в последнее время всё нормально, компютер уже сам не выключается.
ComboFix 09-11-16.01 — Admin 15.11.2009 21:20.2.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.284 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.
2009-11-14 22:50 . 2009-08-29 09:00 177520 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVENG32.DLL
2009-11-14 22:50 . 2009-08-29 09:00 1647984 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVEX32A.DLL
2009-11-14 22:50 . 2009-08-29 09:00 1323568 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVEX15.SYS
2009-11-14 22:50 . 2009-08-29 09:00 84912 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVENG.SYS
2009-11-14 22:50 . 2009-08-29 09:00 102448 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004ERASER.SYS
2009-11-14 22:50 . 2009-11-05 19:34 259440 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004ECMSVR32.DLL
2009-11-14 22:50 . 2009-11-05 19:34 2747952 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004CCERASER.DLL
2009-11-14 22:50 . 2009-08-29 09:00 371248 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004EECTRL.SYS
2009-11-13 10:38 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001Scxpx86.dll
2009-11-13 10:38 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSvix86.sys
2009-11-13 10:38 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSXpx86.sys
2009-11-13 10:38 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSxpx86.dll
2009-11-13 10:38 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSviA64.sys
2009-11-12 23:52 . 2009-11-12 23:52
d
w- c:documents and settingsAll UsersApplication DataSymantec
2009-11-12 18:37 . 2009-11-12 23:18
d
w- c:windowssystem32Adobe
2009-11-12 18:01 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSvix86.sys
2009-11-12 18:01 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSXpx86.sys
2009-11-12 18:01 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001Scxpx86.dll
2009-11-12 18:01 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSxpx86.dll
2009-11-12 18:01 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSviA64.sys
2009-11-09 19:12 . 2009-11-09 19:12
d
w- c:documents and settingsAdminApplication DataMalwarebytes
2009-11-09 19:12 . 2009-09-10 11:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-11-09 19:12 . 2009-11-09 19:12
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-09 19:11 . 2009-09-10 11:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-11-05 22:37 . 2009-11-11 22:39
d
w- c:program filestrend micro
2009-11-05 22:37 . 2009-11-05 22:45
d
w- C:rsit
2009-11-05 18:21 . 2009-08-30 00:16 164216 —-a-r- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136IPSFFPlgncomponentsIPSFFPl.dll
2009-11-05 18:21 . 2009-11-05 18:21 60808 —-a-w- c:windowssystem32S32EVNT1.DLL
2009-11-05 18:21 . 2009-11-05 18:21 124976 —-a-w- c:windowssystem32driversSYMEVENT.SYS
2009-11-05 18:21 . 2009-11-05 18:30
d
w- c:program filesCommon FilesSymantec Shared
2009-11-05 18:21 . 2009-11-05 18:21
d
w- c:program filesSymantec
2009-11-05 18:20 . 2009-08-26 22:13 900464 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136OCShsplayer.dll
2009-11-05 18:20 . 2008-05-23 08:13 288104 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CPDOEMCPDOEM.dll
2009-11-05 18:20 . 2009-09-01 08:53 892784 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CLTcltLMSx.dll
2009-11-05 18:19 . 2009-11-13 19:27
d
w- c:windowssystem32driversNAV
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesWindows Sidebar
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesNorton AntiVirus
2009-11-05 18:19 . 2009-11-13 00:00
d
w- c:documents and settingsAll UsersApplication DataNorton
2009-11-05 18:19 . 2009-11-13 08:18
d
w- c:program filesNortonInstaller
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-11-04 19:45 . 2009-11-04 19:45
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-03 23:08 . 2009-11-03 23:08
d
w- c:windowsie8updates
2009-11-03 23:06 . 2009-11-03 23:07
dc-h—w- c:windowsie8
2009-11-03 22:44 . 2009-10-02 04:44 92160 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-11-03 22:43 . 2009-08-29 07:58 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-11-03 22:43 . 2009-08-29 07:58 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-11-03 22:43 . 2009-08-29 07:58 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-11-03 22:43 . 2009-08-29 07:58 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-11-03 22:43 . 2009-08-29 07:58 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-11-03 22:43 . 2009-08-29 07:58 11069440 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-11-03 18:04 . 2009-11-03 18:04
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-11-03 15:11 . 2009-11-05 16:05
d
w- c:documents and settingsAll UsersApplication DataAshampoo
2009-11-03 15:11 . 2009-11-03 15:11
d
w- c:documents and settingsAll UsersApplication Datapage
2009-10-28 22:37 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubScxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSviA64.sys
2009-10-20 16:46 . 2009-10-20 16:46 59992 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 2010 9.0.0.736Russiansetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 18:26 . 2009-05-18 11:25
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-11-07 17:28 . 2009-06-01 18:15
d
w- c:program filesTuneUp Utilities 2007
2009-11-07 15:18 . 2009-05-18 08:09 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-11-07 13:42 . 2009-05-18 10:15
d
w- c:program filesGoogle
2009-11-05 18:21 . 2009-11-05 18:21 805 —-a-w- c:windowssystem32driversSYMEVENT.INF
2009-11-05 18:21 . 2009-11-05 18:21 7443 —-a-w- c:windowssystem32driversSYMEVENT.CAT
2009-11-05 13:15 . 2009-05-30 18:27
d
w- c:program filesThe KMPlayer
2009-11-04 10:31 . 2009-08-31 15:56 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-04 10:31 . 2009-08-31 15:56 103736 —-a-w- c:windowssystem32PnkBstrB.exe
2009-10-25 07:01 . 2008-04-15 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-10-25 07:01 . 2008-04-15 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-10-09 21:38 . 2009-10-09 21:38 201616 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001bbRGen.dll
2009-10-05 19:47 . 2009-09-06 20:23
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-09-28 13:44 . 2009-09-28 13:38
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Toolbar
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Lite
2009-09-28 13:38 . 2009-09-05 09:13 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-09-27 19:34 . 2009-05-18 08:45
d
w- c:program filesCommon FilesAdobe
2009-09-27 19:33 . 2009-09-16 07:06
d
w- c:program filesCommon FilesAhead
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:program filesNero
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:documents and settingsAll UsersApplication DataNero
2009-09-27 19:33 . 2009-09-15 10:16
d
w- c:program filesTetatet
2009-09-27 19:33 . 2009-09-15 10:12
d
w- c:program filesOnline TV Player 4
2009-09-27 19:33 . 2009-09-15 09:56
d
w- c:program filesWebTV
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataROALDevelopment
2009-09-27 19:33 . 2009-09-15 10:20
d
w- c:program filesRadioClicker LITE
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:program filesCommon FilesXstream
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataInstallShield
2009-09-27 19:33 . 2009-09-15 09:27
d
w- c:program filesXviD
2009-09-27 19:32 . 2009-05-20 20:24
d
w- c:program filesDivX
2009-09-27 19:31 . 2009-05-18 08:47
d
w- c:program filesK-Lite Codec Pack
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_6FEFF9B68218417F98F549.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_421FE54573FB5C215E711E.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_16554A15DC1F44106A7456.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_136A3CF0786CC69E72229C.exe
2009-09-11 09:18 . 2009-09-11 09:16 19527 —-a-w- c:windowshpqins13.dat
2009-09-11 08:49 . 2009-09-06 17:53 112848 —-a-w- c:windowshpoins07.dat
2009-09-10 06:42 . 2005-01-24 06:30 139264 —-a-w- c:windowssystem32hpzjrd01.dll
2009-09-06 20:33 . 2009-05-30 12:11 46872 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-06 20:33 . 2009-09-06 20:33 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-09-06 20:33 . 2009-09-06 20:30 71647 —-a-w- c:windowshpqins09.dat
2009-09-05 11:31 . 2009-09-05 11:31 22980 —ha-w- c:windowssystem32mlfcache.dat
2009-09-01 20:09 . 2009-09-01 20:09 0 —-a-w- c:windowsnsreg.dat
2009-08-31 15:55 . 2009-08-31 15:55 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-08-29 07:58 . 2008-08-20 06:06 916480
w- c:windowssystem32wininet.dll
2009-06-10 10:47 . 2009-06-10 10:47 4643 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-10 10:47 . 2009-06-10 10:47 1214827 —-a-w- c:program filesCommon Filesunins000.exe
.
Sigcheck
[-] 2008-08-20 . 5FD0BC6E39FAF7E2A4CB9EDDE925CF33 . 952320 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2008-08-20 . FBC0451EE7C39EE98CF622AD1C6ACE96 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-07_14.27.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 16:28 . 2009-11-15 16:28 16384 c:windowsTempPerflib_Perfdata_620.dat
— 2009-11-07 14:26 . 2009-11-07 14:26 53248 c:windowsTempcatchme.dll
+ 2009-11-15 18:27 . 2009-11-15 18:27 53248 c:windowsTempcatchme.dll
+ 2009-08-23 13:44 . 2009-11-07 15:10 19972 c:windowssystem32Restorerstrlog.dat
+ 2009-10-23 03:32 . 2009-10-23 03:32 98304 c:windowssystem32MacromedShockwave 10SwOnce.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 86016 c:windowssystem32MacromedShockwave 10SwMenuX.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 77824 c:windowssystem32MacromedShockwave 10SwInit.exe
+ 2009-10-23 03:32 . 2009-10-23 03:32 24576 c:windowssystem32MacromedShockwave 10DynaPlayer.dll
+ 2009-11-13 10:37 . 2009-10-09 02:54 43696 c:windowssystem32driversNAV1101000.013srtspx.sys
+ 2009-11-12 18:39 . 2009-11-12 18:39 87618 c:windowssystem32AdobeShockwave 11uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:windowssystem32AdobeShockwave 11SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:windowssystem32AdobeShockwave 11gtapi.dll
+ 2009-10-29 05:45 . 2009-10-29 05:45 67000 c:windowssystem32AdobeDirectorSWDNLD.EXE
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:windowssystem32AdobeShockwave 11DynaPlayer.dll
+ 2009-05-18 08:09 . 2009-11-07 15:18 2426 c:windowspchealthhelpctrPackageStoreSkuStore.bin
+ 2009-05-18 08:09 . 2009-11-07 15:17 8972 c:windowspchealthhelpctrConfigCntstore.bin
+ 2009-05-18 08:07 . 2008-10-16 11:07 208744 c:windowssystem32muweb.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 180224 c:windowssystem32MacromedShockwave 10Proj.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 475136 c:windowssystem32MacromedShockwave 10PluginPing.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 339968 c:windowssystem32MacromedShockwave 10Plugin.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 606208 c:windowssystem32MacromedShockwave 10iml32X.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 471040 c:windowssystem32MacromedShockwave 10Control.dll
+ 2009-11-13 10:37 . 2009-10-15 01:50 339504 c:windowssystem32driversNAV1101000.013symtdiv.sys
+ 2009-11-13 10:37 . 2009-10-15 01:50 361520 c:windowssystem32driversNAV1101000.013symtdi.sys
+ 2009-11-13 10:37 . 2009-10-09 02:55 171056 c:windowssystem32driversNAV1101000.013SymEFA.sys
+ 2009-11-13 10:37 . 2009-11-05 22:06 328752 c:windowssystem32driversNAV1101000.013SymDS.sys
+ 2009-11-13 10:37 . 2009-10-09 02:54 325168 c:windowssystem32driversNAV1101000.013srtsp.sys
+ 2009-11-13 10:37 . 2009-10-09 02:54 114736 c:windowssystem32driversNAV1101000.013Ironx86.sys
+ 2009-11-13 10:37 . 2009-10-20 06:35 501888 c:windowssystem32driversNAV1101000.013cchpx86.sys
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:windowssystem32AdobeShockwave 11SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:windowssystem32AdobeShockwave 11SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:windowssystem32AdobeShockwave 11Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:windowssystem32AdobeShockwave 11Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:windowssystem32AdobeShockwave 11gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:windowssystem32AdobeShockwave 11Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:windowssystem32AdobeDirectorSwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:windowssystem32AdobeDirectornp32dsw.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 1490944 c:windowssystem32MacromedShockwave 10dirapiX.dll
+ 2007-03-09 19:51 . 2009-02-06 09:35 1486208 c:windowssystem32LegitCheckControl.DLL
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:windowssystem32AdobeShockwave 11iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:windowssystem32AdobeShockwave 11gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:windowssystem32AdobeShockwave 11dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccleaner»=»c:program filesCCleanerccleaner.exe» [2009-05-07 1561840]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-10-25 289072]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-07-08 39408]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-05-18 949376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«Malwarebytes Anti-Malware (reboot)»=»d:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-11-15 122880]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-03 782336]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«LinkDel»=»linkdel.cmd» — c:windowssystem32LINKDEL.CMD [2008-08-21 2324]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *BtDfSDK
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Image Zone.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Image Zone.lnk
backup=c:windowspssБыстрый запуск HP Image Zone.lnkCommon Startup
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» -autorun
«ctfmon.exe»=c:windowssystem32ctfmon.exe
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» /autorun
«Cmaudio»=RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«Start»=dword:00000004
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
R0 SymDS;Symantec Data Store;c:windowssystem32driversNAV1101000.013SymDS.sys [13.11.2009 13:37 328752]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1101000.013SymEFA.sys [13.11.2009 13:37 171056]
R1 BHDrvx86;BHDrvx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys [10.10.2009 0:38 508976]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1101000.013cchpx86.sys [13.11.2009 13:37 501888]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [18.05.2009 11:50 15424]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNAV1101000.013Ironx86.sys [13.11.2009 13:37 114736]
R2 NAV;Norton AntiVirus;c:program filesNorton AntiVirusEngine17.1.0.19ccSvcHst.exe [13.11.2009 13:37 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [09.11.2009 2:20 102448]
R3 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSXpx86.sys [13.11.2009 13:38 329592]
S2 EraserSvc10920;Symantec Eraser Service;»c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe» /h ccCommon —> c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [?]
S2 gupdate1c9fff3b5626992;Служба Google Update (gupdate1c9fff3b5626992);c:program filesGoogleUpdateGoogleUpdate.exe [08.07.2009 20:44 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys —> e:NTGLM7X.sys [?]
— Other Services/Drivers In Memory —
*Deregistered* — mbr
*Deregistered* — PROCEXP113
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder
2009-11-15 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-18 17:36]
2009-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]
2009-11-15 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]
2009-11-15 c:windowsTasksUser_Feed_Synchronization-{86385FE9-C96D-47C7-89D3-7A5DE9D05FB1}.job
— c:windowssystem32msfeedssync.exe [2009-05-18 01:31]
2009-10-30 c:windowsTasksОдним Щелчком.job
— c:program filesTuneUp Utilities 2007SystemOptimizer.exe [2007-08-14 19:15]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Експорт до Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:windowssystem32imon.dll
TCP: {8CF7EB27-1F95-4E58-A1F4-E28993ADAB5B} = 193.27.209.209 217.9.0.2
TCP: {FA95879A-1023-4EC3-9182-7CF3EB012527} = 172.27.0.1,193.27.209.1
.
— — — — ORPHANS REMOVED — — — —
AddRemove-The KMPlayer — c:program filesThe KMPlayeruninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 21:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x823DC1F8]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesNAV]
«ImagePath»=»»c:program filesNorton AntiVirusEngine17.1.0.19ccSvcHst.exe» /s «NAV» /m «c:program filesNorton AntiVirusEngine17.1.0.19diMaster.dll» /prefetch:1″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(720)
c:windowssystem32cscui.dll
— — — — — — — > ‘lsass.exe'(776)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
— — — — — — — > ‘explorer.exe'(928)
c:windowssystem32WININET.dll
c:windowsSystem32cscui.dll
c:program filesGoogleQuick Search Boxbin1.2.1150.158qsb.dll
c:program filesVolumeControlwheel.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32webcheck.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-11-15 21:29
ComboFix-quarantined-files.txt 2009-11-15 18:29
ComboFix2.txt 2009-11-07 14:30
Pre-Run: 3 329 912 832 байт свободно
Post-Run: 3 303 907 328 байт свободно
— — End Of File — — F7946DADC141035071947E3D62EAB42D
