:\Hijack 2011-02-06 03:19 . 2011-02-06 03:20 -------- d-----w- C:\20110206 2011-02-05 14:33 . 2011-02-06 09:11 -------- d-----w- c:\windows\system32\Java 2011-02-05 09:39 . 2011-02-05 09:39 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Главное меню 2011-02-05 09:30 . 2011-02-05 09:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avanquest 2011-02-05 09:28 . 2011-02-05 13:45 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Application Data\Avanquest 2011-02-05 09:27 . 2011-02-05 13:45 -------- d-----w- c:\program files\Common Files\AntiVirus 2011-02-03 03:21 . 2011-02-03 03:21 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Application Data\Mozilla.000 2011-01-24 04:05 . 2004-08-17 12:04 25600 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-01-24 04:05 . 2011-01-24 04:05 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Local Settings\Application Data\Samsung 2011-01-24 04:03 . 2011-01-04 11:11 4659712 ----a-w- c:\windows\system32\Redemption.dll 2011-01-24 04:02 . 2011-01-24 04:02 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Application Data\Samsung 2011-01-24 02:54 . 2011-01-24 02:54 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Local Settings\Application Data\Downloaded Installations 2011-01-13 16:43 . 2011-01-16 04:47 -------- d-----w- C:\La2 2011-01-12 03:21 . 2011-01-12 03:22 11 ----a-w- C:\1.bin 2011-01-10 03:49 . 2011-01-10 03:49 -------- d-----w- c:\documents and settings\slir.COMPUTER000\Application Data\SuperHideIP 2011-01-10 03:49 . 2011-01-10 03:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SuperHideIP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-04 11:10 . 2011-01-04 11:10 143360 ----a-w- c:\windows\system32\3DAudio.ax 2011-01-04 11:10 . 2009-12-12 11:04 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2011-01-04 11:10 . 2009-11-03 06:29 820560 ----a-w- c:\windows\system32\dgderapi.dll 2011-01-04 11:10 . 2009-11-03 06:29 18120 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2010-12-20 13:09 . 2008-11-03 08:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 13:08 . 2008-11-03 08:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-18 05:42 . 2010-12-18 05:42 398 ----a-w- C:\stroka2_reestr.reg 2010-12-18 05:40 . 2010-12-18 05:40 24298 ----a-w- C:\stroka_reestr.reg . ------- Sigcheck ------- [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0024\DriverFiles\i386\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0025\DriverFiles\i386\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0041\DriverFiles\i386\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\atapi.sys [-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-17 . 84C85813DDB595F97A9F95DA3EDBF81B . 24832 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys [-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys [-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys [-] 2001-10-20 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2001-10-20 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2004-08-17 . ADD45CCFF46267D6B561FAEF2AAB2D10 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll [-] 2004-08-17 . ADD45CCFF46267D6B561FAEF2AAB2D10 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll [-] 2004-08-17 . 1952DDC36E60C313CD6ACBD07D4548D6 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-17 . 1952DDC36E60C313CD6ACBD07D4548D6 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe [-] 2004-08-17 12:04 . C8C7B186C2ECDB8568375AE7313E7BD1 . 797696 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll [-] 2004-08-17 12:04 . C8C7B186C2ECDB8568375AE7313E7BD1 . 797696 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll [-] 2004-08-17 . AF6E1507075F3026C6C346CF9A3FA0B0 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll [-] 2004-08-17 . AF6E1507075F3026C6C346CF9A3FA0B0 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll [-] 2004-08-17 . 394BE1D5B35B031A94AE51C6F05E3967 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe [-] 2004-08-17 . 394BE1D5B35B031A94AE51C6F05E3967 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe [-] 2010-05-16 . A975A70FCEFE2A224412214320C89DED . 503808 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-08-17 . B44591B74FC6B98FB207DF042C0EE68F . 111616 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe [-] 2004-08-17 . B44591B74FC6B98FB207DF042C0EE68F . 111616 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe [-] 2004-08-17 . 1C9398FEF160FB0C40290ECFC2B67F33 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-17 . 1C9398FEF160FB0C40290ECFC2B67F33 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2004-08-17 . 318492C9327EDBBD7FAD35FB3DF65CC3 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll [-] 2004-08-17 . 318492C9327EDBBD7FAD35FB3DF65CC3 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll [-] 2004-08-17 . 37A519EA77EA438BA4B7A996F92D6B7E . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll [-] 2004-08-17 . 37A519EA77EA438BA4B7A996F92D6B7E . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll [-] 2004-08-17 . 27B732C011B32A4D8BE4E7A74FAF2147 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll [-] 2004-08-17 . 27B732C011B32A4D8BE4E7A74FAF2147 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2004-08-17 . 85DA12021A9A0DEAF2104EE995BD209B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2001-10-20 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2004-08-17 . 25569F8A60B11208233B86D707765FAD . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll [-] 2004-08-17 . 25569F8A60B11208233B86D707765FAD . 247296 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll [-] 2004-08-17 . 4922B0C854A0B4A2CD2061BBFE29B251 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll [-] 2004-08-17 . 4922B0C854A0B4A2CD2061BBFE29B251 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll [-] 2004-08-17 . 604F22705C12080012968D72D97C6D64 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll [-] 2004-08-17 . 604F22705C12080012968D72D97C6D64 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll [-] 2004-08-17 . 5D5A37C65A5E86ED3811A4128B3A84E4 . 183808 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll [-] 2004-08-17 . 5D5A37C65A5E86ED3811A4128B3A84E4 . 183808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll [-] 2004-08-17 . F5F629B5CE930A832A7404A91121DB7C . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll [-] 2004-08-17 . F5F629B5CE930A832A7404A91121DB7C . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll [-] 2004-08-17 . 5DB0AE95BF08D5A63C167648F1314C07 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-17 . 5DB0AE95BF08D5A63C167648F1314C07 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe [-] 2004-08-17 . DDB40B8DB77CFD3132E1402CB5030819 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll [-] 2004-08-17 . DDB40B8DB77CFD3132E1402CB5030819 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll [-] 2004-08-17 . B5F1A73EDAB83FA2DB9662E10E027587 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe [-] 2004-08-17 . B5F1A73EDAB83FA2DB9662E10E027587 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe [-] 2004-08-17 . 0B6185E58290D4E5944F6FB9BF6562A1 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll [-] 2004-08-17 . 0B6185E58290D4E5944F6FB9BF6562A1 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2004-08-17 . EDC908F59D8243371C9E66839EAF28CF . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll [-] 2004-08-17 . EDC908F59D8243371C9E66839EAF28CF . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll [-] 2004-08-17 . 7637F34CBB1FD9076BDFB13F4EB72A1C . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe [-] 2004-08-17 . 7637F34CBB1FD9076BDFB13F4EB72A1C . 1032704 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe [-] 2004-08-17 . F723F8B36E97E27A4794B4ED105DE1DD . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll [-] 2004-08-17 . F723F8B36E97E27A4794B4ED105DE1DD . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll [-] 2004-08-17 . 6265E5BDD9FD5EC0B35400E4A8DE0137 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll [-] 2004-08-17 . 6265E5BDD9FD5EC0B35400E4A8DE0137 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll [-] 2004-08-17 . 5BB8BBC718775D48E8776E61B47DDF59 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2004-08-17 . 5BB8BBC718775D48E8776E61B47DDF59 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-17 . 7F22DC518995F251560A5F1080052946 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll [-] 2004-08-17 . 7F22DC518995F251560A5F1080052946 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll [-] 2004-08-17 . 6CD35BE0991DF15A07BC60B894E6482B . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll [-] 2004-08-17 . 6CD35BE0991DF15A07BC60B894E6482B . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll [-] 2004-08-17 . 01C8786B1DDB91D5D40044DED8864EDC . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-17 . 01C8786B1DDB91D5D40044DED8864EDC . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2004-08-17 . CDC69C55CF6C39162451685020CF6F06 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [-] 2004-08-17 . CDC69C55CF6C39162451685020CF6F06 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe [-] 2004-08-17 . 461FD36D40DECE5F63C0ACF7B66899D2 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll [-] 2004-08-17 . 461FD36D40DECE5F63C0ACF7B66899D2 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll [-] 2004-08-17 . 37791D0744756F6C860E04094B393159 . 191488 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll [-] 2004-08-17 . 37791D0744756F6C860E04094B393159 . 191488 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll [-] 2004-08-17 . AEFD0C33FE59A2BBC3A747B8900EEFFD . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-17 . AEFD0C33FE59A2BBC3A747B8900EEFFD . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll [-] 2004-08-17 . FBE10ED076D1E87782778A6CD2AB7085 . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll [-] 2004-08-17 . FBE10ED076D1E87782778A6CD2AB7085 . 295936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll [-] 2004-08-17 . BEA6446152E3BCC24C605BD03C980C2A . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll [-] 2004-08-17 . BEA6446152E3BCC24C605BD03C980C2A . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll [-] 2004-08-17 . 7A2CF119A6D8C946CC0426E0F6EEE733 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll [-] 2004-08-17 . 7A2CF119A6D8C946CC0426E0F6EEE733 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll [-] 2001-10-19 . CEA8D1DA7696ACBFC69A3823BCF1C738 . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2004-08-03 17:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys [-] 2004-08-03 16:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys [-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-17 . A69AA08A453B9BAF7782A98EF57AF3D1 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll [-] 2004-08-17 . A69AA08A453B9BAF7782A98EF57AF3D1 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll [7] 2007-02-28 . 4DF8DFB59ECDCCF606337D02BE30DC7E . 2059392 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2007-02-28 . 4DF8DFB59ECDCCF606337D02BE30DC7E . 2059392 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2007-02-28 . B683F99750E5C450A03DB3F01648BD4A . 2061184 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2004-08-17 . EE13124C63ADD55FCA652E2C0E948763 . 2017280 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe [-] 2004-08-17 12:04 . 2105738264B4DDAEB24C2B3851D6427B . 436736 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-17 12:04 . 2105738264B4DDAEB24C2B3851D6427B . 436736 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll [-] 2004-08-17 . 871B3601468CF8481EF82BDDC0522FE8 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll [-] 2004-08-17 . 871B3601468CF8481EF82BDDC0522FE8 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll [-] 2004-08-17 . 8B4C47DF3F10153E8F20DD1C0CF3341B . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll [-] 2004-08-17 . 8B4C47DF3F10153E8F20DD1C0CF3341B . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll [-] 2004-08-17 . 98FB3D30A512C3ABC71D68FE96834325 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll [-] 2004-08-17 . 98FB3D30A512C3ABC71D68FE96834325 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll [-] 2004-08-17 . 0F143A8D803BAE20CD9B120B8084BC1C . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll [-] 2004-08-17 . 0F143A8D803BAE20CD9B120B8084BC1C . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll [-] 2004-08-17 12:04 . B9A2FFF59210671AB63F3F842653C811 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll [-] 2004-08-17 12:04 . B9A2FFF59210671AB63F3F842653C811 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll [-] 2004-08-17 . E3A8F25669A2ECF12CEB2B22EF29861E . 40960 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll [-] 2004-08-17 . E3A8F25669A2ECF12CEB2B22EF29861E . 40960 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll [-] 2004-08-17 . 4C7D34C4224A4E95DD23D61798E11180 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll [-] 2004-08-17 . 4C7D34C4224A4E95DD23D61798E11180 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll [-] 2004-08-17 . 1628DA648E989FB9575BA9DB0640F3FD . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe [7] 2007-02-28 . 32FF36DB045A32F606F1EEEC98C78954 . 2183936 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2007-02-28 . 235F1AF98379D4BD586EFC4E5C8A2BEC . 2182144 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2007-02-28 . 235F1AF98379D4BD586EFC4E5C8A2BEC . 2182144 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2004-08-17 . F571D3CBE7BF4119E85880A3FE64BD74 . 2150400 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe [-] 2004-08-17 . 6265E5BDD9FD5EC0B35400E4A8DE0137 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll [-] 2004-08-17 . 6265E5BDD9FD5EC0B35400E4A8DE0137 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll [-] 2004-08-17 . 50BFC7DD604903F1EA75750ED9C619E0 . 175104 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll [-] 2004-08-17 . 50BFC7DD604903F1EA75750ED9C619E0 . 175104 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll [-] 2004-08-17 . DC7C7B5B1EED8C9FA62E523A5E083CAB . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll [-] 2004-08-17 . DC7C7B5B1EED8C9FA62E523A5E083CAB . 333312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll c:\windows\System32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shadow Defender Daemon"="c:\program files\Shadow Defender\DefenderDaemon.exe" [2008-09-24 192455] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 201992] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-12-02 916992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360] c:\documents and settings\All Users.WINDOWS\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "MyDllLoade"= {69502F20-E8CD-11D5-A784-0050BF44BD3B} - e:\tlf_new\Win_Coder\BdeInst.dll [2000-01-27 3853824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0autocheck autochk *\0dpstart [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\My Downloads\\TVUPlayer_2.5.2.1.1944_Portable\\TVUPlayer_2.5.2.1.1944_Portable\\tvuplayer.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"= R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [16.10.2008 21:37 182260] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 33808] R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22.08.2008 16:18 150568] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.07.2008 12:32 717296] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [06.09.2009 20:30 33824] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [02.06.2008 19:41 142592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.12.2007 13:28 24592] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12.12.2009 16:08 1381632] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?] S2 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service;h:\tecdoc_cd\1_2011\db\tbmux32.exe --> h:\tecdoc_cd\1_2011\db\tbmux32.exe [?] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [03.11.2009 11:29 18120] S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [13.12.2010 21:01 3567] S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [02.10.2009 19:29 36928] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [02.10.2009 19:29 53312] S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [25.06.2008 13:30 44000] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [29.11.2009 10:58 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [29.11.2009 10:58 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [29.11.2009 10:59 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [29.11.2009 10:59 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [29.11.2009 10:59 25704] S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [29.08.2009 2:15 582424] S4 2GIS UpdateClientService;2GIS UpdateClientService;c:\program files\2gis\UpdateClientWin32\UpdateClientService.exe [17.09.2008 11:03 1134592] S4 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys --> c:\windows\system32\DRIVERS\atl01_xp.sys [?] S4 HWiNFO32;HWiNFO32 Kernel Driver;\??\f:\hw\HWiNFO32.SYS --> f:\hw\HWiNFO32.SYS [?] S4 npkycryp;npkycryp;\??\c:\la2\system\npkycryp.sys --> c:\la2\system\npkycryp.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-09-19 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15] 2009-09-19 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15] 2009-09-19 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gismeteo.ru/city/legacy/4478 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: AM: Блокировать картинку - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_image IE: AM: Блокировать ссылку - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_link IE: AM: Блокировать фрейм - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_frame IE: AM: Не фильтровать на странице - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_exclude IE: AM: Отправить отчет разработчикам - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_report IE: Закачать ВСЕ при помощи Download Master - c:\program files\Download Master\dmieall.htm IE: Закачать при помощи Download Master - c:\program files\Download Master\dmie.htm IE: Передать на удаленную закачку DM - c:\program files\Download Master\remdown.htm TCP: {7E43F76C-E593-461A-9A09-A8198BF1EC17} = 195.38.32.3,195.38.33.2 TCP: {97F436AA-0663-4C45-B165-C28E76FD4006} = 10.1.3.5 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-08 18:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F7CF783-FC3B-21BF-8539-F7A6323EE4EE}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jaoiokjafgcfkncgcbjm"=hex:62,61,63,6c,00,00 "jaoiokjafgcfkncgcbfn"=hex:62,61,6f,6b,00,00 "iaojdofipginebejoc"=hex:6b,61,62,6c,6c,65,6d,66,66,65,62,63,6d,6b,61,6a,6d,6a, 65,6f,68,67,00,00 "hacjcpgjdnbgmpkn"=hex:65,61,64,68,6b,62,64,68,64,65,00,00 "jadjppehdkifpapblopj"=hex:6f,61,62,6c,6d,65,67,66,67,64,6b,63,61,6d,65,63,61, 68,6e,6b,61,6a,62,62,6e,64,6b,6b,63,61,00,77 "haejnblelcilpphj"=hex:6b,61,62,6c,6c,65,6d,66,66,65,62,63,6d,6b,61,6a,6e,6a, 70,6c,65,6c,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1256) c:\windows\system32\klogon.dll - - - - - - - > 'explorer.exe'(3536) c:\windows\system32\msi.dll e:\tlf_new\Win_Coder\BdeInst.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-02-08 18:08:34 ComboFix-quarantined-files.txt 2011-02-08 13:08 Pre-Run: 90 998 620 160 байт свободно Post-Run: 90 981 015 552 байт свободно - - End Of File - - 7C7A9911BA68A5B12470D7F28FFDF2F7