Здравствуйте.
Сделал как вы напилсали:
ComboFix 09-03-22.01 — Администратор 2009-03-24 0:05:44.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1449 [GMT 2:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-23 23:44 . 2009-03-23 23:45 784 —a
c:windowssystem32driverskgpcpy.cfg
2009-03-23 23:43 . 2009-03-23 23:43 d
c:program filesMultimedia Keyboard Driver
2009-03-23 23:32 . 2009-03-23 23:32 d
c:program filesOffice Keyboard Driver
2009-03-23 18:39 . 2008-07-26 17:26 4,658,584 —a
c:windowssystem32driverslvuvc.sys
2009-03-23 18:39 . 2008-07-26 17:25 627,864 —a
c:windowssystem32driverslvrs.sys
2009-03-23 18:39 . 2008-07-26 17:26 490,008 —a
c:windowssystem32LVUI2.dll
2009-03-23 18:39 . 2008-07-26 17:26 465,432 —a
c:windowssystem32LVUI2RC.dll
2009-03-23 18:39 . 2008-07-26 17:23 416,280 —a
c:windowssystem32LVCodec2.dll
2009-03-23 18:39 . 2008-07-26 16:42 66,482 —a
c:windowssystem32lvcoinst.ini
2009-03-23 18:39 . 2008-07-26 17:26 41,752 —a
c:windowssystem32driversLVUSBSta.sys
2009-03-23 18:39 . 2008-07-26 16:46 25,974 —a
c:windowssystem32Repository.reg
2009-03-23 18:39 . 2008-07-26 17:26 23,832 —a
c:windowssystem32driverslvuvcflt.sys
2009-03-23 11:06 . 2009-03-23 11:06 d
c:program filesMicrosoft Silverlight
2009-03-23 11:06 . 2009-03-23 11:06 d
c:program filesMicrosoft
2009-03-23 10:29 . 2009-03-23 10:31 d
c:documents and settingsAll UsersApplication DataSymplisIT
2009-03-23 00:58 . 2009-03-23 00:58 d
c:program filesCommon FilesSkype
2009-03-23 00:28 . 2009-03-23 00:58 dr
c:program filesSkype
2009-03-22 11:06 . 2008-03-21 13:57 14,640
c:windowssystem32spmsgXP_2k3.dll
2009-03-22 11:06 . 2009-03-22 11:06 0 —ah
c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-22 11:06 . 2009-03-22 11:06 0 —ah
c:windowssystem32driversMsft_Kernel_ggsemc_01007.Wdf
2009-03-22 10:58 . 2009-03-22 10:58 1,107,296 —a
c:windowssystem32WdfCoInstaller01007.dll
2009-03-22 10:58 . 2009-03-22 10:58 24,616 —a
c:windowssystem32driversggsemc.sys
2009-03-22 10:58 . 2009-03-22 10:58 13,224 —a
c:windowssystem32driversggflt.sys
2009-03-22 10:52 . 2009-03-22 10:52 d
c:program filesAvanquest update
2009-03-22 10:52 . 2009-03-22 10:52 d
c:documents and settingsAll UsersApplication DataBVRP Software
2009-03-22 10:51 . 2009-03-22 10:57 d
c:program filesSony Ericsson
2009-03-22 10:51 . 2009-03-22 10:51 d
c:documents and settingsAll UsersApplication DataSony Ericsson
2009-03-22 10:51 . 2008-05-16 11:33 120,744 —a
c:windowssystem32driverss0016mdm.sys
2009-03-22 10:51 . 2008-05-16 11:33 115,752 —a
c:windowssystem32driverss0016unic.sys
2009-03-22 10:51 . 2008-05-16 11:33 114,216 —a
c:windowssystem32driverss0016mgmt.sys
2009-03-22 10:51 . 2008-05-16 11:33 110,632 —a
c:windowssystem32driverss0016obex.sys
2009-03-22 10:51 . 2008-05-16 11:33 89,256 —a
c:windowssystem32driverss0016bus.sys
2009-03-22 10:51 . 2008-05-16 11:33 25,512 —a
c:windowssystem32driverss0016nd5.sys
2009-03-22 10:51 . 2008-05-16 11:33 15,016 —a
c:windowssystem32driverss0016mdfl.sys
2009-03-22 10:51 . 2008-05-16 11:33 12,200 —a
c:windowssystem32driverss0016whnt.sys
2009-03-22 10:51 . 2008-05-16 11:33 12,200 —a
c:windowssystem32driverss0016wh.sys
2009-03-22 10:51 . 2008-05-16 11:33 12,200 —a
c:windowssystem32driverss0016cmnt.sys
2009-03-22 10:51 . 2008-05-16 11:33 12,200 —a
c:windowssystem32driverss0016cm.sys
2009-03-22 10:51 . 2008-05-16 11:33 10,792 —a
c:windowssystem32driverss0016cr.sys
2009-03-21 22:32 . 2009-03-21 22:32 d
c:documents and settingsГостьApplication DataMacromedia
2009-03-21 22:32 . 2009-03-21 22:32 d
c:documents and settingsГостьApplication DataAdobe
2009-03-21 22:31 . 2009-03-21 22:31 d
c:documents and settingsГостьApplication DataGoogle
2009-03-21 22:29 . 2009-03-21 22:29 dr-h
c:documents and settingsГостьSendTo
2009-03-21 22:29 . 2009-03-21 22:29 dr-h
c:documents and settingsГостьSendTo
2009-03-21 22:29 . 2009-03-21 22:29 dr-h
c:documents and settingsГостьRecent
2009-03-21 22:29 . 2009-03-21 22:29 dr-h
c:documents and settingsГостьRecent
2009-03-21 22:29 . 2009-03-24 00:06 d—h
c:documents and settingsГостьLocal Settings
2009-03-21 22:29 . 2009-03-24 00:06 d—h
c:documents and settingsГостьLocal Settings
2009-03-21 22:29 . 2009-03-22 23:58 d—hs—- c:documents and settingsГостьCookies
2009-03-21 22:29 . 2009-03-22 23:58 d—hs—- c:documents and settingsГостьCookies
2009-03-21 22:29 . 2009-03-21 22:29 d—s—- c:documents and settingsГостьApplication DataMicrosoft
2009-03-21 22:29 . 2009-03-21 22:29 d
c:documents and settingsГостьApplication DataIdentities
2009-03-21 22:29 . 2009-03-21 22:29 d
c:documents and settingsГостьApplication DataATI
2009-03-21 22:29 . 2009-03-21 22:29 d—s—- c:documents and settingsГостьApplication Data
2009-03-21 22:29 . 2009-03-21 22:29 d—s—- c:documents and settingsГостьApplication Data
2009-03-21 22:29 . 2008-12-23 20:54 d—h
c:documents and settingsГостьШаблоны
2009-03-21 22:29 . 2008-12-23 20:54 d—h
c:documents and settingsГостьШаблоны
2009-03-21 22:29 . 2008-12-23 23:50 d
c:documents and settingsГостьРабочий стол
2009-03-21 22:29 . 2008-12-23 23:50 d
c:documents and settingsГостьРабочий стол
2009-03-21 22:29 . 2009-03-21 22:29 dr
c:documents and settingsГостьМои документы
2009-03-21 22:29 . 2009-03-21 22:29 dr
c:documents and settingsГостьМои документы
2009-03-21 22:29 . 2008-12-23 23:50 dr
c:documents and settingsГостьГлавное меню
2009-03-21 22:29 . 2008-12-23 23:50 dr
c:documents and settingsГостьГлавное меню
2009-03-21 22:29 . 2009-03-21 22:29 dr
c:documents and settingsГостьИзбранное
2009-03-21 22:29 . 2009-03-21 22:29 dr
c:documents and settingsГостьИзбранное
2009-03-21 22:29 . 2009-03-21 22:39 d
c:documents and settingsГость
2009-03-21 22:29 . 2009-03-21 22:39 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-21 22:29 . 2009-03-21 22:39 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-19 18:34 . 2009-03-20 22:49 8,556,576 —ahs—- c:windowssystem32driversfidbox.dat
2009-03-19 18:34 . 2009-03-20 22:49 103,436 —ahs—- c:windowssystem32driversfidbox.idx
2009-03-19 12:29 . 2009-03-19 12:29 d
c:documents and settingsАдминистраторDoctorWeb
2009-03-19 12:29 . 2009-03-19 12:29 d
c:documents and settingsАдминистраторDoctorWeb
2009-03-18 01:48 . 2009-03-18 02:40 d
c:program filesSTOPzilla!
2009-03-18 01:16 . 2008-04-15 14:00 26,624 —a
c:windowssystem32userinit.exe
2009-03-18 01:16 . 2008-04-15 14:00 26,624 —a—c— c:windowssystem32dllcacheuserinit.exe
2009-03-17 22:35 . 2009-03-17 22:35 d
c:program filesEnigma Software Group
2009-03-17 19:51 . 2009-03-17 19:51 d
c:documents and settingsАдминистраторApplication DataChemTable Software
2009-03-17 14:25 . 2009-03-17 18:44 d
C:rsit
2009-03-17 14:25 . 2009-03-17 18:44 d
c:program filestrend micro
2009-03-17 13:23 . 2009-03-17 23:57 d
c:program filesMalwarebytes’ Anti-Malware
2009-03-17 13:23 . 2009-03-17 13:23 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-17 13:23 . 2009-03-17 13:23 d
c:documents and settingsАдминистраторApplication DataMalwarebytes
2009-03-17 13:23 . 2009-02-11 10:19 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-03-17 13:23 . 2009-02-11 10:19 15,504 —a
c:windowssystem32driversmbam.sys
2009-03-10 22:00 . 2009-03-10 22:56 72 —a
c:windowssbwin.ini
2009-03-04 15:33 . 2009-03-04 15:33 17,408 -ra
c:windowssystem32SZIO5.dll
2009-03-04 15:32 . 2009-03-04 15:32 294,912 -ra
c:windowssystem32SZBase5.dll
2009-03-04 15:31 . 2009-03-04 15:31 540,672 -ra
c:windowssystem32SZComp5.dll
2009-03-02 22:51 . 2009-03-02 22:51 d
c:program filesGames
2009-03-01 15:49 . 2008-04-14 18:10 159,232 —a
c:windowssystem32ptpusd.dll
2009-03-01 15:49 . 2001-10-19 21:06 5,632 —a
c:windowssystem32ptpusb.dll
2009-02-28 19:33 . 2009-02-28 20:16 107,888 —a
c:windowssystem32CmdLineExt.dll
2009-02-27 09:21 . 2006-10-19 03:11 12,096 —a
c:windowssystem32driversAsInsHelp64.sys
2009-02-27 09:21 . 2006-10-19 03:11 10,304 —a
c:windowssystem32driversAsInsHelp32.sys
2009-02-26 15:34 . 2009-02-26 15:34 d
c:program filesCommon FilesABBYY
2009-02-26 15:34 . 2009-02-26 15:35 d
c:program filesABBYY FineReader 9.0
2009-02-26 13:06 . 2009-02-26 13:06 d
c:program filesFormatFactory
2009-02-25 20:05 . 2009-01-09 21:19 1,089,883
c— c:windowssystem32dllcachentprint.cat
2009-02-25 15:29 . 2009-02-25 15:29 54,912 -ra
c:windowssystem32driversSZKG.sys
2009-02-23 19:46 . 2007-03-24 12:00 22,016 -ra
c:windowssystem32rspmmpsy.sys
2009-02-23 19:35 . 2009-02-23 19:35 356,352 —a
c:windowseSellerateEngine.dll
2009-02-23 09:52 . 2009-02-23 09:52 d
c:program filesMicrosoft CAPICOM 2.1.0.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 22:03
d
w c:documents and settingsAll UsersApplication DataSTOPzilla!
2009-03-23 21:59
d
w c:documents and settingsАдминистраторApplication DatauTorrent
2009-03-23 21:48
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-23 21:44 0 —-a-w c:windowssystem32driverslogiflt.iad
2009-03-23 21:43
d—h—w c:program filesInstallShield Installation Information
2009-03-23 21:20 0 —-a-w c:windowssystem32driverslvuvc.hs
2009-03-23 18:26
d
w c:program filesCommon FilesLogiShrd
2009-03-23 16:55
d
w c:documents and settingsАдминистраторApplication DataSkype
2009-03-23 16:54
d
w c:documents and settingsАдминистраторApplication DataskypePM
2009-03-23 09:06
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-03-22 22:58
d
w c:documents and settingsAll UsersApplication DataSkype
2009-03-21 11:48
d
w c:documents and settingsAll UsersApplication DataSITEguard
2009-03-19 15:58
d
w c:program filesCommon FilesAdobe
2009-03-17 21:51 944 —-a-w c:documents and settingsАдминистраторApplication Datafieryads.dat
2009-03-16 18:53
d
w c:program filesVoipCheap
2009-03-10 20:46
d
w c:program filesCreative
2009-03-10 14:06
d—h—w c:program filesCreative Installation Information
2009-03-05 08:41 2,068,760 —-a-w c:windowssystem32AutoPartNt.exe
2009-02-28 18:40
d
w c:program filesDivX
2009-02-28 18:26
d
w c:program filesMicrosoft Games for Windows — LIVE
2009-02-27 07:24
d
w c:program filesAsus
2009-02-22 21:42
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-02-22 13:19
d
w c:documents and settingsАдминистраторApplication DataLeadertech
2009-02-22 13:18
d
w c:documents and settingsAll UsersApplication DataLogitech
2009-02-19 07:07
d
w c:documents and settingsAll UsersApplication DataATI
2009-02-19 07:07
d
w c:documents and settingsАдминистраторApplication DataATI
2009-02-19 07:02
d
w c:program filesATI Technologies
2009-02-18 21:54
d
w c:program filesAC3Filter
2009-02-18 07:03
d
w c:documents and settingsAll UsersApplication DataDriverCure
2009-02-18 06:42
d
w c:documents and settingsAll UsersApplication DataHagel Technologies
2009-02-17 22:55
d
w c:program filesMouse Driver
2009-02-17 18:12
d
w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-02-17 08:12
d
w c:documents and settingsAll UsersApplication DataParetoLogic
2009-02-17 08:12
d
w c:documents and settingsАдминистраторApplication DataDriverCure
2009-02-16 16:23
d
w c:program filesCommon FilesiS3
2009-02-16 16:04
d
w c:documents and settingsАдминистраторApplication DataSTOPzilla!
2009-02-16 13:56
d
w c:program filesADSLNet
2009-02-16 11:37
d
w c:program filesSmartPCTools
2009-02-15 20:40
d
w c:documents and settingsАдминистраторApplication DataACD Systems
2009-02-15 20:37
d
w c:program filesCommon FilesACD Systems
2009-02-15 20:36
d
w c:program filesACD Systems
2009-02-15 20:36
d
w c:documents and settingsAll UsersApplication DataACD Systems
2009-02-15 12:27
d
w c:documents and settingsАдминистраторApplication DataLavasoft
2009-02-14 06:53 57,344 —-a-w c:windowssystem32RO7D9F.tmp
2009-02-10 19:52
d—h—r c:documents and settingsАдминистраторApplication DataSecuROM
2009-02-10 18:53 30,208 —-a-w c:windowssystem32borlndmm.dll
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-07 17:42
d
w c:documents and settingsАдминистраторApplication DataAutodesk
2009-02-07 17:33
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-07 17:13
d
w c:program filesCommon FilesAutodesk Shared
2009-02-07 17:13
d
w c:program filesAutoCAD 2006
2009-02-07 17:12
d
w c:program filesAnswerWorks 4.0
2009-02-07 17:02
d
w c:program filesAutodesk
2009-02-06 11:55 126,976 —-a-r c:windowssystem32IS3HTUI5.dll
2009-02-06 11:54 393,216 —-a-r c:windowssystem32IS3DBA5.dll
2009-02-06 11:54 372,736 —-a-r c:windowssystem32IS3UI5.dll
2009-02-06 11:53 61,440 —-a-r c:windowssystem32IS3Hks5.dll
2009-02-06 11:53 23,040 —-a-r c:windowssystem32IS3XDat5.dll
2009-02-06 11:53 221,184 —-a-r c:windowssystem32IS3Win325.dll
2009-02-06 11:52 94,208 —-a-r c:windowssystem32IS3Inet5.dll
2009-02-06 11:52 90,112 —-a-r c:windowssystem32IS3Svc5.dll
2009-02-06 11:49 716,800 —-a-r c:windowssystem32IS3Base5.dll
2009-02-03 21:35
d
w c:documents and settingsАдминистраторApplication DataABBYY
2009-02-03 21:34
d
w c:documents and settingsAll UsersApplication DataABBYY
2009-02-03 20:10
d
w c:program filese-Life Pal
2009-02-03 19:52
d
w c:program filesBearPaw 6400TA Pro
2009-01-29 22:03 361,600 —-a-w c:windowssystem32driverstcpip.sys
2009-01-29 10:59
d
w c:documents and settingsAll UsersApplication DataIncrediMail
2009-01-29 10:59
d
w c:documents and settingsAll UsersApplication DataIM
2009-01-29 09:08
d
w c:documents and settingsAll UsersApplication DataArcSoft
2009-01-29 08:42
d
w c:program filesCommon FilesArcSoft
2009-01-29 07:32
d
w c:documents and settingsАдминистраторApplication DataArcSoft
2009-01-14 05:46 11,591,680 —-a-w c:windowssystem32atioglxx.dll
2009-01-14 04:53 286,720 —-a-w c:windowssystem32atiok3x2.dll
2009-01-14 04:49 425,984 —-a-w c:windowssystem32ATIDEMGX.dll
2009-01-14 04:47 323,584 —-a-w c:windowssystem32ati2dvag.dll
2009-01-14 04:36 26,112 —-a-w c:windowssystem32Ati2mdxx.exe
2009-01-14 04:36 196,608 —-a-w c:windowssystem32atipdlxx.dll
2009-01-14 04:36 151,552 —-a-w c:windowssystem32Oemdspif.dll
2009-01-14 04:35 43,520 —-a-w c:windowssystem32ati2edxx.dll
2009-01-14 04:35 155,648 —-a-w c:windowssystem32ati2evxx.dll
2009-01-14 04:34 598,016 —-a-w c:windowssystem32ati2evxx.exe
2009-01-14 04:32 53,248 —-a-w c:windowssystem32ATIDDC.DLL
2009-01-14 04:22 4,009,152 —-a-w c:windowssystem32ati3duag.dll
2009-01-14 04:05 2,500,224 —-a-w c:windowssystem32ativvaxx.dll
2009-01-14 03:50 48,640 —-a-w c:windowssystem32amdpcom32.dll
2009-01-14 03:45 401,408 —-a-w c:windowssystem32atikvmag.dll
2009-01-14 03:44 17,408 —-a-w c:windowssystem32atitvo32.dll
2009-01-14 03:44 110,592 —-a-w c:windowssystem32atiadlxx.dll
2009-01-14 03:37 577,536 —-a-w c:windowssystem32ati2cqag.dll
2009-01-14 03:37 307,200 —-a-w c:windowssystem32atiiiexx.dll
2009-01-14 02:36 45,056 —-a-w c:windowssystem32amdcalrt.dll
2009-01-14 02:36 45,056 —-a-w c:windowssystem32amdcalcl.dll
2009-01-14 02:34 3,227,648 —-a-w c:windowssystem32Amdcaldd.dll
2009-01-13 19:05 593,920
w c:windowssystem32ati2sgag.exe
.
Sigcheck
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2007-08-08 12:58 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:windows$NtServicePackUninstall$tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:windowsServicePackFilesi386tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:windowssystem32dllcachetcpip.sys
2009-01-30 00:03 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-23_21.14.43.42 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-02-08 09:10:12 4,710 —-a-r c:windowsInstaller{31C63A8A-D9AB-4300-828B-86B41F59FAE1}ARPPRODUCTICON.exe
+ 2009-03-23 21:43:19 4,710 —-a-r c:windowsInstaller{31C63A8A-D9AB-4300-828B-86B41F59FAE1}ARPPRODUCTICON.exe
+ 2009-03-23 21:32:26 4,710 —-a-r c:windowsInstaller{85BB0293-F98F-4EE5-9397-8F9E1DFEE0B0}ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-02-09 270128]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-01-09 68856]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]
«Registry Repair Wizard Scheduler»=»c:program filesSmartPCToolsRegistry Repair WizardRCHelper.exe» [2009-01-24 1052928]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Creative Detector»=»c:program filesCreativeMediaSourceDetectorCTDetect.exe» [2004-12-02 102400]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2006-05-14 200704]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«TrueImageMonitor.exe»=»c:program filesAcronisTrueImageHomeTrueImageMonitor.exe» [2008-11-04 4382376]
«CTSysVol»=»c:program filesCreativeSBAudigySurround MixerCTSysVol.exe» [2005-02-15 57344]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«DLA»=»c:windowsSystem32DLADLACTRLW.EXE» [2006-06-13 127036]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«AcronisTimounterMonitor»=»c:program filesAcronisTrueImageHomeTimounterMonitor.exe» [2008-11-04 962136]
«Acronis Scheduler2 Service»=»c:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2008-11-04 165144]
«WireLessKeyboard»=»c:program filesMultimedia Keyboard DriverStartAutorun.exe» [2005-11-30 94208]
«Ярлык для страницы свойств High Definition Audio»=»HDAShCut.exe» [2005-12-26 c:windowssystem32hdashcut.exe]
«P17Helper»=»P17.dll» [2005-05-03 c:windowssystem32P17.DLL]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2007-07-02 132608]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7-012″=»advpack.dll» [2008-12-21 c:windowssystem32advpack.dll]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
[HKLM~startupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^is-9N2BV.lnk]
path=c:documents and settingsАдминистраторГлавное менюПрограммыАвтозагрузкаis-9N2BV.lnk
backup=c:windowspssis-9N2BV.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«LVCOMSer»=2 (0x2)
«WZCSVC»=2 (0x2)
«srservice»=2 (0x2)
«SENS»=2 (0x2)
«RemoteRegistry»=3 (0x3)
«RasAuto»=3 (0x3)
«helpsvc»=2 (0x2)
«ERSvc»=2 (0x2)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\VoipCheap\VoipCheap.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Sony Ericsson\Update Service\Update Service.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
R0 snapman380;Acronis Snapshots Manager (Build 380);c:windowssystem32driverssnman380.sys [2009-01-20 134272]
R0 szkg5;szkg;c:windowssystem32driversSZKG.sys [2009-02-25 54912]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:windowssystem32driverstdrpm147.sys [2009-01-20 971232]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:program filesCyberLinkPowerDVD000.fcl [2008-05-07 16:51:10 61424]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowssystem32driversAmps2prt.sys [2006-05-16 13824]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2009-01-01 9216]
S0 BtHidBus;Bluetooth HID Bus Service;c:windowssystem32driversBtHidBus.sys [2009-01-07 20744]
S3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32driversbtnetBus.sys [2008-12-07 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:windowssystem32driversggflt.sys [2009-03-22 13224]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32driversIvtBtBus.sys [2008-07-02 26248]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:windowssystem32driverss0016bus.sys [2009-03-22 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:windowssystem32driverss0016mdfl.sys [2009-03-22 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:windowssystem32driverss0016mdm.sys [2009-03-22 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss0016mgmt.sys [2009-03-22 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:windowssystem32driverss0016nd5.sys [2009-03-22 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:windowssystem32driverss0016obex.sys [2009-03-22 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:windowssystem32driverss0016unic.sys [2009-03-22 115752]
S3 utmymjk3;AVZ Kernel Driver;??c:windowssystem32Driversutmymjk3.sys —> c:windowssystem32Driversutmymjk3.sys [?]
.
Contents of the ‘Scheduled Tasks’ folder
2009-02-17 c:windowsTasksDriverCure.job
— c:program filesParetoLogicDriverCureDriverCure.exe []
2009-02-28 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1417001333-838170752-725345543-500.job
— c:documents and settings [2009-03-21 22:29]
2009-02-08 c:windowsTasksUser_Feed_Synchronization-{F21138DE-5BD5-4C7A-9851-FD09C7484066}.job
— c:windowssystem32msfeedssync.exe [2007-06-27 08:04]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.delfi.lv/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:program filesCommon FilesiS3Anti-SpywareiS3lsp.dll
TCP: {0EE84FB8-ED6F-45DE-A064-0B6DD7CC7E1F} = 195.216.160.130,159.148.60.20
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 00:06:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(948)
c:windowssystem32Ati2evxx.dll
— — — — — — — > ‘lsass.exe'(1004)
c:program filesCommon FilesiS3Anti-SpywareiS3lsp.dll
.
Completion time: 2009-03-24 0:07:18
ComboFix-quarantined-files.txt 2009-03-23 22:07:16
ComboFix2.txt 2009-03-23 19:15:12
Pre-Run: 20 143 218 688 байт свободно
Post-Run: 20,134,436,864 байт свободно
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=Alwaysoff /fastdetect /usepmtimer
352 — E O F — 2009-03-23 06:55:59
