- This topic has 6 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
У меня похожая ситуация viewtopic.php?f=3&t=42 на флешке сидит autorun.inf и папка RECYCLER с файлами alcom. exe и Desktop.ini првоел операцию с combofix после этого на флешке создалась папка Qoobox но сами файлы не удолились помимо этого пр икаждом соиденении с интернетом качается файл m5v8n4d9z1e9 который пытается вмешиватсья в процесы и интернет обрывается вот лог omboFix 09-01-11.04 — Человек 2009-01-13 0:11:49.4 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.2045.1640 [GMT 3:00]
Running from: c:documents and settingsЧеловекРабочий столcombofix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.I:autorun.inf
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213alcom.exe
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213Desktop.ini.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.2009-01-12 23:44 . 2009-01-12 23:44
d—hs—- C:FOUND.000
2009-01-12 22:35 . 2009-01-12 22:35d
C:CONFIG
2009-01-12 22:35 . 2009-01-12 22:35d
C:AUDIO
2009-01-12 01:15 . 2009-01-12 01:15d
c:program filesQIP
2009-01-11 23:12 . 1999-10-11 00:09 307,712 —a
c:windowsIsUn0419.exe
2009-01-11 20:18 . 2009-01-11 20:18d
c:program filesKaspersky Lab
2009-01-11 20:18 . 2009-01-11 20:18d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-11 20:18 . 2009-01-11 20:18d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-01-11 20:18 . 2009-01-13 00:13 1,976,608 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-11 20:18 . 2009-01-11 21:48 96,976 —a
c:windowssystem32driversklin.dat
2009-01-11 20:18 . 2009-01-11 21:48 87,855 —a
c:windowssystem32driversklick.dat
2009-01-11 20:18 . 2009-01-13 00:13 11,808 —ahs—- c:windowssystem32driversfidbox2.dat
2009-01-11 20:18 . 2009-01-13 00:13 3,020 —ahs—- c:windowssystem32driversfidbox.idx
2009-01-11 20:18 . 2009-01-13 00:13 2,084 —ahs—- c:windowssystem32driversfidbox2.idx
2009-01-11 18:52 . 2009-01-11 18:52d
c:documents and settings++T+T+¦LOCALS~1
2009-01-11 18:52 . 2009-01-11 18:52d
c:documents and settings++T+T+¦
2009-01-11 01:42 . 2009-01-11 01:42 657,408 -r-hs—- c:windowssystem32driversalcomrg.exe
2009-01-06 21:38 . 2009-01-06 21:38 107,888 —a
c:windowssystem32CmdLineExt.dll
2009-01-06 21:36 . 2009-01-06 21:36d
c:documents and settingsЧеловекApplication DataLeadertech
2009-01-06 21:29 . 2009-01-06 21:29d
c:program filesEA Sports
2009-01-06 19:01 . 2009-01-06 19:01d
c:program filesCounter-Strike 1.6
2009-01-03 13:58 . 2004-08-03 23:08 26,496 —a
c:windowssystem32dllcacheusbstor.sys
2009-01-03 00:14 . 2009-01-03 00:14d
c:program filesGoogle
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataMedia Player Classic
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataDivX
2009-01-02 20:31 . 2009-01-02 20:31d
c:windowssystem32driversumdf
2009-01-02 20:31 . 2009-01-02 20:31d
c:program filesCommon FilesSonic Shared
2009-01-02 20:31 . 2009-01-02 20:31d
c:program filesCommon FilesReal
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsAll UsersApplication DataApple Computer
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsЧеловекApplication DataBSplayer PRO
2009-01-02 20:11 . 2009-01-02 20:11d
c:documents and settingsЧеловекApplication DataAny Video Converter
2009-01-02 20:03 . 2009-01-02 20:03d
c:documents and settingsЧеловекApplication DataWinamp
2009-01-02 18:20 . 2003-09-18 14:32 1,060,864 —a
c:windowssystem32MFC71.dll
2009-01-02 18:20 . 2003-09-18 14:32 499,712 —a
c:windowssystem32msvcp71.dll
2009-01-02 18:20 . 2003-09-18 14:32 348,160 —a
c:windowssystem32msvcr71.dll
2009-01-02 18:20 . 2004-01-14 04:10 163,840 —a
c:windowsBJPSUNST.EXE
2009-01-02 18:19 . 2009-01-02 18:19d
c:windowsStartHtmico
2009-01-02 18:19 . 2009-01-02 18:19d—h
c:documents and settingsAll UsersApplication DataCanonBJ
2009-01-02 18:19 . 1998-10-29 16:45 306,688 —a
c:windowsIsUninst.exe
2009-01-02 18:19 . 2005-03-25 08:10 139,776
c:windowssystem32CNMLM75.DLL
2009-01-02 18:19 . 2005-03-08 21:17 90,112 -ra
c:windowssystem32CNMCP75.exe
2009-01-02 18:19 . 2005-03-25 08:00 8,704 —a
c:windowssystem32CNMVS75.DLL
2009-01-02 18:18 . 2009-01-02 18:19d
c:program filesCanon
2009-01-02 18:17 . 2004-08-03 23:01 25,856 —a
c:windowssystem32driversusbprint.sys
2009-01-02 18:17 . 2004-08-03 23:01 25,856 —a
c:windowssystem32dllcacheusbprint.sys
2009-01-02 16:04 . 2009-01-02 16:04d
c:program filesmiranda im zelebobs’a pack
2009-01-02 12:29 . 2009-01-02 12:29d
c:program filesMicrosoft.NET
2009-01-02 12:29 . 2003-06-19 01:31 17,920 —a
c:windowssystem32mdimon.dll
2009-01-02 12:28 . 2009-01-02 12:28d
c:windowsSHELLNEW
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools Pro
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools
2009-01-02 12:09 . 2009-01-02 12:10d
c:program filesYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:program filesCommon FilesYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataYandex
2009-01-02 12:03 . 2009-01-02 12:03d
c:documents and settingsЧеловекApplication DataDAEMON Tools Lite
2009-01-02 12:03 . 2009-01-02 12:03 717,296 —a
c:windowssystem32driverssptd.sys
2009-01-02 11:54 . 2009-01-02 11:54d—hs—- C:Recycled
2009-01-02 11:49 . 2009-01-02 12:29 754 —a
c:windowsODBC.INI
2009-01-02 11:43 . 2009-01-13 00:14 558 —a
c:windowsDFC.INI
2009-01-02 11:39 . 2009-01-02 11:41 127,254 —a
c:windowssystem32nvapps.xml
2009-01-02 11:39 . 2007-07-23 05:34 17,254 —a
c:windowssystem32nvwsapps.xml
2009-01-02 11:38 . 2009-01-02 11:38d
c:windowsnview
2009-01-02 11:38 . 2007-06-29 01:54 356,352 —a
c:windowssystem32NVUNINST.EXE
2009-01-02 11:38 . 2007-07-23 05:34 356,352 —a
c:windowssystem32nvudisp.exe
2009-01-02 11:38 . 2007-07-23 05:34 17,463 —a
c:windowssystem32nvdisp.nvu
2009-01-02 11:36 . 2009-01-02 11:36d
c:program filesVDOTool
2009-01-02 11:33 . 2009-01-02 11:33d
c:windowssystem32Lang
2009-01-02 11:33 . 2009-01-02 11:33 940,794 —a
c:windowssystem32LoopyMusic.wav
2009-01-02 11:33 . 2009-01-02 11:33 146,650 —a
c:windowssystem32BuzzingBee.wav
2009-01-02 11:30 . 2009-01-02 11:30d
c:windowssystem32RTCOM
2009-01-02 11:29 . 2007-01-12 11:54 520,192 -r
c:windowsRtlExUpd.dll
2009-01-02 11:29 . 2009-01-02 11:29 315,392 —a
c:windowsHideWin.exe
2009-01-02 11:25 . 2009-01-02 11:25d
c:windowsOPTIONS
2009-01-02 11:25 . 2009-01-02 11:25d
c:program filesRealtek
2009-01-02 11:25 . 2009-01-02 11:25d—h
c:program filesInstallShield Installation Information
2009-01-02 11:25 . 2009-01-02 11:25d
c:documents and settingsЧеловекApplication DataInstallShield
2009-01-02 11:25 . 2007-07-12 07:00 90,880 -ra
c:windowssystem32driversRtenicxp.sys
2009-01-02 11:19 . 2009-01-02 11:19d
c:windowssystem32DRVSTORE
2009-01-02 11:19 . 2009-01-02 11:19d
c:program filesIntel
2009-01-02 11:19 . 2009-01-02 11:19d
C:Intel
2009-01-02 11:16 . 2009-01-02 11:16d
c:windowsDownloaded Installations
2009-01-02 11:16 . 2009-01-02 11:16d
c:program filesDiskeeper Corporation
2009-01-02 11:16 . 2009-01-02 11:16d
c:program filesCommon FilesInstallShield
2009-01-02 11:15 . 2009-01-02 11:15d
C:TempEI4
2009-01-02 11:15 . 2009-01-02 11:15d
c:program filesMSXML 4.0.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:48 112,144 —-a-w c:windowssystem32driverskl1.sys
2009-01-09 04:50 359,040
w c:windowssystem32driverstcpip.sys
2009-01-02 01:49
d
w c:program filesmicrosoft frontpage
.
Sigcheck
2009-01-09 07:50 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:windowssystem32driverstcpip.sys
2004-08-18 12:00 359040 9f4b36614a0fc234525ba224957de55c c:windowssystem32dllcachetcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_ 0.06.56.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-12 21:14:54 16,384 —-a-w c:windowsTempPerflib_Perfdata_2c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
«DAEMON Tools Lite»=»d:progra~1DAEMON~2daemon.exe» [2008-12-10 216520]
«Yupdate!»=»c:progra~1COMMON~1YandexYupdateyupdate.exe» [2008-10-20 479496]
«swg»=»c:program filesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe» [2009-01-03 171448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«DiskeeperSystray»=»c:program filesDiskeeper CorporationDiskeeperDkIcon.exe» [2006-02-24 196709]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-06-26 2165272]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-23 8466432]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-07-23 81920]
«Easy-PrintToolBox»=»c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE» [2004-01-14 409600]
«WinampAgent»=»d:program filesWinampwinampa.exe» [2008-07-10 36352]
«alcomrg.exe»=»c:windowssystem32driversalcomrg.exe» [2009-01-11 657408]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 7.0avp.exe» [2008-02-08 227856]
«RTHDCPL»=»RTHDCPL.EXE» [2007-06-13 c:windowsRTHDCPL.exe]
«nwiz»=»nwiz.exe» [2007-07-23 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.HFYU»= huffyuv.dll
«msacm.l3codecp»= l3codecp.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Miranda IM zeleboba’s pack\miranda32.exe»=
«c:\Program Files\Counter-Strike 1.6\hlds.exe»=
«c:\Program Files\Counter-Strike 1.6\hl.exe»=
«c:\Program Files\Counter-Strike 1.6\cstrike.exe»=R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2007-12-13 24592]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:windowssystem32driversRMSPPPOE.SYS [2009-01-01 31424]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.natm.ru/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — d:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — d:progra~1MICROS~1Office10EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 00:15:00
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(952)
c:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
c:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1008)
c:program filesKaspersky LabKaspersky Internet Security 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Internet Security 7.0fssync.dll— — — — — — — > ‘explorer.exe'(3808)
c:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Internet Security 7.0fssync.dll
.
Other Running Processes
.
c:program filesDISKEEPER CORPORATIONDISKEEPERDKSERVICE.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:windowsSYSTEM32RUNDLL32.EXE
c:program filesCOMMON FILESYANDEXYUPDATEYUPDATE.EXE
c:windowsSYSTEM32WBEMWMIAPSRV.EXE
.
**************************************************************************
.
Completion time: 2009-01-13 0:16:23 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 21:16:18
ComboFix2.txt 2009-01-12 21:07:42Pre-Run: 8 191 016 960 байт свободно
Post-Run: 8,181,563,392 байт свободно225
Как я уже и говорил после операции с combofix на флешке появилась папка Qoobox в этой папке содержится таже папка RECYCLER (autorun.inf.vir Desktop.ini.vir) и autorun.inf.vir но сами файлы остались они прсоматриваются только в Windows Comander а в простом режиме их не видно
Вот лог по RSIT
info.txt logfile of random’s system information tool 1.05 2009-01-13 00:52:40======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Any Video Converter 2.6.7—>»d:Program FilesAny Video Converterunins000.exe»
Canon iP1600—>C:WINDOWSsystem32CNMCP75.exe «-PRINTERNAMECanon iP1600» «-HELPERDLLC:Documents and SettingsAll UsersApplication DataCanonBJIJPrinterCNMWINDOWSCanon iP1600 InstallerInst2cnmis.dll» «-RCDLLcnmi0419.dll»
Canon Utilities Easy-PhotoPrint—>C:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox—>C:WINDOWSBJPSUNST.EXE
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3604DEF3-2023-4F60-AD32-FB56EFBF3F5C}setup.exe» -l0x19 -removeonly
Diskeeper Home Edition—>MsiExec.exe /X{0C38EB05-3259-4DD3-9663-74A60C80BA4E}
Easy-WebPrint—>C:WINDOWSIsUninst.exe -f»C:Program FilesCanonEasy-WebPrintUninst.isu»
FIFA 09—>MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Final Codecs 2008 New Year Edition—>d:Program FilesFinal Codecsuninst.exe
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Kaspersky Internet Security 7.0—>MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0—>MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Miranda IM zeleboba’s pack 7.9—>d:Program FilesMiranda IM zeleboba’s packuninst.exe
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Total Commander 6.03a XP—>»D:Program FilesTotal Commander XPunins000.exe»
VDOTool 5.3—>»C:Program FilesVDOToolunins000.exe»
Winamp—>»d:Program FilesWinampUninstWA.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Яндекс.Бар для Internet Explorer 3.5.4—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AV: Kaspersky Internet Security (disabled) (outdated)
FW: Kaspersky Internet Security (disabled)System event log
Computer Name: PCA
Event Code: 7023
Message: Служба «Управление приложениями» завершена из-за ошибки
Не найден указанный модуль.Record Number: 624
Source Name: Service Control Manager
Time Written: 20090102122542.000000+180
Event Type: ошибка
User:Computer Name: PCA
Event Code: 7036
Message: Служба «Управление приложениями» перешла в состояние Остановлена.Record Number: 623
Source Name: Service Control Manager
Time Written: 20090102122542.000000+180
Event Type: информация
User:Computer Name: PCA
Event Code: 7035
Message: Служба «Управление приложениями» успешно отправила управляющий элемент «запустить».Record Number: 622
Source Name: Service Control Manager
Time Written: 20090102122542.000000+180
Event Type: информация
User: PCAЧеловекComputer Name: PCA
Event Code: 7036
Message: Служба «Windows Installer» перешла в состояние Работает.Record Number: 621
Source Name: Service Control Manager
Time Written: 20090102122535.000000+180
Event Type: информация
User:Computer Name: PCA
Event Code: 7035
Message: Служба «Windows Installer» успешно отправила управляющий элемент «запустить».Record Number: 620
Source Name: Service Control Manager
Time Written: 20090102122535.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMApplication event log
Computer Name: PCA
Event Code: 11708
Message: Product: FIFA 09 — Installation failed.Record Number: 166
Source Name: MsiInstaller
Time Written: 20090106212401.000000+180
Event Type: информация
User: PCAЧеловекComputer Name: PCA
Event Code: 11708
Message: Product: FIFA 09 — Installation failed.Record Number: 165
Source Name: MsiInstaller
Time Written: 20090106212302.000000+180
Event Type: информация
User: PCAЧеловекComputer Name: PCA
Event Code: 1002
Message: Зависшее приложение msiexec.exe, версия 3.0.3790.2180, зависший модуль hungapp, версия 0.0.0.0, адрес 0x00000000.Record Number: 164
Source Name: Application Hang
Time Written: 20090106211831.000000+180
Event Type: ошибка
User:Computer Name: PCA
Event Code: 4097
Message: Приложение D:GamesEidosTOMBRA~1tru.exe вызвало ошибку
Ошибка в 06/01/2009 @ 21:01:15.484
Вызвано исключение c0000005 по адресу 0047483F (tru)Record Number: 163
Source Name: DrWatson
Time Written: 20090106210115.000000+180
Event Type: информация
User:Computer Name: PCA
Event Code: 1000
Message: Ошибка приложения tru.exe, версия 1.0.0.0, модуль tru.exe, версия 1.0.0.0, адрес 0x0007483f.Record Number: 162
Source Name: Application Error
Time Written: 20090106210109.000000+180
Event Type: ошибка
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesDiskeeper CorporationDiskeeper
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
ogfile of random’s system information tool 1.05 (written by random/random)
Run by Человек at 2009-01-13 00:51:49
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (35%) free of 23 GB
Total RAM: 2045 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:52:38, on 13.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesVDOToolTBPanel.exe
C:WINDOWSsystem32RUNDLL32.EXE
D:Program FilesWinampwinampa.exe
C:WINDOWSsystem32driversalcomrg.exe
C:WINDOWSsystem32ctfmon.exe
D:PROGRA~1DAEMON~2daemon.exe
C:PROGRA~1COMMON~1YandexYupdateyupdate.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32wpabaln.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsЧеловекРабочий столRSIT.exe
C:Program Filestrend microЧеловек.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.natm.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: Shell=Explorer.exe %windir%system32driversalcomrg.exe
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [DiskeeperSystray] «C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [WinampAgent] «d:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [alcomrg.exe] C:WINDOWSsystem32driversalcomrg.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «D:PROGRA~1DAEMON~2daemon.exe» -autorun
O4 — HKCU..Run: [Yupdate!] «C:PROGRA~1COMMON~1YandexYupdateyupdate.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: E&xport to Microsoft Excel — res://D:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — D:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{BB72C80B-7322-4A30-A1A2-D0DFC4FE8604}: NameServer = 213.148.160.1 213.148.161.1
O23 — Service: Kaspersky Internet Security 7.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
O23 — Service: Diskeeper — Diskeeper® Corporation — C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6546 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2009-01-03 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — C:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2009-01-03 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«DiskeeperSystray»=C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe [2006-02-24 196709]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-06-13 16377344]
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-06-26 2165272]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-23 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-23 81920]
«Easy-PrintToolBox»=C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2004-01-14 409600]
«WinampAgent»=d:Program FilesWinampwinampa.exe [2008-07-10 36352]
«alcomrg.exe»=C:WINDOWSsystem32driversalcomrg.exe [2009-01-11 657408][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«DAEMON Tools Lite»=D:PROGRA~1DAEMON~2daemon.exe [2008-12-10 216520]
«Yupdate!»=C:PROGRA~1COMMON~1YandexYupdateyupdate.exe [2008-10-20 479496]
«swg»=C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe [2009-01-03 171448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-02-08 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:Program FilesMiranda IM zeleboba’s packmiranda32.exe»=»D:Program FilesMiranda IM zeleboba’s packmiranda32.exe:*:Enabled:Miranda IM»
«C:Program FilesCounter-Strike 1.6hlds.exe»=»C:Program FilesCounter-Strike 1.6hlds.exe:*:Enabled:HLDS Launcher»
«C:Program FilesCounter-Strike 1.6hl.exe»=»C:Program FilesCounter-Strike 1.6hl.exe:*:Enabled:Half-Life Launcher»
«C:Program FilesCounter-Strike 1.6cstrike.exe»=»C:Program FilesCounter-Strike 1.6cstrike.exe:*:Enabled:Counter-Strike Launcher»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-01-13 00:51:50 —-D—- C:Program Filestrend micro
2009-01-13 00:51:49 —-D—- C:rsit
2009-01-13 00:16:25 —-A—- C:ComboFix.txt
2009-01-12 23:45:12 —-D—- C:WINDOWSMinidump
2009-01-12 23:44:40 —-SHD—- C:FOUND.000
2009-01-12 23:40:48 —-A—- C:WINDOWSzip.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSVFIND.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSSWXCACLS.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSSWSC.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSSWREG.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSsed.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSNIRCMD.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSgrep.exe
2009-01-12 23:40:48 —-A—- C:WINDOWSfdsv.exe
2009-01-12 23:40:37 —-D—- C:WINDOWSERDNT
2009-01-12 23:40:37 —-D—- C:Qoobox
2009-01-12 22:35:31 —-D—- C:CONFIG
2009-01-12 22:35:13 —-D—- C:AUDIO
2009-01-12 01:15:55 —-D—- C:Program FilesQIP
2009-01-11 23:12:18 —-A—- C:WINDOWSIsUn0419.exe
2009-01-11 20:18:37 —-D—- C:Program FilesKaspersky Lab
2009-01-11 20:18:37 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-01-11 20:18:15 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-06 21:38:00 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-01-06 21:36:24 —-D—- C:Documents and SettingsЧеловекApplication DataLeadertech
2009-01-06 21:29:24 —-D—- C:Program FilesEA Sports
2009-01-06 19:01:17 —-D—- C:Program FilesCounter-Strike 1.6
2009-01-03 00:28:52 —-D—- C:Documents and SettingsЧеловекApplication DataGoogle
2009-01-03 00:28:00 —-D—- C:Documents and SettingsЧеловекApplication DataMacromedia
2009-01-03 00:28:00 —-D—- C:Documents and SettingsЧеловекApplication DataAdobe
2009-01-03 00:14:06 —-D—- C:Program FilesGoogle
2009-01-03 00:14:06 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2009-01-02 23:32:33 —-D—- C:Documents and SettingsЧеловекApplication DataWinRAR
2009-01-02 20:32:36 —-D—- C:Documents and SettingsЧеловекApplication DataMedia Player Classic
2009-01-02 20:32:36 —-D—- C:Documents and SettingsЧеловекApplication DataDivX
2009-01-02 20:32:02 —-A—- C:Documents and SettingsЧеловекApplication Datacoreavc.ini
2009-01-02 20:31:57 —-D—- C:Documents and SettingsЧеловекApplication DataBSplayer PRO
2009-01-02 20:31:56 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-01-02 20:31:50 —-D—- C:Program FilesCommon FilesReal
2009-01-02 20:31:39 —-HD—- C:WINDOWS$NtUninstallWMFDist11$
2009-01-02 20:31:23 —-D—- C:Program FilesCommon FilesSonic Shared
2009-01-02 20:11:42 —-D—- C:Documents and SettingsЧеловекApplication DataAny Video Converter
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32vxblock.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxwave.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxmas.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxhpinst.exe
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxdrv.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32pxafs.dll
2009-01-02 20:03:25 —-N—- C:WINDOWSsystem32px.dll
2009-01-02 20:03:23 —-D—- C:Documents and SettingsЧеловекApplication DataWinamp
2009-01-02 18:20:30 —-A—- C:WINDOWSBJPSUNST.EXE
2009-01-02 18:20:00 —-A—- C:WINDOWSsystem32msvcr71.dll
2009-01-02 18:20:00 —-A—- C:WINDOWSsystem32msvcp71.dll
2009-01-02 18:20:00 —-A—- C:WINDOWSsystem32MFC71.dll
2009-01-02 18:19:56 —-A—- C:WINDOWSIsUninst.exe
2009-01-02 18:19:41 —-D—- C:WINDOWSStartHtmico
2009-01-02 18:19:24 —-N—- C:WINDOWSsystem32CNMLM75.DLL
2009-01-02 18:19:24 —-A—- C:WINDOWSsystem32CNMVS75.DLL
2009-01-02 18:19:21 —-RA—- C:WINDOWSsystem32CNMCP75.exe
2009-01-02 18:19:14 —-HD—- C:Documents and SettingsAll UsersApplication DataCanonBJ
2009-01-02 18:18:59 —-D—- C:Program FilesCanon
2009-01-02 16:04:08 —-D—- C:Program Filesmiranda im zelebobs’a pack
2009-01-02 12:29:47 —-A—- C:WINDOWSsystem32mdimon.dll
2009-01-02 12:29:18 —-D—- C:Program FilesMicrosoft.NET
2009-01-02 12:29:00 —-D—- C:Program FilesCommon FilesDESIGNER
2009-01-02 12:28:50 —-D—- C:WINDOWSSHELLNEW
2009-01-02 12:10:55 —-D—- C:Documents and SettingsЧеловекApplication DataDAEMON Tools Pro
2009-01-02 12:10:55 —-D—- C:Documents and SettingsЧеловекApplication DataDAEMON Tools
2009-01-02 12:10:11 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-01-02 12:09:59 —-D—- C:Program FilesYandex
2009-01-02 12:09:59 —-D—- C:Program FilesCommon FilesYandex
2009-01-02 12:09:59 —-D—- C:Documents and SettingsЧеловекApplication DataYandex
2009-01-02 12:09:58 —-D—- C:Documents and SettingsЧеловекApplication DataMozilla
2009-01-02 12:03:44 —-D—- C:Documents and SettingsЧеловекApplication DataDAEMON Tools Lite
2009-01-02 11:54:26 —-SHD—- C:Recycled
2009-01-02 11:49:40 —-A—- C:WINDOWSODBC.INI
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2009-01-02 11:47:12 —-A—- C:WINDOWSsystem32xactengine2_9.dll
2009-01-02 11:47:11 —-A—- C:WINDOWSsystem32xactengine2_10.dll
2009-01-02 11:47:11 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-01-02 11:47:11 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2009-01-02 11:47:10 —-A—- C:WINDOWSsystem32d3dx9_39.dll
2009-01-02 11:47:09 —-A—- C:WINDOWSsystem32d3dx9_38.dll
2009-01-02 11:47:09 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2009-01-02 11:47:08 —-A—- C:WINDOWSsystem32d3dx9_36.dll
2009-01-02 11:47:08 —-A—- C:WINDOWSsystem32d3dx9_35.dll
2009-01-02 11:47:06 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-01-02 11:47:06 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-01-02 11:47:06 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2009-01-02 11:47:06 —-A—- C:WINDOWSsystem32d3dx10_36.dll
2009-01-02 11:47:06 —-A—- C:WINDOWSsystem32d3dx10_35.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32d3dx10.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32d3dcompiler_36.dll
2009-01-02 11:47:05 —-A—- C:WINDOWSsystem32d3dcompiler_35.dll
2009-01-02 11:43:14 —-A—- C:WINDOWSDFC.INI
2009-01-02 11:38:54 —-D—- C:WINDOWSnview
2009-01-02 11:38:54 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-01-02 11:38:03 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-01-02 11:36:24 —-A—- C:WINDOWSsystem32xactengine2_8.dll
2009-01-02 11:36:24 —-A—- C:WINDOWSsystem32x3daudio1_2.dll
2009-01-02 11:36:23 —-A—- C:WINDOWSsystem32xinput1_3.dll
2009-01-02 11:36:23 —-A—- C:WINDOWSsystem32xactengine2_7.dll
2009-01-02 11:36:23 —-A—- C:WINDOWSsystem32d3dx9_34.dll
2009-01-02 11:36:23 —-A—- C:WINDOWSsystem32d3dx10_34.dll
2009-01-02 11:36:23 —-A—- C:WINDOWSsystem32d3dcompiler_34.dll
2009-01-02 11:36:22 —-A—- C:WINDOWSsystem32d3dx10_33.dll
2009-01-02 11:36:22 —-A—- C:WINDOWSsystem32d3dcompiler_33.dll
2009-01-02 11:36:21 —-A—- C:WINDOWSsystem32xactengine2_6.dll
2009-01-02 11:36:21 —-A—- C:WINDOWSsystem32xactengine2_5.dll
2009-01-02 11:36:21 —-A—- C:WINDOWSsystem32d3dx9_33.dll
2009-01-02 11:36:21 —-A—- C:WINDOWSsystem32d3dx9_32.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32xinput1_2.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32xinput1_1.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32xactengine2_4.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32xactengine2_3.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32xactengine2_2.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32x3daudio1_1.dll
2009-01-02 11:36:20 —-A—- C:WINDOWSsystem32d3dx9_31.dll
2009-01-02 11:36:19 —-A—- C:WINDOWSsystem32xactengine2_1.dll
2009-01-02 11:36:19 —-A—- C:WINDOWSsystem32xactengine2_0.dll
2009-01-02 11:36:19 —-A—- C:WINDOWSsystem32x3daudio1_0.dll
2009-01-02 11:36:19 —-A—- C:WINDOWSsystem32d3dx9_30.dll
2009-01-02 11:36:19 —-A—- C:WINDOWSsystem32d3dx9_29.dll
2009-01-02 11:36:18 —-A—- C:WINDOWSsystem32xinput9_1_0.dll
2009-01-02 11:36:18 —-A—- C:WINDOWSsystem32d3dx9_28.dll
2009-01-02 11:36:18 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2009-01-02 11:36:18 —-A—- C:WINDOWSsystem32d3dx9_26.dll
2009-01-02 11:36:18 —-A—- C:WINDOWSsystem32d3dx9_25.dll
2009-01-02 11:36:17 —-A—- C:WINDOWSsystem32d3dx9_24.dll
2009-01-02 11:36:00 —-D—- C:Program FilesVDOTool
2009-01-02 11:33:55 —-D—- C:WINDOWSsystem32Lang
2009-01-02 11:31:06 —-RA—- C:WINDOWSsystem32SRSWOW.dll
2009-01-02 11:31:06 —-RA—- C:WINDOWSsystem32SRSTSHD.dll
2009-01-02 11:31:06 —-RA—- C:WINDOWSsystem32SRSHP360.dll
2009-01-02 11:31:06 —-RA—- C:WINDOWSsystem32RtkCoInst.dll
2009-01-02 11:31:06 —-RA—- C:WINDOWSsystem32RtkApoApi.dll
2009-01-02 11:31:05 —-RA—- C:WINDOWSsystem32SRSTSXT.dll
2009-01-02 11:31:05 —-RA—- C:WINDOWSsystem32RtkPgExt.dll
2009-01-02 11:31:05 —-RA—- C:WINDOWSsystem32RtkAPO.dll
2009-01-02 11:31:03 —-RA—- C:WINDOWSRtHDVCpl.exe
2009-01-02 11:31:02 —-R—- C:WINDOWSsystem32ChCfg.exe
2009-01-02 11:30:44 —-D—- C:WINDOWSsystem32RTCOM
2009-01-02 11:30:43 —-A—- C:WINDOWSsystem32ksuser.dll
2009-01-02 11:30:20 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-01-02 11:30:19 —-HD—- C:WINDOWS$NtUninstallKB888111WXPSP2$
2009-01-02 11:30:15 —-R—- C:WINDOWSSoundMan.exe
2009-01-02 11:30:14 —-RA—- C:WINDOWSSkyTel.exe
2009-01-02 11:30:14 —-RA—- C:WINDOWSRtlUpd.exe
2009-01-02 11:30:11 —-R—- C:WINDOWSRTLCPL.exe
2009-01-02 11:30:05 —-R—- C:WINDOWSRTHDCPL.exe
2009-01-02 11:30:04 —-R—- C:WINDOWSMicCal.exe
2009-01-02 11:30:02 —-R—- C:WINDOWSAlcmtr.exe
2009-01-02 11:30:01 —-R—- C:WINDOWSalcwzrd.exe
2009-01-02 11:29:57 —-R—- C:WINDOWSRtlExUpd.dll
2009-01-02 11:29:57 —-A—- C:WINDOWSHideWin.exe
2009-01-02 11:25:12 —-D—- C:WINDOWSOPTIONS
2009-01-02 11:25:12 —-D—- C:Program FilesRealtek
2009-01-02 11:25:11 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-02 11:25:09 —-D—- C:Documents and SettingsЧеловекApplication DataInstallShield
2009-01-02 11:19:43 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-01-02 11:19:42 —-D—- C:WINDOWSsystem32DRVSTORE
2009-01-02 11:19:42 —-D—- C:Program FilesIntel
2009-01-02 11:19:39 —-D—- C:Intel
2009-01-02 11:16:36 —-D—- C:WINDOWSDownloaded Installations
2009-01-02 11:16:35 —-D—- C:Program FilesCommon FilesInstallShield
2009-01-02 11:16:33 —-D—- C:Program FilesDiskeeper Corporation
2009-01-02 11:15:30 —-D—- C:Program FilesMSXML 4.0
2009-01-02 11:15:23 —-D—- C:TempEI4
2009-01-02 04:55:49 —-D—- C:Program FilesWinRAR
2009-01-02 04:55:02 —-D—- C:Documents and SettingsЧеловекApplication DataIdentities
2009-01-02 04:55:01 —-HD—- C:Program FilesUninstall Information
2009-01-02 04:54:58 —-SD—- C:Documents and SettingsЧеловекApplication DataMicrosoft
2009-01-02 04:54:58 —-ASH—- C:Documents and SettingsЧеловекApplication Datadesktop.ini
2009-01-02 04:53:56 —-D—- C:WINDOWSSoftwareDistribution
2009-01-02 04:53:53 —-SHD—- C:System Volume Information
2009-01-02 04:52:47 —-SD—- C:WINDOWSsystem32Microsoft
2009-01-02 04:52:47 —-D—- C:WINDOWSPrefetch
2009-01-02 04:52:47 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-02 04:49:46 —-D—- C:WINDOWSsystem32xircom
2009-01-02 04:49:46 —-D—- C:Program Filesxerox
2009-01-02 04:49:46 —-D—- C:Program Filesmicrosoft frontpage
2009-01-02 04:49:41 —-A—- C:WINDOWScontrol.ini
2009-01-02 04:49:41 —-A—- C:AUTOEXEC.BAT
2009-01-02 04:49:35 —-A—- C:WINDOWSOEWABLog.txt
2009-01-02 04:49:33 —-A—- C:WINDOWSsystem32mapi32.dll
2009-01-02 04:48:58 —-SD—- C:WINDOWSDownloaded Program Files
2009-01-02 04:48:58 —-RD—- C:WINDOWSOffline Web Pages
2009-01-02 04:48:58 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-01-02 04:48:54 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-01-02 04:48:52 —-HD—- C:Program FilesWindowsUpdate
2009-01-02 04:48:50 —-D—- C:Program FilesOnline Services
2009-01-02 04:48:39 —-D—- C:WINDOWSsystem32DirectX
2009-01-02 04:48:25 —-A—- C:WINDOWSsystem32atrace.dll
2009-01-02 04:48:23 —-A—- C:WINDOWSsystem32desktop.ini
2009-01-02 04:48:23 —-A—- C:WINDOWSdesktop.ini
2009-01-02 04:48:18 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-01-02 04:48:17 —-A—- C:WINDOWSsystem32acctres.dll
2009-01-02 04:48:16 —-D—- C:Program FilesCommon FilesServices
2009-01-02 04:48:15 —-SD—- C:WINDOWSTasks
2009-01-02 04:48:15 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-01-02 04:48:14 —-D—- C:Program FilesCommon FilesMSSoap
2009-01-02 04:48:11 —-D—- C:WINDOWSsystem32Macromed
2009-01-02 04:48:11 —-D—- C:WINDOWSsrchasst
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wuweb.dll
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wups.dll
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wucltui.dll
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-01-02 04:48:09 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32wuapi.dll
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32qmgr.dll
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-01-02 04:48:08 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-01-02 04:48:05 —-D—- C:Program FilesMovie Maker
2009-01-02 04:48:02 —-A—- C:WINDOWSsystem32safrslv.dll
2009-01-02 04:48:02 —-A—- C:WINDOWSsystem32safrdm.dll
2009-01-02 04:48:02 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-01-02 04:48:02 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-01-02 04:48:00 —-D—- C:WINDOWSsystem32Restore
2009-01-02 04:48:00 —-A—- C:WINDOWSsystem32srsvc.dll
2009-01-02 04:48:00 —-A—- C:WINDOWSsystem32srrstr.dll
2009-01-02 04:48:00 —-A—- C:WINDOWSsystem32srclient.dll
2009-01-02 04:48:00 —-A—- C:WINDOWSsystem32fltMc.exe
2009-01-02 04:48:00 —-A—- C:WINDOWSsystem32fltlib.dll
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32msconf.dll
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-01-02 04:47:59 —-A—- C:WINDOWSsystem32ils.dll
2009-01-02 04:47:57 —-D—- C:Program FilesNetMeeting
2009-01-02 04:47:57 —-A—- C:WINDOWSsystem32msoert2.dll
2009-01-02 04:47:57 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-01-02 04:47:56 —-A—- C:WINDOWSsystem32inetres.dll
2009-01-02 04:47:56 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-01-02 04:47:55 —-D—- C:Program FilesOutlook Express
2009-01-02 04:47:55 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-01-02 04:47:55 —-A—- C:WINDOWSsystem32mstinit.exe
2009-01-02 04:47:54 —-A—- C:WINDOWSsystem32mstask.dll
2009-01-02 04:47:54 —-A—- C:WINDOWSsystem32isign32.dll
2009-01-02 04:47:54 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-01-02 04:47:54 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-01-02 04:47:54 —-A—- C:WINDOWSsystem32icwdial.dll
2009-01-02 04:47:50 —-D—- C:Program FilesCommon FilesSystem
2009-01-02 04:47:48 —-D—- C:Program FilesInternet Explorer
2009-01-02 04:47:34 —-D—- C:Program FilesComPlus Applications
2009-01-02 04:47:33 —-A—- C:WINDOWSvbaddin.ini
2009-01-02 04:47:33 —-A—- C:WINDOWSvb.ini
2009-01-02 04:47:30 —-D—- C:WINDOWSRegistration
2009-01-02 04:47:12 —-D—- C:Program FilesWindows Media Player
2009-01-02 04:47:09 —-D—- C:Program FilesMessenger
2009-01-02 04:47:06 —-D—- C:Program FilesMSN Gaming Zone
2009-01-02 04:47:06 —-A—- C:WINDOWSsystem32write.exe
2009-01-02 04:47:00 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-01-02 04:47:00 —-A—- C:WINDOWSsystem32hticons.dll
2009-01-02 04:47:00 —-A—- C:WINDOWSsystem32avwav.dll
2009-01-02 04:47:00 —-A—- C:WINDOWSsystem32avtapi.dll
2009-01-02 04:47:00 —-A—- C:WINDOWSsystem32avmeter.dll
2009-01-02 04:46:59 —-A—- C:WINDOWSsystem32winchat.exe
2009-01-02 04:46:55 —-A—- C:WINDOWSsystem32getuname.dll
2009-01-02 04:46:55 —-A—- C:WINDOWSsystem32charmap.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32winmine.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32sol.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32reset.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32mshearts.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32freecell.exe
2009-01-02 04:46:54 —-A—- C:WINDOWSsystem32calc.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32tslabels.ini
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32tskill.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32tscon.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32shadow.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32regini.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32msg.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32logoff.exe
2009-01-02 04:46:53 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32stclient.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32mtxex.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32comsnap.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32comrepl.dll
2009-01-02 04:46:52 —-A—- C:WINDOWSsystem32comaddin.dll
2009-01-02 04:46:49 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-01-02 04:46:48 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-01-02 04:46:48 —-A—- C:WINDOWSsystem32accwiz.exe
2009-01-02 04:46:47 —-D—- C:Program FilesWindows NT
2009-01-02 04:46:47 —-A—- C:WINDOWSsystem32spider.exe
2009-01-02 04:46:47 —-A—- C:WINDOWSsystem32mspaint.exe
2009-01-02 04:46:47 —-A—- C:WINDOWSsystem32mplay32.exe
2009-01-02 04:46:47 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-01-02 04:46:47 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32remotepg.dll
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32rdshost.exe
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32rdchost.dll
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32mstscax.dll
2009-01-02 04:46:46 —-A—- C:WINDOWSsystem32mstsc.exe
2009-01-02 04:46:45 —-D—- C:WINDOWSsystem32MsDtc
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32termsrv.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32qprocess.exe
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32mtxoci.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32msdtctm.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32msdtcprx.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32icaapi.dll
2009-01-02 04:46:45 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-01-02 04:46:44 —-D—- C:WINDOWSsystem32Com
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32xolehlp.dll
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32msdtc.exe
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32colbact.dll
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32clbcatex.dll
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32catsrvut.dll
2009-01-02 04:46:44 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-01-02 04:46:43 —-A—- C:WINDOWSsystem32comuid.dll
2009-01-02 04:46:43 —-A—- C:WINDOWSsystem32comsvcs.dll
2009-01-02 04:46:43 —-A—- C:WINDOWSsystem32clbcatq.dll
2009-01-02 04:46:43 —-A—- C:WINDOWSsystem32catsrv.dll
2009-01-02 04:46:39 —-A—- C:WINDOWSsystem32servdeps.dll
2009-01-02 04:46:39 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-01-02 04:46:39 —-A—- C:WINDOWSsystem32licwmi.dll
2009-01-02 04:46:39 —-A—- C:WINDOWSsystem32cmprops.dll
2009-01-02 04:45:28 —-A—- C:WINDOWSsystem32h323log.txt
2009-01-02 04:42:44 —-A—- C:WINDOWSsystem32usbui.dll
2009-01-02 04:42:02 —-A—- C:WINDOWSimsins.BAK
2009-01-02 04:42:00 —-SHD—- C:WINDOWSInstaller
2009-01-02 04:42:00 —-D—- C:Program FilesCommon FilesODBC
2009-01-02 04:42:00 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-02 04:42:00 —-A—- C:WINDOWSODBCINST.INI
2009-01-02 04:41:58 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-01-02 04:41:57 —-RD—- C:Program Files
2009-01-02 04:41:57 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-02 04:41:57 —-D—- C:Program FilesCommon Files
2009-01-02 04:41:55 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-01-02 04:41:55 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-01-02 04:41:55 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-01-02 04:41:54 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-01-02 04:41:53 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-01-02 04:41:53 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-01-02 04:41:53 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-01-02 04:41:53 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-01-02 04:41:53 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-01-02 04:41:51 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdur.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-01-02 04:41:49 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-01-02 04:41:48 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-01-02 04:41:48 —-A—- C:WINDOWSsystem32irclass.dll
2009-01-02 04:41:48 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-01-02 04:41:48 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-01-02 04:41:48 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-01-02 04:41:46 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-01-02 04:41:46 —-A—- C:WINDOWSTASKMAN.EXE
2009-01-02 04:41:46 —-A—- C:WINDOWSsystem32batt.dll
2009-01-02 04:41:46 —-A—- C:WINDOWSNOTEPAD.EXE
2009-01-02 04:41:45 —-A—- C:WINDOWSsystem32storprop.dll
2009-01-02 04:41:40 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-01-02 04:41:38 —-RA—- C:WINDOWSSET8.tmp
2009-01-02 04:41:37 —-RA—- C:WINDOWSSET4.tmp
2009-01-02 04:41:36 —-RA—- C:WINDOWSSET3.tmp
2009-01-02 04:41:32 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-02 04:41:32 —-D—- C:WINDOWSsystem32CatRoot
2009-01-02 04:41:26 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-02 04:25:13 —-A—- C:WINDOWSsetuplog.txt
2009-01-02 04:25:12 —-D—- C:Documents and Settings
2009-01-02 04:24:08 —-SH—- C:boot.ini
2009-01-02 04:06:26 —-RSHD—- C:WINDOWSsystem32dllcache
2009-01-02 04:06:26 —-RSD—- C:WINDOWSFonts
2009-01-02 04:06:26 —-RD—- C:WINDOWSWeb
2009-01-02 04:06:26 —-HD—- C:WINDOWSinf
2009-01-02 04:06:26 —-D—- C:WINDOWSWinSxS
2009-01-02 04:06:26 —-D—- C:WINDOWStwain_32
2009-01-02 04:06:26 —-D—- C:WINDOWSTemp
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32wins
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32wbem
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32usmt
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32spool
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32ShellExt
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32Setup
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32ras
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32oobe
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32npp
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32mui
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32inetsrv
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32IME
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32icsxml
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32ias
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32export
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32drivers
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32dhcp
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32config
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem323com_dmi
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem323076
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem322052
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321054
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321049
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321042
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321041
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321037
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321033
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321031
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321028
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem321025
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem32
2009-01-02 04:06:26 —-D—- C:WINDOWSsystem
2009-01-02 04:06:26 —-D—- C:WINDOWSsecurity
2009-01-02 04:06:26 —-D—- C:WINDOWSResources
2009-01-02 04:06:26 —-D—- C:WINDOWSrepair
2009-01-02 04:06:26 —-D—- C:WINDOWSProvisioning
2009-01-02 04:06:26 —-D—- C:WINDOWSPeerNet
2009-01-02 04:06:26 —-D—- C:WINDOWSpchealth
2009-01-02 04:06:26 —-D—- C:WINDOWSmui
2009-01-02 04:06:26 —-D—- C:WINDOWSmsapps
2009-01-02 04:06:26 —-D—- C:WINDOWSmsagent
2009-01-02 04:06:26 —-D—- C:WINDOWSMedia
2009-01-02 04:06:26 —-D—- C:WINDOWSjava
2009-01-02 04:06:26 —-D—- C:WINDOWSime
2009-01-02 04:06:26 —-D—- C:WINDOWSHelp
2009-01-02 04:06:26 —-D—- C:WINDOWSDriver Cache
2009-01-02 04:06:26 —-D—- C:WINDOWSDebug
2009-01-02 04:06:26 —-D—- C:WINDOWSCursors
2009-01-02 04:06:26 —-D—- C:WINDOWSConnection Wizard
2009-01-02 04:06:26 —-D—- C:WINDOWSConfig
2009-01-02 04:06:26 —-D—- C:WINDOWSAppPatch
2009-01-02 04:06:26 —-D—- C:WINDOWSaddins
2009-01-02 04:06:26 —-D—- C:WINDOWS
2009-01-01 22:38:31 —-A—- C:WINDOWSsystem32RASPPPOE.EXE
2009-01-01 22:38:31 —-A—- C:WINDOWSsystem32RASPPPOE.DLL======List of files/folders modified in the last 1 months======
2009-01-13 00:15:22 —-A—- C:WINDOWSsystem.ini
2009-01-02 12:29:36 —-A—- C:WINDOWSwin.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-06-22 4432384]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2007-12-13 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-23 6807328]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:WINDOWSsystem32DRIVERSRMSPPPOE.SYS [2008-04-26 31424]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 ahs08guz;ahs08guz; C:WINDOWSsystem32driversahs08guz.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:combofixcatchme.sys []
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-07-12 90880]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security 7.0; C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe [2008-02-08 227856]
R2 Diskeeper;Diskeeper; C:Program FilesDiskeeper CorporationDiskeeperDkService.exe [2006-03-09 630905]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-23 155716]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-01-03 138168]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
после операции с combofix на флешке появилась папка Qoobox
QooBox — это каталог, куда combofix помещает удалённые файлы, это нужно для возможного бэкапа. При деинсталлировании программы, этот каталог будет удалён.
Есть ещё один файл, который судя по всему является компонентом трояна, которым заражён ваш компьютер.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"alcomrg.exe"=-
File::
c:windowssystem32driversalcomrg.exeЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Сделал как вы сказали вот лог
ComboFix 09-01-13.03 — Человек 2009-01-13 22:10:36.7 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.2045.1672 [GMT 3:00]
Running from: c:documents and settingsЧеловекРабочий столComboFix.exe
Command switches used :: c:documents and settingsЧеловекРабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32driversalcomrg.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32driversalcomrg.exe
I:autorun.inf
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213alcom.exe
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213Desktop.ini
.
—- Previous Run
.
I:autorun.inf
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213alcom.exe
i:recyclerS-1-6-21-2434476501-1644491937-600003330-1213Desktop.ini.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.2009-01-13 21:58 . 2009-01-13 21:58 7,168 —a
c:windowssystem32driversutiynjex.sys
2009-01-13 21:56 . 2009-01-13 22:10 33,837 —a
C:m5v8n4d9z1e9.exe
2009-01-13 19:25 . 2009-01-13 19:25d
c:program filesDrWeb
2009-01-13 19:25 . 2009-01-13 19:25d
c:documents and settingsЧеловекDoctorWeb
2009-01-13 19:25 . 2009-01-13 19:25d
c:documents and settingsЧеловекDoctorWeb
2009-01-13 19:25 . 2009-01-13 19:25 77,824 —a
c:windowssystem32DRWEBSP.DLL
2009-01-13 19:21 . 2009-01-13 19:21 11,656 —a
c:windowssystem32driverssrwsvc.sys
2009-01-13 00:51 . 2009-01-13 00:51d
C:rsit
2009-01-13 00:51 . 2009-01-13 00:51d
c:program filestrend micro
2009-01-12 23:44 . 2009-01-12 23:44d—hs—- C:FOUND.000
2009-01-12 22:35 . 2009-01-12 22:35d
C:CONFIG
2009-01-12 22:35 . 2009-01-12 22:35d
C:AUDIO
2009-01-12 01:15 . 2009-01-12 01:15d
c:program filesQIP
2009-01-11 23:12 . 1999-10-11 00:09 307,712 —a
c:windowsIsUn0419.exe
2009-01-11 20:18 . 2009-01-11 20:18d
c:program filesKaspersky Lab
2009-01-11 20:18 . 2009-01-11 20:18d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-11 18:52 . 2009-01-11 18:52d
c:documents and settings++T+T+¦LOCALS~1
2009-01-11 18:52 . 2009-01-11 18:52d
c:documents and settings++T+T+¦
2009-01-06 21:38 . 2009-01-06 21:38 107,888 —a
c:windowssystem32CmdLineExt.dll
2009-01-06 21:36 . 2009-01-06 21:36d
c:documents and settingsЧеловекApplication DataLeadertech
2009-01-06 21:36 . 2009-01-06 21:36d
c:documents and settingsЧеловекApplication DataLeadertech
2009-01-06 21:36 . 2009-01-06 21:36d
c:documents and settingsЧеловекApplication DataLeadertech
2009-01-06 21:29 . 2009-01-06 21:29d
c:program filesEA Sports
2009-01-06 19:01 . 2009-01-06 19:01d
c:program filesCounter-Strike 1.6
2009-01-03 13:58 . 2004-08-03 23:08 26,496 —a
c:windowssystem32dllcacheusbstor.sys
2009-01-03 00:14 . 2009-01-03 00:14d
c:program filesGoogle
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataMedia Player Classic
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataMedia Player Classic
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataMedia Player Classic
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataDivX
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataDivX
2009-01-02 20:32 . 2009-01-02 20:32d
c:documents and settingsЧеловекApplication DataDivX
2009-01-02 20:31 . 2009-01-02 20:31d
c:windowssystem32driversumdf
2009-01-02 20:31 . 2009-01-02 20:31d
c:program filesCommon FilesSonic Shared
2009-01-02 20:31 . 2009-01-02 20:31d
c:program filesCommon FilesReal
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsAll UsersApplication DataApple Computer
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsЧеловекApplication DataBSplayer PRO
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsЧеловекApplication DataBSplayer PRO
2009-01-02 20:31 . 2009-01-02 20:31d
c:documents and settingsЧеловекApplication DataBSplayer PRO
2009-01-02 20:11 . 2009-01-02 20:11d
c:documents and settingsЧеловекApplication DataAny Video Converter
2009-01-02 20:11 . 2009-01-02 20:11d
c:documents and settingsЧеловекApplication DataAny Video Converter
2009-01-02 20:11 . 2009-01-02 20:11d
c:documents and settingsЧеловекApplication DataAny Video Converter
2009-01-02 20:03 . 2009-01-02 20:03d
c:documents and settingsЧеловекApplication DataWinamp
2009-01-02 20:03 . 2009-01-02 20:03d
c:documents and settingsЧеловекApplication DataWinamp
2009-01-02 20:03 . 2009-01-02 20:03d
c:documents and settingsЧеловекApplication DataWinamp
2009-01-02 18:20 . 2003-09-18 14:32 1,060,864 —a
c:windowssystem32MFC71.dll
2009-01-02 18:20 . 2003-09-18 14:32 499,712 —a
c:windowssystem32msvcp71.dll
2009-01-02 18:20 . 2003-09-18 14:32 348,160 —a
c:windowssystem32msvcr71.dll
2009-01-02 18:20 . 2004-01-14 04:10 163,840 —a
c:windowsBJPSUNST.EXE
2009-01-02 18:19 . 2009-01-02 18:19d
c:windowsStartHtmico
2009-01-02 18:19 . 2009-01-02 18:19d—h
c:documents and settingsAll UsersApplication DataCanonBJ
2009-01-02 18:19 . 1998-10-29 16:45 306,688 —a
c:windowsIsUninst.exe
2009-01-02 18:19 . 2005-03-25 08:10 139,776
c:windowssystem32CNMLM75.DLL
2009-01-02 18:19 . 2005-03-08 21:17 90,112 -ra
c:windowssystem32CNMCP75.exe
2009-01-02 18:19 . 2005-03-25 08:00 8,704 —a
c:windowssystem32CNMVS75.DLL
2009-01-02 18:18 . 2009-01-02 18:19d
c:program filesCanon
2009-01-02 18:17 . 2004-08-03 23:01 25,856 —a
c:windowssystem32driversusbprint.sys
2009-01-02 18:17 . 2004-08-03 23:01 25,856 —a
c:windowssystem32dllcacheusbprint.sys
2009-01-02 16:04 . 2009-01-02 16:04d
c:program filesmiranda im zelebobs’a pack
2009-01-02 12:29 . 2009-01-02 12:29d
c:program filesMicrosoft.NET
2009-01-02 12:29 . 2003-06-19 01:31 17,920 —a
c:windowssystem32mdimon.dll
2009-01-02 12:28 . 2009-01-02 12:28d
c:windowsSHELLNEW
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools Pro
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools Pro
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools Pro
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools
2009-01-02 12:10 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataDAEMON Tools
2009-01-02 12:09 . 2009-01-02 12:10d
c:program filesYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:program filesCommon FilesYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataYandex
2009-01-02 12:09 . 2009-01-02 12:10d
c:documents and settingsЧеловекApplication DataYandex
2009-01-02 12:03 . 2009-01-02 12:03d
c:documents and settingsЧеловекApplication DataDAEMON Tools Lite
2009-01-02 12:03 . 2009-01-02 12:03d
c:documents and settingsЧеловекApplication DataDAEMON Tools Lite
2009-01-02 12:03 . 2009-01-02 12:03d
c:documents and settingsЧеловекApplication DataDAEMON Tools Lite
2009-01-02 12:03 . 2009-01-02 12:03 717,296 —a
c:windowssystem32driverssptd.sys
2009-01-02 11:54 . 2009-01-02 11:54d—hs—- C:Recycled
2009-01-02 11:49 . 2009-01-02 12:29 754 —a
c:windowsODBC.INI
2009-01-02 11:43 . 2009-01-13 22:12 558 —a
c:windowsDFC.INI
2009-01-02 11:39 . 2009-01-02 11:41 127,254 —a
c:windowssystem32nvapps.xml
2009-01-02 11:39 . 2007-07-23 05:34 17,254 —a
c:windowssystem32nvwsapps.xml
2009-01-02 11:38 . 2009-01-02 11:38d
c:windowsnview
2009-01-02 11:38 . 2007-06-29 01:54 356,352 —a
c:windowssystem32NVUNINST.EXE
2009-01-02 11:38 . 2007-07-23 05:34 356,352 —a
c:windowssystem32nvudisp.exe
2009-01-02 11:38 . 2007-07-23 05:34 17,463 —a
c:windowssystem32nvdisp.nvu
2009-01-02 11:36 . 2009-01-02 11:36d
c:program filesVDOTool
2009-01-02 11:33 . 2009-01-02 11:33d
c:windowssystem32Lang
2009-01-02 11:33 . 2009-01-02 11:33 940,794 —a
c:windowssystem32LoopyMusic.wav
2009-01-02 11:33 . 2009-01-02 11:33 146,650 —a
c:windowssystem32BuzzingBee.wav
2009-01-02 11:30 . 2009-01-02 11:30d
c:windowssystem32RTCOM
2009-01-02 11:29 . 2007-01-12 11:54 520,192 -r
c:windowsRtlExUpd.dll
2009-01-02 11:29 . 2009-01-02 11:29 315,392 —a
c:windowsHideWin.exe
2009-01-02 11:25 . 2009-01-02 11:25d
c:windowsOPTIONS
2009-01-02 11:25 . 2009-01-02 11:25d
c:program filesRealtek
2009-01-02 11:25 . 2009-01-02 11:25d—h
c:program filesInstallShield Installation Information
2009-01-02 11:25 . 2009-01-02 11:25d
c:documents and settingsЧеловекApplication DataInstallShield
2009-01-02 11:25 . 2009-01-02 11:25d
c:documents and settingsЧеловекApplication DataInstallShield
2009-01-02 11:25 . 2009-01-02 11:25d
c:documents and settingsЧеловекApplication DataInstallShield
2009-01-02 11:25 . 2007-07-12 07:00 90,880 -ra
c:windowssystem32driversRtenicxp.sys
2009-01-02 11:19 . 2009-01-02 11:19d
c:windowssystem32DRVSTORE
2009-01-02 11:19 . 2009-01-02 11:19d
c:program filesIntel
2009-01-02 11:19 . 2009-01-02 11:19d
C:Intel
2009-01-02 11:16 . 2009-01-02 11:16d
c:windowsDownloaded Installations
2009-01-02 11:16 . 2009-01-02 11:16d
c:program filesDiskeeper Corporation
2009-01-02 11:16 . 2009-01-02 11:16d
c:program filesCommon FilesInstallShield
2009-01-02 11:15 . 2009-01-02 11:15d
C:TempEI4
2009-01-02 11:15 . 2009-01-02 11:15d
c:program filesMSXML 4.0.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 04:50 359,040
w c:windowssystem32driverstcpip.sys
2009-01-02 01:49
d
w c:program filesmicrosoft frontpage
.
Sigcheck
2009-01-09 07:50 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:windowssystem32driverstcpip.sys
2004-08-18 12:00 359040 9f4b36614a0fc234525ba224957de55c c:windowssystem32dllcachetcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_ 0.06.56.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-13 19:12:42 16,384 —-a-w c:windowsTempPerflib_Perfdata_dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
«DAEMON Tools Lite»=»d:progra~1DAEMON~2daemon.exe» [2008-12-10 216520]
«Yupdate!»=»c:progra~1COMMON~1YandexYupdateyupdate.exe» [2008-10-20 479496]
«swg»=»c:program filesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe» [2009-01-03 171448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«DiskeeperSystray»=»c:program filesDiskeeper CorporationDiskeeperDkIcon.exe» [2006-02-24 196709]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-06-26 2165272]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-07-23 8466432]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-07-23 81920]
«Easy-PrintToolBox»=»c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE» [2004-01-14 409600]
«WinampAgent»=»d:program filesWinampwinampa.exe» [2008-07-10 36352]
«RTHDCPL»=»RTHDCPL.EXE» [2007-06-13 c:windowsRTHDCPL.exe]
«nwiz»=»nwiz.exe» [2007-07-23 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.HFYU»= huffyuv.dll
«msacm.l3codecp»= l3codecp.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Miranda IM zeleboba’s pack\miranda32.exe»=
«c:\Program Files\Counter-Strike 1.6\hlds.exe»=
«c:\Program Files\Counter-Strike 1.6\hl.exe»=
«c:\Program Files\Counter-Strike 1.6\cstrike.exe»=R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:windowssystem32driversRMSPPPOE.SYS [2009-01-01 31424]
R4 srwsvc;srwsvc;c:windowssystem32driverssrwsvc.sys [2009-01-13 11656]
S3 utiynjex;AVZ Kernel Driver;c:windowssystem32driversutiynjex.sys [2009-01-13 7168]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.natm.ru/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Экспорт в Microsoft Excel — d:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — d:progra~1MICROS~1Office10EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 22:12:44
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:program filesDISKEEPER CORPORATIONDISKEEPERDKSERVICE.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:windowsSYSTEM32RUNDLL32.EXE
c:program filesCOMMON FILESYANDEXYUPDATEYUPDATE.EXE
c:windowsSYSTEM32WBEMWMIAPSRV.EXE
.
**************************************************************************
.
Completion time: 2009-01-13 22:13:21 — machine was rebooted [Человек]
ComboFix-quarantined-files.txt 2009-01-13 19:13:20
ComboFix3.txt 2009-01-12 21:07:42
ComboFix2.txt 2009-01-12 21:16:26Pre-Run: 8,671,526,912 байт свободно
Post-Run: 8,680,783,872 байт свободно246
Лог выглядит нормально, но появилось пара драйверов. Вы запускали AVZ ?
Есть ли сейчас проблемы с компьютером ?
И ещё так как компьютер был заражён autorun.inf трояном, то очевидно, что у вас есть заражённая флэшка.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.Приложите к своему ответу свежий combofix лог.
Несколько завершающих действий.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ..
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
