Добрый день,Валерий!Спасибо за ответ!
Если нажимаешь на пустом месте рабочего стола все работает как и должно работать,а также работает ярлык «Мой компьютер» кликаю правой клавишей все работает, а вот со всеми остальными ярлыками , файлами, папками -зависает!Если не с рабочего стола открываешь правой клавишей, тоже виснет, но там хоть через диспетчера задач снимаешь задачу и не нужно перегружаться. Прилагаю лог Combofix.
ComboFix 09-06-17.02 — Admin 18.06.2009 13:10.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.563 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windowssystem32IoctlSvc.exe
c:documents and settingsAdminApplication Datainst.exe
c:windowsIE4 Error Log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_PLFlash_DeviceIoControl_Service
Service_PLFlash DeviceIoControl Service
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-17 06:03 . 2009-06-17 06:03 603904 —-a-w- c:windowssystem32TUProgSt.exe
2009-06-17 06:03 . 2009-06-17 06:03 360192 —-a-w- c:windowssystem32TuneUpDefragService.exe
2009-06-17 06:03 . 2008-12-11 09:31 27904 —-a-w- c:windowssystem32uxtuneup.dll
2009-06-17 06:03 . 2009-06-17 06:03
d
w- c:documents and settingsAdminApplication DataTuneUp Software
2009-06-17 06:02 . 2009-06-17 06:02
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-06-17 06:02 . 2009-06-17 06:05
d
w- c:program filesTuneUp Utilities 2009
2009-06-17 06:02 . 2009-06-17 06:02
d-sh—w- c:documents and settingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 21:32 . 2009-06-15 20:59
d
w- C:rsit
2009-06-13 21:32 . 2009-06-15 20:57
d
w- c:program filestrend micro
2009-06-12 11:34 . 2009-06-12 11:34
d
w- c:documents and settingsAll UsersApplication DataCrystalIdea Software
2009-06-12 09:06 . 2009-06-12 09:06
d
w- c:documents and settingsAdminLocal SettingsApplication DataNero
2009-06-07 12:25 . 2009-06-07 12:25
d
w- c:documents and settingsAdminApplication DataBinarySense
2009-06-07 12:25 . 2009-06-08 03:51
d
w- c:program filesCommon FilesBinarySense
2009-06-07 12:25 . 2009-06-07 12:25
d
w- c:program filesBinarySense
2009-06-07 10:31 . 2009-06-08 19:02
d
w- c:documents and settingsAdminApplication DataLavasoft
2009-06-07 07:26 . 2008-04-13 20:15 10368 —-a-w- c:windowssystem32drivershidusb.sys
2009-06-05 10:49 . 2009-06-05 10:49
d
w- c:documents and settingsAdminDoctorWeb
2009-05-28 10:39 . 2009-04-03 11:23 1175256 —-a-w- c:windowssystem32driversVBEngNT.sys
2009-05-28 10:39 . 2009-04-06 07:37 704384 —-a-w- c:windowssystem32driversSandBox.sys
2009-05-28 10:39 . 2009-02-10 12:15 257432 —-a-w- c:windowssystem32driversafwcore.sys
2009-05-28 10:38 . 2009-02-18 13:30 31128 —-a-w- c:windowssystem32driversafw.sys
2009-05-28 10:38 . 2009-06-17 19:34
d
w- c:windowssystem32Filt
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:program filesAgnitum
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:documents and settingsAdminApplication DataAgnitum
2009-05-28 10:38 . 2009-05-28 10:38
d
w- c:documents and settingsAll UsersApplication DataAgnitum
2009-05-27 15:41 . 2009-05-27 15:41
d
w- c:program filesAshampoo
2009-05-20 14:51 . 2009-05-20 14:51
d
w- C:bin
2009-05-20 14:50 . 2009-05-20 14:50
d
w- c:program filesCommon FilesSonic Shared
2009-05-20 14:49 . 2009-05-20 14:50
d
w- c:program filesCommon FilesHP
2009-05-20 14:47 . 2009-05-20 14:47
d
w- c:program filesHewlett-Packard
2009-05-20 14:42 . 2009-05-20 14:53 118968 —-a-w- c:windowshpoins11.dat
2009-05-20 14:19 . 2009-05-20 14:53
d
w- c:documents and settingsAdminApplication DataHP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 08:49 . 2009-05-16 21:17
d
w- c:documents and settingsAdminApplication DataXnView
2009-06-12 07:59 . 2008-04-15 12:00 84660 —-a-w- c:windowssystem32perfc019.dat
2009-06-12 07:59 . 2008-04-15 12:00 485242 —-a-w- c:windowssystem32perfh019.dat
2009-06-12 07:13 . 2009-05-12 13:54
d
w- c:program filesAVerTV
2009-06-12 06:06 . 2009-05-17 12:39
d
w- c:documents and settingsAdminApplication Datafoobar2000
2009-06-11 04:48 . 2009-05-12 15:46
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-06-08 19:15 . 2009-05-12 15:45
d
w- c:program filesCommon FilesWise Installation Wizard
2009-06-07 15:42 . 2009-05-17 05:51
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-06-07 07:42 . 2009-05-12 13:12 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-06-04 20:39 . 2009-05-16 13:44
d
w- c:documents and settingsAdminApplication DataPC Suite
2009-05-24 10:14 . 2009-05-17 05:28
d
w- c:documents and settingsAdminApplication DataSkype
2009-05-20 14:54 . 2009-05-12 13:56 72576 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-20 14:53 . 2009-05-12 13:57
d
w- c:program filesHP
2009-05-18 05:16 . 2009-05-18 05:16
d
w- c:program filesAlwil Software
2009-05-18 03:50 . 2009-05-16 13:44
d
w- c:documents and settingsAdminApplication DataNokia
2009-05-18 03:50 . 2009-05-16 13:44
d
w- c:documents and settingsAll UsersApplication DataPC Suite
2009-05-18 03:49 . 2009-05-16 13:43
d
w- c:program filesNokia
2009-05-18 03:44 . 2009-05-18 03:44 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2009-05-18 03:44 . 2009-05-18 03:44 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-17 12:39 . 2009-05-17 12:39
d
w- c:program filesfoobar2000
2009-05-17 12:20 . 2009-05-17 05:54
d
w- c:documents and settingsAll UsersApplication DataDVD Shrink
2009-05-17 12:19 . 2009-05-17 12:19
d
w- c:program filesDVD Shrink
2009-05-17 12:07 . 2009-05-17 11:06
d
w- c:documents and settingsAdminApplication DataCyberLink
2009-05-17 12:06 . 2009-05-17 12:06
d
w- c:program filesCommon FilesCyberLink
2009-05-17 12:06 . 2009-05-12 13:32
d—h—w- c:program filesInstallShield Installation Information
2009-05-17 12:06 . 2009-05-17 11:02
d
w- c:program filesCyberLink
2009-05-17 12:05 . 2009-05-17 12:05 29480 —-a-w- c:windowssystem32msxml3a.dll
2009-05-17 12:05 . 2008-04-15 12:00 49448 —-a-w- c:windowssystem32msxml3r.dll
2009-05-17 11:05 . 2009-05-17 11:04
d
w- c:documents and settingsAll UsersApplication DataCyberLink
2009-05-17 10:25 . 2009-05-17 10:25
d
w- c:documents and settingsAdminApplication DataPRMT
2009-05-17 10:15 . 2009-05-17 10:15
d
w- c:program filesPRMT8
2009-05-17 10:15 . 2009-05-17 10:15
d
w- c:documents and settingsAll UsersApplication DataPRMT
2009-05-17 10:09 . 2009-05-17 10:09
d
w- c:program filesMSBuild
2009-05-17 10:09 . 2009-05-17 10:09 161328 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-05-17 10:06 . 2009-05-17 10:06
d
w- c:program filesReference Assemblies
2009-05-17 09:57 . 2009-05-13 06:38
d
w- c:program filesCommon FilesAdobe
2009-05-17 09:55 . 2009-05-17 09:55
d
w- c:program filesKC Softwares
2009-05-17 08:09 . 2009-05-17 08:09
d
w- c:documents and settingsAdminApplication DataNero
2009-05-17 08:08 . 2009-05-17 08:06
d
w- c:program filesCommon FilesNero
2009-05-17 08:07 . 2009-05-17 08:06
d
w- c:documents and settingsAll UsersApplication DataNero
2009-05-17 08:06 . 2009-05-17 08:06
d
w- c:program filesNero
2009-05-17 07:50 . 2009-05-17 07:41
d
w- c:program filesABBYY FineReader 9.0
2009-05-17 07:46 . 2009-05-17 07:46
d
w- c:documents and settingsAdminApplication DataABBYY
2009-05-17 07:41 . 2009-05-17 07:41
d
w- c:documents and settingsAll UsersApplication DataABBYY
2009-05-17 05:58 . 2009-05-17 05:58
d
w- c:documents and settingsAdminApplication DataAltrixSoft
2009-05-17 05:52 . 2009-05-17 05:50
d
w- c:program filesEasy CD-DA Extractor 12
2009-05-17 05:51 . 2009-05-17 05:51
d
w- c:documents and settingsAll UsersApplication DataEasy CD-DA Extractor
2009-05-17 05:43 . 2009-05-17 05:42
d
w- c:program filesWinAVI Video Converter
2009-05-16 21:16 . 2009-05-16 21:16
d
w- c:program filesXnView
2009-05-16 19:59 . 2009-05-16 19:47
d
w- c:program filesAlcohol Soft
2009-05-16 19:34 . 2009-05-12 15:46
d
w- c:program filesUltraISO
2009-05-16 19:34 . 2009-05-12 15:46
d
w- c:program filesCommon FilesEZB Systems
2009-05-16 19:04 . 2009-05-16 19:04
d
w- c:program filesOO Software
2009-05-16 18:49 . 2009-05-16 18:49
d
w- c:documents and settingsAdminApplication DataMra
2009-05-16 18:49 . 2009-05-16 18:48
d
w- c:program filesMail.Ru
2009-05-16 13:44 . 2009-05-16 13:44
d
w- c:program filesCommon FilesPCSuite
2009-05-16 13:44 . 2009-05-16 13:44
d
w- c:program filesCommon FilesNokia
2009-05-16 13:43 . 2009-05-16 13:43
d
w- c:program filesDIFX
2009-05-16 13:43 . 2009-05-16 13:43
d
w- c:program filesPC Connectivity Solution
2009-05-16 13:42 . 2009-05-16 13:42 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstCCD.exe
2009-05-16 13:42 . 2009-05-16 13:42 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-05-16 13:42 . 2009-05-16 13:42 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCS.exe
2009-05-16 13:42 . 2009-05-16 13:42
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-05-16 03:24 . 2009-05-16 03:24
d
w- c:program filesMediaInfo
2009-05-15 03:38 . 2009-05-15 03:38
d
w- c:documents and settingsAdminApplication DataAshampoo
2009-05-15 03:37 . 2009-05-15 03:37
d
w- c:documents and settingsAll UsersApplication Dataashampoo
2009-05-13 06:40 . 2009-05-13 06:40
d
w- c:documents and settingsAdminApplication DataVso
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:windowssystem32driverspcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40 47360 —-a-w- c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-13 06:40 . 2009-05-13 06:40
d
w- c:program filesDVDFab 5
2009-05-12 21:28 . 2009-05-12 21:25
d
w- c:program filesjv16 PowerTools 2009
2009-05-12 21:25 . 2009-05-12 21:25 23 —sha-w- c:windowssystem32cbbefbcaf2_x.dat
2009-05-12 20:40 . 2009-05-12 13:17 410984 —-a-w- c:windowssystem32deploytk.dll
2009-05-12 20:40 . 2009-05-12 20:40
d
w- c:program filesJava
2009-05-12 20:38 . 2009-05-12 20:38
d
w- c:program filesMSECache
2009-05-12 20:28 . 2009-05-12 20:28
d
w- c:program filesLight Alloy
2009-05-12 20:16 . 2009-05-12 20:16
d
w- c:program filesTeamViewer
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesSun xVM VirtualBox
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesSkype
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesuTorrent
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:documents and settingsDefault UserApplication DatauTorrent
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesDownload Master
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:documents and settingsAdminApplication DataDownload Master
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesUnlocker
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesTotal Commander
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesEverest
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesOpera
2009-05-12 15:46 . 2009-05-12 15:46
d
w- c:program filesUninstall Tool
2009-05-12 15:45 . 2009-05-12 15:45
d
w- c:program filesTechSmith
2009-05-12 15:45 . 2009-05-12 15:45
d
w- c:documents and settingsAll UsersApplication DataTechSmith
2009-05-12 15:43 . 2009-05-12 15:43
d
w- c:program filesMicrosoft Works
2009-05-12 15:43 . 2009-05-12 15:43
d
w- c:program filesMicrosoft.NET
2009-05-12 15:42 . 2009-05-12 15:42
d
w- c:program filesPunto Switcher
2009-05-12 15:42 . 2009-05-12 15:42
d—a-w- c:documents and settingsAdminApplication DataYandex
2009-05-12 14:43 . 2009-05-12 14:43
d
w- c:documents and settingsAdminApplication DataMedia Player Classic
2009-05-12 14:43 . 2009-05-12 14:42
d
w- c:program filesK-Lite Codec Pack
2009-05-12 14:34 . 2009-05-12 14:34 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-05-12 14:10 . 2009-05-12 14:10
d
w- c:documents and settingsAll UsersApplication DataHP
2009-05-12 14:08 . 2009-05-12 14:08
d
w- c:documents and settingsAll UsersApplication DataSonic
.
Sigcheck
[-] 2008-12-19 14:11 631808 A46326FFE00FF90CB9A372B94E571438 c:windowssystem32user32.dll
[-] 2008-12-19 14:11 884224 9CA2A8437D6C26D64FCD860A94006401 c:windowssystem32wininet.dll
[-] 2008-12-13 22:30 361600 EC936BB945F789C0B4DAE06397334430 c:windowssystem32driverstcpip.sys
[-] 2008-12-19 14:06 2207232 FC64B5369E3F5A18668D529950ECC29B c:windowssystem32ntkrnlpa.exe
[-] 2008-12-19 14:01 2330368 CE07EC9D1AD64289933C3D94EDEC3215 c:windowssystem32ntoskrnl.exe
[-] 2008-12-19 14:09 1926144 E448E5836FEA2DE06AE6EE1D05874B3C c:windowsexplorer.exe
[-] 2008-12-19 14:09 37376 0DE18690E4223998E471048889F09B8B c:windowssystem32ctfmon.exe
[-] 2008-12-19 14:07 1571840 9C8FB3912BB3A20E7A9A079960EEC0A2 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-30 734504]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-12-19 37376]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-03-20 1312256]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-09-02 205256]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-12-12 1840424]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2009MemOptimizer.exe» [2008-12-13 157952]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-02-09 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-02-09 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-12 148888]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-05-16 6210744]
«OODefragTray»=»c:windowssystem32oodtray.exe» [2009-02-25 2553088]
«RemoteControl8″=»c:program filesCyberLinkPowerDVD8PDVD8Serv.exe» [2008-03-20 83240]
«PDVD8LanguageShortcut»=»c:program filesCyberLinkPowerDVD8LanguageLanguage.exe» [2007-12-14 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-06-27 91432]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2009-04-15 1289048]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Security Suite Profeedback.exe» [2009-04-14 433496]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2009-02-09 1657376]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2008-12-19 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2008-12-19 124928]
c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
QuickTV.lnk — c:program filesAVerTVQuickTV.exe [2006-2-21 401408]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0OODBS
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup
[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Photosmart Premier.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Photosmart Premier.lnk
backup=c:windowspssБыстрый запуск HP Photosmart Premier.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe»
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [28.05.2009 14:39 704384]
R1 VBoxDrv;VirtualBox Service;c:windowssystem32driversVBoxDrv.sys [13.05.2009 0:16 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32driversVBoxUSBMon.sys [12.05.2009 19:46 41744]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:program filesCyberLinkPowerDVD8000.fcl [27.06.2008 16:50 61424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 18:58 566560]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [28.05.2009 14:38 1605976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [17.06.2009 10:03 603904]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [28.05.2009 14:38 31128]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [28.05.2009 14:39 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [28.05.2009 14:39 33888]
R3 PhTVTune;Cap7134 TVTuner;c:windowssystem32driversM15xTune.sys [12.05.2009 17:54 60704]
R3 VBEngNT;VBEngNT;c:windowssystem32driversVBEngNT.sys [28.05.2009 14:39 1175256]
R3 VBFilt;VBFilt;c:windowssystem32FiltVBFilt.dll [28.05.2009 14:39 234304]
R3 VBoxNetFlt;VBoxNetFlt Service;c:windowssystem32driversVBoxNetFlt.sys [13.05.2009 0:16 87568]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder
2009-06-18 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 17:36]
2009-06-17 c:windowsTasksWebReg Photosmart C5100 series.job
— c:program filesHPDigital Imagingbinhpqwrg.exe [2006-02-19 01:09]
2009-06-18 c:windowsTasksБыстрое решение проблем.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 17:36]
.
— — — — ORPHANS REMOVED — — — —
MSConfigStartUp-HDInspector — (no file)
.
Supplementary Scan
.
uStart Page = hxxp://xtreme.ws/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 13:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Services{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
«ImagePath»=»??c:program filesCyberLinkPowerDVD8000.fcl»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(640)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll
— — — — — — — > ‘lsass.exe'(696)
c:windowssystem32SETUPAPI.dll
— — — — — — — > ‘explorer.exe'(3744)
c:windowssystem32SHDOCVW.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32credui.dll
c:windowssystem32MSVCP60.dll
c:windowssystem32wpdshserviceobj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Other Running Processes
.
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32oodag.exe
c:windowssystem32HPZipm12.exe
c:program filesCyberLinkShared filesRichVideo.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32rundll32.exe
c:program filesAgnitumOutpost Security Suite Proop_mon.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:windowssystem32WudfHost.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-06-18 13:20 — machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 09:20
Pre-Run: 98 732 158 976 байт свободно
Post-Run: 98 636 742 656 байт свободно
327
