выполнила всё, что требовалось. Вот результаты:
ComboFix 10-11-29.02 - Jean 29.11.2010 21:55:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1022.517 [GMT 3:00]
Running from: i:\documents and settings\Admin\Рабочий стол\ComboFix.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
i:\documents and settings\All Users\Application Data\msvmon32
i:\program files\Common Files\WM
i:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
i:\windows\Delete.bat
i:\windows\system32\Пузыри.scr
i:\windows\system32\ssField Lines.scr
i:\windows\system32\ssRibbons.scr
i:\windows\system32\SYSINTERNALS_BLUESCREEN.SCR
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.
2010-11-27 17:09 . 2010-11-27 17:09 71350 ----a-w- i:\windows\system32\EЧVЂ
2010-11-27 16:05 . 2010-11-27 16:05 -------- d-----w- i:\program files\Common Files\A3D3887Ca
2010-11-27 09:34 . 2010-11-27 09:34 298104 ----a-w- i:\windows\system32\imon.dll
2010-11-27 09:34 . 2010-11-27 09:34 512096 ----a-w- i:\windows\system32\drivers\amon.sys
2010-11-27 09:34 . 2010-11-27 09:34 15424 ----a-w- i:\windows\system32\drivers\nod32drv.sys
2010-11-14 13:05 . 2010-11-14 13:08 -------- d-----w- i:\documents and settings\Admin\Local Settings\Application Data\VKMusic 4
2010-11-14 13:05 . 2010-11-14 13:05 -------- d-----w- i:\program files\VKMusic 4
2010-11-14 11:18 . 2010-11-14 11:18 -------- d-----w- i:\windows\Cache
2010-11-14 11:15 . 2010-11-14 11:15 -------- d-----w- i:\documents and settings\Admin\Application Data\AdobeUM
2010-11-02 14:57 . 2010-11-21 19:18 -------- d-----w- i:\program files\Common Files\Adobe
2010-11-02 14:46 . 2010-11-02 14:46 -------- d-----w- i:\program files\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 18:33 . 2008-12-12 14:48 16608 ----a-w- i:\windows\gdrv.sys
.
------- Sigcheck -------
[-] 2008-10-24 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . i:\windows\system32\drivers\tcpip.sys
[-] 2008-10-24 . 13548C87ADEFC5980AC4F0F50AC78396 . 80584 . . [7.2.6001.784] . . i:\windows\system32\wuauclt.exe
[-] 2008-10-24 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . i:\windows\system32\user32.dll
[-] 2008-10-24 . 8054F449106C9DA48AEDC82B05BA2B8E . 952832 . . [7.00.6000.20900] . . i:\windows\system32\wininet.dll
[-] 2008-10-24 . 89F87645A856F6712E6225079B7931F4 . 1721344 . . [6.00.2900.5512] . . i:\windows\explorer.exe
[-] 2008-10-24 . E52BB415E3A7106E0308A6EE75219F30 . 1571840 . . [5.1.2600.5512] . . i:\windows\system32\sfcfiles.dll
[-] 2008-10-24 . 08DD489E663B992B188166951AD131E0 . 30208 . . [5.1.2600.5512] . . i:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "i:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "i:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="i:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
"DAEMON Tools Lite"="i:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="i:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-04 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="i:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2008-04-11 13524992]
"nwiz"="nwiz.exe" [2008-04-11 1630208]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2008-04-11 86016]
"WinampAgent"="i:\program files\Winamp\winampa.exe" [2006-01-30 35328]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"57xxSteelVine"="i:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2007-08-20 1720320]
"ISUSPM Startup"="i:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="i:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"HP Software Update"="i:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="i:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="i:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"Sony Ericsson PC Suite"="i:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"MAgent"="i:\program files\Mail.Ru\Agent\MAgent.exe" [2010-01-25 8746680]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nod32kui"="i:\program files\Eset\nod32kui.exe" [2010-11-27 949376]
"Corel Photo Downloader"="i:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 483144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-10-24 30208]
"VistaIcon"="i:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2008-10-24 124928]
"IE7_012"="advpack.dll" [2008-10-24 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 16026642;16026642 Boot Guard Driver;i:\windows\system32\drivers\16026642.sys [26.08.2010 7:34 37392]
R0 sptd;sptd;i:\windows\system32\drivers\sptd.sys [12.12.2008 1:50 721904]
R1 16026641;16026641;i:\windows\system32\drivers\16026641.sys [26.08.2010 7:34 128016]
R1 nod32drv;nod32drv;i:\windows\system32\drivers\nod32drv.sys [27.11.2010 12:34 15424]
R1 setup_9.0.0.722_26.08.2010_07-57drv;setup_9.0.0.722_26.08.2010_07-57drv;i:\windows\system32\drivers\1602664.sys [26.08.2010 7:34 315408]
R1 SSHDRV85;SSHDRV85;i:\windows\system32\drivers\SSHDRV85.sys [02.06.2009 15:28 78848]
R1 uze3mjk4;AVZ-RK Kernel Driver;i:\windows\system32\drivers\uze3mjk4.sys [28.08.2010 13:33 11264]
R2 GEST Service;GEST Service for program management.;i:\program files\GIGABYTE\EnergySaver\GSvr.exe [12.12.2008 17:49 80392]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;i:\windows\system32\drivers\RtNdPt5x.sys [12.12.2008 18:10 35840]
S0 nvgts3;nvgts3;i:\windows\system32\drivers\nvgts3.sys [25.10.2008 0:51 132096]
S2 57xx SteelVine Manager;57xx SteelVine;i:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20.08.2007 11:42 1282048]
S2 gupdate;Служба Google Update (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [05.07.2010 18:00 136176]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;i:\windows\system32\drivers\RTLTEAMING.SYS [12.12.2008 18:10 28416]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;i:\windows\system32\drivers\RTLVLAN.SYS [12.12.2008 18:10 17408]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);i:\windows\system32\drivers\se46bus.sys [26.12.2008 21:39 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;i:\windows\system32\drivers\se46mdfl.sys [26.12.2008 21:39 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;i:\windows\system32\drivers\se46mdm.sys [26.12.2008 21:39 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);i:\windows\system32\drivers\se46mgmt.sys [16.02.2009 20:31 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);i:\windows\system32\drivers\se46nd5.sys [16.02.2009 20:32 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;i:\windows\system32\drivers\se46obex.sys [03.01.2009 17:03 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);i:\windows\system32\drivers\se46unic.sys [16.02.2009 20:32 90800]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SRSERVICE
.
Contents of the 'Scheduled Tasks' folder
2010-11-29 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:00]
2010-11-28 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 15:00]
2010-11-27 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-220523388-1417001333-500Core.job
- i:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-04 23:24]
2010-11-29 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-220523388-1417001333-500UA.job
- i:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-04 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rambler.ru/
IE: &Экспорт в Microsoft Excel - i:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Поиск@Mail.Ru - i:\program files\mail.ru\sputnik\MailRuSputnik.dll/282
IE: Словари@Mail.Ru - i:\program files\mail.ru\sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - i:\program files\Mail.Ru\Agent\magent.exe
LSP: i:\windows\system32\imon.dll
TCP: {65C6A1E1-9C3B-404F-A76D-232F7EC2F6E3} = 91.207.170.1 91.207.170.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-11-29 21:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
i:\windows\system32\SETUPAPI.dll
i:\windows\system32\Ati2evxx.dll
i:\windows\system32\cscui.dll
i:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(800)
i:\windows\system32\setupapi.dll
i:\windows\system32\imon.dll
i:\program files\Eset\pr_imon.dll
.
Completion time: 2010-11-29 22:01:59
ComboFix-quarantined-files.txt 2010-11-29 19:01
Pre-Run: 30*051*942*400 байт свободно
Post-Run: 30*249*918*464 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /execute /fastdetect
- - End Of File - - A24025CFAA21B6612E549A1838FD9D79
