ComboFix 10-10-10.02 - oleg 11.10.2010 8:41.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1791.1355 [GMT 4:00] Running from: J:\ComboFix.exe Command switches used :: J:\CFScript.txt * Created a new restore point FILE :: "c:\program files\Common Files\jqyrg4inedzz13m" "c:\windows\system32\55af13d0.exe" "c:\windows\system32\80074bb0.exe" "c:\windows\system32\isnvfo.exe" "c:\windows\system32\ssofyj.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\jqyrg4inedzz13m . ((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 ))))))))))))))))))))))))))))))) . 2010-10-11 04:27 . 2010-10-11 04:47 -------- d-----w- c:\program files\Common Files\3B5ABB7Fa 2010-10-11 04:22 . 2010-10-11 04:22 -------- d-----w- C:\32788R22FWJFW.5.tmp 2010-10-08 12:45 . 2009-10-22 09:54 37392 ----a-w- c:\windows\system32\drivers\21678472.sys 2010-10-08 12:45 . 2009-10-09 19:31 315408 ----a-w- c:\windows\system32\drivers\2167847.sys 2010-10-08 12:45 . 2009-09-25 13:59 128016 ----a-w- c:\windows\system32\drivers\21678471.sys 2010-10-08 12:38 . 2010-10-08 12:39 -------- d-----w- C:\32788R22FWJFW.4.tmp 2010-10-08 12:00 . 2010-10-08 12:38 -------- d-----w- C:\32788R22FWJFW.3.tmp 2010-10-08 09:02 . 2010-10-11 04:38 -------- d-----w- c:\program files\Common Files\3b5abe6aa 2010-10-07 10:52 . 2010-10-07 10:52 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Adobe 2010-10-01 05:45 . 2010-10-01 05:45 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Google 2010-09-29 08:47 . 2010-09-29 08:48 -------- d-----w- c:\windows\XSxS 2010-09-29 08:47 . 2010-09-29 08:47 -------- d-----w- c:\program files\Xenocode 2010-09-29 08:35 . 2010-09-29 08:35 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Thinstall 2010-09-29 08:35 . 2010-09-29 08:35 -------- d-----w- c:\documents and settings\elena\Application Data\Thinstall 2010-09-28 10:07 . 2010-09-28 10:08 -------- d-----w- C:\32788R22FWJFW.2.tmp 2010-09-28 10:06 . 2010-09-28 10:07 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-09-28 09:11 . 2009-10-22 09:54 37392 ----a-w- c:\windows\system32\drivers\27700912.sys 2010-09-28 09:11 . 2009-10-09 19:31 315408 ----a-w- c:\windows\system32\drivers\2770091.sys 2010-09-28 09:11 . 2009-09-25 13:59 128016 ----a-w- c:\windows\system32\drivers\27700911.sys 2010-09-28 07:51 . 2010-09-28 07:51 -------- d-----w- c:\program files\Common Files\c4a54362 2010-09-28 07:33 . 2010-09-28 07:33 -------- d-----w- c:\documents and settings\elena\DoctorWeb 2010-09-28 05:02 . 2010-09-28 05:02 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Opera 2010-09-28 05:02 . 2010-09-28 05:02 -------- d-----w- c:\program files\Opera 2010-09-27 13:24 . 2010-09-27 13:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-09-23 11:18 . 2010-09-23 11:18 -------- d-----w- c:\documents and settings\elena\Application Data\DivX 2010-09-23 07:57 . 2010-10-01 12:30 -------- d-----w- c:\documents and settings\elena\Application Data\uTorrent 2010-09-23 07:08 . 2010-09-27 11:32 -------- d-----w- c:\documents and settings\elena\Application Data\Yandex 2010-09-22 05:17 . 2010-09-28 04:57 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Mozilla 2010-09-22 05:15 . 2010-09-22 05:15 -------- d-sh--w- c:\documents and settings\elena\PrivacIE 2010-09-22 04:58 . 2010-10-05 05:17 -------- d-----w- c:\documents and settings\elena\Application Data\gtk-2.0 2010-09-22 04:58 . 2010-09-22 04:58 -------- d-----w- c:\documents and settings\elena\Application Data\inkscape 2010-09-22 04:58 . 2010-09-23 11:18 -------- d-----w- c:\documents and settings\elena\Application Data\Media Player Classic 2010-09-22 04:58 . 2010-09-22 04:58 -------- d-----w- c:\documents and settings\elena\Application Data\Mail.Ru 2010-09-22 04:58 . 2010-09-22 04:58 -------- d-----w- c:\documents and settings\elena\Application Data\OpenOffice.org 2010-09-22 04:57 . 2010-10-06 07:04 -------- d-----w- c:\documents and settings\elena\.gimp-2.6 2010-09-22 04:57 . 2010-09-22 04:58 -------- d-----w- c:\documents and settings\elena\.thumbnails 2010-09-22 04:55 . 2010-09-22 05:04 -------- d-----w- c:\documents and settings\elena\Application Data\Thunderbird 2010-09-22 04:55 . 2010-09-22 04:55 -------- d-----w- c:\documents and settings\elena\Local Settings\Application Data\Thunderbird . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((( SnapShot@2010-10-11_04.33.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-11 04:47 . 2010-10-11 04:47 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-06-09 15360] c:\documents and settings\elena.BELAMOS.RU\ѓ« ў-®Ґ ¬Ґ-о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] c:\documents and settings\elena\ѓ« ў-®Ґ ¬Ґ-о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ setup_9.0.0.722_28.09.2010_04-29.lnk - c:\documents and settings\elena\ђ Ў®зЁ© бв®«\Virus Removal Tool\setup_9.0.0.722_28.09.2010_04-29\startup.exe [2010-10-8 72208] c:\documents and settings\All Users\ѓ« ў-®Ґ ¬Ґ-о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] c:\documents and settings\All Users\ѓ« ў-®Ґ ¬Ґ-о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \AutorunsDisabled Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] c:\documents and settings\elena\ѓ« ў-®Ґ ¬Ґ-о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \ setup_9.0.0.722_28.09.2010_04-29.lnk - c:\documents and settings\elena\ђ Ў®зЁ© бв®«\Virus Removal Tool\setup_9.0.0.722_28.09.2010_04-29\startup.exe [2010-10-8 72208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\fxyvkp.exe," [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes] "128.111.48.0,255.255.255.0,192.168.0.17,1"="" "128.130.56.0,255.255.255.0,192.168.0.17,1"="" "128.130.60.0,255.255.255.0,192.168.0.17,1"="" "139.91.222.0,255.255.255.0,192.168.0.17,1"="" "141.202.248.0,255.255.255.0,192.168.0.17,1"="" "149.101.225.0,255.255.255.0,192.168.0.17,1"="" "150.70.93.0,255.255.255.0,192.168.0.17,1"="" "155.35.248.0,255.255.255.0,192.168.0.17,1"="" "162.40.10.0,255.255.255.0,192.168.0.17,1"="" "165.160.15.0,255.255.255.0,192.168.0.17,1"="" "166.70.98.0,255.255.255.0,192.168.0.17,1"="" "18.85.2.0,255.255.255.0,192.168.0.17,1"="" "188.93.8.0,255.255.255.0,192.168.0.17,1"="" "192.150.94.0,255.255.255.0,192.168.0.17,1"="" "193.0.6.0,255.255.255.0,192.168.0.17,1"="" "193.1.193.0,255.255.255.0,192.168.0.17,1"="" "193.110.109.0,255.255.255.0,192.168.0.17,1"="" "193.17.85.0,255.255.255.0,192.168.0.17,1"="" "193.193.194.0,255.255.255.0,192.168.0.17,1"="" "193.24.237.0,255.255.255.0,192.168.0.17,1"="" "193.66.251.0,255.255.255.0,192.168.0.17,1"="" "193.69.114.0,255.255.255.0,192.168.0.17,1"="" "193.71.68.0,255.255.255.0,192.168.0.17,1"="" "194.0.200.0,255.255.255.0,192.168.0.17,1"="" "194.109.142.0,255.255.255.0,192.168.0.17,1"="" "194.112.106.0,255.255.255.0,192.168.0.17,1"="" "194.206.126.0,255.255.255.0,192.168.0.17,1"="" "194.33.180.0,255.255.255.0,192.168.0.17,1"="" "195.137.160.0,255.255.255.0,192.168.0.17,1"="" "195.146.235.0,255.255.255.0,192.168.0.17,1"="" "195.2.240.0,255.255.255.0,192.168.0.17,1"="" "195.210.42.0,255.255.255.0,192.168.0.17,1"="" "195.55.72.0,255.255.255.0,192.168.0.17,1"="" "195.64.225.0,255.255.255.0,192.168.0.17,1"="" "195.70.37.0,255.255.255.0,192.168.0.17,1"="" "198.6.49.0,255.255.255.0,192.168.0.17,1"="" "199.203.243.0,255.255.255.0,192.168.0.17,1"="" "203.160.188.0,255.255.255.0,192.168.0.17,1"="" "204.14.90.0,255.255.255.0,192.168.0.17,1"="" "205.227.136.0,255.255.255.0,192.168.0.17,1"="" "205.178.145.0,255.255.255.0,192.168.0.17,1"="" "206.204.52.0,255.255.255.0,192.168.0.17,1"="" "207.44.154.0,255.255.255.0,192.168.0.17,1"="" "207.46.20.0,255.255.255.0,192.168.0.17,1"="" "207.46.232.0,255.255.255.0,192.168.0.17,1"="" "208.79.250.0,255.255.255.0,192.168.0.17,1"="" "207.66.0.0,255.255.255.0,192.168.0.17,1"="" "207.46.18.0,255.255.255.0,192.168.0.17,1"="" "209.124.55.0,255.255.255.0,192.168.0.17,1"="" "209.157.69.0,255.255.255.0,192.168.0.17,1"="" "209.160.22.0,255.255.255.0,192.168.0.17,1"="" "209.216.46.0,255.255.255.0,192.168.0.17,1"="" "209.51.167.0,255.255.255.0,192.168.0.17,1"="" "209.62.112.0,255.255.255.0,192.168.0.17,1"="" "209.62.68.0,255.255.255.0,192.168.0.17,1"="" "209.87.209.0,255.255.255.0,192.168.0.17,1"="" "212.47.219.0,255.255.255.0,192.168.0.17,1"="" "212.67.88.0,255.255.255.0,192.168.0.17,1"="" "212.72.62.0,255.255.255.0,192.168.0.17,1"="" "212.8.79.0,255.255.255.0,192.168.0.17,1"="" "213.133.34.0,255.255.255.0,192.168.0.17,1"="" "213.171.218.0,255.255.255.0,192.168.0.17,1"="" "213.198.89.0,255.255.255.0,192.168.0.17,1"="" "213.220.100.0,255.255.255.0,192.168.0.17,1"="" "213.31.172.0,255.255.255.0,192.168.0.17,1"="" "216.239.122.0,255.255.255.0,192.168.0.17,1"="" "216.10.192.0,255.255.255.0,192.168.0.17,1"="" "216.49.88.0,255.255.255.0,192.168.0.17,1"="" "216.99.133.0,255.255.255.0,192.168.0.17,1"="" "217.16.16.0,255.255.255.0,192.168.0.17,1"="" "216.246.90.0,255.255.255.0,192.168.0.17,1"="" "216.12.145.0,255.255.255.0,192.168.0.17,1"="" "216.55.183.0,255.255.255.0,192.168.0.17,1"="" "216.49.94.0,255.255.255.0,192.168.0.17,1"="" "217.106.234.0,255.255.255.0,192.168.0.17,1"="" "38.113.1.0,255.255.255.0,192.168.0.17,1"="" "62.146.210.0,255.255.255.0,192.168.0.17,1"="" "217.170.21.0,255.255.255.0,192.168.0.17,1"="" "217.174.103.0,255.255.255.0,192.168.0.17,1"="" "62.189.194.0,255.255.255.0,192.168.0.17,1"="" "62.14.249.0,255.255.255.0,192.168.0.17,1"="" "62.146.66.0,255.255.255.0,192.168.0.17,1"="" "62.75.163.0,255.255.255.0,192.168.0.17,1"="" "62.213.110.0,255.255.255.0,192.168.0.17,1"="" "62.75.216.0,255.255.255.0,192.168.0.17,1"="" "63.85.36.0,255.255.255.0,192.168.0.17,1"="" "64.13.134.0,255.255.255.0,192.168.0.17,1"="" "64.128.133.0,255.255.255.0,192.168.0.17,1"="" "64.202.189.0,255.255.255.0,192.168.0.17,1"="" "64.246.4.0,255.255.255.0,192.168.0.17,1"="" "64.41.142.0,255.255.255.0,192.168.0.17,1"="" "64.41.151.0,255.255.255.0,192.168.0.17,1"="" "64.66.190.0,255.255.255.0,192.168.0.17,1"="" "64.78.182.0,255.255.255.0,192.168.0.17,1"="" "65.55.184.0,255.255.255.0,192.168.0.17,1"="" "65.175.38.0,255.255.255.0,192.168.0.17,1"="" "65.55.240.0,255.255.255.0,192.168.0.17,1"="" "66.223.50.0,255.255.255.0,192.168.0.17,1"="" "66.249.17.0,255.255.255.0,192.168.0.17,1"="" "66.77.70.0,255.255.255.0,192.168.0.17,1"="" "67.134.208.0,255.255.255.0,192.168.0.17,1"="" "67.15.103.0,255.255.255.0,192.168.0.17,1"="" "67.15.231.0,255.255.255.0,192.168.0.17,1"="" "67.19.34.0,255.255.255.0,192.168.0.17,1"="" "67.192.135.0,255.255.255.0,192.168.0.17,1"="" "67.225.206.0,255.255.255.0,192.168.0.17,1"="" "67.227.172.0,255.255.255.0,192.168.0.17,1"="" "68.177.102.0,255.255.255.0,192.168.0.17,1"="" "69.162.79.0,255.255.255.0,192.168.0.17,1"="" "69.18.148.0,255.255.255.0,192.168.0.17,1"="" "69.20.104.0,255.255.255.0,192.168.0.17,1"="" "69.57.142.0,255.255.255.0,192.168.0.17,1"="" "69.93.226.0,255.255.255.0,192.168.0.17,1"="" "70.84.211.0,255.255.255.0,192.168.0.17,1"="" "72.232.246.0,255.255.255.0,192.168.0.17,1"="" "72.3.254.0,255.255.255.0,192.168.0.17,1"="" "72.32.125.0,255.255.255.0,192.168.0.17,1"="" "72.32.149.0,255.255.255.0,192.168.0.17,1"="" "72.32.70.0,255.255.255.0,192.168.0.17,1"="" "74.208.158.0,255.255.255.0,192.168.0.17,1"="" "74.50.0.0,255.255.255.0,192.168.0.17,1"="" "74.208.20.0,255.255.255.0,192.168.0.17,1"="" "74.52.233.0,255.255.255.0,192.168.0.17,1"="" "74.53.201.0,255.255.255.0,192.168.0.17,1"="" "74.55.40.0,255.255.255.0,192.168.0.17,1"="" "75.125.29.0,255.255.255.0,192.168.0.17,1"="" "78.108.86.0,255.255.255.0,192.168.0.17,1"="" "75.125.82.0,255.255.255.0,192.168.0.17,1"="" "78.137.164.0,255.255.255.0,192.168.0.17,1"="" "78.47.87.0,255.255.255.0,192.168.0.17,1"="" "79.125.5.0,255.255.255.0,192.168.0.17,1"="" "80.153.193.0,255.255.255.0,192.168.0.17,1"="" "80.190.130.0,255.255.255.0,192.168.0.17,1"="" "80.190.154.0,255.255.255.0,192.168.0.17,1"="" "80.237.132.0,255.255.255.0,192.168.0.17,1"="" "80.86.107.0,255.255.255.0,192.168.0.17,1"="" "81.177.31.0,255.255.255.0,192.168.0.17,1"="" "81.176.66.0,255.255.255.0,192.168.0.17,1"="" "81.24.35.0,255.255.255.0,192.168.0.17,1"="" "82.117.238.0,255.255.255.0,192.168.0.17,1"="" "82.151.107.0,255.255.255.0,192.168.0.17,1"="" "82.165.103.0,255.255.255.0,192.168.0.17,1"="" "82.98.86.0,255.255.255.0,192.168.0.17,1"="" "83.202.175.0,255.255.255.0,192.168.0.17,1"="" "83.222.23.0,255.255.255.0,192.168.0.17,1"="" "83.222.31.0,255.255.255.0,192.168.0.17,1"="" "83.223.117.0,255.255.255.0,192.168.0.17,1"="" "84.40.30.0,255.255.255.0,192.168.0.17,1"="" "85.12.57.0,255.255.255.0,192.168.0.17,1"="" "85.17.210.0,255.255.255.0,192.168.0.17,1"="" "85.214.106.0,255.255.255.0,192.168.0.17,1"="" "85.255.19.0,255.255.255.0,192.168.0.17,1"="" "85.31.222.0,255.255.255.0,192.168.0.17,1"="" "87.106.242.0,255.255.255.0,192.168.0.17,1"="" "87.106.254.0,255.255.255.0,192.168.0.17,1"="" "87.230.79.0,255.255.255.0,192.168.0.17,1"="" "87.238.48.0,255.255.255.0,192.168.0.17,1"="" "87.242.72.0,255.255.255.0,192.168.0.17,1"="" "87.242.74.0,255.255.255.0,192.168.0.17,1"="" "87.242.79.0,255.255.255.0,192.168.0.17,1"="" "88.221.119.0,255.255.255.0,192.168.0.17,1"="" "89.108.66.0,255.255.255.0,192.168.0.17,1"="" "89.111.176.0,255.255.255.0,192.168.0.17,1"="" "89.202.149.0,255.255.255.0,192.168.0.17,1"="" "89.202.157.0,255.255.255.0,192.168.0.17,1"="" "90.156.159.0,255.255.255.0,192.168.0.17,1"="" "90.183.101.0,255.255.255.0,192.168.0.17,1"="" "91.121.97.0,255.255.255.0,192.168.0.17,1"="" "91.199.212.0,255.255.255.0,192.168.0.17,1"="" "91.209.196.0,255.255.255.0,192.168.0.17,1"="" "92.123.155.0,255.255.255.0,192.168.0.17,1"="" "92.53.106.0,255.255.255.0,192.168.0.17,1"="" "93.184.71.0,255.255.255.0,192.168.0.17,1"="" "93.191.13.0,255.255.255.0,192.168.0.17,1"="" "94.23.206.0,255.255.255.0,192.168.0.17,1"="" "94.236.0.0,255.255.255.0,192.168.0.17,1"="" "95.140.225.0,255.255.255.0,192.168.0.17,1"="" "74.55.74.0,255.255.255.0,192.168.0.17,1"="" "75.125.185.0,255.255.255.0,192.168.0.17,1"="" "174.120.186.0,255.255.255.0,192.168.0.17,1"="" "208.43.71.0,255.255.255.0,192.168.0.17,1"="" "74.53.70.0,255.255.255.0,192.168.0.17,1"="" "74.86.232.0,255.255.255.0,192.168.0.17,1"="" "74.54.139.0,255.255.255.0,192.168.0.17,1"="" "174.133.38.0,255.255.255.0,192.168.0.17,1"="" "174.120.185.0,255.255.255.0,192.168.0.17,1"="" "174.120.184.0,255.255.255.0,192.168.0.17,1"="" "74.54.130.0,255.255.255.0,192.168.0.17,1"="" "74.54.46.0,255.255.255.0,192.168.0.17,1"="" "75.125.189.0,255.255.255.0,192.168.0.17,1"="" "75.125.43.0,255.255.255.0,192.168.0.17,1"="" "74.86.125.0,255.255.255.0,192.168.0.17,1"="" "75.125.212.0,255.255.255.0,192.168.0.17,1"="" "207.44.254.0,255.255.255.0,192.168.0.17,1"="" "83.102.130.0,255.255.255.0,192.168.0.17,1"="" "87.242.75.0,255.255.255.0,192.168.0.17,1"="" "81.176.67.0,255.255.255.0,192.168.0.17,1"="" "212.59.118.0,255.255.255.0,192.168.0.17,1"="" "188.40.74.0,255.255.255.0,192.168.0.17,1"="" "208.43.44.0,255.255.255.0,192.168.0.17,1"="" "62.67.184.0,255.255.255.0,192.168.0.17,1"="" "74.55.143.0,255.255.255.0,192.168.0.17,1"="" "195.222.17.0,255.255.255.0,192.168.0.17,1"="" "81.176.230.0,255.255.255.0,192.168.0.17,1"="" "194.67.52.0,255.255.255.0,192.168.0.17,1"="" "184.84.67.0,255.255.255.0,192.168.0.17,1"="" "80.239.197.0,255.255.255.0,192.168.0.17,1"="" "74.125.77.0,255.255.255.0,192.168.0.17,1"="" "38.117.98.0,255.255.255.0,192.168.0.17,1"="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "j:\\WebServers\\usr\\local\\apache\\bin\\httpd.exe"= "j:\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16416:TCP"= 16416:TCP R0 21678472;21678472 Boot Guard Driver;c:\windows\system32\drivers\21678472.sys [08.10.2010 16:45 37392] R0 27700912;27700912 Boot Guard Driver;c:\windows\system32\drivers\27700912.sys [28.09.2010 13:11 37392] R1 21678471;21678471;c:\windows\system32\drivers\21678471.sys [08.10.2010 16:45 128016] R1 27700911;27700911;c:\windows\system32\drivers\27700911.sys [28.09.2010 13:11 128016] R1 setup_9.0.0.722_28.09.2010_04-29drv;setup_9.0.0.722_28.09.2010_04-29drv;c:\windows\system32\drivers\2167847.sys [08.10.2010 16:45 315408] R2 haspflt;haspflt;c:\windows\system32\drivers\haspflt.sys [01.03.2010 18:53 29024] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.02.2010 15:08 1374464] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fvoxg . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.qip.ru/ uDefault_Search_URL = hxxp://www.yandex.ru TCP: {56091CA3-1AA1-4BAE-8D97-AFB86788DF39} = 81.94.128.4 FF - ProfilePath - c:\documents and settings\elena\Application Data\Mozilla\Firefox\Profiles\2v4vyvr5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=ru&q= FF - component: c:\documents and settings\elena\Application Data\Mozilla\Firefox\Profiles\2v4vyvr5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2288) c:\windows\system32\WININET.dll c:\program files\Mozilla Firefox\nspr4.dll c:\program files\Mozilla Firefox\plds4.dll c:\program files\Mozilla Firefox\plc4.dll c:\program files\Mozilla Firefox\sqlite3.dll c:\program files\Mozilla Firefox\nssutil3.dll c:\program files\Mozilla Firefox\softokn3.dll c:\program files\Mozilla Firefox\nss3.dll c:\program files\Mozilla Firefox\smime3.dll c:\windows\system32\webcheck.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.RUS . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe . ************************************************************************** . Completion time: 2010-10-11 08:49:32 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-11 04:49 ComboFix2.txt 2010-10-11 04:34 Pre-Run: 37 270 691 840 байт свободно Post-Run: 37 259 137 024 байт свободно - - End Of File - - E7F894D136199AC9563D95808A33DDCC |