- This topic has 23 ответа, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
комбофикс начинает сканирование и зависает, выдавая какую-то непонятную надпись заканчивающаяся Check_hal
Прилагаю RSIT-лог:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by 1 at 2009-03-25 20:04:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (12%) free of 56 GB
Total RAM: 1023 MB (54% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2009-03-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32ASWLSVC.exe
C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesJavajre6binjqs.exe
c:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesPhotodexProShowProducerScsiAccess.exe
C:WINDOWSsystem32ASWL2K.exe
C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32TUProgSt.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSATK0100HControl.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesAd MuncherAdMunch.exe
C:Program FilesVista Start MenuVistaStartMenu.exe
C:Program FilesTaskSwitchXPTaskSwitchXP.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng1.exe
C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe
C:Program FilesBible Verseverse.exe
C:PROGRA~1WIDCOMMПРОГРА~1BTSTAC~1.EXE
C:WINDOWSATK0100ATKOSD.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSSystem32irftp.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionNclBTHandler.exe
C:Program FilesNokiaNokia PC Suite 6OneTouchAccess.exe
C:Documents and Settings1Local SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Documents and Settings1Local SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and Settings1Рабочий столлекариRSIT.exe
C:Program Filestrend micro1.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.icq.com/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
R3 — URLSearchHook: Freecorder Toolbar — {1392b8d2-5c05-419f-a8f6-b9f15a596612} — C:Program FilesFreecordertbFre1.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: Freecorder Toolbar — {1392b8d2-5c05-419f-a8f6-b9f15a596612} — C:Program FilesFreecordertbFre1.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: Ask Toolbar BHO — {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} — C:Program FilesAskSBarbar1.binASKSBAR.DLL
O3 — Toolbar: Freecorder Toolbar — {1392b8d2-5c05-419f-a8f6-b9f15a596612} — C:Program FilesFreecordertbFre1.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Ad Muncher] «C:Program FilesAd MuncherAdMunch.exe» /bt
O4 — HKCU..Run: [VistaStartMenu] «C:Program FilesVista Start MenuVistaStartMenu.exe»
O4 — HKCU..Run: [TaskSwitchXP] C:Program FilesTaskSwitchXPTaskSwitchXP.exe
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 52axcmd.exe» /automount
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O4 — HKCU..Run: [PC Tools GUI Application] C:Program FilesSpyware Doctorswdoctor.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Bible Verse.lnk = C:Program FilesBible Verseverse.exe
O4 — User Startup: Bible Verse.lnk = C:Program FilesBible Verseverse.exe
O4 — Global Startup: Bluetooth Manager.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 — Extra context menu item: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 — Extra context menu item: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 — Extra context menu item: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 — Extra context menu item: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Отправить через &Bluetooth — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-4017 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 — HKLMSystemCCSServicesTcpip..{40886BB9-E1CA-450B-8928-4BDE360C3B1D}: NameServer = 10.65.30.1
O17 — HKLMSystemCCSServicesTcpip..{BF5C24D9-9686-47B0-9438-F3D0B541B5A1}: NameServer = 212.58.160.33 212.58.160.34
O17 — HKLMSystemCCSServicesTcpip..{FD9A598A-AB3A-46EE-BC38-0C0B2EEF183A}: NameServer = 10.65.30.1
O23 — Service: Lavasoft Ad-Aware Service (aawservice) — Lavasoft — C:Program FilesLavasoftAd-Awareaawservice.exe
O23 — Service: ASWLSVC — Unknown owner — C:WINDOWSsystem32ASWLSVC.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Firebird Server — MAGIX Instance (FirebirdServerMAGIXInstance) — MAGIX® — C:MAGIXCommonDatabasebinfbserver.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — c:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware Doctorsvcntaux.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware Doctorswdsvc.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) — TuneUp Software — C:WINDOWSSystem32TUProgSt.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12832 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
C:WINDOWStasksБыстрое решение проблем.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar — C:Program FilesFreecordertbFre1.dll [2008-03-11 1470488][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-03-10 370296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2009-03-06 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2009-03-17 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-03-11 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-03-11 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO — C:Program FilesAskSBarbar1.binASKSBAR.DLL [2009-02-04 262144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} — Freecorder Toolbar — C:Program FilesFreecordertbFre1.dll [2008-03-11 1470488]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2009-03-17 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2005-08-18 807001]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-09-23 7286784]
«HControl»=C:WINDOWSATK0100HControl.exe [2005-08-29 184320]
«nwiz»=nwiz.exe /install []
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-03-10 255528]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2008-04-28 651264]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-03-11 218520]
«Ad Muncher»=C:Program FilesAd MuncherAdMunch.exe [2007-11-03 849408][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaStartMenu»=C:Program FilesVista Start MenuVistaStartMenu.exe [2009-03-22 1588736]
«TaskSwitchXP»=C:Program FilesTaskSwitchXPTaskSwitchXP.exe [2006-08-05 144896]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 52axcmd.exe [2008-11-23 203208]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«CursorXP»=C:Program FilesCursorXPCursorXP.exe [2005-01-19 201728]
«PC Tools GUI Application»=C:Program FilesSpyware Doctorswdoctor.exe [2007-08-14 2511176][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Live Update]
C:Program FilesASUSASUS Live UpdateALU.exe [2005-11-02 258048]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Bluetooth Manager.lnk — C:Program FilesToshibaBluetooth Toshiba StackTosBtMng1.exe
BTTray.lnk — C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exeC:Documents and Settings1Главное менюПрограммыАвтозагрузка
Bible Verse.lnk — C:Program FilesBible Verseverse.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWBSrv]
C:PROGRA~1STARDOCKOBJECT~1WINDOW~1wbsrv.dll [2007-03-05 140976][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPSEXESVC]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPSEXESVC]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesIntuwave LtdSharedmRouterRunTimemRouterRuntime.exe»=»C:Program FilesIntuwave LtdSharedmRouterRunTimemRouterRuntime.exe:*:Enabled:mRouterRuntime»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesALLTEL CommunicationsALLTEL Internet Accelerator ClientNettGain1200_C.exe»=»C:Program FilesALLTEL CommunicationsALLTEL Internet Accelerator ClientNettGain1200_C.exe:*:Enabled:NettGain1100_C»
«C:Program FilesXenus 2 — White GoldXenus.exe»=»C:Program FilesXenus 2 — White GoldXenus.exe:*:Enabled:Executable»
«C:Program FilesGizmo5mDNSResponder.exe»=»C:Program FilesGizmo5mDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesGizmo5Gizmo5.exe»=»C:Program FilesGizmo5Gizmo5.exe:*:Enabled:Gizmo5»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ipsec»
«C:Documents and Settings1Local SettingsApplication DataGoogleChromeApplicationchrome.exe»=»C:Documents and Settings1Local SettingsApplication DataGoogleChromeApplicationchrome.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:PROGRA~1ICQ6.5ICQ.exe»=»C:PROGRA~1ICQ6.5ICQ.exe:*:Enabled:ipsec»
«C:Program FilesTaskSwitchXPTaskSwitchXP.exe»=»C:Program FilesTaskSwitchXPTaskSwitchXP.exe:*:Enabled:ipsec»
«C:Program FilesCursorXPCursorXP.exe»=»C:Program FilesCursorXPCursorXP.exe:*:Enabled:ipsec»
«C:Program FilesSpyware DoctorSDTrayApp.exe»=»C:Program FilesSpyware DoctorSDTrayApp.exe:*:Enabled:ipsec»
«C:Program FilesBible Verseverse.exe»=»C:Program FilesBible Verseverse.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32nwiz.exe»=»C:WINDOWSsystem32nwiz.exe:*:Enabled:ipsec»
«C:Program FilesDAEMON Tools Litedaemon.exe»=»C:Program FilesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
«C:Program FilesAIMP ClassiccAIMP.exe»=»C:Program FilesAIMP ClassiccAIMP.exe:*:Enabled:ipsec»
«C:Program FilesAd MuncherAdMunch.exe»=»C:Program FilesAd MuncherAdMunch.exe:*:Enabled:ipsec»
«C:Program FilesМастер КоллажейCollage.exe»=»C:Program FilesМастер КоллажейCollage.exe:*:Enabled:ipsec»
«C:Program FilesSynapticsSynTPSynTPEnh.exe»=»C:Program FilesSynapticsSynTPSynTPEnh.exe:*:Enabled:ipsec»
«C:Program FilesRealRealPlayerRealPlay.exe»=»C:Program FilesRealRealPlayerRealPlay.exe:*:Enabled:ipsec»
«C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe»=»C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe:*:Enabled:ipsec»
«C:WINDOWSATK0100HControl.exe»=»C:WINDOWSATK0100HControl.exe:*:Enabled:ipsec»
«C:Program FilesPC Connectivity SolutionServiceLayer.exe»=»C:Program FilesPC Connectivity SolutionServiceLayer.exe:*:Enabled:ipsec»
«C:Documents and Settings1Local SettingsApplication DataGoogleUpdateGoogleUpdate.exe»=»C:Documents and Settings1Local SettingsApplication DataGoogleUpdateGoogleUpdate.exe:*:Enabled:ipsec»
«C:Program FilesTuneUp Utilities 2009Integrator.exe»=»C:Program FilesTuneUp Utilities 2009Integrator.exe:*:Enabled:ipsec»
«C:Program FilesNokiaNokia PC Suite 6OneTouchAccess.exe»=»C:Program FilesNokiaNokia PC Suite 6OneTouchAccess.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesRealUpdate_OBrealsched.exe»=»C:Program FilesCommon FilesRealUpdate_OBrealsched.exe:*:Enabled:ipsec»
«C:Program FilesTuneUp Utilities 2009ProcessManager.exe»=»C:Program FilesTuneUp Utilities 2009ProcessManager.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOffice10WINWORD.EXE»=»C:Program FilesMicrosoft OfficeOffice10WINWORD.EXE:*:Enabled:ipsec»
«C:Documents and Settings1Рабочий столигрушкиRA.5.Spots.II.v1.05spots2.exe»=»C:Documents and Settings1Рабочий столигрушкиRA.5.Spots.II.v1.05spots2.exe:*:Enabled:ipsec»
«C:Program FilesPC Connectivity SolutionNclBTHandler.exe»=»C:Program FilesPC Connectivity SolutionNclBTHandler.exe:*:Enabled:ipsec»
«C:Program FilesASUSTekASUSDVDASUSDVD.exe»=»C:Program FilesASUSTekASUSDVDASUSDVD.exe:*:Enabled:ipsec»
«C:Program FilesTuneUp Utilities 2009OneClickStarter.exe»=»C:Program FilesTuneUp Utilities 2009OneClickStarter.exe:*:Enabled:ipsec»
«C:WINDOWSSystem32irftp.exe»=»C:WINDOWSSystem32irftp.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32wuauclt.exe»=»C:WINDOWSsystem32wuauclt.exe:*:Enabled:ipsec»
«C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe»=»C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe:*:Enabled:ipsec»
«C:WINDOWSSystem32dpvsetup.exe»=»C:WINDOWSSystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:WINDOWSSystem32rundll32.exe»=»C:WINDOWSSystem32rundll32.exe:*:Enabled:Запуск библиотеки DLL как приложения»
«C:WINDOWSexplorer.exe»=»C:WINDOWSexplorer.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinhvkf.exe»=»C:DOCUME~11LOCALS~1Tempwinhvkf.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempckrmbj.exe»=»C:DOCUME~11LOCALS~1Tempckrmbj.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinxrstxd.exe»=»C:DOCUME~11LOCALS~1Tempwinxrstxd.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Temprbsfll.exe»=»C:DOCUME~11LOCALS~1Temprbsfll.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwiniuvdjx.exe»=»C:DOCUME~11LOCALS~1Tempwiniuvdjx.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinojtk.exe»=»C:DOCUME~11LOCALS~1Tempwinojtk.exe:*:Enabled:ipsec»
«C:Program FilesPC Connectivity SolutionNclInstaller.exe»=»C:Program FilesPC Connectivity SolutionNclInstaller.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempkpvn.exe»=»C:DOCUME~11LOCALS~1Tempkpvn.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinsixiv.exe»=»C:DOCUME~11LOCALS~1Tempwinsixiv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinekvuy.exe»=»C:DOCUME~11LOCALS~1Tempwinekvuy.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinndfutg.exe»=»C:DOCUME~11LOCALS~1Tempwinndfutg.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwqkrdv.exe»=»C:DOCUME~11LOCALS~1Tempwqkrdv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinnkwq.exe»=»C:DOCUME~11LOCALS~1Tempwinnkwq.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinrpqnv.exe»=»C:DOCUME~11LOCALS~1Tempwinrpqnv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinhkat.exe»=»C:DOCUME~11LOCALS~1Tempwinhkat.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwincyfw.exe»=»C:DOCUME~11LOCALS~1Tempwincyfw.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinjgyc.exe»=»C:DOCUME~11LOCALS~1Tempwinjgyc.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempsbgvc.exe»=»C:DOCUME~11LOCALS~1Tempsbgvc.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinuqrrvy.exe»=»C:DOCUME~11LOCALS~1Tempwinuqrrvy.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinhhshw.exe»=»C:DOCUME~11LOCALS~1Tempwinhhshw.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempveub.exe»=»C:DOCUME~11LOCALS~1Tempveub.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinnpxw.exe»=»C:DOCUME~11LOCALS~1Tempwinnpxw.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinpvdj.exe»=»C:DOCUME~11LOCALS~1Tempwinpvdj.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempw118024f.exe»=»C:DOCUME~11LOCALS~1Tempw118024f.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempdvanp.exe»=»C:DOCUME~11LOCALS~1Tempdvanp.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinpxpv.exe»=»C:DOCUME~11LOCALS~1Tempwinpxpv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinqqhubu.exe»=»C:DOCUME~11LOCALS~1Tempwinqqhubu.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempubawb.exe»=»C:DOCUME~11LOCALS~1Tempubawb.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinocso.exe»=»C:DOCUME~11LOCALS~1Tempwinocso.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinpjihw.exe»=»C:DOCUME~11LOCALS~1Tempwinpjihw.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinxegko.exe»=»C:DOCUME~11LOCALS~1Tempwinxegko.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinximqql.exe»=»C:DOCUME~11LOCALS~1Tempwinximqql.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempgncf.exe»=»C:DOCUME~11LOCALS~1Tempgncf.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinjgdlc.exe»=»C:DOCUME~11LOCALS~1Tempwinjgdlc.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwincejudo.exe»=»C:DOCUME~11LOCALS~1Tempwincejudo.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempohtynx.exe»=»C:DOCUME~11LOCALS~1Tempohtynx.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Temprhjl.exe»=»C:DOCUME~11LOCALS~1Temprhjl.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinbqfeo.exe»=»C:DOCUME~11LOCALS~1Tempwinbqfeo.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinrkxr.exe»=»C:DOCUME~11LOCALS~1Tempwinrkxr.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinapsuk.exe»=»C:DOCUME~11LOCALS~1Tempwinapsuk.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwintjdlq.exe»=»C:DOCUME~11LOCALS~1Tempwintjdlq.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempw477778.exe»=»C:DOCUME~11LOCALS~1Tempw477778.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Temppfpgwo.exe»=»C:DOCUME~11LOCALS~1Temppfpgwo.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwindbsqv.exe»=»C:DOCUME~11LOCALS~1Tempwindbsqv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinueytvc.exe»=»C:DOCUME~11LOCALS~1Tempwinueytvc.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinekwvw.exe»=»C:DOCUME~11LOCALS~1Tempwinekwvw.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempcbbxj.exe»=»C:DOCUME~11LOCALS~1Tempcbbxj.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinpqlnd.exe»=»C:DOCUME~11LOCALS~1Tempwinpqlnd.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempfehmn.exe»=»C:DOCUME~11LOCALS~1Tempfehmn.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinudlxv.exe»=»C:DOCUME~11LOCALS~1Tempwinudlxv.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwingmaptk.exe»=»C:DOCUME~11LOCALS~1Tempwingmaptk.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempiruti.exe»=»C:DOCUME~11LOCALS~1Tempiruti.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Temprcyn.exe»=»C:DOCUME~11LOCALS~1Temprcyn.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempssjktg.exe»=»C:DOCUME~11LOCALS~1Tempssjktg.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinwvgsk.exe»=»C:DOCUME~11LOCALS~1Tempwinwvgsk.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempdpntn.exe»=»C:DOCUME~11LOCALS~1Tempdpntn.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinuibjkb.exe»=»C:DOCUME~11LOCALS~1Tempwinuibjkb.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempwinjvvwuy.exe»=»C:DOCUME~11LOCALS~1Tempwinjvvwuy.exe:*:Enabled:ipsec»
«C:DOCUME~11LOCALS~1Tempived.exe»=»C:DOCUME~11LOCALS~1Tempived.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-03-25 19:32:21 —-D—- C:ComboFix
2009-03-25 19:32:20 —-A—- C:WINDOWSsystem32CF9974.exe
2009-03-25 19:15:55 —-A—- C:WINDOWSsystem32CF6767.exe
2009-03-25 19:02:56 —-A—- C:WINDOWSsystem32CF4220.exe
2009-03-25 18:56:39 —-D—- C:Avenger
2009-03-25 18:56:39 —-A—- C:avenger.txt
2009-03-24 09:49:17 —-A—- C:WINDOWSntbtlog.txt
2009-03-20 15:51:16 —-SHD—- C:FOUND.004
2009-03-13 18:09:24 —-SHD—- C:FOUND.003
2009-03-13 18:00:53 —-A—- C:WINDOWSNIRCMD.exe
2009-03-13 17:28:54 —-SHD—- C:FOUND.002
2009-03-12 21:21:27 —-N—- C:Eula.txt
2009-03-12 21:10:52 —-N—- C:RegDelNull.exe
2009-03-12 12:00:36 —-HD—- C:WINDOWS$NtUninstallKB938464-v2$
2009-03-12 07:36:12 —-SHD—- C:FOUND.001
2009-03-11 20:46:35 —-A—- C:WINDOWSsystem32deploytk.dll
2009-03-11 12:01:11 —-HD—- C:WINDOWS$NtUninstallKB960225$
2009-03-11 12:00:45 —-HD—- C:WINDOWS$NtUninstallKB958690$
2009-03-10 21:20:06 —-D—- C:WINDOWStemp
2009-03-10 20:07:30 —-A—- C:WINDOWSzip.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSVFIND.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSSWXCACLS.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSSWSC.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSSWREG.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSsed.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSgrep.exe
2009-03-10 20:07:30 —-A—- C:WINDOWSfdsv.exe
2009-03-10 19:51:30 —-D—- C:WINDOWSERDNT
2009-03-10 19:51:21 —-AD—- C:Qoobox
2009-03-10 16:09:56 —-D—- C:autorun.inf
2009-03-10 13:35:48 —-D—- C:Program FilesPlugins
2009-03-10 13:35:48 —-D—- C:Program FilesLang
2009-03-10 12:33:03 —-D—- C:Documents and Settings1Application DataLavasoft
2009-03-09 10:41:14 —-SHD—- C:FOUND.000
2009-02-26 18:08:06 —-A—- C:WINDOWSsystem32TUKernel.exe
2009-02-26 16:43:39 —-A—- C:WINDOWSsystem32vorbis.dll
2009-02-26 16:41:27 —-A—- C:WINDOWSvorbis.dll
2009-02-26 12:01:28 —-HD—- C:WINDOWS$NtUninstallKB967715$======List of files/folders modified in the last 1 months======
2009-03-25 20:00:58 —-A—- C:WINDOWSModemLog_Nokia 6125 IrDA Modem.txt
2009-03-25 19:32:32 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-25 18:51:10 —-A—- C:WINDOWSNeroDigital.ini
2009-03-24 15:22:16 —-A—- C:WINDOWSModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2009-03-24 09:58:46 —-RSH—- C:boot.ini
2009-03-23 00:53:42 —-A—- C:WINDOWSSystem.ini
2009-03-22 16:58:24 —-A—- C:WINDOWSLTD.ini
2009-03-21 09:09:38 —-A—- C:WINDOWSsystem32Painter.ini
2009-03-11 20:46:32 —-A—- C:WINDOWSsystem32javaws.exe
2009-03-11 20:46:32 —-A—- C:WINDOWSsystem32javaw.exe
2009-03-11 20:46:32 —-A—- C:WINDOWSsystem32java.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 cdrbsdrv;cdrbsdrv; C:WINDOWSsystem32driverscdrbsdrv.sys [2005-05-11 32256]
R1 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys [2007-08-07 25160]
R1 VD_FileDisk;VD_FileDisk; C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15872]
R2 BTSERIAL;Bluetooth Serial Driver; ??C:WINDOWSsystem32driversbtserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; ??C:WINDOWSsystem32driversbtslbcsp.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-14 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:WINDOWSsystem32DRIVERSmdc8021x.sys [2006-11-04 15781]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-03-16 13059]
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversgloenm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-04-28 4124352]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-14 60800]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 ASNDIS5;ASNDIS5 Protocol Driver; ??C:WINDOWSsystem32ASNDIS5.SYS []
R3 BCM43XX;Драйвер сетевого адаптера ASUS 802.11; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2005-02-11 371712]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-05-12 401664]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-05-12 30363]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-12 1342602]
R3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-05-12 148168]
R3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-05-12 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-12 57320]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-14 13952]
R3 ElbyDelay;ElbyDelay; C:WINDOWSSystem32DriversElbyDelay.sys [2007-02-16 11984]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2005-06-22 1034752]
R3 HSFHWSIS;HSFHWSIS; C:WINDOWSsystem32DRIVERSHSFHWSIS.sys [2005-06-22 216320]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSsystem32DRIVERSMSIRCOMM.sys [2008-04-14 22016]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-14 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-09-23 3522304]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2008-04-28 104320]
R3 SynMini;USB2.0 1.3M Web Cam; C:WINDOWSSystem32DriversSynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:WINDOWSSystem32DriversSynScan.sys [2005-10-03 8278]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2005-08-18 190912]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-14 17152]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2005-06-22 716416]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:WINDOWSsystem32DRIVERSzebrceb.sys [2006-02-01 41792]
S1 AmdPPM;Драйвер AMD HwPState процессора; C:WINDOWSsystem32DRIVERSAmdPPM.sys [2007-04-16 33792]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; ??C:WINDOWSsystem32driversNSDriver.sys []
S3 aiqpv42g;aiqpv42g; C:WINDOWSsystem32driversaiqpv42g.sys []
S3 azbdv37p;azbdv37p; C:WINDOWSsystem32driversazbdv37p.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 DSDrv4;DSDrv4; ??C:PROGRA~1DScalerDSDrv4.sys []
S3 IKFileSec;File Security Driver; C:WINDOWSsystem32driversikfilesec.sys [2007-08-14 40264]
S3 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2007-08-14 57672]
S3 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2007-08-14 82248]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSk750obex.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 nhcDriverDevice;Notebook Hardware Control Driver; ??C:WINDOWSsystem32driversnhcDriver.sys []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-10-10 12800]
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:WINDOWSsystem32DRIVERSPTDCBus.sys [2007-01-11 24832]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:WINDOWSsystem32DRIVERSPTDCMdm.sys [2007-01-11 39424]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:WINDOWSsystem32DRIVERSPTDCVsp.sys [2007-01-11 37760]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; ??C:PROGRA~1COMMON~1SYMANT~1SymcDataidsdefs20070124.003symidsco.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-07-07 611664]
R2 ASWLSVC;ASWLSVC; C:WINDOWSsystem32ASWLSVC.exe [2004-05-06 496640]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe [2006-05-12 258103]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-03-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-04-24 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-09-23 143428]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-01-19 66872]
R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-01-11 181312]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:WINDOWSSystem32TUProgSt.exe [2009-01-05 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 280064]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance; C:MAGIXCommonDatabasebinfbserver.exe [2005-11-17 1605724]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-17 211896]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 143360]
S3 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware Doctorsvcntaux.exe [2007-08-14 729416]
S3 sdCoreService;PC Tools Security Service; C:Program FilesSpyware Doctorswdsvc.exe [2007-08-14 1407816]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-01-05 360192]
EOF
комбофикс начинает сканирование и зависает, выдавая какую-то непонятную надпись заканчивающаяся Check_hal
Скачайте свежую версию Combofix и установите Recovery Console. Как это сделать, вы можете узнать на странице описания программы Combofix.
Жду от вас Combofix лог.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 09-03-27.02 — 1 2009-03-29 22:02:47.16 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.1023.681 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.H:autorun.inf
I:autorun.inf
I:kvos.pif
.
—- Previous Run
.
c:windowsIE4 Error Log.txt
I:kvos.pif.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_PCIDump((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.2009-03-27 00:13 . 2009-03-27 00:13 d
C:2009_03_27
2009-03-26 23:51 . 2009-03-26 23:51 d
C:2009_03_26
2009-03-26 20:47 . 2009-03-26 20:47 26 —a
c:windowssystem32cvmpeg32.cfg
2009-03-20 15:51 . 2009-03-20 15:51 d—hs—- C:FOUND.004
2009-03-13 18:09 . 2009-03-13 18:09 d—hs—- C:FOUND.003
2009-03-13 17:56 . 2006-11-01 13:06 232,248
c:documents and settings1RegDelNull.exe
2009-03-13 17:28 . 2009-03-13 17:28 d—hs—- C:FOUND.002
2009-03-12 21:10 . 2006-11-01 13:06 232,248
C:RegDelNull.exe
2009-03-12 19:02 . 2009-03-12 19:02 d
c:documents and settingsГостьApplication DataHelp
2009-03-12 18:08 . 2009-03-12 18:08 d
c:documents and settingsГостьApplication DataAdobe
2009-03-12 17:47 . 2009-03-12 17:47 d
c:documents and settings++TT-LOCALS~1
2009-03-12 17:47 . 2009-03-12 17:47 d
c:documents and settings++TT-
2009-03-12 07:36 . 2009-03-12 07:36 d—hs—- C:FOUND.001
2009-03-11 20:46 . 2009-03-11 20:46 410,984 —a
c:windowssystem32deploytk.dll
2009-03-10 16:35 . 2009-03-12 20:54 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-10 16:35 . 2009-03-12 20:54 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-10 15:44 . 2009-03-10 15:44 d
c:documents and settingsГостьApplication DataAIMP
2009-03-10 15:35 . 2006-11-04 05:25 d
c:documents and settingsГостьWINDOWS
2009-03-10 15:35 . 2006-11-04 05:25 d
c:documents and settingsГостьWINDOWS
2009-03-10 15:35 . 2006-11-04 05:17 dr-h
c:documents and settingsГостьSendTo
2009-03-10 15:35 . 2006-11-04 05:17 dr-h
c:documents and settingsГостьSendTo
2009-03-10 15:35 . 2009-03-10 15:35 dr-h
c:documents and settingsГостьRecent
2009-03-10 15:35 . 2009-03-10 15:35 dr-h
c:documents and settingsГостьRecent
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьPrintHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьPrintHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьNetHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьNetHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьLocal Settings
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьLocal Settings
2009-03-10 15:35 . 2006-11-04 05:12 d—s—- c:documents and settingsГостьCookies
2009-03-10 15:35 . 2006-11-04 05:12 d—s—- c:documents and settingsГостьCookies
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГостьApplication DataReal
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГостьApplication DataPC Suite
2009-03-10 15:35 . 2006-11-04 05:11 d—s—- c:documents and settingsГостьApplication DataMicrosoft
2009-03-10 15:35 . 2006-11-04 05:41 d
c:documents and settingsГостьApplication DataMacromedia
2009-03-10 15:35 . 2006-11-04 05:18 d
c:documents and settingsГостьApplication DataIdentities
2009-03-10 15:35 . 2006-11-04 05:12 dr-h
c:documents and settingsГостьApplication Data
2009-03-10 15:35 . 2006-11-04 05:12 dr-h
c:documents and settingsГостьApplication Data
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьШаблоны
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьШаблоны
2009-03-10 15:35 . 2006-11-04 05:12 d
c:documents and settingsГостьРабочий стол
2009-03-10 15:35 . 2006-11-04 05:12 d
c:documents and settingsГостьРабочий стол
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьМои документы
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьМои документы
2009-03-10 15:35 . 2006-11-04 05:12 dr
c:documents and settingsГостьГлавное меню
2009-03-10 15:35 . 2006-11-04 05:12 dr
c:documents and settingsГостьГлавное меню
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьИзбранное
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьИзбранное
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГость
2009-03-10 13:35 . 2009-03-10 13:35 d
c:program filesPlugins
2009-03-10 13:35 . 2009-03-10 13:35 d
c:program filesLang
2009-03-10 12:33 . 2009-03-10 12:33 d
c:documents and settings1Application DataLavasoft
2009-03-09 10:41 . 2009-03-09 10:41 d—hs—- C:FOUND.000.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 06:58 2,330,368 —-a-w c:windowssystem32TUKernel.exe
2009-03-13 09:51 50,664 —-a-w c:documents and settings1Application DataGDIPFONTCACHEV1.DAT
2009-02-26 13:39 59,695 —-a-w c:windowsvorbis.dll
2009-02-26 13:39 59,695 —-a-w c:windowssystem32vorbis.dll
2009-02-25 18:27
d
w c:documents and settings1Application DataMedia Player Classic
2009-02-18 05:27 102,400 —-a-w c:program files_start.exe
2009-02-11 08:15
d
w c:program filesAdsen FavIcon
2009-02-09 13:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-09 13:07 1,846,912
w c:windowssystem32dllcachewin32k.sys
2009-02-06 16:55
d
w c:program filestrend micro
2009-02-06 13:13 73,728 —-a-w c:windowssystem32DRWEBSP.DLL
2009-02-06 13:13
d
w c:program filesDrWeb
2009-02-04 19:12
d
w c:program filesICQ6Toolbar
2009-02-04 19:12
d
w c:documents and settingsAll UsersApplication DataICQ
2009-02-04 19:00
d
w c:program filesICQ6.5
2009-02-04 15:21
d
w c:program filesAskSBar
2009-02-04 15:20
d
w c:program filesGizmo5
2009-02-04 15:20
d
w c:documents and settings1Application DataGizmo5
2009-02-03 19:57
d
w c:program filesCommon FilesDrWeb
2009-02-03 18:51 12,438,352 —-a-w c:program filesдоктор.exe
2009-02-03 18:50 352,326
w c:program files_start.dat
2009-02-03 18:50 30,595
w c:program filesd9eee5be
2009-02-03 15:50 14,790
w c:program files7a761abd
2009-02-03 08:34 22,528 —-a-w c:windowssystem32driversnhcDriver.sys
2009-02-03 05:50 3,198
w c:program files802816a7
2009-02-01 21:50 0
w c:program files094918de
2009-01-30 17:15 10,201 —-a-w c:program filespt-cureit.dwl
2009-01-29 06:27
d
w c:program filesQIP
2009-01-28 16:20 0
w c:program files5fe5aaff
2009-01-28 14:12 10,821 —-a-w c:program filesuzl-cureit.dwl
2009-01-26 11:50 10,233 —-a-w c:program filesde-cureit.dwl
2009-01-25 20:50 0
w c:program files202b4dd5
2009-01-22 16:44 720,896 —-a-w c:windowsiun6002.exe
2009-01-20 13:29 12,595 —-a-w c:program filesel-cureit.dwl
2009-01-19 13:52 9,379 —-a-w c:program fileset-cureit.dwl
2009-01-18 21:30 0
w c:program files2b163ce8
2009-01-11 20:40 0
w c:program files336a52e7
2009-01-05 07:06 603,904 —-a-w c:windowssystem32TUProgSt.exe
2009-01-05 07:06 360,192 —-a-w c:windowssystem32TuneUpDefragService.exe
2009-01-04 20:40 0
w c:program filesd390ef7e
2008-12-30 12:30 0
w c:program files9f51aaf6
2008-12-26 16:11 10,407 —-a-w c:program filesbe-cureit.dwl
2008-12-22 12:39 8,061 —-a-w c:program filescn-cureit.dwl
2008-12-22 12:39 10,582 —-a-w c:program filesbg-cureit.dwl
2008-12-22 12:39 10,511 —-a-w c:program filesuk-cureit.dwl
2008-12-21 22:00 15,024
w c:program filesacc59a75
2008-12-21 22:00 0
w c:program filesa87bfc5e
2008-12-20 19:29 9,973 —-a-w c:program fileslt-cureit.dwl
2008-12-20 19:28 10,522 —-a-w c:program filesja-cureit.dwl
2008-12-20 19:28 10,010 —-a-w c:program fileslv-cureit.dwl
2008-12-18 23:43 79,934
w c:program files8a8fa703
2008-12-18 23:43 372,338
w c:program filesb006adaf
2008-12-18 23:43 0
w c:program filesc3ce2599
2008-12-18 23:43 0
w c:program files8a9bac06
2008-12-18 23:43 0
w c:program files5a131f14
2008-12-18 23:43 0
w c:program files1be3d6ba
2008-12-18 19:55 3,694,080 —-a-w c:program filessetup.dll
2008-12-18 10:48 10,496 —-a-w c:program filespl-cureit.dwl
2008-12-18 10:48 10,425 —-a-w c:program fileshu-cureit.dwl
2008-12-17 18:54 10,014 —-a-w c:program filessk-cureit.dwl
2008-12-17 18:03 10,781 —-a-w c:program filesfr-cureit.dwl
2008-12-17 16:50 9,974 —-a-w c:program fileseo-cureit.dwl
2008-12-17 16:50 9,813 —-a-w c:program filescs-cureit.dwl
2008-12-17 16:50 9,766 —-a-w c:program filesko-cureit.dwl
2008-12-17 16:50 9,690 —-a-w c:program fileses-cureit.dwl
2008-12-17 16:50 9,657 —-a-w c:program filesit-cureit.dwl
2008-12-17 16:50 9,620 —-a-w c:program filesnl-cureit.dwl
2008-12-17 16:50 9,462 —-a-w c:program filestr-cureit.dwl
2008-12-17 16:50 8,544 —-a-w c:program filesno-cureit.dwl
2008-12-17 16:50 8,403 —-a-w c:program fileszh-cureit.dwl
2008-12-17 16:50 10,526 —-a-w c:program filesru-cureit.dwl
2008-12-08 14:22 1,252 —-a-w c:program filessetup.key
2008-10-07 14:00 138,403 —-a-w c:program filesen-drwebgui.chm
2008-10-01 12:14 1,209 —-a-w c:program filessetup_xp.ini
2008-10-01 12:14 1,176 —-a-w c:program filessetup_me.ini
2008-09-26 06:06 155,051 —-a-w c:program filesru-drwebgui.chm
2008-09-21 13:06 2,900 —-a-w c:program filesALLTEL Internet Accelerator Client setup.log
2008-03-11 16:34 2,367,576 —-a-w c:program filesFLV PlayerFCSetup.exe
2008-03-11 16:32 4,343,384 —-a-w c:program filesFLV PlayerRCATSetup.exe
2008-03-11 16:31 480,880 —-a-w c:program filesFLV PlayerRCSetup.exe
2008-03-10 10:42 774,144 —-a-w c:program filesRngInterstitial.dll
2008-01-22 18:41 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
2006-06-16 05:20 2,081 —-a-w c:program filesReadme.txt
2006-06-14 10:16 73,184 —-a-w c:program filessites.txt
2005-07-27 14:09 83 —-a-w c:program filesDuhaLab.url
2004-11-18 06:55 9,996 —-a-w c:program filesalert.wav
2004-08-19 00:33 25,664 —-a-w c:program filesdwebio16.dll
2004-08-19 00:33 24,576 —-a-w c:program filesdwebio32.dll
2004-08-18 13:00 2 —sh—w c:program filesdesktop.ini
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-03-11 19:53 1470488 —a
c:program filesFreecordertbFre1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{1392B8D2-5C05-419F-A8F6-B9F15A596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaStartMenu»=»c:program filesVista Start MenuVistaStartMenu.exe» [2009-03-22 1588736]
«TaskSwitchXP»=»c:program filesTaskSwitchXPTaskSwitchXP.exe» [2006-08-05 144896]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 52axcmd.exe» [2008-11-23 203208]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«CursorXP»=»c:program filesCursorXPCursorXP.exe» [2005-01-19 201728]
«PC Tools GUI Application»=»c:program filesSpyware Doctorswdoctor.exe» [2007-08-14 2511176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2005-08-18 807001]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2005-09-23 7286784]
«HControl»=»c:windowsATK0100HControl.exe» [2005-08-29 184320]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-03-10 255528]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-03-11 218520]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-11-03 849408]
«nwiz»=»nwiz.exe» [2005-09-23 c:windowssystem32NWIZ.EXE]
«SoundMan»=»SOUNDMAN.EXE» [2008-04-28 c:windowsSoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settings1ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bible Verse.lnk — c:program filesBible Verseverse.exe [2002-01-29 535040]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng1.exe [2004-12-21 45056]
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 651325][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2007-03-05 17:36 140976 c:progra~1StardockOBJECT~1WINDOW~1WbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=wbsys.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.I420″= vdrcodec.dll
«VIDC.MJPG»= Pvmjpg21.dll
«vidc.XVID»= xvid.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.HFYU»= huffyuv.dll
«VIDC.VP31″= vp31vfw.dll
«VIDC.PIM1″= pclepim1.dll
«msacm.fraunhoferacm»= l3codecp.acm
«msacm.ac3filter»= ac3filter.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Live Update]
—a
2005-11-02 19:33 258048 c:program filesAsusASUS Live UpdateALU.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«Gizmo5″=»c:program filesGizmo5Gizmo5.exe»
«ICQ»=»c:program filesICQ6.5ICQ.exe» silent
«Skype»=»c:program filesSkypePhoneSkype.exe» /nosplash /minimized
«Microsoft Outlook»=c:progra~1MICROS~2Office10OUTLOOK.EXE Outlook:Inbox /recycle
«PC Tools Auxiliary Service»=c:program filesSpyware Doctorsvcntaux.exe
«sdloader»=c:program filesSpyware Doctorsdloader.exe
«Spyware Doctor Service»=c:program filesSpyware Doctorswdsvc.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«NeroFilterCheck»=c:windowssystem32NeroCheck.exe
«AIMP Classic»=c:progra~1AIMPCL~1cAIMP.exe
«Control Center»=c:program filesASUSWLAN Card UtilitiesCenter.exe
«HControl»=c:windowsATK0100HControl.exe
«NvCplDaemon»=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
«nwiz»=nwiz.exe /install
«PCSuiteTrayApplication»=c:program filesNokiaNokia PC Suite 6LaunchApplication.exe -startup
«PinnacleDriverCheck»=c:windowssystem32PSDrvCheck.exe -CheckReg
«RemoteControl»=»c:program filesASUSTekASUSDVDPDVDServ.exe»
«SoundMan»=SOUNDMAN.EXE
«Wireless Console 2″=c:program filesWireless Console 2wcourier.exe
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe»
«QuickTime Task»=»c:program filesQuickTime AlternativeQTTask.exe» -atboottime[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe»=
«c:\Program Files\Xenus 2 — White Gold\Xenus.exe»=
«c:\Program Files\Gizmo5\mDNSResponder.exe»=
«c:\Program Files\Gizmo5\Gizmo5.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\PROGRA~1\ICQ6.5\ICQ.exe»=
«c:\Program Files\TaskSwitchXP\TaskSwitchXP.exe»=
«c:\Program Files\CursorXP\CursorXP.exe»=
«c:\Program Files\Spyware Doctor\SDTrayApp.exe»=
«c:\Program Files\Bible Verse\verse.exe»=
«c:\WINDOWS\system32\nwiz.exe»=
«c:\Program Files\DAEMON Tools Lite\daemon.exe»=
«c:\Program Files\AIMP Classic\cAIMP.exe»=
«c:\Program Files\Ad Muncher\AdMunch.exe»=
«c:\Program Files\Мастер Коллажей\Collage.exe»=
«c:\Program Files\Synaptics\SynTP\SynTPEnh.exe»=
«c:\Program Files\Real\RealPlayer\RealPlay.exe»=
«c:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe»=
«c:\WINDOWS\ATK0100\HControl.exe»=
«c:\Program Files\PC Connectivity Solution\ServiceLayer.exe»=
«c:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe»=
«c:\Program Files\TuneUp Utilities 2009\Integrator.exe»=
«c:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe»=
«c:\Program Files\Common Files\Real\Update_OB\realsched.exe»=
«c:\Program Files\TuneUp Utilities 2009\ProcessManager.exe»=
«c:\Program Files\Microsoft Office\Office10\WINWORD.EXE»=
«c:\Documents and Settings\1\Рабочий стол\игрушки\RA.5.Spots.II.v1.0\5spots2.exe»=
«c:\Program Files\PC Connectivity Solution\NclBTHandler.exe»=
«c:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe»=
«c:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe»=
«c:\WINDOWS\System32\irftp.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\Program Files\WIDCOMM\Программное обеспечение Bluetooth\BTTray.exe»=
«c:\WINDOWS\System32\dpvsetup.exe»=
«c:\Program Files\PC Connectivity Solution\NclInstaller.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\ComboFix\NirCmd.cfexe»=
«c:\Program Files\Java\jre6\bin\jusched.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009R1 VD_FileDisk;VD_FileDisk;c:windowssystem32driversvd_filedisk.sys [2009-01-25 15872]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [2009-02-04 222456]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [2009-01-05 603904]
R3 abp470n5;abp470n5;??c:windowssystem32driversgloenm.sys —> c:windowssystem32driversgloenm.sys [?]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:windowssystem32ASNDIS5.sys [2006-11-04 16269]
R3 HSFHWSIS;HSFHWSIS;c:windowssystem32driversHSFHWSIS.sys [2005-06-22 216320]
R3 SynMini;USB2.0 1.3M Web Cam;c:windowssystem32driversSynMini.sys [2006-11-04 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:windowssystem32driversSynScan.sys [2006-11-04 8278]
S3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance;c:magixCommonDatabasebinfbserver.exe [2007-03-16 1605724]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware Doctorsvcntaux.exe [2008-11-08 729416]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-03-29 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 21:36]2009-03-29 c:windowsTasksБыстрое решение проблем.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 21:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = http=localhost:9090 ftp=localhost:9093
uInternet Settings,ProxyOverride = localhost; 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {40886BB9-E1CA-450B-8928-4BDE360C3B1D} = 10.65.30.1
TCP: {FD9A598A-AB3A-46EE-BC38-0C0B2EEF183A} = 10.65.30.1
FF — ProfilePath —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:08:12
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1624)
c:progra~1STARDOCKOBJECT~1WINDOW~1wbsrv.dll
.
Other Running Processes
.
c:program filesLAVASOFTAD-AWAREAAWSERVICE.EXE
c:windowsSYSTEM32ASWLSVC.EXE
c:program filesWIDCOMMc:program filesICQ6TOOLBARICQ SERVICE.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:program filesCOMMON FILESLIGHTSCRIBELSSRVC.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:windowsSYSTEM32PNKBSTRA.EXE
c:program filesPHOTODEXPROSHOWPRODUCERSCSIACCESS.EXE
c:program filesALCOHOL SOFTALCOHOL 52STARWINDSTARWINDSERVICEAE.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:windowsSYSTEM32ASWL2K.EXE
c:windowssystem32wbemwmiapsrv.exe
c:program filesWIDCOMMc:program filesBIBLE VERSEVERSE.EXE
c:program filesWIDCOMMc:windowssystem32wuauclt.exe
c:windowsATK0100ATKOSD.EXE
.
**************************************************************************
.
Completion time: 2009-03-29 22:12:09 — machine was rebooted [1]
ComboFix-quarantined-files.txt 2009-03-29 19:12:06
ComboFix5.txt 2009-03-25 16:03:08
ComboFix4.txt 2009-03-15 17:08:34
ComboFix3.txt 2009-03-17 17:37:10
ComboFix2.txt 2009-03-22 21:56:00Pre-Run: 7,244,087,296 байт свободно
Post-Run: 7,239,630,848 байт свободноCurrent=8 Default=8 Failed=6 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
396 — E O F — 2009-03-22 10:06:24Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
abp470n5
File::
c:windowssystem32driversgloenm.sysЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.И ещё к вашему ответу приложите свежий GMER лог.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 09-03-27.02 — 1 2009-03-31 23:36:51.18 — FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.1023.677 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.H:autorun.inf
H:bwfwoy.pif
I:autorun.inf
.
—- Previous Run
.
H:bwfwoy.pif.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ABP470N5
Service_abp470n5
Legacy_ABP470N5
Service_abp470n5((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.2009-03-30 15:16 . 2008-11-20 22:19 9,200
c:windowssystem32driverscdralw2k.sys
2009-03-30 15:16 . 2008-11-20 22:19 9,072
c:windowssystem32driverscdr4_xp.sys
2009-03-30 15:15 . 2009-03-30 15:15 d
c:windowssystem32IOSUBSYS
2009-03-27 00:13 . 2009-03-27 00:13 d
C:2009_03_27
2009-03-26 23:51 . 2009-03-26 23:51 d
C:2009_03_26
2009-03-26 20:47 . 2009-03-26 20:47 26 —a
c:windowssystem32cvmpeg32.cfg
2009-03-20 21:50 . 2009-03-20 21:50 3,358,720 —a
c:windowssystem32GPhotos.scr
2009-03-20 15:51 . 2009-03-20 15:51 d—hs—- C:FOUND.004
2009-03-13 18:09 . 2009-03-13 18:09 d—hs—- C:FOUND.003
2009-03-13 17:56 . 2006-11-01 13:06 232,248
c:documents and settings1RegDelNull.exe
2009-03-13 17:28 . 2009-03-13 17:28 d—hs—- C:FOUND.002
2009-03-12 21:10 . 2006-11-01 13:06 232,248
C:RegDelNull.exe
2009-03-12 19:02 . 2009-03-12 19:02 d
c:documents and settingsГостьApplication DataHelp
2009-03-12 18:08 . 2009-03-12 18:08 d
c:documents and settingsГостьApplication DataAdobe
2009-03-12 17:47 . 2009-03-12 17:47 d
c:documents and settings++TT-LOCALS~1
2009-03-12 17:47 . 2009-03-12 17:47 d
c:documents and settings++TT-
2009-03-12 07:36 . 2009-03-12 07:36 d—hs—- C:FOUND.001
2009-03-11 20:46 . 2009-03-11 20:46 410,984 —a
c:windowssystem32deploytk.dll
2009-03-10 16:35 . 2009-03-12 20:54 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-10 16:35 . 2009-03-12 20:54 1,048,576 —ah
c:documents and settingsГостьNTUSER.DAT
2009-03-10 15:44 . 2009-03-10 15:44 d
c:documents and settingsГостьApplication DataAIMP
2009-03-10 15:35 . 2006-11-04 05:25 d
c:documents and settingsГостьWINDOWS
2009-03-10 15:35 . 2006-11-04 05:25 d
c:documents and settingsГостьWINDOWS
2009-03-10 15:35 . 2006-11-04 05:17 dr-h
c:documents and settingsГостьSendTo
2009-03-10 15:35 . 2006-11-04 05:17 dr-h
c:documents and settingsГостьSendTo
2009-03-10 15:35 . 2009-03-10 15:35 dr-h
c:documents and settingsГостьRecent
2009-03-10 15:35 . 2009-03-10 15:35 dr-h
c:documents and settingsГостьRecent
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьPrintHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьPrintHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьNetHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьNetHood
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьLocal Settings
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьLocal Settings
2009-03-10 15:35 . 2006-11-04 05:12 d—s—- c:documents and settingsГостьCookies
2009-03-10 15:35 . 2006-11-04 05:12 d—s—- c:documents and settingsГостьCookies
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГостьApplication DataReal
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГостьApplication DataPC Suite
2009-03-10 15:35 . 2006-11-04 05:11 d—s—- c:documents and settingsГостьApplication DataMicrosoft
2009-03-10 15:35 . 2006-11-04 05:41 d
c:documents and settingsГостьApplication DataMacromedia
2009-03-10 15:35 . 2006-11-04 05:18 d
c:documents and settingsГостьApplication DataIdentities
2009-03-10 15:35 . 2006-11-04 05:12 dr-h
c:documents and settingsГостьApplication Data
2009-03-10 15:35 . 2006-11-04 05:12 dr-h
c:documents and settingsГостьApplication Data
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьШаблоны
2009-03-10 15:35 . 2006-11-04 05:12 d—h
c:documents and settingsГостьШаблоны
2009-03-10 15:35 . 2006-11-04 05:12 d
c:documents and settingsГостьРабочий стол
2009-03-10 15:35 . 2006-11-04 05:12 d
c:documents and settingsГостьРабочий стол
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьМои документы
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьМои документы
2009-03-10 15:35 . 2006-11-04 05:12 dr
c:documents and settingsГостьГлавное меню
2009-03-10 15:35 . 2006-11-04 05:12 dr
c:documents and settingsГостьГлавное меню
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьИзбранное
2009-03-10 15:35 . 2009-03-10 15:35 dr
c:documents and settingsГостьИзбранное
2009-03-10 15:35 . 2009-03-10 15:35 d
c:documents and settingsГость
2009-03-10 13:35 . 2009-03-10 13:35 d
c:program filesPlugins
2009-03-10 13:35 . 2009-03-10 13:35 d
c:program filesLang
2009-03-10 12:33 . 2009-03-10 12:33 d
c:documents and settings1Application DataLavasoft
2009-03-09 10:41 . 2009-03-09 10:41 d—hs—- C:FOUND.000
2009-02-26 18:08 . 2009-03-24 09:58 2,330,368 —a
c:windowssystem32TUKernel.exe
2009-02-26 16:43 . 2009-02-26 16:39 59,695 —a
c:windowssystem32vorbis.dll
2009-02-26 16:41 . 2009-02-26 16:39 59,695 —a
c:windowsvorbis.dll
2009-02-25 21:26 . 2009-02-25 21:27 d
c:documents and settings1Application DataMedia Player Classic
2009-02-24 00:15 . 2009-02-24 00:15 2,672 —a
c:windowssystem32settings.aaw
2009-02-24 00:15 . 2009-02-24 00:15 976 —a
c:windowssystem32history.aaw
2009-02-20 18:29 . 2007-06-16 20:39 249,994 —a
c:windowsSSCVIHOST.exe
2009-02-20 18:02 . 2001-08-17 21:56 7,552 —a
c:windowssystem32driversSONYPVU1.SYS
2009-02-20 18:02 . 2001-08-17 21:56 7,552 —a
c:windowssystem32dllcachesonypvu1.sys
2009-02-18 23:48 . 2009-02-18 23:48 d
C:2009_02_18
2009-02-18 21:49 . 2006-11-02 17:03 34,885 —a
c:windowssystem32gpedit.msc
2009-02-11 11:15 . 2009-02-11 11:15 d
c:program filesAdsen FavIcon
2009-02-09 21:07 . 2009-02-09 21:07 d
C:_OTMoveIt
2009-02-06 19:55 . 2009-02-06 19:55 d
C:rsit
2009-02-06 19:55 . 2009-02-06 19:55 d
c:program filestrend micro
2009-02-06 16:13 . 2009-02-06 16:13 d
c:program filesDrWeb
2009-02-06 16:13 . 2009-02-06 16:13 73,728 —a
c:windowssystem32DRWEBSP.DLL
2009-02-04 22:12 . 2009-02-04 22:12 d
c:program filesICQ6Toolbar
2009-02-04 22:12 . 2009-02-04 22:12 d
c:documents and settingsAll UsersApplication DataICQ
2009-02-04 22:00 . 2009-02-04 22:00 d
c:program filesICQ6.5
2009-02-04 18:21 . 2009-02-04 18:21 d
c:program filesAskSBar
2009-02-04 18:20 . 2009-02-04 18:20 d
c:program filesGizmo5
2009-02-04 18:20 . 2009-02-04 18:20 d
c:documents and settings1Application DataGizmo5
2009-02-03 22:57 . 2009-02-03 22:57 d
c:program filesCommon FilesDrWeb
2009-02-03 22:45 . 2008-12-18 22:55 3,694,080 —a
c:program filessetup.dll
2009-02-03 22:45 . 2009-02-03 21:50 352,326
c:program files_start.dat
2009-02-03 22:45 . 2009-02-18 08:27 102,400 —a
c:program files_start.exe
2009-02-03 22:45 . 2004-08-19 03:33 25,664 —a
c:program filesdwebio16.dll
2009-02-03 22:45 . 2004-08-19 03:33 24,576 —a
c:program filesdwebio32.dll
2009-02-03 20:18 . 2009-02-03 21:51 12,438,352 —a
c:program filesдоктор.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 09:51 50,664 —-a-w c:documents and settings1Application DataGDIPFONTCACHEV1.DAT
2009-02-09 13:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-09 13:07 1,846,912
w c:windowssystem32dllcachewin32k.sys
2009-02-03 18:50 30,595
w c:program filesd9eee5be
2009-02-03 15:50 14,790
w c:program files7a761abd
2009-02-03 08:34 22,528 —-a-w c:windowssystem32driversnhcDriver.sys
2009-02-03 05:50 3,198
w c:program files802816a7
2009-02-01 21:50 0
w c:program files094918de
2009-01-30 17:15 10,201 —-a-w c:program filespt-cureit.dwl
2009-01-29 06:27
d
w c:program filesQIP
2009-01-28 16:20 0
w c:program files5fe5aaff
2009-01-28 14:12 10,821 —-a-w c:program filesuzl-cureit.dwl
2009-01-26 11:50 10,233 —-a-w c:program filesde-cureit.dwl
2009-01-25 20:50 0
w c:program files202b4dd5
2009-01-22 16:44 720,896 —-a-w c:windowsiun6002.exe
2009-01-20 13:29 12,595 —-a-w c:program filesel-cureit.dwl
2009-01-19 13:52 9,379 —-a-w c:program fileset-cureit.dwl
2009-01-18 21:30 0
w c:program files2b163ce8
2009-01-11 20:40 0
w c:program files336a52e7
2009-01-05 07:06 603,904 —-a-w c:windowssystem32TUProgSt.exe
2009-01-05 07:06 360,192 —-a-w c:windowssystem32TuneUpDefragService.exe
2009-01-04 20:40 0
w c:program filesd390ef7e
2008-12-30 12:30 0
w c:program files9f51aaf6
2008-12-26 16:11 10,407 —-a-w c:program filesbe-cureit.dwl
2008-12-22 12:39 8,061 —-a-w c:program filescn-cureit.dwl
2008-12-22 12:39 10,582 —-a-w c:program filesbg-cureit.dwl
2008-12-22 12:39 10,511 —-a-w c:program filesuk-cureit.dwl
2008-12-21 22:00 15,024
w c:program filesacc59a75
2008-12-21 22:00 0
w c:program filesa87bfc5e
2008-12-20 19:29 9,973 —-a-w c:program fileslt-cureit.dwl
2008-12-20 19:28 10,522 —-a-w c:program filesja-cureit.dwl
2008-12-20 19:28 10,010 —-a-w c:program fileslv-cureit.dwl
2008-12-18 23:43 79,934
w c:program files8a8fa703
2008-12-18 23:43 372,338
w c:program filesb006adaf
2008-12-18 23:43 0
w c:program filesc3ce2599
2008-12-18 23:43 0
w c:program files8a9bac06
2008-12-18 23:43 0
w c:program files5a131f14
2008-12-18 23:43 0
w c:program files1be3d6ba
2008-12-18 10:48 10,496 —-a-w c:program filespl-cureit.dwl
2008-12-18 10:48 10,425 —-a-w c:program fileshu-cureit.dwl
2008-12-17 18:54 10,014 —-a-w c:program filessk-cureit.dwl
2008-12-17 18:03 10,781 —-a-w c:program filesfr-cureit.dwl
2008-12-17 16:50 9,974 —-a-w c:program fileseo-cureit.dwl
2008-12-17 16:50 9,813 —-a-w c:program filescs-cureit.dwl
2008-12-17 16:50 9,766 —-a-w c:program filesko-cureit.dwl
2008-12-17 16:50 9,690 —-a-w c:program fileses-cureit.dwl
2008-12-17 16:50 9,657 —-a-w c:program filesit-cureit.dwl
2008-12-17 16:50 9,620 —-a-w c:program filesnl-cureit.dwl
2008-12-17 16:50 9,462 —-a-w c:program filestr-cureit.dwl
2008-12-17 16:50 8,544 —-a-w c:program filesno-cureit.dwl
2008-12-17 16:50 8,403 —-a-w c:program fileszh-cureit.dwl
2008-12-17 16:50 10,526 —-a-w c:program filesru-cureit.dwl
2008-12-15 17:25 176,128 —-a-w c:windowsEarthView.scr
2008-12-12 16:03 3,088,896
w c:windowssystem32dllcachemshtml.dll
2008-12-11 10:31 27,904 —-a-w c:windowssystem32uxtuneup.dll
2008-12-11 09:57 333,952
w c:windowssystem32dllcachesrv.sys
2008-12-08 14:22 1,252 —-a-w c:program filessetup.key
2008-12-05 05:57 144,896 —-a-w c:windowssystem32schannel.dll
2008-12-05 05:57 144,896
w c:windowssystem32dllcacheschannel.dll
2008-10-07 14:00 138,403 —-a-w c:program filesen-drwebgui.chm
2008-10-01 12:14 1,209 —-a-w c:program filessetup_xp.ini
2008-10-01 12:14 1,176 —-a-w c:program filessetup_me.ini
2008-09-26 06:06 155,051 —-a-w c:program filesru-drwebgui.chm
2008-09-21 13:06 2,900 —-a-w c:program filesALLTEL Internet Accelerator Client setup.log
2008-03-11 16:34 2,367,576 —-a-w c:program filesFLV PlayerFCSetup.exe
2008-03-11 16:32 4,343,384 —-a-w c:program filesFLV PlayerRCATSetup.exe
2008-03-11 16:31 480,880 —-a-w c:program filesFLV PlayerRCSetup.exe
2008-03-10 10:42 774,144 —-a-w c:program filesRngInterstitial.dll
2008-01-22 18:41 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
2006-06-16 05:20 2,081 —-a-w c:program filesReadme.txt
2006-06-14 10:16 73,184 —-a-w c:program filessites.txt
2005-07-27 14:09 83 —-a-w c:program filesDuhaLab.url
2004-11-18 06:55 9,996 —-a-w c:program filesalert.wav
2004-08-18 13:00 2 —sh—w c:program filesdesktop.ini
.((((((((((((((((((((((((((((( SnapShot@2009-03-29_22.10.15.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-20 19:19:06 43,872 —-a-w c:windowssystem32driverspxhelp20.sys
+ 2008-11-20 19:19:06 588,272
w c:windowssystem32px.dll
+ 2008-11-20 19:19:06 543,216
w c:windowssystem32pxdrv.dll
+ 2008-11-20 19:19:06 72,176
w c:windowssystem32pxhpinst.exe
+ 2008-11-20 19:19:06 186,864
w c:windowssystem32pxmas.dll
+ 2008-11-20 19:19:06 379,376
w c:windowssystem32pxwave.dll
+ 2008-11-20 19:19:06 88,560
w c:windowssystem32vxblock.dll
+ 2009-03-31 20:42:44 16,384 —-a-w c:windowstempPerflib_Perfdata_1d0.dat
+ 2009-03-31 20:42:58 16,384 —-a-w c:windowstempPerflib_Perfdata_3dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-03-11 19:53 1470488 —a
c:program filesFreecordertbFre1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{1392b8d2-5c05-419f-a8f6-b9f15a596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{1392B8D2-5C05-419F-A8F6-B9F15A596612}»= «c:program filesFreecordertbFre1.dll» [2008-03-11 1470488][HKEY_CLASSES_ROOTclsid{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaStartMenu»=»c:program filesVista Start MenuVistaStartMenu.exe» [2009-03-22 1588736]
«TaskSwitchXP»=»c:program filesTaskSwitchXPTaskSwitchXP.exe» [2006-08-05 144896]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 52axcmd.exe» [2008-11-23 203208]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560]
«CursorXP»=»c:program filesCursorXPCursorXP.exe» [2005-01-19 201728]
«PC Tools GUI Application»=»c:program filesSpyware Doctorswdoctor.exe» [2007-08-14 2511176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2005-08-18 807001]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2005-09-23 7286784]
«HControl»=»c:windowsATK0100HControl.exe» [2005-08-29 184320]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-03-10 255528]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-03-11 218520]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2007-11-03 849408]
«nwiz»=»nwiz.exe» [2005-09-23 c:windowssystem32NWIZ.EXE]
«SoundMan»=»SOUNDMAN.EXE» [2008-04-28 c:windowsSoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settings1ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bible Verse.lnk — c:program filesBible Verseverse.exe [2002-01-29 535040]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng1.exe [2004-12-21 45056]
BTTray.lnk — c:program filesWIDCOMMЏа®Ја ¬¬®Ґ ®ЎҐбЇҐзҐЁҐ BluetoothBTTray.exe [2006-05-12 651325][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2007-03-05 17:36 140976 c:progra~1StardockOBJECT~1WINDOW~1WbSrv.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=wbsys.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.I420″= vdrcodec.dll
«VIDC.MJPG»= Pvmjpg21.dll
«vidc.XVID»= xvid.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.HFYU»= huffyuv.dll
«VIDC.VP31″= vp31vfw.dll
«VIDC.PIM1″= pclepim1.dll
«msacm.fraunhoferacm»= l3codecp.acm
«msacm.ac3filter»= ac3filter.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Live Update]
—a
2005-11-02 19:33 258048 c:program filesAsusASUS Live UpdateALU.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«Gizmo5″=»c:program filesGizmo5Gizmo5.exe»
«ICQ»=»c:program filesICQ6.5ICQ.exe» silent
«Skype»=»c:program filesSkypePhoneSkype.exe» /nosplash /minimized
«Microsoft Outlook»=c:progra~1MICROS~2Office10OUTLOOK.EXE Outlook:Inbox /recycle
«PC Tools Auxiliary Service»=c:program filesSpyware Doctorsvcntaux.exe
«sdloader»=c:program filesSpyware Doctorsdloader.exe
«Spyware Doctor Service»=c:program filesSpyware Doctorswdsvc.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«NeroFilterCheck»=c:windowssystem32NeroCheck.exe
«AIMP Classic»=c:progra~1AIMPCL~1cAIMP.exe
«Control Center»=c:program filesASUSWLAN Card UtilitiesCenter.exe
«HControl»=c:windowsATK0100HControl.exe
«NvCplDaemon»=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
«nwiz»=nwiz.exe /install
«PCSuiteTrayApplication»=c:program filesNokiaNokia PC Suite 6LaunchApplication.exe -startup
«PinnacleDriverCheck»=c:windowssystem32PSDrvCheck.exe -CheckReg
«RemoteControl»=»c:program filesASUSTekASUSDVDPDVDServ.exe»
«SoundMan»=SOUNDMAN.EXE
«Wireless Console 2″=c:program filesWireless Console 2wcourier.exe
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe»
«QuickTime Task»=»c:program filesQuickTime AlternativeQTTask.exe» -atboottime[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NettGain1200_C.exe»=
«c:\Program Files\Xenus 2 — White Gold\Xenus.exe»=
«c:\Program Files\Gizmo5\mDNSResponder.exe»=
«c:\Program Files\Gizmo5\Gizmo5.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Documents and Settings\1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\PROGRA~1\ICQ6.5\ICQ.exe»=
«c:\Program Files\TaskSwitchXP\TaskSwitchXP.exe»=
«c:\Program Files\CursorXP\CursorXP.exe»=
«c:\Program Files\Spyware Doctor\SDTrayApp.exe»=
«c:\Program Files\Bible Verse\verse.exe»=
«c:\WINDOWS\system32\nwiz.exe»=
«c:\Program Files\DAEMON Tools Lite\daemon.exe»=
«c:\Program Files\AIMP Classic\cAIMP.exe»=
«c:\Program Files\Ad Muncher\AdMunch.exe»=
«c:\Program Files\Мастер Коллажей\Collage.exe»=
«c:\Program Files\Synaptics\SynTP\SynTPEnh.exe»=
«c:\Program Files\Real\RealPlayer\RealPlay.exe»=
«c:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe»=
«c:\WINDOWS\ATK0100\HControl.exe»=
«c:\Program Files\PC Connectivity Solution\ServiceLayer.exe»=
«c:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe»=
«c:\Program Files\TuneUp Utilities 2009\Integrator.exe»=
«c:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe»=
«c:\Program Files\Common Files\Real\Update_OB\realsched.exe»=
«c:\Program Files\TuneUp Utilities 2009\ProcessManager.exe»=
«c:\Program Files\Microsoft Office\Office10\WINWORD.EXE»=
«c:\Documents and Settings\1\Рабочий стол\игрушки\RA.5.Spots.II.v1.0\5spots2.exe»=
«c:\Program Files\PC Connectivity Solution\NclBTHandler.exe»=
«c:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe»=
«c:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe»=
«c:\WINDOWS\System32\irftp.exe»=
«c:\WINDOWS\system32\wuauclt.exe»=
«c:\Program Files\WIDCOMM\Программное обеспечение Bluetooth\BTTray.exe»=
«c:\WINDOWS\System32\dpvsetup.exe»=
«c:\Program Files\PC Connectivity Solution\NclInstaller.exe»=
«c:\ComboFix\NirCmd.cfexe»=
«c:\Program Files\Java\jre6\bin\jusched.exe»=
«c:\WINDOWS\system32\drwtsn32.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009R1 VD_FileDisk;VD_FileDisk;c:windowssystem32driversvd_filedisk.sys [2009-01-25 15872]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [2009-02-04 222456]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [2009-01-05 603904]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:windowssystem32ASNDIS5.sys [2006-11-04 16269]
R3 HSFHWSIS;HSFHWSIS;c:windowssystem32driversHSFHWSIS.sys [2005-06-22 216320]
R3 SynMini;USB2.0 1.3M Web Cam;c:windowssystem32driversSynMini.sys [2006-11-04 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:windowssystem32driversSynScan.sys [2006-11-04 8278]
S3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance;c:magixCommonDatabasebinfbserver.exe [2007-03-16 1605724]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware Doctorsvcntaux.exe [2008-11-08 729416]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-03-31 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 21:36]2009-03-31 c:windowsTasksБыстрое решение проблем.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-12-11 21:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = http=localhost:9090 ftp=localhost:9093
uInternet Settings,ProxyOverride = localhost; 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Отправить через &Bluetooth — c:program filesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
TCP: {40886BB9-E1CA-450B-8928-4BDE360C3B1D} = 10.65.30.1
TCP: {FD9A598A-AB3A-46EE-BC38-0C0B2EEF183A} = 10.65.30.1
FF — ProfilePath —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 23:43:02
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1624)
c:progra~1STARDOCKOBJECT~1WINDOW~1wbsrv.dll
.
Other Running Processes
.
c:program filesLAVASOFTAD-AWAREAAWSERVICE.EXE
c:windowsSYSTEM32ASWLSVC.EXE
c:program filesWIDCOMMc:program filesICQ6TOOLBARICQ SERVICE.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:program filesCOMMON FILESLIGHTSCRIBELSSRVC.EXE
c:windowsSYSTEM32NVSVC32.EXE
c:windowsSYSTEM32PNKBSTRA.EXE
c:program filesPHOTODEXPROSHOWPRODUCERSCSIACCESS.EXE
c:windowsSYSTEM32ASWL2K.EXE
c:program filesALCOHOL SOFTALCOHOL 52STARWINDSTARWINDSERVICEAE.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:program filesWIDCOMMc:program filesBIBLE VERSEVERSE.EXE
c:program filesWIDCOMMc:windowsATK0100ATKOSD.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-03-31 23:47:05 — machine was rebooted [1]
ComboFix-quarantined-files.txt 2009-03-31 20:47:02
ComboFix5.txt 2009-03-31 20:21:56
ComboFix4.txt 2009-03-17 17:37:10
ComboFix3.txt 2009-03-22 21:56:00
ComboFix2.txt 2009-03-29 19:12:16Pre-Run: 7,865,040,896 байт свободно
Post-Run: 7,835,254,784 байт свободноCurrent=8 Default=8 Failed=6 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
429 — E O F — 2009-03-22 10:06:24- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
GEMPом сканирую, он зависает и комп вырубается. Скачал свежую версию, начинает сканирование и на каком-то девайсе выключаеться.
Ясно.
В настройках справа, отключите сканирование Devices, после чего запустите сканирование снова.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Диски H, I- это флешки, на кот. авторановские файлы. Их я удалить не могу, чем только не пробовал. Поэтому их не вытаскиваю при всех проверках и лечениях.
Лог не влезает
GMER лог как и ранее созданные логи, показывают запуск драйвера трояна. Но принцип запуска не очевиден. Поэтому необходимо больше информации.
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.
- Для ответа в этой теме необходимо авторизоваться.
