Valeri, большое спасибо за ответ.
Все сделал, вставляю лог файл.
С уважением,
Максим.
ComboFix 09-05-29.01 — Максим Паршин 03.06.2009 9:23.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.510.292 [GMT 4:00]
Running from: c:documents and settingsМаксим ПаршинРабочий столComboFix.exe
Command switches used :: c:documents and settingsМаксим ПаршинРабочий столCFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090602-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsМаксим ПаршинApplication DataAdSubscribe
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeAdSubscribe.dat
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeAdSubscribe.dll
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed0.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed1.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed2.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed3.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed4.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed5.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed6.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed7.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed8.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeed9.jpg
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeFeedfeed.xml
c:documents and settingsМаксим ПаршинApplication DataAdSubscribeUninstall.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-05-30 11:31 . 2009-05-30 11:32
d
w c:program filestrend micro
2009-05-30 11:31 . 2009-05-30 11:33
d
w C:rsit
2009-05-30 06:46 . 2009-05-30 06:46
d
w c:windowsSun
2009-05-29 15:15 . 2009-05-29 15:15 410984 —-a-w c:windowssystem32deploytk.dll
2009-05-29 15:14 . 2009-05-29 15:14
d
w c:program filesJava
2009-05-29 15:14 . 2009-05-29 15:14 152576 —-a-w c:documents and settingsМаксим ПаршинApplication DataSunJavajre1.6.0_13lzma.dll
2009-05-29 13:45 . 2009-05-29 13:45
d
w c:documents and settingsNetworkServiceApplication DataAdSubscribe
2009-05-29 11:47 . 2009-05-29 11:47 355584 —-a-w c:windowssystem32TuneUpDefragService.exe
2009-05-29 11:44 . 2009-05-29 11:44
d
w c:windows5888428E699C4E71BF7194EE06B497DA.TMP
2009-05-29 11:32 . 2009-05-29 11:32
d
w c:program filesCommon FilesWise Installation Wizard
2009-05-29 11:21 . 2009-05-29 11:21
d
w c:documents and settingsAll UsersApplication DataTuneUp Software
2009-05-29 11:20 . 2009-05-29 11:20
d-sh—w c:documents and settingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-29 11:19 . 2009-05-25 05:26
d
w c:documents and settingsProgramTuneUp Utilities 2008 7.0.8007
2009-05-29 10:40 . 2009-05-29 12:00
d
w c:documents and settingsProgramTuneUp Utilities 2009
2009-05-28 13:53 . 2009-05-28 13:53
d
w c:program filesGRETECH
2009-05-28 13:47 . 2009-05-29 08:39
d
w c:documents and settingsМаксим ПаршинApplication DataGRETECH(2)
2009-05-28 07:04 . 2009-05-28 07:06
d
w c:documents and settingsAll UsersApplication DataLavasoft
2009-05-28 06:49 . 2009-05-28 06:49
d
w c:documents and settingsProgramRegDoctor
2009-05-28 06:43 . 2009-05-28 07:06
d
w c:documents and settingsProgramAd Aware 2008 Pro 7.1.0.12 Ru
2009-05-27 16:45 . 2009-05-27 16:45
d
w c:documents and settingsProgramApple Pro KBD
2009-05-27 09:00 . 2009-05-27 09:02
d
w c:documents and settingsProgramavast! Professional Edition 4.8.1335
2009-05-26 19:05 . 2009-05-26 19:05 320640 —-a-w c:windowsilda16.dll
2009-05-26 18:42 . 2009-05-27 08:05
d
w c:program filesAd Muncher
2009-05-26 18:39 . 2009-05-28 07:08
d
w c:documents and settingsProgramAd Muncher
2009-05-26 07:56 . 2009-05-26 07:57
d
w c:documents and settingsProgramSpacesniffer
2009-05-25 11:36 . 2009-05-25 11:40
d
w c:documents and settingsProgramManager 505
2009-05-25 10:15 . 1998-01-23 08:55 305152 —-a-w c:windowsIsUn0419.exe
2009-05-25 09:48 . 2009-05-25 11:08
d
w c:documents and settingsProgramNorton Partition Magic
2009-05-25 08:05 . 2001-07-13 09:56 14976 —-a-w c:windowssystem32driversSBKUPNT.SYS
2009-05-25 08:05 . 1997-02-08 13:11 13312 —-a-w c:windowssystem32DEVLOAD.EXE
2009-05-25 08:03 . 2009-05-25 09:53
d
w c:documents and settingsProgramSwissknife
2009-05-25 05:27 . 2009-05-25 05:27
d
w c:documents and settingsNetworkServiceApplication DataTuneUp Software
2009-05-24 18:18 . 2009-05-24 18:18
d
w c:documents and settingsМаксим ПаршинApplication DataGRETECH
2009-05-11 12:28 . 2009-05-11 12:28
d
w c:documents and settingsМаксим ПаршинApplication Datacalibre
2009-05-11 12:24 . 2009-05-11 12:43
d—h—w c:program filesInstallJammer Registry
2009-05-11 12:24 . 2009-05-11 12:24
d
w c:documents and settingsAll Users??????? ????
2009-05-11 12:22 . 2009-05-11 12:43
d
w c:documents and settingsProgramCalibre LRF viewer
2009-05-10 09:43 . 2009-05-10 09:43 7168 —-a-w c:documents and settingsМаксим ПаршинApplication DataThinstallSTDU Converter version 1.0.85.04000005400002iAcroRd32.exe
2009-05-10 09:32 . 2009-05-10 09:32 7168 —-a-w c:documents and settingsМаксим ПаршинApplication DataThinstallSTDU Converter version 1.0.85.01000000b00002iverclsid.exe
2009-05-10 09:31 . 2009-05-10 09:31
d
w c:documents and settingsМаксим ПаршинApplication DataThinstall
2009-05-10 09:30 . 2009-05-10 09:31
d
w c:documents and settingsProgramPortable STDU Converter
2009-05-10 09:09 . 2009-05-10 09:09
d
w c:documents and settingsProgramPDF to LRF converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 05:09 . 2008-08-29 09:20
d
w c:documents and settingsМаксим ПаршинApplication DatauTorrent
2009-06-02 05:24 . 2005-07-25 15:59
d
w c:program fileslg_swupdate
2009-06-01 07:22 . 2006-07-28 12:18
d
w c:documents and settingsМаксим ПаршинApplication DataCanon
2009-05-27 18:56 . 2005-07-25 16:17
d
w c:program filesSymantec
2009-05-27 18:56 . 2005-07-25 16:17
d
w c:program filesCommon FilesSymantec Shared
2009-05-26 14:57 . 2008-12-29 20:57
d
w c:program filesThe KMPLayer!
2009-05-25 10:06 . 2005-07-25 15:59
d—h—w c:program filesInstallShield Installation Information
2009-05-25 05:44 . 2009-02-15 18:07
d
w c:program filesGoogle
2009-05-25 05:39 . 2005-07-25 19:16 71390 —-a-w c:windowssystem32perfc019.dat
2009-05-25 05:39 . 2005-07-25 19:16 436114 —-a-w c:windowssystem32perfh019.dat
2009-05-10 08:31 . 2007-05-11 14:44
d
w c:documents and settingsМаксим ПаршинApplication DataVso
2009-05-10 08:23 . 2008-09-17 15:08
d
w c:documents and settingsМаксим ПаршинApplication DataCopyToDvd
2009-04-04 08:43 . 2006-07-07 17:17 75592 -c—a-w c:documents and settingsМаксим ПаршинLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-03 15:15 . 2009-04-03 15:15 292878 —-a-r c:documents and settingsМаксим ПаршинApplication DataMicrosoftInstaller{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}ARPPRODUCTICON.exe
2009-03-31 13:15 . 2009-03-31 13:15 43520 —-a-w c:windowssystem32CmdLineExt03.dll
2009-03-11 14:19 . 2009-03-11 13:59 123 —-a-w c:documents and settingsМаксим ПаршинApplication DataParticipatory Culture FoundationMiroProfilestg8jiqci.defaultextensionsDeutsche_Welle_Player@v0.themes.getmiro.com
.
((((((((((((((((((((((((((((( SnapShot@2009-05-30_16.06.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-02 05:22 . 2009-06-02 05:22 16384 c:windowsTempPerflib_Perfdata_794.dat
+ 2009-06-02 05:22 . 2009-06-02 05:22 16384 c:windowsTempPerflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«USB Safely Remove»=»c:documents and settingsProgramUsb safely removeUSB Safely RemoveUSBSafelyRemove.exe» [2008-12-15 1100048]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2005-07-01 7118848]
«SynTPLpr»=»c:program filesSynapticsSynTPSynTPLpr.exe» [2005-02-14 98396]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2005-02-14 667740]
«batterymiser»=»c:program filesLG SoftwareBattery Miser 2005batterymiser.exe» [2005-06-28 335872]
«KeybdUtility»=»c:program filesLG SoftwareOn Screen DisplayHotkey.exe» [2005-08-19 86016]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«Adobe Reader Speed Launcher»=»c:documents and settingsProgramAdobe_Acrobat_ReaderReaderReader_sl.exe» [2009-02-27 35696]
«LG Intelligent Update»=»c:program fileslg_swupdateautoupdate.exe» [2006-07-18 106496]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-29 148888]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2005-07-01 1519616]
«AGRSMMSG»=»AGRSMMSG.exe» — c:windowsAGRSMMSG.exe [2005-08-24 88203]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:documents and settingsProgramNokia PC SuiteNokia PC Suite 6PcSync2.exe» [2007-11-07 1294336]
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}»= «c:windowssystem32bmpsap.dll» [2005-06-28 114688]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@=»Service»
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«PC Suite Tray»=»c:documents and settingsProgramNokia PC SuiteNokia PC Suite 6PCSuite.exe» -onlytray
«DAEMON Tools Lite»=»c:documents and settingsProgramDaemon toolsDAEMON Tools Litedaemon.exe» -autorun
«pdfSaver3″=»c:program filesMindjetMindManager 7PDF-XChangepdfSaverpdfSaver3.exe»
«Miro — Deutsche Welle Player»=c:documents and settingsProgramMiroMiro.exe —theme «Deutsche Welle Player»
«PNotes Portable»=c:documents and settingsProgramPNotesPNotesPortablePNotesPortable.exe
«Active Desktop Calendar»=c:documents and settingsProgramActive_Desktop_CalendarActive Desktop CalendarADC.exe
«NBJ»=»c:documents and settingsProgramNeroNero BackItUpNBJ.exe»
«BitTorrent»=»c:documents and settingsProgramBitTorrentbittorrent.exe» —force_start_minimized
«USB Safely Remove»=c:documents and settingsProgramUsb safely removeUSB Safely RemoveUSBSafelyRemove.exe /startup
«LDM»=c:program filesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
«MSMSGS»=»c:program filesMessengermsmsgs.exe» /background
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Ярлык для страницы свойств High Definition Audio»=HDAShCut.exe
«igfxtray»=c:windowssystem32igfxtray.exe
«igfxpers»=c:windowssystem32igfxpers.exe
«Cmaudio»=RunDll32 cmicnfg.cpl,CMICtrlWnd
«RemoteControl»=»c:documents and settingsProgramPowerDVDPDVDServ.exe»
«MMReminderService»=c:program filesMindjetMindManager 7MMReminderService.exe
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» -osboot
«igfxhkcmd»=c:windowssystem32hkcmd.exe
«NeroFilterCheck»=c:windowssystem32NeroCheck.exe
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» -atboottime
«Lingvo Launcher»=»c:documents and settingsProgramABBYY Lingvo 12Lvagent.exe» /STARTUP
«OpwareSE2″=»c:documents and settingsProgramCanaScan_8400FOmniPage_SEOpwareSE2.exe»
«BluetoothAuthenticationAgent»=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Documents and Settings\Program\utorrent\utorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [16.07.2008 20:16 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [16.07.2008 20:16 20560]
R2 SBKUPNT;SBKUPNT;c:windowssystem32driversSBKUPNT.SYS [25.05.2009 12:05 14976]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:documents and settingsProgramUsb safely removeUSB Safely RemoveUSBSRService.exe [22.01.2009 19:41 208144]
R3 cmudax;C-Media High Definition Audio Interface;c:windowssystem32driverscmudax.sys [31.10.2005 9:28 1287296]
S2 gupdate1c98f9852d6bad8;Служба Google Update (gupdate1c98f9852d6bad8);c:program filesGoogleUpdateGoogleUpdate.exe [15.02.2009 22:07 133104]
S3 gUSBSTOi;gUSBSTOi;??c:docume~16E26~1LOCALS~1TempgUSBSTOi.sys —> c:docume~16E26~1LOCALS~1TempgUSBSTOi.sys [?]
— Other Services/Drivers In Memory —
*Deregistered* — UserIO
.
Contents of the ‘Scheduled Tasks’ folder
2009-06-03 c:windowsTasks1-Click Maintenance.job
— c:documents and settingsProgramTuneUp Utilities 2008 7.0.8007OneClickStarter.exe [2008-06-20 05:09]
2009-06-02 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-15 18:07]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = paradyz
IE: &Перевести с помощью ABBYY Lingvo… — c:documents and settingsProgramABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to &Teleport — c:docume~1ProgramTELEPO~1TELEPO~1teleport.htm
IE: Закачать все при помощи FlashGet — c:documents and settingsProgramFlashGetjc_all.htm
IE: Закачать при помощи FlashGet — c:documents and settingsProgramFlashGetjc_link.htm
FF — ProfilePath — c:documents and settingsМаксим ПаршинApplication DataMozillaFirefoxProfilesnzsekflx.default
FF — prefs.js: browser.startup.homepage — hxxp://www.google.ru/
FF — prefs.js: keyword.URL — hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF — plugin: c:documents and settingsProgramAdobe_Acrobat_ReaderReaderbrowsernppdf32.dll
FF — plugin: c:documents and settingsProgramFirefoxpluginsnpbittorrent.dll
FF — plugin: c:documents and settingsProgramFirefoxpluginsnpdjvu.dll
FF — plugin: c:documents and settingsProgramRealPlayer_11.0.0.468Netscape6nppl3260.dll
FF — plugin: c:documents and settingsProgramRealPlayer_11.0.0.468Netscape6nprjplug.dll
FF — plugin: c:documents and settingsProgramRealPlayer_11.0.0.468Netscape6nprpjplug.dll
FF — plugin: c:program filesGoogleUpdate1.2.145.5npGoogleOneClick8.dll
—- FIREFOX POLICIES —-
FF — user.js: network.http.max-persistent-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 1800000
FF — user.js: content.notify.interval — 600000
FF — user.js: content.switch.threshold — 1000000
FF — user.js: nglayout.initialpaint.delay — 600
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 09:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(760)
c:windowssystem32Ati2evxx.dll
c:windowssystem32igfxdev.dll
.
Completion time: 2009-06-03 9:30
ComboFix-quarantined-files.txt 2009-06-03 05:29
ComboFix2.txt 2009-05-30 16:08
Pre-Run: 12 582 535 168 байт свободно
Post-Run: 12 665 352 192 байт свободно
217 — E O F — 2009-03-07 00:01
