The porn collection

[soulexpert]

The porn collection — с таким названием создаются папки во всей структуре. Удаление их не приводит ни к чему. Так же по системе и на ноутбук распространилось.
Так как сообщение получается слишком длинное и превышает лимит знаков, файлы прикрепляю

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[soulexpert]

Спасибо за ответ Ваш. Все сделал, как сказали. Вот содержимое лог файла:

ComboFix 09-04-23.A3 — Владимир 23.04.2009 20:10.11 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1596 [GMT 4:00]
Running from: c:documents and settingsВладимирРабочий столComboFix.exe
Command switches used :: c:documents and settingsВладимирРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.

2009-04-21 16:30 . 2009-04-21 16:30

---

d

---

w c:documents and settingsВладимирApplication DataQIP
2009-04-21 16:30 . 2009-04-21 16:30

---

d

---

w c:program filesQIP Infium
2009-04-19 08:39 . 2004-09-07 09:42 86085 —-a-w c:windowssystem32ImageDrive.cpl
2009-04-19 08:16 . 2009-04-19 08:16

---

d

---

w c:documents and settingsВладимирLocal SettingsApplication DataAhead
2009-04-16 18:44 . 2009-04-16 18:44

---

d—h—w c:windowsPIF
2009-04-15 09:01 . 2009-02-20 17:19 78336 -c—-w c:windowssystem32dllcacheieencode.dll
2009-04-15 09:00 . 2008-12-20 22:15 1289728 -c—-w c:windowssystem32dllcachequartz.dll
2009-04-15 05:31 . 2009-03-21 14:09 995840 -c—-w c:windowssystem32dllcachekernel32.dll
2009-04-15 05:31 . 2009-02-03 19:58 56832 -c—-w c:windowssystem32dllcachesecur32.dll
2009-04-15 05:31 . 2008-06-12 14:23 956928 -c—-w c:windowssystem32dllcachemsdtctm.dll
2009-04-15 05:31 . 2008-06-12 14:23 66560 -c—-w c:windowssystem32dllcachemtxclu.dll
2009-04-15 05:31 . 2008-06-12 14:23 161792 -c—-w c:windowssystem32dllcachemsdtcuiu.dll
2009-04-15 05:31 . 2008-06-12 14:23 91648 -c—-w c:windowssystem32dllcachemtxoci.dll
2009-04-15 05:31 . 2008-06-12 14:23 58880 -c—-w c:windowssystem32dllcachemsdtclog.dll
2009-04-15 05:31 . 2008-12-16 12:32 354304 -c—-w c:windowssystem32dllcachewinhttp.dll
2009-04-15 05:29 . 2009-03-06 13:51 284672 -c—-w c:windowssystem32dllcachepdh.dll
2009-04-15 05:29 . 2009-02-09 11:18 111104 -c—-w c:windowssystem32dllcacheservices.exe
2009-04-15 05:29 . 2009-02-09 10:57 731136 -c—-w c:windowssystem32dllcachelsasrv.dll
2009-04-15 05:29 . 2009-02-09 10:57 401408 -c—-w c:windowssystem32dllcacherpcss.dll
2009-04-15 05:29 . 2009-02-09 10:57 473600 -c—-w c:windowssystem32dllcachefastprox.dll
2009-04-15 05:29 . 2009-02-09 10:57 719360 -c—-w c:windowssystem32dllcachentdll.dll
2009-04-15 05:29 . 2009-02-09 10:57 453120 -c—-w c:windowssystem32dllcachewmiprvsd.dll
2009-04-15 05:29 . 2009-02-06 10:36 35328 -c—-w c:windowssystem32dllcachesc.exe
2009-04-15 05:29 . 2009-02-06 10:15 227840 -c—-w c:windowssystem32dllcachewmiprvse.exe
2009-04-15 05:21 . 2009-03-27 06:58 1203922 -c—-w c:windowssystem32dllcachesysmain.sdb
2009-04-15 05:21 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-04-05 18:09 . 2008-06-24 16:44 74240 -c—-w c:windowssystem32dllcachemscms.dll
2009-04-05 18:06 . 2008-07-07 20:29 253952 -c—-w c:windowssystem32dllcachees.dll
2009-04-05 18:04 . 2008-06-17 19:02 8478720 -c—-w c:windowssystem32dllcacheshell32.dll
2009-04-05 18:02 . 2009-02-09 14:01 1847680 -c—-w c:windowssystem32dllcachewin32k.sys
2009-04-05 18:02 . 2008-09-10 01:15 1307648 -c—-w c:windowssystem32dllcachemsxml6.dll
2009-04-05 18:01 . 2008-08-14 10:04 138496 -c—-w c:windowssystem32dllcacheafd.sys
2009-04-05 18:01 . 2008-06-20 17:48 247296 -c—-w c:windowssystem32dllcachemswsock.dll
2009-04-05 18:01 . 2008-06-20 17:48 147968 -c—-w c:windowssystem32dllcachednsapi.dll
2009-04-05 18:01 . 2008-06-20 11:51 361600 -c—-w c:windowssystem32dllcachetcpip.sys
2009-04-05 18:01 . 2008-06-20 11:08 225856 -c—-w c:windowssystem32dllcachetcpip6.sys
2009-04-05 17:57 . 2008-10-23 12:42 286720 -c—-w c:windowssystem32dllcachegdi32.dll
2009-04-05 17:57 . 2008-06-14 17:35 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-04-05 17:57 . 2008-06-14 17:35 272512

---

w c:windowssystem32driversbthport.sys
2009-04-05 17:32 . 2008-12-05 06:57 144896 -c—-w c:windowssystem32dllcacheschannel.dll
2009-04-05 17:25 . 2008-05-27 17:26 765952 -c—-w c:windowssystem32dllcachevgx.dll
2009-04-05 17:16 . 2009-02-09 11:18 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-04-05 17:16 . 2009-02-09 11:18 2067968 -c—-w c:windowssystem32dllcachentkrnlpa.exe
2009-04-05 17:16 . 2009-02-09 11:18 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-04-05 17:16 . 2009-02-10 15:18 2190976 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-04-05 17:02 . 2008-10-24 11:41 455936 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-05 17:02 . 2008-12-11 10:57 333952 -c—-w c:windowssystem32dllcachesrv.sys
2009-04-05 17:01 . 2008-04-11 19:06 691712 -c—-w c:windowssystem32dllcacheinetcomm.dll
2009-04-05 17:00 . 2009-04-15 11:53

---

d—h—w c:windows$hf_mig$
2009-04-05 17:00 . 2009-04-05 17:00

---

d

---

w c:program filesMSXML 4.0
2009-04-05 16:47 . 2008-10-03 10:04 247326 -c—-w c:windowssystem32dllcachestrmdll.dll
2009-04-05 16:47 . 2008-10-15 16:37 337408 -c—-w c:windowssystem32dllcachenetapi32.dll
2009-04-05 16:46 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-04-05 16:33 . 2008-10-16 10:06 268648 —-a-w c:windowssystem32mucltui.dll
2009-04-05 16:33 . 2008-10-16 10:06 27496 —-a-w c:windowssystem32mucltui.dll.mui
2009-04-02 17:35 . 2009-04-02 17:43

---

d

---

w c:program filesAnti Trojan Elite
2009-03-31 20:18 . 2009-03-31 20:18 207 —-a-w c:windowsUpdateClientUI.INI
2009-03-30 12:35 . 2009-04-01 17:21

---

d

---

w c:program filesFIBO Group
2009-03-30 07:59 . 2009-03-30 08:09

---

d

---

w c:program filestrend micro
2009-03-30 07:59 . 2009-03-30 08:09

---

d

---

w C:rsit
2009-03-27 10:52 . 2009-03-27 10:52

---

d

---

w c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-27 10:33 . 2009-03-27 10:33 121 —-a-w c:windowswininit.ini
2009-03-27 10:21 . 2009-03-27 10:30 506180 —-a-w c:windowsATMREG.ATM
2009-03-27 09:43 . 2009-03-27 10:30

---

d

---

w C:temp
2009-03-25 13:40 . 2009-03-25 13:40

---

d

---

w c:documents and settingsAll UsersApplication DataXemiComputers
2009-03-25 13:40 . 2009-03-25 13:40

---

d

---

w c:documents and settingsВладимирLocal SettingsApplication DataXemiComputers
2009-03-25 13:39 . 2009-03-25 13:39

---

d

---

w c:program filesXemiComputers
2009-03-25 12:54 . 1994-03-23 11:12 62400 —-a-r c:windowsvlist.dll
2009-03-25 12:54 . 2009-03-25 12:54

---

d

---

w C:RBIBLE
2009-03-25 12:54 . 1993-10-14 10:57 21648 —-a-w c:windowsctl3dv2.dll
2009-03-24 21:23 . 2009-03-24 21:23

---

d

---

w c:program filesRecover My Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:16 . 2009-03-16 19:41

---

d

---

w c:documents and settingsВладимирApplication DataSkype
2009-04-23 13:48 . 2009-03-16 19:44

---

d

---

w c:documents and settingsВладимирApplication DataskypePM
2009-04-21 19:24 . 2008-04-15 12:00 83508 —-a-w c:windowssystem32perfc019.dat
2009-04-21 19:24 . 2008-04-15 12:00 482266 —-a-w c:windowssystem32perfh019.dat
2009-04-19 08:14 . 2009-03-23 23:11

---

d

---

w c:program filesClipMate7
2009-04-15 08:03 . 2009-03-16 22:05

---

d

---

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-04-12 03:27 . 2009-03-24 04:30

---

d

---

w c:documents and settingsВладимирApplication DataThornsoft Development
2009-03-31 20:09 . 2009-03-17 11:36

---

d

---

w c:program files2gis
2009-03-30 08:45 . 2009-03-18 14:48 604640 —-a-w c:documents and settingsВладимирLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-24 14:41 . 2009-03-24 14:41

---

d

---

w c:program filesFontLab
2009-03-24 11:01 . 2009-03-24 11:01

---

d

---

w c:program filesAdobe Type Manager
2009-03-24 05:00 . 2009-03-24 05:00

---

d

---

w c:documents and settingsВладимирApplication DataMedia Player Classic
2009-03-22 17:48 . 2009-03-16 15:49

---

d—h—w c:program filesInstallShield Installation Information
2009-03-22 16:40 . 2009-03-22 16:40

---

d

---

w c:program filesICQ6Toolbar
2009-03-22 16:40 . 2009-03-22 16:40

---

d

---

w c:documents and settingsAll UsersApplication DataICQ
2009-03-22 05:27 . 2009-03-22 05:27

---

d

---

w c:documents and settingsAll UsersApplication DataFLEXnet
2009-03-19 20:29 . 2009-03-19 20:29

---

d

---

w c:documents and settingsВладимирApplication DataScooter Software
2009-03-19 12:02 . 2009-03-19 12:01

---

d

---

w c:program filesBeyond Compare 2
2009-03-19 11:45 . 2009-03-19 11:45

---

d

---

w c:program filesCommon FilesControl Panels
2009-03-19 11:45 . 2009-03-16 18:20

---

d

---

w c:program filesCommon FilesAdobe
2009-03-19 11:44 . 2009-03-19 11:44

---

d

---

w c:program filesBonjour
2009-03-19 11:29 . 2009-03-16 21:52

---

d

---

w c:program filesMicrosoft ActiveSync
2009-03-19 11:28 . 2009-03-19 11:28

---

d

---

w c:documents and settingsВладимирApplication DataYandex
2009-03-19 11:28 . 2009-03-19 11:28

---

d

---

w c:program filesPunto Switcher
2009-03-19 10:51 . 2009-03-17 09:19

---

d

---

w c:program filesStrongDC
2009-03-18 22:33 . 2009-03-17 11:36

---

d

---

w c:documents and settingsAll UsersApplication Data2GIS
2009-03-18 21:38 . 2009-03-18 21:26

---

d

---

w c:program filesHyperSnap-DX 5
2009-03-18 21:28 . 2009-03-18 21:28

---

d

---

w c:documents and settingsВладимирApplication DataGrym
2009-03-18 11:21 . 2009-03-18 11:21

---

d

---

w c:program filesCommon FilesMacrovision Shared
2009-03-17 23:22 . 2009-03-17 07:07

---

d

---

w c:documents and settingsAll UsersApplication DataAcronis
2009-03-17 21:28 . 2009-03-17 13:24 1396400 —-a-w c:windowssystem32AutoPartNt.exe
2009-03-17 16:25 . 2009-03-16 16:47 251152 —s—r C:ntldr
2009-03-17 16:25 . 2009-03-16 16:38 4952 —sha-r C:bootfont.bin
2009-03-17 13:40 . 2009-03-16 15:29 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-03-16 22:21 . 2009-03-16 22:21 395744 —-a-w c:windowssystem32driverstimntr.sys
2009-03-16 22:21 . 2009-03-16 22:21 39264 —-a-w c:windowssystem32driverstifsfilt.sys
2009-03-16 22:21 . 2009-03-16 21:14 114048 —-a-w c:windowssystem32driverssnapman.sys
2009-03-16 22:20 . 2009-03-16 21:14

---

d

---

w c:program filesCommon FilesAcronis
2009-03-16 22:20 . 2009-03-16 21:14

---

d

---

w c:program filesAcronis
2009-03-16 22:18 . 2009-03-16 22:18

---

d

---

w c:documents and settingsВладимирApplication DataCorel
2009-03-16 22:07 . 2009-03-16 22:07

---

d

---

w c:program filesMicrosoft Works
2009-03-16 22:07 . 2009-03-16 22:07

---

d

---

w c:program filesMicrosoft.NET
2009-03-16 22:06 . 2009-03-16 22:06

---

d

---

w c:program filesMicrosoft Visual Studio 8
2009-03-16 21:47 . 2009-03-16 21:46

---

d

---

w c:program filesCommon FilesMacromedia
2009-03-16 21:46 . 2009-03-16 21:46

---

d

---

w c:program filesMacromedia
2009-03-16 21:43 . 2009-03-16 21:43

---

d

---

w c:documents and settingsAll UsersApplication DataRoboForm
2009-03-16 21:41 . 2009-03-16 21:41

---

d

---

w c:program filesSiber Systems
2009-03-16 21:19 . 2009-03-16 21:19

---

d

---

w c:program filesCoffeeCup Software
2009-03-16 21:10 . 2009-03-16 21:10

---

d

---

w c:program filesLizardTech
2009-03-16 21:02 . 2009-03-16 21:02

---

d

---

w c:program filesSSC Service Utility
2009-03-16 20:30 . 2009-03-16 20:30

---

d

---

w c:documents and settingsВладимирApplication DataPROject MT
2009-03-16 20:29 . 2009-03-16 20:29

---

d

---

w c:documents and settingsВладимирApplication DataPRMT
2009-03-16 20:16 . 2009-03-16 20:16 131 —-a-w c:documents and settingsВладимирLocal SettingsApplication Datafusioncache.dat
2009-03-16 20:16 . 2009-03-16 20:15

---

d

---

w c:program filesPRMT8
2009-03-16 20:15 . 2009-03-16 20:15

---

d

---

w c:documents and settingsAll UsersApplication DataPRMT
2009-03-16 20:10 . 2009-03-16 20:10

---

d

---

w c:program filesMSBuild
2009-03-16 20:10 . 2009-03-16 20:10 68144 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-03-16 20:09 . 2009-03-16 20:09

---

d

---

w c:program filesReference Assemblies
2009-03-16 19:51 . 2009-03-16 19:51

---

d

---

w c:program filesDigalo
2009-03-16 19:49 . 2009-03-16 19:49

---

d

---

w c:program filesK-Lite Codec Pack
2009-03-16 19:44 . 2009-03-16 19:44 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
2009-03-16 19:41 . 2009-03-16 19:41

---

d

---

w c:program filesSkype
2009-03-16 19:41 . 2009-03-16 19:41

---

d

---

w c:program filesCommon FilesSkype
2009-03-16 19:41 . 2009-03-16 19:41

---

d

---

w c:documents and settingsAll UsersApplication DataSkype
2009-03-16 19:38 . 2009-03-16 19:38

---

d

---

w c:program filesA4Tech
2009-03-16 19:28 . 2009-03-16 19:28

---

d

---

w c:program filesCommon FilesCorel
2009-03-16 19:28 . 2009-03-16 15:49

---

d

---

w c:program filesCommon FilesInstallShield
2009-03-16 19:28 . 2009-03-16 19:28

---

d

---

w c:program filesCorel
2009-03-16 19:21 . 2009-03-16 19:21

---

d

---

w c:documents and settingsAll UsersApplication DataAdobe Systems
2009-03-16 19:21 . 2009-03-16 19:21

---

d

---

w c:program filesCommon FilesAdobe Systems Shared
2009-03-16 19:13 . 2009-03-16 19:10

---

d

---

w c:program filesEPSON
2009-03-16 19:13 . 2009-03-16 19:13

---

d

---

w c:documents and settingsAll UsersApplication DataUDL
2009-03-16 19:13 . 2009-03-16 19:12

---

d

---

w c:program filesEPSON Print CD
2009-03-16 19:06 . 2009-03-16 19:06

---

d

---

w c:program filesCommon FilesAhead
2009-03-16 19:06 . 2009-03-16 19:06

---

d

---

w c:program filesAhead
2009-03-16 19:05 . 2009-03-16 19:05

---

d

---

w c:program filesTotal Commander XP
2009-03-16 17:07 . 2009-03-16 17:07

---

d

---

w c:program filesAlwil Software
2009-03-16 16:58 . 2009-03-16 16:58

---

d

---

w c:program filesVistaDriveIcon
2009-03-16 16:58 . 2009-03-16 16:58 717296 —-a-w c:windowssystem32driverssptd.sys
2009-03-16 16:58 . 2009-03-16 16:58

---

d

---

w c:program filesJava
2009-03-16 16:58 . 2009-03-16 16:58

---

d

---

w c:program filesCommon FilesJava
2009-03-16 16:56 . 2009-03-16 16:56

---

d

---

w c:program filesWindows Media Connect 2
2009-03-16 16:54 . 2009-03-16 15:27 23804 —-a-w c:windowssystem32emptyregdb.dat
2009-03-16 16:54 . 2009-03-16 16:54 879 —-a-w c:windowsInfCOM350.tmp
2009-03-16 15:58 . 2009-03-16 15:58 21035 —-a-w c:windowssystem32driversAegisP.sys
2009-03-16 15:58 . 2009-03-16 15:58

---

d

---

w c:program filesASUS WiFi-AP Solo
2009-03-16 15:53 . 2009-03-16 15:53

---

d

---

w c:documents and settingsВладимирApplication DataTMP
2009-03-16 15:53 . 2009-03-16 15:53

---

d

---

w c:program filesMarvell
2009-03-16 15:49 . 2009-03-16 15:49

---

d

---

w c:program filesAnalog Devices
2009-03-16 15:37 . 2009-03-16 15:37

---

d

---

w c:program filesIntel
2009-03-16 15:30 . 2009-03-16 15:30

---

d

---

w c:program filesmicrosoft frontpage
2009-03-06 13:51 . 2009-03-16 16:38 284672 —-a-w c:windowssystem32pdh.dll
2009-03-03 00:16 . 2009-03-16 16:38 828416 —-a-w c:windowssystem32wininet.dll
2009-02-20 17:19 . 2009-03-16 16:38 78336 —-a-w c:windowssystem32ieencode.dll
2009-02-10 15:27 . 2009-03-16 16:38 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 14:01 . 2009-03-16 16:38 1847680 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:18 . 2008-04-15 16:00 2025984 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 11:18 . 2008-04-15 16:00 2147328 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:18 . 2009-03-16 16:38 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:57 . 2009-03-16 16:38 731136 —-a-w c:windowssystem32lsasrv.dll
.

---

Sigcheck

---

[-] 2008-06-25 22:08 584192 371C41F777924F3EA3BFAD18C6A04502 c:windowssystem32user32.dll

[-] 2008-06-25 22:07 1597952 DC2B803BB81968B75128541B96D44744 c:windowsexplorer.exe

[-] 2008-06-25 22:07 17408 DCB049EF4D6AA184601D9CA5B128BF56 c:windowssystem32ctfmon.exe

[-] 2008-06-25 22:05 1571840 54DDF4FB948B5410D3BEDB47ED832964 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-06-25 17408]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-02-01 21898024]
«EDLauncher»=»c:program filesPRMT8PRMTEDEDLauncher.exe» [2007-03-14 118784]
«RoboForm»=»c:program filesSiber SystemsAI RoboFormRoboTaskBarIcon.exe» [2009-03-16 118784]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncWcescomm.exe» [2006-11-13 1289000]
«ClipMate7″=»c:program filesClipMate7clipmate.exe» [2007-01-08 6135808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-06-28 8466432]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-06-28 81920]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«EPSON Stylus Photo R200 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I0H2.EXE» [2003-09-11 99840]
«WheelMouse»=»c:progra~1A4TechMouseAmoumain.exe» [2005-09-29 172032]
«SSC Service Utility»=»c:program filesSSC Service Utilityssc_serv.exe» [2006-10-16 487936]
«OSSelectorReinstall»=»c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe» [2007-03-26 2227256]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«TrueImageMonitor.exe»=»c:program filesAcronisTrueImageHomeTrueImageMonitor.exe» [2006-10-16 1184024]
«AcronisTimounterMonitor»=»c:program filesAcronisTrueImageHomeTimounterMonitor.exe» [2006-10-16 1959904]
«Acronis Scheduler2 Service»=»c:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2006-10-16 87584]
«Adobe Acrobat Speed Launcher»=»c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe» [2008-06-11 37232]
«Acrobat Assistant 8.0″=»c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe» [2008-06-11 640376]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«Anti Trojan Elite»=»c:program filesAnti Trojan EliteTJEnder.exe» [2005-02-05 2853888]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-06-28 1626112]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-25 17408]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ1_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableNotifications»= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187.sys [2006-06-16 176128]
R3 SjyPkt;SjyPkt;c:windowsSystem32DriversSjyPkt.sys [2006-03-31 13532]
S1 aswSP;avast! Self Protection; [x]
S2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
S2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2009-02-05 20560]
S3 ATE_PROCMON;ATE_PROCMON;c:program filesAnti Trojan EliteATEPMon.sys [2004-09-10 5969]

.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-ICQ — c:program filesICQ6.5ICQ.exe

.

---

Supplementary Scan

---

.
uStart Page = hxxp://xtreme.ws/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Append Link Target to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
IE: Заполнить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComFillForms.html
IE: Настроить Меню — file://c:program filesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
IE: Сохранить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComSavePass.html
IE: Тулбар RoboForm — file://c:program filesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
FF — ProfilePath — c:documents and settingsВладимирApplication DataMozillaFirefoxProfilespm36pbs0.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/
FF — component: c:documents and settingsВладимирApplication DataMozillaFirefoxProfilespm36pbs0.defaultextensions{22119944-ED35-4ab1-910B-E619EA06A115}componentsrfproxy_27.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 20:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(916)
c:windowssystem32cscui.dll

— — — — — — — > ‘lsass.exe'(980)
c:windowssystem32relog_ap.dll

— — — — — — — > ‘explorer.exe'(3580)
c:program filesPRMT8PRMTEDEDSel.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32credui.dll
c:windowssystem32MSVCP60.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesCommon FilesAcronisSchedule2schedul2.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:progra~1MICROS~2rapimgr.exe
c:program filesPRMT8PRMTEDprmedsvr.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-23 20:18 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 16:18
ComboFix2.txt 2009-04-06 17:50
ComboFix3.txt 2009-04-06 17:41
ComboFix4.txt 2009-04-06 16:01

Pre-Run: 23 668 051 968 байт свободно
Post-Run: 23 731 204 096 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
;timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /noexecute=optin /fastdetect

355 — E O F — 2009-04-15 11:53

[Admin]

Combofix лог выглядит нормально.

Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования запишите на ваш рабочий стол.

Скачайте RootkitRevealer кликнув по этой ссылке и распакуйте файл в папку, например C:RootkitRevealer.
Отключите соединение с Интернетом и ваш антивирус.
Запустите RootkitRevealer.
Когда программа запустится кликните по кнопке Scan.
Когда сканирование закончится, кликните File->Save и сохраните лог на ваш рабочий стол.
Закройте RootkitRevealer.

Жду от вас RootkitRevealer лог + Kaspersky Online Scanner лог (результаты сканирования) .

[Автор]

Сообщения