ComboFix 11-06-28.05 - Admin 29.06.2011 12:55:07.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.428 [GMT 3:00] Running from: c:\documents and settings\Admin\¦рсюўшщ ёЄюы\ComboFix.exe . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Admin\Application Data\Admin3SQLite3.dll c:\documents and settings\Admin\Application Data\Adminlog.dat c:\documents and settings\Admin\WINDOWS c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\User\WINDOWS c:\windows\system32\_000011_.tmp.dll c:\windows\system32\Config.cfg c:\windows\system32\fsQUirt.exe c:\windows\system32\windir . ----- BITS: Possible infected sites ----- . hxxp://soft.export.yandex.ru . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 ))))))))))))))))))))))))))))))) . . 2011-06-29 09:05 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-29 09:05 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 09:03 . 2011-06-29 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-29 08:49 . 2011-06-29 08:49 -------- d-----w- C:\rsit 2011-06-25 11:26 . 2011-06-25 11:26 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-25 11:26 . 2011-06-25 11:26 -------- d-----w- c:\program files\Trend Micro 2011-06-24 13:17 . 2011-06-24 13:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-06-24 12:17 . 2011-06-24 12:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Trident Software 2011-06-23 12:06 . 2011-06-23 12:06 -------- d-----w- c:\program files\Common Files\Nero 2011-06-20 13:01 . 2002-04-25 11:51 196608 ----a-w- c:\windows\system32\PS2DMiniDrv.dll 2011-06-20 12:50 . 2001-06-18 07:53 57344 ----a-w- c:\windows\system\BPEnhan.dll 2011-06-20 12:50 . 2000-11-13 13:42 28672 ----a-w- c:\windows\Gtwatch.exe 2011-06-20 12:46 . 2011-06-20 12:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Toshiba 2011-06-20 12:46 . 2011-06-20 12:46 -------- d-----w- c:\documents and settings\User\Application Data\PC Suite 2011-06-20 09:48 . 2000-07-11 10:59 81920 ----a-w- c:\windows\system\Capi2032.dll 2011-06-20 09:48 . 1999-08-31 23:58 913616 ----a-w- c:\windows\system32\A258_R35.bpl 2011-06-20 09:48 . 1998-09-30 23:55 906512 ----a-w- c:\windows\system32\A255_R35.bpl 2011-06-20 09:48 . 1998-02-09 00:00 996872 ----a-w- c:\windows\system32\Cp3240mt.dll 2011-06-20 09:48 . 1998-02-09 00:00 29952 ----a-w- c:\windows\system32\Borlndmm.dll 2011-06-20 09:48 . 1998-02-09 00:00 1455736 ----a-w- c:\windows\system32\VCL35.BPL 2011-06-20 09:48 . 1995-07-31 10:44 212480 ----a-w- c:\windows\system\Pcdlib32.dll 2011-06-20 09:48 . 1998-02-09 00:00 245912 ----a-w- c:\windows\system32\vclx35.bpl 2011-06-10 11:09 . 2011-06-10 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TOSHIBA 2011-06-10 11:02 . 2011-06-10 11:02 -------- d-----w- c:\documents and settings\Admin\Application Data\TOSHIBA 2011-06-10 11:00 . 2011-06-10 11:00 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Toshiba 2011-06-10 10:58 . 2011-06-10 10:58 -------- d-----w- c:\documents and settings\Default User\Application Data\TOSHIBA 2011-06-10 10:57 . 2010-12-11 21:08 234800 ----a-w- c:\windows\system32\drivers\tosrfbd.sys 2011-06-10 10:57 . 2010-12-02 16:29 56760 ----a-w- c:\windows\system32\drivers\tosrfusb.sys 2011-06-10 10:57 . 2010-08-30 07:48 80064 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys 2011-06-10 10:57 . 2010-11-29 08:47 70448 ----a-w- c:\windows\system32\drivers\tosrfcom.sys 2011-06-10 10:57 . 2010-11-11 07:26 42672 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys 2011-06-10 10:57 . 2009-08-10 13:54 59888 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys 2011-06-10 10:57 . 2009-07-24 08:31 21608 ----a-w- c:\windows\system32\drivers\tosrfnds.sys 2011-06-10 10:57 . 2009-06-17 08:59 46984 ----a-w- c:\windows\system32\drivers\tosporte.sys 2011-06-10 10:57 . 2011-06-10 10:57 -------- d-----w- c:\program files\Toshiba 2011-06-10 07:45 . 2008-04-14 18:41 348160 ----a-w- c:\windows\system32\irprops.cpl 2011-06-09 11:45 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2011-06-09 11:45 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2011-06-08 11:23 . 2011-06-08 11:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Help 2011-06-08 07:51 . 2011-06-08 07:51 -------- d-----w- c:\program files\Reg Organizer 2011-06-06 09:55 . 2011-06-06 09:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-05-31 06:51 . 2011-05-31 06:51 -------- d-----w- c:\program files\ConvertHelper . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-25 06:39 . 2011-02-04 00:17 4691456 ------w- c:\windows\system32\logonui.exe 2011-06-20 06:08 . 2011-05-18 11:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-26 10:45 . 2011-02-04 00:18 3347968 ------w- c:\windows\system32\SYSDM.CPL 2011-05-16 16:01 . 2011-05-16 16:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-05-16 16:01 . 2011-05-13 09:06 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-05-16 16:01 . 2011-05-13 09:06 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-05-16 16:01 . 2011-04-26 12:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-05-16 16:00 . 2011-05-16 16:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2011-05-03 13:33 . 2011-05-26 11:05 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2011-04-20 02:41 . 2011-02-18 10:34 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2011-04-20 02:38 . 2011-05-26 10:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-04-20 02:29 . 2011-02-18 10:34 57344 ----a-w- c:\windows\system32\aticalrt.dll 2011-04-20 02:29 . 2011-02-18 10:34 53248 ----a-w- c:\windows\system32\aticalcl.dll 2011-04-20 02:24 . 2011-02-18 10:34 5459968 ----a-w- c:\windows\system32\aticaldd.dll 2011-04-20 02:14 . 2011-02-18 10:34 17743872 ----a-w- c:\windows\system32\atioglxx.dll 2011-04-20 02:04 . 2011-05-26 10:42 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-04-20 02:02 . 2011-02-18 10:34 302080 ----a-w- c:\windows\system32\ati2dvag.dll 2011-04-20 02:01 . 2011-02-18 10:34 4017408 ----a-w- c:\windows\system32\ati3duag.dll 2011-04-20 01:55 . 2011-02-18 10:34 1115008 ----a-w- c:\windows\system32\ativvamv.dll 2011-04-20 01:45 . 2011-02-18 10:34 3265920 ----a-w- c:\windows\system32\ativvaxx.dll 2011-04-20 01:44 . 2011-02-18 10:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll 2011-04-20 01:44 . 2011-02-18 10:34 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2011-04-20 01:44 . 2011-02-18 10:34 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2011-04-20 01:44 . 2011-02-18 10:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-04-20 01:43 . 2011-02-18 10:34 188416 ----a-w- c:\windows\system32\ati2evxx.dll 2011-04-20 01:42 . 2011-02-18 10:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe 2011-04-20 01:41 . 2011-02-18 10:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2011-04-20 01:40 . 2011-02-18 10:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-04-20 01:36 . 2011-02-18 10:34 651264 ----a-w- c:\windows\system32\atikvmag.dll 2011-04-20 01:34 . 2011-02-18 10:34 200704 ----a-w- c:\windows\system32\atiadlxx.dll 2011-04-20 01:33 . 2011-02-18 10:34 17408 ----a-w- c:\windows\system32\atitvo32.dll 2011-04-20 01:30 . 2011-02-18 10:34 503808 ----a-w- c:\windows\system32\atiok3x2.dll 2011-04-20 01:28 . 2011-02-18 10:34 851968 ----a-w- c:\windows\system32\ati2cqag.dll 2011-04-20 01:27 . 2011-02-18 10:34 64512 ----a-w- c:\windows\system32\atimpc32.dll 2011-04-20 01:27 . 2011-02-18 10:34 64512 ----a-w- c:\windows\system32\amdpcom32.dll 2011-04-20 01:26 . 2011-02-18 10:34 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-04-19 19:10 . 2011-04-19 19:10 59904 ----a-w- c:\windows\system32\OVDecode.dll 2011-04-19 19:10 . 2011-04-19 19:10 12385280 ----a-w- c:\windows\system32\amdocl.dll 2011-04-15 12:48 . 2011-02-18 12:24 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2011-04-14 10:36 . 2011-05-26 11:05 20053608 ----a-w- c:\windows\RTHDCPL.EXE 2011-04-14 17:01 . 2011-06-25 06:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2011-01-28 1239040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "WinStyleMON"="c:\windows\system32\WinstyleMonitor.exe" [2010-04-30 121856] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-02-21 45056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ZZZZ2_FirstLogonSetting"="advpack.dll" [2011-02-04 128512] . c:\documents and settings\User\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ Punto Switcher.lnk - c:\program files\Yandex\Punto Switcher\punto.exe [2011-5-19 2440040] . c:\documents and settings\Admin\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ Punto Switcher.lnk - c:\program files\Yandex\Punto Switcher\punto.exe [2011-5-19 2440040] . c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856] Total Commander.lnk - c:\program files\Total Commander\Totalcmd.exe [2010-12-31 3707808] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0* . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Watch.lnk] backup=c:\windows\pss\Watch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Окно состояния Canon LASER SHOT LBP-1120.LNK] backup=c:\windows\pss\Окно состояния Canon LASER SHOT LBP-1120.LNKCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Testing . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 09:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 09:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 19:41 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10] 2010-03-12 14:40 935936 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAP3ON] 2002-07-29 15:00 22528 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSpace] 2010-10-09 22:57 466073 ----a-w- c:\program files\Drive Space Indicator\DrvSpace.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-02-21 12:47 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch] 2000-11-13 13:42 28672 ----a-w- c:\windows\Gtwatch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-12-21 08:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2011-04-14 10:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-04-19 18:49 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "UpdatesOverride"=dword:00000001 "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Удаленное управление Windows . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.05.2011 12:06 162544] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.05.2011 12:06 44720] R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [19.12.2009 2:06 814344] R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [24.02.2011 19:01 251736] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [26.05.2011 13:48 101904] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26.04.2011 15:10 111280] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16.05.2011 19:01 122224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.05.2011 14:05 1691480] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.04.2011 14:32 36608] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.03.2010 11:25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 14:37 517096] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15.04.2008 15:00 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SRSERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-06-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-ANTON-Admin.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-22 01:44] . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-1417001333-500Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 12:47] . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1801674531-1417001333-500UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 12:47] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = mStart Page = about:blank mSearch Bar = uInternet Settings,ProxyServer = 10.203.246.1:8080 uInternet Settings,ProxyOverride = uSearchAssistant = about:blank IE: &Отправить в OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\windows\plspnt.dll TCP: Interfaces\{05FA8159-EDE1-4637-A1F9-44B1AC2402C3}: NameServer = 10.203.246.1 FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\pxcyru7z.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.championat.com/football/tags/3_1/fk-lokomotiv.html FF - prefs.js: network.proxy.ftp - 10.203.246.1 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 10.203.246.1 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 10.203.246.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 10.203.246.1 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 10.203.246.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . Toolbar-ITBar7Position - (no file) Notify-WgaLogon - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-29 13:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1168) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll . - - - - - - - > 'lsass.exe'(1224) c:\windows\system32\setupapi.dll . Completion time: 2011-06-29 13:05:00 ComboFix-quarantined-files.txt 2011-06-29 10:04 . Pre-Run: 28 423 286 784 байт свободно Post-Run: 28 372 635 648 байт свободно . - - End Of File - - 74A37E8685889C6E195380F10E912B63