Помогите удалить msvmiode.exe P.S. Я чайник

smock · Отправлено: **19:21, 25-09-2010** | #24

ComboFix 10-09-24.05 - smoc 25.09.2010 19:13:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.2047.1450 [GMT 4:00]
Running from: c:\documents and settings\smoc\Рабочий стол\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\smoc\Application Data\ltzqai.exe
c:\windows\cfdrive32.exe
c:\windows\system32\28.exe
c:\windows\system32\msvmiode.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-24 14:24 . 2010-09-24 15:25 -------- d-----w- c:\documents and settings\smoc\Application Data\mIRC
2010-09-24 14:24 . 2010-09-24 15:00 -------- d-----w- c:\program files\mIRC
2010-09-23 22:28 . 2010-09-23 22:28 -------- d-----w- c:\documents and settings\terminator\DoctorWeb
2010-09-23 10:07 . 2010-09-23 10:07 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-22 09:49 . 2010-09-25 14:38 -------- d-----w- c:\documents and settings\smoc\Application Data\TS3Client
2010-09-22 09:39 . 2010-09-22 09:44 -------- d-----w- c:\documents and settings\smoc\Application Data\WebMoney
2010-09-22 09:37 . 2010-09-22 09:44 -------- d-----w- c:\program files\WebMoney Agent
2010-09-22 09:37 . 2010-09-22 09:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-22 09:37 . 2010-09-22 09:37 875099 ----a-w- c:\program files\Uninstall.exe
2010-09-22 09:37 . 2010-09-22 09:37 -------- d-----w- c:\program files\resources
2010-09-22 09:37 . 2010-09-22 09:37 -------- d-----w- c:\program files\Agreements
2010-09-22 09:37 . 2010-09-22 09:37 -------- d-----w- c:\program files\misc
2010-09-22 09:37 . 2010-09-22 09:37 -------- d-----w- c:\program files\Sounds
2010-09-22 09:37 . 2010-09-22 09:37 -------- d-----w- c:\program files\Certificates
2010-09-21 20:38 . 2010-09-23 23:07 -------- d-----w- c:\program files\FlashGet
2010-09-21 10:12 . 2010-09-21 10:12 -------- d-----w- c:\documents and settings\NetworkService\Рабочий стол
2010-09-20 03:14 . 2010-09-20 03:14 -------- d-----w- c:\documents and settings\smoc\Application Data\Media Player Classic
2010-09-20 03:14 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-09-20 03:14 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-20 03:14 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-20 03:14 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-20 03:14 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-20 03:14 . 2010-09-20 03:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\documents and settings\terminator\Local Settings\Application Data\Yandex
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yandex
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\program files\Yandex
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\documents and settings\terminator\Application Data\Yandex
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\documents and settings\terminator\Local Settings\Application Data\Opera
2010-09-19 22:51 . 2010-09-19 22:51 -------- d-----w- c:\documents and settings\terminator\Local Settings\Application Data\Google
2010-09-19 16:50 . 2006-11-14 03:31 33408 ----a-r- c:\windows\system32\drivers\ipgdnd51.sys
2010-09-19 16:50 . 2010-09-19 16:50 -------- d-----w- c:\windows\OEM_ICPLUS
2010-09-19 16:48 . 2004-08-17 12:04 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-19 14:49 . 2004-08-03 19:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-19 14:45 . 2010-09-19 14:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-19 14:29 . 2010-09-24 17:47 -------- d-----w- c:\documents and settings\terminator\Application Data\skypePM
2010-09-19 14:26 . 2010-09-19 14:26 -------- d-----w- c:\documents and settings\terminator\Local Settings\Application Data\Mozilla
2010-09-19 14:17 . 2010-09-24 20:46 -------- d-----w- c:\documents and settings\terminator\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 14:58 . 2010-09-19 06:54 -------- d-----w- c:\documents and settings\smoc\Application Data\Skype
2010-09-25 12:45 . 2001-10-20 12:00 49552 ----a-w- c:\windows\system32\perfc019.dat
2010-09-25 12:45 . 2001-10-20 12:00 346452 ----a-w- c:\windows\system32\perfh019.dat
2010-09-25 12:41 . 2010-09-19 06:30 -------- d-----w- c:\program files\Garena
2010-09-25 12:40 . 2010-09-19 06:25 -------- d-----w- c:\documents and settings\smoc\Application Data\uTorrent
2010-09-22 09:37 . 2010-09-22 09:37 1598 ----a-w- c:\program files\install.sss
2010-09-19 16:57 . 2010-09-19 07:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-19 07:09 . 2010-09-19 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-09-19 07:03 . 2010-09-19 05:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-19 07:03 . 2010-09-19 07:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-19 07:01 . 2010-09-19 07:01 -------- d-----w- c:\documents and settings\smoc\Application Data\skypePM
2010-09-19 06:58 . 2010-09-19 06:58 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-09-19 06:54 . 2010-09-19 06:54 -------- d-----w- c:\program files\Common Files\Skype
2010-09-19 06:54 . 2010-09-19 06:54 -------- d-----r- c:\program files\Skype
2010-09-19 06:54 . 2010-09-19 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-09-19 06:25 . 2010-09-19 06:25 -------- d-----w- c:\program files\uTorrent
2010-09-19 06:19 . 2010-09-19 06:19 -------- d-----w- c:\program files\C-Media 3D Audio
2010-09-19 06:07 . 2010-09-19 06:07 12328 ----a-w- c:\documents and settings\smoc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-19 06:05 . 2010-09-19 06:05 0 ----a-w- c:\windows\nsreg.dat
2010-09-19 05:56 . 2010-09-19 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-19 05:16 . 2010-09-19 05:16 -------- d-----w- c:\program files\InstallShield Installation Information
2010-09-19 05:16 . 2010-09-19 05:16 -------- d-----w- c:\program files\D-Link
2010-09-19 05:05 . 2010-09-19 04:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-19 04:45 . 2010-09-19 04:45 -------- d-----w- c:\program files\microsoft frontpage
2010-09-19 04:41 . 2010-09-19 04:41 22564 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-16 12:18 . 2010-07-16 12:18 4789736 ----a-w- c:\program files\WMClient.dll
2010-07-16 12:09 . 2010-07-16 12:09 1508840 ----a-w- c:\program files\WebMoney.exe
2010-04-30 10:15 . 2010-04-30 10:15 206935 ----a-w- c:\program files\interface.zip
2010-04-27 09:20 . 2010-04-27 09:20 247304 ----a-w- c:\program files\gausenum.dll
2009-10-26 08:10 . 2009-10-26 08:10 3451 ----a-w- c:\program files\webmoney.exe.manifest
2009-10-26 08:10 . 2009-10-26 08:10 3450 ----a-w- c:\program files\keeperid.exe.manifest
2009-10-22 13:47 . 2009-10-22 13:47 79384 ----a-w- c:\program files\WMDispatcher.exe
2009-10-22 08:47 . 2009-10-22 08:47 3454 ----a-w- c:\program files\wmdispatcher.exe.manifest
2007-10-23 14:34 . 2007-10-23 14:34 140808 ----a-w- c:\program files\bexth.dll
2007-07-20 11:53 . 2007-07-20 11:53 145 ----a-w- c:\program files\regwmd.bat
2007-02-07 10:56 . 2007-02-07 10:56 1645320 ----a-w- c:\program files\gdiplus.dll
2005-10-27 14:33 . 2005-10-27 14:33 292616 ----a-w- c:\program files\KeeperID.exe
.

------- Sigcheck -------

[-] 2004-09-17 . A975A70FCEFE2A224412214320C89DED . 503808 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-25_09.45.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-20 12:00 . 2010-09-25 09:34 40128 c:\windows\system32\perfc009.dat
+ 2001-10-20 12:00 . 2010-09-25 12:45 40128 c:\windows\system32\perfc009.dat
+ 2001-10-20 12:00 . 2010-09-25 12:45 311740 c:\windows\system32\perfh009.dat
- 2001-10-20 12:00 . 2010-09-25 09:34 311740 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 10336584]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Steam"="c:\game\steam\steam.exe" [2010-09-19 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\game\\steam\\Steam.exe"=
"c:\\game\\steam\\steamapps\\smock312\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\smoc\LOCALS~1\Temp\MQUA7.tmp --> c:\docume~1\smoc\LOCALS~1\Temp\MQUA7.tmp [?]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [19.09.2010 20:50 33408]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\smoc\Application Data\Mozilla\Firefox\Profiles\qxfpu28r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/
FF - prefs.js: network.proxy.type - 0

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\smoc\LOCALS~1\Temp\MQUA7.tmp"
.
Completion time: 2010-09-25 19:18:23
ComboFix-quarantined-files.txt 2010-09-25 15:18
ComboFix2.txt 2010-09-25 09:47

Pre-Run: 24*018*907*136 байт свободно
Post-Run: 24*012*951*552 байт свободно

- - End Of File - - 26EE393D9CEF51C56993390B991ACC7B