- This topic has 11 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Заблокирован USB корневой концентратор, переустановка драйверов с сайта производителя не решает проблемы, вирусы перед удалением нарушили работу служб.
При запуске Combofix появляется сообщение о ненайденном 32788К22АЦОАЦnircmd.com
Лог Combofix:
ComboFix 09-02-05.02 — Admin 2009-02-06 15:31:19.7 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.447.155 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript
* Created a new restore pointFILE ::
c:windowssystem32DRIVERSCOMFiltr.sys
c:windowssystem32driversfips32cup.sys
c:windowssystem32driversi386si.sys
c:windowssystem32driversnetsik.sys
c:windowssystem32driversnicsk32.sys
c:windowssystem32driversport135sik.sys
c:windowssystem32driverssecurentm.sys
c:windowssystem32driverssystemntmi.sys
c:windowssystem32driversws2_32sik.sys
.((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.2009-02-06 02:23 . 2009-02-06 02:29
d
c:windowsL2Schemas
2009-02-06 02:06 . 2009-02-06 15:25 188,791 —a
c:windowssystem32nvapps.xml
2009-02-06 02:05 . 2009-02-06 02:05d
c:windowsnview
2009-02-06 02:05 . 2008-08-01 14:48 453,152 —a
c:windowssystem32nvudisp.exe
2009-02-06 02:05 . 2008-08-01 14:48 18,335 —a
c:windowssystem32nvdisp.nvu
2009-02-06 02:05 . 2008-07-10 04:07 7,143 —a
c:windowssystem32nvide.nvu
2009-02-06 02:02 . 2008-07-29 13:33 446,464 —a
c:windowssystem32nvunrm.exe
2009-02-06 02:02 . 2008-07-29 13:30 6,045 —a
c:windowssystem32nvnrm.nvu
2009-02-06 02:02 . 2008-07-08 01:45 4,984 —a
c:windowssystem32driversnvphy.bin
2009-02-06 02:00 . 2008-08-27 13:58 453,152 —a
c:windowssystem32NVUNINST.EXE
2009-02-06 01:59 . 2009-02-06 02:00d
C:NVIDIA
2009-02-06 00:21 . 2007-11-08 22:03 65,536 —a
c:windowssystem32Reg2Inf.exe
2009-02-06 00:20 . 2009-02-06 00:20dr
c:windowsOemDrv
2009-02-06 00:16 . 2008-04-15 16:00 41,600 —a—c— c:windowssystem32dllcacheweitekp9.dll
2009-02-06 00:16 . 2008-04-15 16:00 31,232 —a—c— c:windowssystem32dllcacheweitekp9.sys
2009-02-06 00:16 . 2008-04-15 16:00 28,288 —a—c— c:windowssystem32dllcachexjis.nls
2009-02-06 00:14 . 2004-05-13 00:39 876,653 —a—c— c:windowssystem32dllcachefp4awel.dll
2009-02-06 00:13 . 2008-03-06 19:06 11,059,256 —a
c:windowsStartup.bmp
2009-02-06 00:11 . 2007-10-29 03:26 196,608 —a
c:windowssystem32libssl32.dll
2009-02-06 00:11 . 2007-10-09 12:37 59,904 —a
c:windowssystem32zlib1.dll
2009-02-06 00:09 . 2008-04-15 16:00 16,384 —a—c— c:windowssystem32dllcacheisignup.exe
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowsWindowsShell.Manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32wuaucpl.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32sapi.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32nwc.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32ncpa.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 488 -rah
c:windowssystem32logonui.exe.manifest
2009-02-06 00:06 . 2008-04-15 16:00 281,088 —a—c— c:windowssystem32dllcachepinball.exe
2009-02-06 00:06 . 2008-04-15 16:00 7,680 —a—c— c:windowssystem32dllcacheinetmgr.exe
2009-02-05 23:55 . 2008-04-15 16:00 1,233,791 -ra
c:windowsSET79.tmp
2009-02-05 23:55 . 2008-04-15 16:00 1,088,840 -ra
c:windowsSET7C.tmp
2009-02-05 23:55 . 2008-04-15 16:00 16,825 -ra
c:windowsSET88.tmp
2009-02-05 23:47 . 2009-02-05 23:47 0 —a
c:windowssystem32mapisvc.inf
2009-02-05 23:37 . 2009-02-05 23:37d
c:windowsNV1348244.TMP
2009-02-05 23:33 . 2006-10-18 15:31 363,008 —a
c:windowssystem32idecoiins.dll
2009-02-05 23:33 . 2006-10-18 15:31 363,008 —a
c:windowssystem32idecoi.dll
2009-02-05 23:33 . 2008-10-07 16:33 122,880 —a
c:windowssystem32SET27B.tmp
2009-02-05 23:33 . 2008-10-30 22:10 117,120 —a
c:windowssystem32driversRtnicxp.sys
2009-02-05 23:33 . 2007-07-12 17:43 42,112 —a
c:windowssystem32driversnvefd2k.sys
2009-02-05 23:33 . 2008-07-17 06:35 9,728 —a
c:windowssystem32RtNicProp32.dll
2009-02-05 23:27 . 2009-02-05 23:27d
c:windowssystem32NtmsData
2009-02-05 23:19 . 2008-04-14 21:07 23,296 —a
c:windowssystem32mouclass.sys
2009-02-04 13:31 . 2009-02-05 23:34 70,899 —a
c:windowssetupapi.old
2009-02-02 19:37 . 2009-02-02 19:37d
c:documents and settingsAdminApplication DataLavasoft
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox2.idx
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox2.dat
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox.idx
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-29 10:13 . 2009-01-29 14:12d
c:documents and settingsAdminDoctorWeb
2009-01-28 14:20 . 2009-01-28 14:23d
c:program filesAnVir Task Manager
2009-01-28 10:44 . 2009-01-28 10:44d—h
c:windowssystem32GroupPolicy
2009-01-28 09:10 . 2009-01-28 09:17d
c:program filesЗоркий глаз
2009-01-28 09:10 . 2009-01-28 09:18 82 —a
c:windowsVir_Info.inf
2009-01-22 16:51 . 2009-01-22 16:51d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-14 13:59 . 2009-02-02 17:52 0 —a
c:windowssystem32drivers8adb889.sys
2009-01-08 11:22 . 2009-01-08 11:22d
c:temp8P_UPD611
2009-01-07 17:57 . 2006-10-18 15:31 105,472 —a
c:windowssystem32driversnvata.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 12:25
d
w c:program filesChameleon Clock
2009-02-05 21:14 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-02-05 21:14
d
w c:program filesVistaDriveIcon
2009-02-05 21:13 410,984 —-a-w c:windowssystem32deploytk.dll
2009-02-05 21:13
d
w c:program filesPaint.NET
2009-02-05 21:13
d
w c:program filesJava
2009-02-05 21:07
d
w c:program filesWindows Media Connect 2
2009-02-04 14:08
d
w c:documents and settingsAdminApplication DataDownload Master
2009-02-04 11:02
d
w c:program filesARM ZVIT
2009-01-30 08:06
d
w c:program files7-Zip
2009-01-22 13:59
d
w c:program filesEset
2009-01-15 11:47
d
w c:program filesOperaAC
2009-01-12 13:22
d
w c:program filesIntellect-Service
2008-12-25 21:09 1,571,840 —-a-w c:windowssystem32sfcfiles.dll
2008-12-25 19:40 23,040 —-a-w c:windowssystem32setup.exe
2008-12-25 18:59 99,328 —-a-w c:windowssystem32cabview.dll
2008-12-25 18:58 92,672 —-a-w c:windowssystem32acctres.dll
2008-12-25 18:58 67,072 —-a-w c:windowssystem32browselc.dll
2008-12-25 18:58 46,080 —-a-w c:windowssystem32ntsd.exe
2008-12-25 18:58 38,400 —-a-w c:windowssystem32batmeter.dll
2008-12-25 18:58 361,600 —-a-w c:windowssystem32driverstcpip.sys
2008-12-25 18:58 313,344 —-a-w c:windowssystem32accwiz.exe
2008-12-25 18:58 226,816 —-a-w c:windowsregedit.exe
2008-12-25 18:58 105,472 —-a-w c:windowssystem32telnet.exe
2008-12-25 18:58 102,912 —-a-w c:windowssystem32ahui.exe
2008-12-25 18:56 99,840 —-a-w c:windowssystem32wmpshell.dll
2008-12-25 18:56 603,648 —-a-w c:windowssystem32wmspdmod.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmvdmoe2.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmvdmod.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmsdmoe2.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmsdmod.dll
2008-12-25 18:56 314,880 —-a-w c:windowssystem32wmpdxm.dll
2008-12-25 18:56 242,688 —-a-w c:windowssystem32wmpasf.dll
2008-12-25 18:56 1,329,152 —-a-w c:windowssystem32wmspdmoe.dll
2008-12-25 18:54 83,072 —-a-w c:windowssystem32driverswdmaud.sys
2008-12-25 18:52 90,112 —-a-w c:windowssystem32wshext.dll
2008-12-25 18:51 97,280 —-a-w c:windowssystem32psbase.dll
2008-12-21 11:19 991,744 —-a-w c:windowssystem32setupapi.dll
2008-12-12 12:54 9,481 —-a-r c:windowssystem32OEMINFO.CMD
2008-11-14 19:07 43,544 —-a-w c:windowssystem32wups2.dll
.
Sigcheck
2008-12-25 22:00 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-12-25 22:00 952832 b3f3c4c16539f0ac20306e2a56df6aa6 c:windowssystem32wininet.dll
2008-12-25 21:58 361600 6a104ba98d99d53ab0c91825ce659fc6 c:windowssystem32driverstcpip.sys
2008-12-25 21:59 1721344 5d1804d43d799f7040ac1c2df3ee137a c:windowsexplorer.exe
2008-12-25 21:59 30208 e5eb62a6443a8720f7ec4941c42fae67 c:windowssystem32ctfmon.exe
2008-12-25 22:00 78360 a16b512841d703a84f773bd0dcc732dc c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-06_ 2.36.30.10 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-02-05 23:35:05 201,360 —-a-w c:windowssystem32inetsrvMetaBase.bin
+ 2009-02-06 12:25:51 201,382 —-a-w c:windowssystem32inetsrvMetaBase.bin
— 2009-02-05 23:12:49 92,294 —-a-w c:windowssystem32perfc009.dat
+ 2009-02-05 23:39:11 92,294 —-a-w c:windowssystem32perfc009.dat
— 2009-02-05 23:12:49 107,242 —-a-w c:windowssystem32perfc019.dat
+ 2009-02-05 23:39:11 107,242 —-a-w c:windowssystem32perfc019.dat
— 2009-02-05 23:12:49 502,130 —-a-w c:windowssystem32perfh009.dat
+ 2009-02-05 23:39:11 502,130 —-a-w c:windowssystem32perfh009.dat
— 2009-02-05 23:12:49 545,366 —-a-w c:windowssystem32perfh019.dat
+ 2009-02-05 23:39:11 545,366 —-a-w c:windowssystem32perfh019.dat
+ 2009-02-06 12:25:43 16,384 —-atw c:windowsTempPerflib_Perfdata_5c4.dat
+ 2009-02-06 12:25:51 16,384 —-atw c:windowsTempPerflib_Perfdata_dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«HomeAlarm»=»c:program filesChameleon ClockChamClock.exe» [2007-07-31 637440]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-12-25 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-08-01 13529088]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-08-01 86016]
«MsmqIntCert»=»mqrt.dll» [2008-04-15 c:windowssystem32mqrt.dll]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]
«nwiz»=»nwiz.exe» [2008-08-01 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-18 44544]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]
«ZZZZ1_FirstLogonSetting»=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«msacm.divxa32″= divxa32.acm[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=c:windowspssTotal Commander.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
2007-01-25 21:40 201728 c:program filesPunto Switcherps.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
—a
2008-01-02 13:52 132096 c:program filesVistaDriveIconVistaDrv.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
—a
2007-11-20 19:15 1826816 c:windowsSkyTel.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centermonitoringkasperskyantivirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mqsvc.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\userinit.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3587:TCP»= 3587:TCP:Группирование одноранговой сети Windows
«3540:UDP»= 3540:UDP:PNRP-протокол (Peer Name Resolution Protocol)
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
«AllowInboundTimestampRequest»= 1 (0x1)
«AllowInboundMaskRequest»= 1 (0x1)
«AllowInboundRouterRequest»= 1 (0x1)
«AllowOutboundDestinationUnreachable»= 1 (0x1)
«AllowOutboundSourceQuench»= 1 (0x1)
«AllowOutboundParameterProblem»= 1 (0x1)
«AllowOutboundTimeExceeded»= 1 (0x1)
«AllowRedirect»= 1 (0x1)
«AllowOutboundPacketTooBig»= 1 (0x1)S1 8adb889;8adb889;c:windowssystem32drivers8adb889.sys [2009-01-14 0]
S2 fips32cup;fips32cup;??c:windowssystem32driversfips32cup.sys —> c:windowssystem32driversfips32cup.sys [?]
S2 i386si;i386si;??c:windowssystem32driversi386si.sys —> c:windowssystem32driversi386si.sys [?]
S2 netsik;netsik;??c:windowssystem32driversnetsik.sys —> c:windowssystem32driversnetsik.sys [?]
S2 nicsk32;nicsk32;??c:windowssystem32driversnicsk32.sys —> c:windowssystem32driversnicsk32.sys [?]
S2 port135sik;port135sik;??c:windowssystem32driversport135sik.sys —> c:windowssystem32driversport135sik.sys [?]
S2 securentm;securentm;??c:windowssystem32driverssecurentm.sys —> c:windowssystem32driverssecurentm.sys [?]
S2 systemntmi;systemntmi;??c:windowssystem32driverssystemntmi.sys —> c:windowssystem32driverssystemntmi.sys [?]
S2 ws2_32sik;ws2_32sik;??c:windowssystem32driversws2_32sik.sys —> c:windowssystem32driversws2_32sik.sys [?]
S3 ComFiltr;Panda Anti-Dialer;??c:windowssystem32DRIVERSCOMFiltr.sys —> c:windowssystem32DRIVERSCOMFiltr.sys [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ac607cce-1ff4-11dd-97e3-001d7dac9b97}]
shellexploreCommand — F:boot.exe
shellopenCommand — F:boot.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c8149f5e-26f2-11dd-97f4-001d7dac9b97}]
shellautoruncommand — F:
shellexplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellfindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellopencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.zvercd.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 15:32:51
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(980)
c:windowssystem32cscui.dll
.
Completion time: 2009-02-06 15:33:48
ComboFix-quarantined-files.txt 2009-02-06 12:33:41
ComboFix2.txt 2009-02-06 12:19:43
ComboFix3.txt 2009-02-06 12:07:27
ComboFix4.txt 2009-02-06 11:21:04
ComboFix5.txt 2009-02-06 12:30:58Pre-Run: 4 748 054 528 байт свободно
Post-Run: 4,735,602,688 байт свободно275
Ошибка у меня —
При запуске Combofix появляется сообщение о ненайденном 32788К22АЦОАЦnircmd.com
Надо:
При запуске Combofix появляется сообщение о ненайденном 32788К22FWJFWnircmd.comЛог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-06 17:11:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (27%) free of 17 GB
Total RAM: 447 MB (24% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:00, on 06.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesChameleon ClockChamClock.exe
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Program FilesOperaACopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.zvercd.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [HomeAlarm] C:Program FilesChameleon ClockChamClock.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) — C:Program FilesYahoo!Commonyinsthelper.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Служба SNMP (SNMP) — Корпорация Майкрософт — C:WINDOWSSystem32snmp.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6745 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273ab4-e7d3-40f9-a1a8-6fa9cca1862c}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-02-06 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-06 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-06 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«MsmqIntCert»=regsvr32 /s mqrt.dll []
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-04-10 16861184]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-08-01 13529088]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-08-01 86016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«HomeAlarm»=C:Program FilesChameleon ClockChamClock.exe [2007-07-31 637440]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-12-25 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:Program FilesPunto Switcherps.exe [2007-01-25 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2007-11-20 1826816][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2007-09-14 2902984][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-15 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»
«C:WINDOWSsystem32mmc.exe»=»C:WINDOWSsystem32mmc.exe:*:Enabled:Консоль управления (MMC)»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ac607cce-1ff4-11dd-97e3-001d7dac9b97}]
shellexplorecommand — F:boot.exe
shellopencommand — F:boot.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c8149f5e-26f2-11dd-97f4-001d7dac9b97}]
shellautoruncommand — F:
shellexplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellfindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellopencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======List of files/folders created in the last 1 months======
2009-02-06 17:11:26 —-D—- C:rsit
2009-02-06 17:11:26 —-D—- C:Program Filestrend micro
2009-02-06 15:33:49 —-A—- C:ComboFix.txt
2009-02-06 15:15:55 —-ASH—- C:BOOT.BAK
2009-02-06 15:15:25 —-RSHD—- C:cmdcons
2009-02-06 15:15:25 —-A—- C:WINDOWSUPGRADE.TXT
2009-02-06 15:15:24 —-D—- C:WINDOWSsetup.pss
2009-02-06 15:04:46 —-A—- C:WINDOWSNIRCMD.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSzip.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSVFIND.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWXCACLS.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWSC.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWREG.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSsed.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSgrep.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSfdsv.exe
2009-02-06 02:28:56 —-D—- C:WINDOWSERDNT
2009-02-06 02:28:56 —-D—- C:Qoobox
2009-02-06 02:23:52 —-D—- C:WINDOWSL2Schemas
2009-02-06 02:05:52 —-D—- C:WINDOWSnview
2009-02-06 02:05:52 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-02-06 02:02:43 —-A—- C:WINDOWSsystem32nvunrm.exe
2009-02-06 02:00:54 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-02-06 01:59:50 —-D—- C:NVIDIA
2009-02-06 00:21:51 —-A—- C:WINDOWSsystem32Reg2Inf.exe
2009-02-06 00:20:21 —-RD—- C:WINDOWSOemDrv
2009-02-06 00:13:50 —-A—- C:WINDOWSsystem32wiaaut.dll
2009-02-06 00:13:43 —-A—- C:WINDOWSinnounp.exe
2009-02-06 00:13:35 —-A—- C:WINDOWSsystem32deploytk.dll
2009-02-06 00:13:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_40.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_39.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_38.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32zlib1.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32libssl32.dll
2009-02-06 00:10:52 —-A—- C:WINDOWSOEWABLog.txt
2009-02-06 00:09:59 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll
2009-02-06 00:07:28 —-A—- C:WINDOWSsystem32gpprefcl.dll
2009-02-05 23:55:07 —-RA—- C:WINDOWSSET88.tmp
2009-02-05 23:55:06 —-RA—- C:WINDOWSSET7C.tmp
2009-02-05 23:55:04 —-RA—- C:WINDOWSSET79.tmp
2009-02-05 23:37:40 —-D—- C:WINDOWSNV1348244.TMP
2009-02-05 23:35:31 —-A—- C:WINDOWSimsins.BAK
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-05 23:35:06 —-RA—- C:WINDOWSSET1C4.tmp
2009-02-05 23:35:05 —-RA—- C:WINDOWSSET1B8.tmp
2009-02-05 23:35:03 —-RA—- C:WINDOWSSET1B7.tmp
2009-02-05 23:34:14 —-A—- C:WINDOWSsetuplog.txt
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoiins.dll
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoi.dll
2009-02-05 23:33:26 —-A—- C:WINDOWSsystem32RtNicProp32.dll
2009-02-05 23:33:07 —-A—- C:WINDOWSsystem32SET27B.tmp
2009-02-05 23:27:39 —-D—- C:WINDOWSsystem32NtmsData
2009-02-03 11:06:40 —-A—- C:WINDOWSntbtlog.txt
2009-02-02 19:37:28 —-D—- C:Documents and SettingsAdminApplication DataLavasoft
2009-02-02 14:27:10 —-A—- C:WINDOWSsystem32search_fid.txt
2009-01-28 14:20:59 —-D—- C:Program FilesAnVir Task Manager
2009-01-28 10:44:47 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-01-28 09:14:26 —-A—- C:WINDOWSVIR_HIST.txt
2009-01-28 09:10:06 —-D—- C:Program FilesЗоркий глаз
2009-01-22 16:51:12 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files======List of files/folders modified in the last 1 months======
2009-02-06 17:11:26 —-AD—- C:Program Files
2009-02-06 16:53:09 —-D—- C:WINDOWSsystem32ias
2009-02-06 16:53:00 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-06 16:52:44 —-D—- C:Program FilesChameleon Clock
2009-02-06 16:52:43 —-D—- C:WINDOWSsystem32inetsrv
2009-02-06 16:26:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-06 15:33:52 —-AD—- C:WINDOWSsystem32
2009-02-06 15:33:51 —-D—- C:WINDOWSTemp
2009-02-06 15:33:51 —-D—- C:WINDOWS
2009-02-06 15:32:53 —-A—- C:WINDOWSsystem.ini
2009-02-06 15:32:20 —-D—- C:WINDOWSsystem32drivers
2009-02-06 15:32:20 —-D—- C:WINDOWSAppPatch
2009-02-06 15:32:20 —-AD—- C:Program FilesCommon Files
2009-02-06 15:15:56 —-RASH—- C:boot.ini
2009-02-06 03:05:00 —-HD—- C:WINDOWSinf
2009-02-06 02:39:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-06 02:33:19 —-D—- C:WINDOWSsystem32config
2009-02-06 02:29:20 —-D—- C:WINDOWSsystem32Setup
2009-02-06 02:29:12 —-D—- C:WINDOWSsystem32usmt
2009-02-06 02:29:10 —-SHD—- C:System Volume Information
2009-02-06 02:29:10 —-D—- C:WINDOWSsystem32Restore
2009-02-06 02:28:54 —-D—- C:WINDOWSehome
2009-02-06 02:28:53 —-D—- C:WINDOWSime
2009-02-06 02:28:52 —-RSD—- C:WINDOWSFonts
2009-02-06 02:28:51 —-D—- C:WINDOWSnetwork diagnostic
2009-02-06 02:28:43 —-D—- C:WINDOWSPeerNet
2009-02-06 02:28:31 —-D—- C:WINDOWSsystem32npp
2009-02-06 02:28:26 —-D—- C:WINDOWSmsagent
2009-02-06 02:28:23 —-D—- C:WINDOWSsystem32ru
2009-02-06 02:26:02 —-D—- C:WINDOWSsystem321049
2009-02-06 02:25:47 —-D—- C:WINDOWStwain_32
2009-02-06 02:25:05 —-D—- C:WINDOWSsystem32icsxml
2009-02-06 02:24:38 —-D—- C:WINDOWSsystem321033
2009-02-06 02:23:52 —-D—- C:WINDOWSDriver Cache
2009-02-06 02:11:08 —-D—- C:WINDOWSsystem32CatRoot
2009-02-06 02:06:06 —-D—- C:WINDOWSHelp
2009-02-06 01:42:29 —-D—- C:WINDOWSMicrosoft.NET
2009-02-06 00:21:53 —-A—- C:WINDOWSsystem32oeminfo.ini
2009-02-06 00:20:02 —-D—- C:WINDOWSRegistration
2009-02-06 00:19:50 —-A—- C:WINDOWSNeroDigital.ini
2009-02-06 00:18:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-06 00:18:10 —-D—- C:WINDOWSsystem32wbem
2009-02-06 00:14:11 —-D—- C:WINDOWSsecurity
2009-02-06 00:14:09 —-D—- C:Program FilesVistaDriveIcon
2009-02-06 00:13:59 —-D—- C:WINDOWSMedia
2009-02-06 00:13:52 —-D—- C:Program FilesPaint.NET
2009-02-06 00:13:39 —-SHD—- C:WINDOWSInstaller
2009-02-06 00:13:38 —-D—- C:Config.Msi
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaws.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaw.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32java.exe
2009-02-06 00:13:23 —-D—- C:Program FilesJava
2009-02-06 00:12:39 —-RSD—- C:WINDOWSassembly
2009-02-06 00:12:37 —-D—- C:WINDOWSWinSxS
2009-02-06 00:11:16 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-06 00:10:46 —-A—- C:WINDOWSODBCINST.INI
2009-02-06 00:10:00 —-RD—- C:WINDOWSWeb
2009-02-06 00:09:53 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-06 00:09:44 —-A—- C:WINDOWSwin.ini
2009-02-06 00:09:39 —-D—- C:WINDOWSsrchasst
2009-02-06 00:09:29 —-D—- C:Program FilesWindows Media Player
2009-02-06 00:09:29 —-D—- C:Program FilesCommon FilesServices
2009-02-06 00:09:26 —-SD—- C:WINDOWSTasks
2009-02-06 00:09:26 —-D—- C:Program FilesOutlook Express
2009-02-06 00:09:14 —-D—- C:Program FilesMovie Maker
2009-02-06 00:09:02 —-D—- C:WINDOWSsystem32oobe
2009-02-06 00:08:52 —-D—- C:Program FilesCommon FilesSystem
2009-02-06 00:08:42 —-D—- C:Program FilesInternet Explorer
2009-02-06 00:07:57 —-D—- C:WINDOWSsystem32Com
2009-02-06 00:07:34 —-D—- C:Program FilesWindows Media Connect 2
2009-02-06 00:07:32 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 00:07:31 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-06 00:07:31 —-RD—- C:WINDOWSOffline Web Pages
2009-02-06 00:07:31 —-D—- C:WINDOWSwbem
2009-02-06 00:07:12 —-D—- C:WINDOWSCursors
2009-02-06 00:07:04 —-D—- C:Program FilesWindows NT
2009-02-05 23:56:26 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-02-05 23:55:13 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-05 23:38:14 —-D—- C:WINDOWSsystem32RTCOM
2009-02-05 23:35:18 —-D—- C:WINDOWSsystem
2009-02-04 17:08:56 —-D—- C:Documents and SettingsAdminApplication DataDownload Master
2009-02-04 14:02:00 —-D—- C:Program FilesARM ZVIT
2009-02-02 20:23:18 —-D—- C:WINDOWSMinidump
2009-01-30 11:06:46 —-D—- C:Program Files7-Zip
2009-01-27 15:10:05 —-D—- C:WINDOWSSoftwareDistribution
2009-01-22 16:59:40 —-D—- C:Program FilesEset
2009-01-15 14:47:40 —-D—- C:Program FilesOperaAC
2009-01-12 16:22:53 —-D—- C:Program FilesIntellect-Service======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-12-25 225856]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-04-17 4707328]
R3 MQAC;Message Queuing access control; ??C:WINDOWSsystem32driversmqac.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-08-01 6555104]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2008-08-01 22016]
R3 RMCAST;Reliable Multicast Protocol driver; ??C:WINDOWSsystem32driversRMCast.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2008-10-30 117120]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-12-25 12288]
S1 8adb889;8adb889; C:WINDOWSSystem32drivers8adb889.sys []
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2004-05-17 41984]
S2 fips32cup;fips32cup; ??C:WINDOWSsystem32driversfips32cup.sys []
S2 i386si;i386si; ??C:WINDOWSsystem32driversi386si.sys []
S2 netsik;netsik; ??C:WINDOWSsystem32driversnetsik.sys []
S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
S2 port135sik;port135sik; ??C:WINDOWSsystem32driversport135sik.sys []
S2 securentm;securentm; ??C:WINDOWSsystem32driverssecurentm.sys []
S2 systemntmi;systemntmi; ??C:WINDOWSsystem32driverssystemntmi.sys []
S2 ws2_32sik;ws2_32sik; ??C:WINDOWSsystem32driversws2_32sik.sys []
S3 anlf7eg5;anlf7eg5; C:WINDOWSsystem32driversanlf7eg5.sys []
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
S3 GT680x;BearPaw 2448TA Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys []
S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32drivershidusb.sys [2008-04-15 10368]
S3 ltmodem5;LT Modem Driver; C:WINDOWSsystem32DRIVERSltmdmnt.sys [2007-12-22 606940]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
S3 usbhub;USB2 концентратор; C:WINDOWSsystem32driversusbhub.sys [2008-04-15 59520]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 IISADMIN;IIS Admin; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-06 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:WINDOWSsystem32mqsvc.exe [2008-04-15 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:WINDOWSsystem32mqtgsvc.exe [2008-04-15 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-08-01 159812]
R2 SimpTcp;Простые службы TCP/IP; C:WINDOWSsystem32tcpsvcs.exe [2008-04-15 19456]
R2 SNMP;Служба SNMP; C:WINDOWSSystem32snmp.exe [2008-04-15 32768]
R2 W3SVC;Веб-публикации; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Одноранговая групповая проверка подлинности; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2pimsvc;Диспетчер удостоверений для одноранговых сетей; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2psvc;Службы одноранговой сети; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 PNRPSvc;Протокол однорангового разрешения имен; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 SNMPTRAP;Служба ловушек SNMP; C:WINDOWSSystem32snmptrap.exe [2008-04-15 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
info RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-06 17:21:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (27%) free of 17 GB
Total RAM: 447 MB (30% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:00, on 06.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesChameleon ClockChamClock.exe
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Program FilesOperaACopera.exe
C:WINDOWSsystem32svchost.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.zvercd.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [HomeAlarm] C:Program FilesChameleon ClockChamClock.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) — C:Program FilesYahoo!Commonyinsthelper.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Служба SNMP (SNMP) — Корпорация Майкрософт — C:WINDOWSSystem32snmp.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6778 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273ab4-e7d3-40f9-a1a8-6fa9cca1862c}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-02-06 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-06 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-06 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«MsmqIntCert»=regsvr32 /s mqrt.dll []
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-04-10 16861184]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-08-01 13529088]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-08-01 86016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«HomeAlarm»=C:Program FilesChameleon ClockChamClock.exe [2007-07-31 637440]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-12-25 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:Program FilesPunto Switcherps.exe [2007-01-25 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2007-11-20 1826816][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2007-09-14 2902984][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-15 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»
«C:WINDOWSsystem32mmc.exe»=»C:WINDOWSsystem32mmc.exe:*:Enabled:Консоль управления (MMC)»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ac607cce-1ff4-11dd-97e3-001d7dac9b97}]
shellexplorecommand — F:boot.exe
shellopencommand — F:boot.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c8149f5e-26f2-11dd-97f4-001d7dac9b97}]
shellautoruncommand — F:
shellexplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellfindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellopencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======List of files/folders created in the last 1 months======
2009-02-06 17:11:26 —-D—- C:rsit
2009-02-06 17:11:26 —-D—- C:Program Filestrend micro
2009-02-06 15:33:49 —-A—- C:ComboFix.txt
2009-02-06 15:15:55 —-ASH—- C:BOOT.BAK
2009-02-06 15:15:25 —-RSHD—- C:cmdcons
2009-02-06 15:15:25 —-A—- C:WINDOWSUPGRADE.TXT
2009-02-06 15:15:24 —-D—- C:WINDOWSsetup.pss
2009-02-06 15:04:46 —-A—- C:WINDOWSNIRCMD.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSzip.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSVFIND.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWXCACLS.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWSC.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWREG.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSsed.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSgrep.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSfdsv.exe
2009-02-06 02:28:56 —-D—- C:WINDOWSERDNT
2009-02-06 02:28:56 —-D—- C:Qoobox
2009-02-06 02:23:52 —-D—- C:WINDOWSL2Schemas
2009-02-06 02:05:52 —-D—- C:WINDOWSnview
2009-02-06 02:05:52 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-02-06 02:02:43 —-A—- C:WINDOWSsystem32nvunrm.exe
2009-02-06 02:00:54 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-02-06 01:59:50 —-D—- C:NVIDIA
2009-02-06 00:21:51 —-A—- C:WINDOWSsystem32Reg2Inf.exe
2009-02-06 00:20:21 —-RD—- C:WINDOWSOemDrv
2009-02-06 00:13:50 —-A—- C:WINDOWSsystem32wiaaut.dll
2009-02-06 00:13:43 —-A—- C:WINDOWSinnounp.exe
2009-02-06 00:13:35 —-A—- C:WINDOWSsystem32deploytk.dll
2009-02-06 00:13:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_40.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_39.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_38.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32zlib1.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32libssl32.dll
2009-02-06 00:10:52 —-A—- C:WINDOWSOEWABLog.txt
2009-02-06 00:09:59 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll
2009-02-06 00:07:28 —-A—- C:WINDOWSsystem32gpprefcl.dll
2009-02-05 23:55:07 —-RA—- C:WINDOWSSET88.tmp
2009-02-05 23:55:06 —-RA—- C:WINDOWSSET7C.tmp
2009-02-05 23:55:04 —-RA—- C:WINDOWSSET79.tmp
2009-02-05 23:37:40 —-D—- C:WINDOWSNV1348244.TMP
2009-02-05 23:35:31 —-A—- C:WINDOWSimsins.BAK
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-05 23:35:06 —-RA—- C:WINDOWSSET1C4.tmp
2009-02-05 23:35:05 —-RA—- C:WINDOWSSET1B8.tmp
2009-02-05 23:35:03 —-RA—- C:WINDOWSSET1B7.tmp
2009-02-05 23:34:14 —-A—- C:WINDOWSsetuplog.txt
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoiins.dll
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoi.dll
2009-02-05 23:33:26 —-A—- C:WINDOWSsystem32RtNicProp32.dll
2009-02-05 23:33:07 —-A—- C:WINDOWSsystem32SET27B.tmp
2009-02-05 23:27:39 —-D—- C:WINDOWSsystem32NtmsData
2009-02-03 11:06:40 —-A—- C:WINDOWSntbtlog.txt
2009-02-02 19:37:28 —-D—- C:Documents and SettingsAdminApplication DataLavasoft
2009-02-02 14:27:10 —-A—- C:WINDOWSsystem32search_fid.txt
2009-01-28 14:20:59 —-D—- C:Program FilesAnVir Task Manager
2009-01-28 10:44:47 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-01-28 09:14:26 —-A—- C:WINDOWSVIR_HIST.txt
2009-01-28 09:10:06 —-D—- C:Program FilesЗоркий глаз
2009-01-22 16:51:12 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files======List of files/folders modified in the last 1 months======
2009-02-06 17:11:26 —-AD—- C:Program Files
2009-02-06 16:54:30 —-D—- C:WINDOWSsystem32inetsrv
2009-02-06 16:53:10 —-D—- C:WINDOWSsystem32ias
2009-02-06 16:53:00 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-06 16:52:44 —-D—- C:Program FilesChameleon Clock
2009-02-06 16:26:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-06 15:33:52 —-AD—- C:WINDOWSsystem32
2009-02-06 15:33:51 —-D—- C:WINDOWSTemp
2009-02-06 15:33:51 —-D—- C:WINDOWS
2009-02-06 15:32:53 —-A—- C:WINDOWSsystem.ini
2009-02-06 15:32:20 —-D—- C:WINDOWSsystem32drivers
2009-02-06 15:32:20 —-D—- C:WINDOWSAppPatch
2009-02-06 15:32:20 —-AD—- C:Program FilesCommon Files
2009-02-06 15:15:56 —-RASH—- C:boot.ini
2009-02-06 03:05:00 —-HD—- C:WINDOWSinf
2009-02-06 02:39:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-06 02:33:19 —-D—- C:WINDOWSsystem32config
2009-02-06 02:29:20 —-D—- C:WINDOWSsystem32Setup
2009-02-06 02:29:12 —-D—- C:WINDOWSsystem32usmt
2009-02-06 02:29:10 —-SHD—- C:System Volume Information
2009-02-06 02:29:10 —-D—- C:WINDOWSsystem32Restore
2009-02-06 02:28:54 —-D—- C:WINDOWSehome
2009-02-06 02:28:53 —-D—- C:WINDOWSime
2009-02-06 02:28:52 —-RSD—- C:WINDOWSFonts
2009-02-06 02:28:51 —-D—- C:WINDOWSnetwork diagnostic
2009-02-06 02:28:43 —-D—- C:WINDOWSPeerNet
2009-02-06 02:28:31 —-D—- C:WINDOWSsystem32npp
2009-02-06 02:28:26 —-D—- C:WINDOWSmsagent
2009-02-06 02:28:23 —-D—- C:WINDOWSsystem32ru
2009-02-06 02:26:02 —-D—- C:WINDOWSsystem321049
2009-02-06 02:25:47 —-D—- C:WINDOWStwain_32
2009-02-06 02:25:05 —-D—- C:WINDOWSsystem32icsxml
2009-02-06 02:24:38 —-D—- C:WINDOWSsystem321033
2009-02-06 02:23:52 —-D—- C:WINDOWSDriver Cache
2009-02-06 02:11:08 —-D—- C:WINDOWSsystem32CatRoot
2009-02-06 02:06:06 —-D—- C:WINDOWSHelp
2009-02-06 01:42:29 —-D—- C:WINDOWSMicrosoft.NET
2009-02-06 00:21:53 —-A—- C:WINDOWSsystem32oeminfo.ini
2009-02-06 00:20:02 —-D—- C:WINDOWSRegistration
2009-02-06 00:19:50 —-A—- C:WINDOWSNeroDigital.ini
2009-02-06 00:18:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-06 00:18:10 —-D—- C:WINDOWSsystem32wbem
2009-02-06 00:14:11 —-D—- C:WINDOWSsecurity
2009-02-06 00:14:09 —-D—- C:Program FilesVistaDriveIcon
2009-02-06 00:13:59 —-D—- C:WINDOWSMedia
2009-02-06 00:13:52 —-D—- C:Program FilesPaint.NET
2009-02-06 00:13:39 —-SHD—- C:WINDOWSInstaller
2009-02-06 00:13:38 —-D—- C:Config.Msi
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaws.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaw.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32java.exe
2009-02-06 00:13:23 —-D—- C:Program FilesJava
2009-02-06 00:12:39 —-RSD—- C:WINDOWSassembly
2009-02-06 00:12:37 —-D—- C:WINDOWSWinSxS
2009-02-06 00:11:16 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-06 00:10:46 —-A—- C:WINDOWSODBCINST.INI
2009-02-06 00:10:00 —-RD—- C:WINDOWSWeb
2009-02-06 00:09:53 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-06 00:09:44 —-A—- C:WINDOWSwin.ini
2009-02-06 00:09:39 —-D—- C:WINDOWSsrchasst
2009-02-06 00:09:29 —-D—- C:Program FilesWindows Media Player
2009-02-06 00:09:29 —-D—- C:Program FilesCommon FilesServices
2009-02-06 00:09:26 —-SD—- C:WINDOWSTasks
2009-02-06 00:09:26 —-D—- C:Program FilesOutlook Express
2009-02-06 00:09:14 —-D—- C:Program FilesMovie Maker
2009-02-06 00:09:02 —-D—- C:WINDOWSsystem32oobe
2009-02-06 00:08:52 —-D—- C:Program FilesCommon FilesSystem
2009-02-06 00:08:42 —-D—- C:Program FilesInternet Explorer
2009-02-06 00:07:57 —-D—- C:WINDOWSsystem32Com
2009-02-06 00:07:34 —-D—- C:Program FilesWindows Media Connect 2
2009-02-06 00:07:32 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 00:07:31 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-06 00:07:31 —-RD—- C:WINDOWSOffline Web Pages
2009-02-06 00:07:31 —-D—- C:WINDOWSwbem
2009-02-06 00:07:12 —-D—- C:WINDOWSCursors
2009-02-06 00:07:04 —-D—- C:Program FilesWindows NT
2009-02-05 23:56:26 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-02-05 23:55:13 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-05 23:38:14 —-D—- C:WINDOWSsystem32RTCOM
2009-02-05 23:35:18 —-D—- C:WINDOWSsystem
2009-02-04 17:08:56 —-D—- C:Documents and SettingsAdminApplication DataDownload Master
2009-02-04 14:02:00 —-D—- C:Program FilesARM ZVIT
2009-02-02 20:23:18 —-D—- C:WINDOWSMinidump
2009-01-30 11:06:46 —-D—- C:Program Files7-Zip
2009-01-27 15:10:05 —-D—- C:WINDOWSSoftwareDistribution
2009-01-22 16:59:40 —-D—- C:Program FilesEset
2009-01-15 14:47:40 —-D—- C:Program FilesOperaAC
2009-01-12 16:22:53 —-D—- C:Program FilesIntellect-Service======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-12-25 225856]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-04-17 4707328]
R3 MQAC;Message Queuing access control; ??C:WINDOWSsystem32driversmqac.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-08-01 6555104]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2008-08-01 22016]
R3 RMCAST;Reliable Multicast Protocol driver; ??C:WINDOWSsystem32driversRMCast.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2008-10-30 117120]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-12-25 12288]
S1 8adb889;8adb889; C:WINDOWSSystem32drivers8adb889.sys []
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2004-05-17 41984]
S2 fips32cup;fips32cup; ??C:WINDOWSsystem32driversfips32cup.sys []
S2 i386si;i386si; ??C:WINDOWSsystem32driversi386si.sys []
S2 netsik;netsik; ??C:WINDOWSsystem32driversnetsik.sys []
S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
S2 port135sik;port135sik; ??C:WINDOWSsystem32driversport135sik.sys []
S2 securentm;securentm; ??C:WINDOWSsystem32driverssecurentm.sys []
S2 systemntmi;systemntmi; ??C:WINDOWSsystem32driverssystemntmi.sys []
S2 ws2_32sik;ws2_32sik; ??C:WINDOWSsystem32driversws2_32sik.sys []
S3 anlf7eg5;anlf7eg5; C:WINDOWSsystem32driversanlf7eg5.sys []
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
S3 GT680x;BearPaw 2448TA Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys []
S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32drivershidusb.sys [2008-04-15 10368]
S3 ltmodem5;LT Modem Driver; C:WINDOWSsystem32DRIVERSltmdmnt.sys [2007-12-22 606940]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
S3 usbhub;USB2 концентратор; C:WINDOWSsystem32driversusbhub.sys [2008-04-15 59520]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 IISADMIN;IIS Admin; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-06 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:WINDOWSsystem32mqsvc.exe [2008-04-15 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:WINDOWSsystem32mqtgsvc.exe [2008-04-15 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-08-01 159812]
R2 SimpTcp;Простые службы TCP/IP; C:WINDOWSsystem32tcpsvcs.exe [2008-04-15 19456]
R2 SNMP;Служба SNMP; C:WINDOWSSystem32snmp.exe [2008-04-15 32768]
R2 W3SVC;Веб-публикации; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Одноранговая групповая проверка подлинности; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2pimsvc;Диспетчер удостоверений для одноранговых сетей; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2psvc;Службы одноранговой сети; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 PNRPSvc;Протокол однорангового разрешения имен; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 SNMPTRAP;Служба ловушек SNMP; C:WINDOWSSystem32snmptrap.exe [2008-04-15 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Combofix и RSIT логи показывают наличие заражения. Так же один из ваших дисков заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Отключите ваш антивирус. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации. Запускайте программу столько раз, сколько нужно чтобы очистить все ваши подклбчаемые диски.При запуске Combofix появляется сообщение о ненайденном 32788К22АЦОАЦnircmd.com
Отключите антивирус и скачате новую копию Combofix.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
8adb889
fips32cup
i386si
netsik
nicsk32
port135sik
securentm
systemntmi
ws2_32sik
Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ac607cce-1ff4-11dd-97e3-001d7dac9b97}]
File::
c:windowssystem32drivers8adb889.sys
c:windowssystem32driversfips32cup.sys
c:windowssystem32driversi386si.sys
c:windowssystem32driversnetsik.sys
c:windowssystem32driversnicsk32.sys
c:windowssystem32driversport135sik.sys
c:windowssystem32driverssecurentm.sys
c:windowssystem32driverssystemntmi.sys
c:windowssystem32driversws2_32sik.sysЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Флеш дезинсектор содержит WORM/Generic.4084 — Avira говорит.
На дисках нет в корневых каталогах файлов типа auto*.*
Обычно с ними справляются программы типа антиавторан.
Речь идет о невозможности системе идентифицировать корневой концентратор после лечения от вирусов.
Переустановка драйверов не помогает. Установка ОС на новый диск проходит без проблем и все работает.
Все драйвера с сайта производителя. Bios прошит последней версией.
Скрипт попробую.Выполнился скрипт, ничего не произошло.
Появляется стабильно при загрузке
инструкция по адресу 0x7c91b1fa обратилась к памяти по адресу 0x00000010.Память не может быть writtenлог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-07 00:49:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (27%) free of 17 GB
Total RAM: 447 MB (37% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:49:23, on 07.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesChameleon ClockChamClock.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSSystem32svchost.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.zvercd.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [HomeAlarm] C:Program FilesChameleon ClockChamClock.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) — C:Program FilesYahoo!Commonyinsthelper.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Служба сетевого DDE (NetDDE) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: Диспетчер сетевого DDE (NetDDEdsdm) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Служба SNMP (SNMP) — Корпорация Майкрософт — C:WINDOWSSystem32snmp.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6899 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273ab4-e7d3-40f9-a1a8-6fa9cca1862c}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-02-06 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-06 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-06 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«MsmqIntCert»=regsvr32 /s mqrt.dll []
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-04-10 16861184]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-08-01 13529088]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-08-01 86016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«HomeAlarm»=C:Program FilesChameleon ClockChamClock.exe [2007-07-31 637440]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-12-25 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:Program FilesPunto Switcherps.exe [2007-01-25 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2007-11-20 1826816][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2007-09-14 2902984][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-15 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»
«C:WINDOWSsystem32mmc.exe»=»C:WINDOWSsystem32mmc.exe:*:Enabled:Консоль управления (MMC)»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32mqsvc.exe»=»C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ac607cce-1ff4-11dd-97e3-001d7dac9b97}]
shellexplorecommand — F:boot.exe
shellopencommand — F:boot.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c8149f5e-26f2-11dd-97f4-001d7dac9b97}]
shellautoruncommand — F:
shellexplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellfindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellopencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======List of files/folders created in the last 1 months======
2009-02-06 17:11:26 —-D—- C:rsit
2009-02-06 17:11:26 —-D—- C:Program Filestrend micro
2009-02-06 15:33:49 —-A—- C:ComboFix.txt
2009-02-06 15:15:55 —-ASH—- C:BOOT.BAK
2009-02-06 15:15:25 —-RSHD—- C:cmdcons
2009-02-06 15:15:25 —-A—- C:WINDOWSUPGRADE.TXT
2009-02-06 15:15:24 —-D—- C:WINDOWSsetup.pss
2009-02-06 15:04:46 —-A—- C:WINDOWSNIRCMD.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSzip.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSVFIND.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWXCACLS.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWSC.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSSWREG.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSsed.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSgrep.exe
2009-02-06 02:29:02 —-A—- C:WINDOWSfdsv.exe
2009-02-06 02:28:56 —-D—- C:WINDOWSERDNT
2009-02-06 02:28:56 —-D—- C:Qoobox
2009-02-06 02:23:52 —-D—- C:WINDOWSL2Schemas
2009-02-06 02:05:52 —-D—- C:WINDOWSnview
2009-02-06 02:05:52 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-02-06 02:02:43 —-A—- C:WINDOWSsystem32nvunrm.exe
2009-02-06 02:00:54 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-02-06 01:59:50 —-D—- C:NVIDIA
2009-02-06 00:21:51 —-A—- C:WINDOWSsystem32Reg2Inf.exe
2009-02-06 00:20:21 —-RD—- C:WINDOWSOemDrv
2009-02-06 00:13:50 —-A—- C:WINDOWSsystem32wiaaut.dll
2009-02-06 00:13:43 —-A—- C:WINDOWSinnounp.exe
2009-02-06 00:13:35 —-A—- C:WINDOWSsystem32deploytk.dll
2009-02-06 00:13:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_40.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_39.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_38.dll
2009-02-06 00:13:12 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-02-06 00:13:11 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32zlib1.dll
2009-02-06 00:11:16 —-A—- C:WINDOWSsystem32libssl32.dll
2009-02-06 00:10:52 —-A—- C:WINDOWSOEWABLog.txt
2009-02-06 00:09:59 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-02-06 00:07:29 —-A—- C:WINDOWSsystem32mucltui.dll
2009-02-06 00:07:28 —-A—- C:WINDOWSsystem32gpprefcl.dll
2009-02-05 23:55:07 —-RA—- C:WINDOWSSET88.tmp
2009-02-05 23:55:06 —-RA—- C:WINDOWSSET7C.tmp
2009-02-05 23:55:04 —-RA—- C:WINDOWSSET79.tmp
2009-02-05 23:37:40 —-D—- C:WINDOWSNV1348244.TMP
2009-02-05 23:35:31 —-A—- C:WINDOWSimsins.BAK
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-05 23:35:19 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-05 23:35:06 —-RA—- C:WINDOWSSET1C4.tmp
2009-02-05 23:35:05 —-RA—- C:WINDOWSSET1B8.tmp
2009-02-05 23:35:03 —-RA—- C:WINDOWSSET1B7.tmp
2009-02-05 23:34:14 —-A—- C:WINDOWSsetuplog.txt
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoiins.dll
2009-02-05 23:33:32 —-A—- C:WINDOWSsystem32idecoi.dll
2009-02-05 23:33:26 —-A—- C:WINDOWSsystem32RtNicProp32.dll
2009-02-05 23:33:07 —-A—- C:WINDOWSsystem32SET27B.tmp
2009-02-05 23:27:39 —-D—- C:WINDOWSsystem32NtmsData
2009-02-03 11:06:40 —-A—- C:WINDOWSntbtlog.txt
2009-02-02 19:37:28 —-D—- C:Documents and SettingsAdminApplication DataLavasoft
2009-02-02 14:27:10 —-A—- C:WINDOWSsystem32search_fid.txt
2009-01-28 14:20:59 —-D—- C:Program FilesAnVir Task Manager
2009-01-28 10:44:47 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-01-28 09:14:26 —-A—- C:WINDOWSVIR_HIST.txt
2009-01-28 09:10:06 —-D—- C:Program FilesЗоркий глаз
2009-01-22 16:51:12 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files======List of files/folders modified in the last 1 months======
2009-02-07 00:42:40 —-D—- C:WINDOWSsystem32ias
2009-02-07 00:42:39 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-07 00:42:29 —-D—- C:WINDOWSsystem32inetsrv
2009-02-07 00:42:14 —-D—- C:Program FilesChameleon Clock
2009-02-07 00:40:24 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-07 00:16:41 —-AD—- C:Program Files
2009-02-06 19:24:21 —-D—- C:WINDOWSTemp
2009-02-06 15:33:52 —-AD—- C:WINDOWSsystem32
2009-02-06 15:33:51 —-D—- C:WINDOWS
2009-02-06 15:32:53 —-A—- C:WINDOWSsystem.ini
2009-02-06 15:32:20 —-D—- C:WINDOWSsystem32drivers
2009-02-06 15:32:20 —-D—- C:WINDOWSAppPatch
2009-02-06 15:32:20 —-AD—- C:Program FilesCommon Files
2009-02-06 15:15:56 —-RASH—- C:boot.ini
2009-02-06 03:05:00 —-HD—- C:WINDOWSinf
2009-02-06 02:39:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-06 02:33:19 —-D—- C:WINDOWSsystem32config
2009-02-06 02:29:20 —-D—- C:WINDOWSsystem32Setup
2009-02-06 02:29:12 —-D—- C:WINDOWSsystem32usmt
2009-02-06 02:29:10 —-SHD—- C:System Volume Information
2009-02-06 02:29:10 —-D—- C:WINDOWSsystem32Restore
2009-02-06 02:28:54 —-D—- C:WINDOWSehome
2009-02-06 02:28:53 —-D—- C:WINDOWSime
2009-02-06 02:28:52 —-RSD—- C:WINDOWSFonts
2009-02-06 02:28:51 —-D—- C:WINDOWSnetwork diagnostic
2009-02-06 02:28:43 —-D—- C:WINDOWSPeerNet
2009-02-06 02:28:31 —-D—- C:WINDOWSsystem32npp
2009-02-06 02:28:26 —-D—- C:WINDOWSmsagent
2009-02-06 02:28:23 —-D—- C:WINDOWSsystem32ru
2009-02-06 02:26:02 —-D—- C:WINDOWSsystem321049
2009-02-06 02:25:47 —-D—- C:WINDOWStwain_32
2009-02-06 02:25:05 —-D—- C:WINDOWSsystem32icsxml
2009-02-06 02:24:38 —-D—- C:WINDOWSsystem321033
2009-02-06 02:23:52 —-D—- C:WINDOWSDriver Cache
2009-02-06 02:11:08 —-D—- C:WINDOWSsystem32CatRoot
2009-02-06 02:06:06 —-D—- C:WINDOWSHelp
2009-02-06 01:42:29 —-D—- C:WINDOWSMicrosoft.NET
2009-02-06 00:21:53 —-A—- C:WINDOWSsystem32oeminfo.ini
2009-02-06 00:20:02 —-D—- C:WINDOWSRegistration
2009-02-06 00:19:50 —-A—- C:WINDOWSNeroDigital.ini
2009-02-06 00:18:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-06 00:18:10 —-D—- C:WINDOWSsystem32wbem
2009-02-06 00:14:11 —-D—- C:WINDOWSsecurity
2009-02-06 00:14:09 —-D—- C:Program FilesVistaDriveIcon
2009-02-06 00:13:59 —-D—- C:WINDOWSMedia
2009-02-06 00:13:52 —-D—- C:Program FilesPaint.NET
2009-02-06 00:13:39 —-SHD—- C:WINDOWSInstaller
2009-02-06 00:13:38 —-D—- C:Config.Msi
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaws.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32javaw.exe
2009-02-06 00:13:25 —-A—- C:WINDOWSsystem32java.exe
2009-02-06 00:13:23 —-D—- C:Program FilesJava
2009-02-06 00:12:39 —-RSD—- C:WINDOWSassembly
2009-02-06 00:12:37 —-D—- C:WINDOWSWinSxS
2009-02-06 00:11:16 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-06 00:10:46 —-A—- C:WINDOWSODBCINST.INI
2009-02-06 00:10:00 —-RD—- C:WINDOWSWeb
2009-02-06 00:09:53 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-06 00:09:44 —-A—- C:WINDOWSwin.ini
2009-02-06 00:09:39 —-D—- C:WINDOWSsrchasst
2009-02-06 00:09:29 —-D—- C:Program FilesWindows Media Player
2009-02-06 00:09:29 —-D—- C:Program FilesCommon FilesServices
2009-02-06 00:09:26 —-SD—- C:WINDOWSTasks
2009-02-06 00:09:26 —-D—- C:Program FilesOutlook Express
2009-02-06 00:09:14 —-D—- C:Program FilesMovie Maker
2009-02-06 00:09:02 —-D—- C:WINDOWSsystem32oobe
2009-02-06 00:08:52 —-D—- C:Program FilesCommon FilesSystem
2009-02-06 00:08:42 —-D—- C:Program FilesInternet Explorer
2009-02-06 00:07:57 —-D—- C:WINDOWSsystem32Com
2009-02-06 00:07:34 —-D—- C:Program FilesWindows Media Connect 2
2009-02-06 00:07:32 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 00:07:31 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-06 00:07:31 —-RD—- C:WINDOWSOffline Web Pages
2009-02-06 00:07:31 —-D—- C:WINDOWSwbem
2009-02-06 00:07:12 —-D—- C:WINDOWSCursors
2009-02-06 00:07:04 —-D—- C:Program FilesWindows NT
2009-02-05 23:56:26 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-02-05 23:55:13 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-05 23:38:14 —-D—- C:WINDOWSsystem32RTCOM
2009-02-05 23:35:18 —-D—- C:WINDOWSsystem
2009-02-04 17:08:56 —-D—- C:Documents and SettingsAdminApplication DataDownload Master
2009-02-04 14:02:00 —-D—- C:Program FilesARM ZVIT
2009-02-02 20:23:18 —-D—- C:WINDOWSMinidump
2009-01-30 11:06:46 —-D—- C:Program Files7-Zip
2009-01-27 15:10:05 —-D—- C:WINDOWSSoftwareDistribution
2009-01-22 16:59:40 —-D—- C:Program FilesEset
2009-01-15 14:47:40 —-D—- C:Program FilesOperaAC
2009-01-12 16:22:53 —-D—- C:Program FilesIntellect-Service======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-12-25 225856]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-04-17 4707328]
R3 MQAC;Message Queuing access control; ??C:WINDOWSsystem32driversmqac.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-08-01 6555104]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2008-08-01 22016]
R3 RMCAST;Reliable Multicast Protocol driver; ??C:WINDOWSsystem32driversRMCast.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2008-10-30 117120]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-12-25 12288]
S1 8adb889;8adb889; C:WINDOWSSystem32drivers8adb889.sys []
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2004-05-17 41984]
S2 i386si;i386si; ??C:WINDOWSsystem32driversi386si.sys []
S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
S2 port135sik;port135sik; ??C:WINDOWSsystem32driversport135sik.sys []
S2 securentm;securentm; ??C:WINDOWSsystem32driverssecurentm.sys []
S2 systemntmi;systemntmi; ??C:WINDOWSsystem32driverssystemntmi.sys []
S2 ws2_32sik;ws2_32sik; ??C:WINDOWSsystem32driversws2_32sik.sys []
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
S3 GT680x;BearPaw 2448TA Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys []
S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32drivershidusb.sys [2008-04-15 10368]
S3 ltmodem5;LT Modem Driver; C:WINDOWSsystem32DRIVERSltmdmnt.sys [2007-12-22 606940]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
S3 usbhub;USB2 концентратор; C:WINDOWSsystem32driversusbhub.sys [2008-04-15 59520]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 fips32cup;fips32cup; ??C:WINDOWSsystem32driversfips32cup.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 netsik;netsik; ??C:WINDOWSsystem32driversnetsik.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 IISADMIN;IIS Admin; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-06 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:WINDOWSsystem32mqsvc.exe [2008-04-15 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:WINDOWSsystem32mqtgsvc.exe [2008-04-15 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-08-01 159812]
R2 SimpTcp;Простые службы TCP/IP; C:WINDOWSsystem32tcpsvcs.exe [2008-04-15 19456]
R2 W3SVC;Веб-публикации; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-15 15872]
S2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Одноранговая групповая проверка подлинности; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2pimsvc;Диспетчер удостоверений для одноранговых сетей; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 p2psvc;Службы одноранговой сети; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 PNRPSvc;Протокол однорангового разрешения имен; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S3 SNMP;Служба SNMP; C:WINDOWSSystem32snmp.exe [2008-04-15 32768]
S3 SNMPTRAP;Служба ловушек SNMP; C:WINDOWSSystem32snmptrap.exe [2008-04-15 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
лог CF:
ComboFix 09-02-06.04 — Admin 2002-10-01 0:06:04.10 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.767.529 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
.((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.2009-02-06 17:11 . 2009-02-06 17:17
d
C:rsit
2009-02-06 17:11 . 2002-09-30 23:03d
c:program filestrend micro
2009-02-06 02:23 . 2009-02-06 02:29d
c:windowsL2Schemas
2009-02-06 02:06 . 2002-09-30 22:51 188,791 —a
c:windowssystem32nvapps.xml
2009-02-06 02:05 . 2009-02-06 02:05d
c:windowsnview
2009-02-06 02:05 . 2008-08-01 14:48 453,152 —a
c:windowssystem32nvudisp.exe
2009-02-06 02:05 . 2008-08-01 14:48 18,335 —a
c:windowssystem32nvdisp.nvu
2009-02-06 02:05 . 2008-07-10 04:07 7,143 —a
c:windowssystem32nvide.nvu
2009-02-06 02:02 . 2008-07-29 13:33 446,464 —a
c:windowssystem32nvunrm.exe
2009-02-06 02:02 . 2008-07-29 13:30 6,045 —a
c:windowssystem32nvnrm.nvu
2009-02-06 02:02 . 2008-07-08 01:45 4,984 —a
c:windowssystem32driversnvphy.bin
2009-02-06 02:00 . 2008-08-27 13:58 453,152 —a
c:windowssystem32NVUNINST.EXE
2009-02-06 01:59 . 2009-02-06 02:00d
C:NVIDIA
2009-02-06 00:21 . 2007-11-08 22:03 65,536 —a
c:windowssystem32Reg2Inf.exe
2009-02-06 00:20 . 2009-02-06 00:20dr
c:windowsOemDrv
2009-02-06 00:16 . 2008-04-15 16:00 41,600 —a—c— c:windowssystem32dllcacheweitekp9.dll
2009-02-06 00:16 . 2008-04-15 16:00 31,232 —a—c— c:windowssystem32dllcacheweitekp9.sys
2009-02-06 00:16 . 2008-04-15 16:00 28,288 —a—c— c:windowssystem32dllcachexjis.nls
2009-02-06 00:14 . 2004-05-13 00:39 876,653 —a—c— c:windowssystem32dllcachefp4awel.dll
2009-02-06 00:13 . 2008-03-06 19:06 11,059,256 —a
c:windowsStartup.bmp
2009-02-06 00:11 . 2007-10-29 03:26 196,608 —a
c:windowssystem32libssl32.dll
2009-02-06 00:11 . 2007-10-09 12:37 59,904 —a
c:windowssystem32zlib1.dll
2009-02-06 00:09 . 2008-04-15 16:00 16,384 —a—c— c:windowssystem32dllcacheisignup.exe
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowsWindowsShell.Manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32wuaucpl.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32sapi.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32nwc.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 749 -rah
c:windowssystem32ncpa.cpl.manifest
2009-02-06 00:09 . 2009-02-06 00:09 488 -rah
c:windowssystem32logonui.exe.manifest
2009-02-06 00:06 . 2008-04-15 16:00 281,088 —a—c— c:windowssystem32dllcachepinball.exe
2009-02-06 00:06 . 2008-04-15 16:00 7,680 —a—c— c:windowssystem32dllcacheinetmgr.exe
2009-02-05 23:55 . 2008-04-15 16:00 1,233,791 -ra
c:windowsSET79.tmp
2009-02-05 23:55 . 2008-04-15 16:00 1,088,840 -ra
c:windowsSET7C.tmp
2009-02-05 23:55 . 2008-04-15 16:00 16,825 -ra
c:windowsSET88.tmp
2009-02-05 23:47 . 2009-02-05 23:47 0 —a
c:windowssystem32mapisvc.inf
2009-02-05 23:37 . 2009-02-05 23:37d
c:windowsNV1348244.TMP
2009-02-05 23:33 . 2006-10-18 15:31 363,008 —a
c:windowssystem32idecoiins.dll
2009-02-05 23:33 . 2006-10-18 15:31 363,008 —a
c:windowssystem32idecoi.dll
2009-02-05 23:33 . 2008-10-07 16:33 122,880 —a
c:windowssystem32SET27B.tmp
2009-02-05 23:33 . 2008-10-30 22:10 117,120 —a
c:windowssystem32driversRtnicxp.sys
2009-02-05 23:33 . 2007-07-12 17:43 42,112 —a
c:windowssystem32driversnvefd2k.sys
2009-02-05 23:33 . 2008-07-17 06:35 9,728 —a
c:windowssystem32RtNicProp32.dll
2009-02-05 23:27 . 2002-09-30 22:51d
c:windowssystem32NtmsData
2009-02-05 23:19 . 2008-04-14 21:07 23,296 —a
c:windowssystem32mouclass.sys
2009-02-04 13:31 . 2009-02-05 23:34 70,899 —a
c:windowssetupapi.old
2009-02-02 19:37 . 2009-02-02 19:37d
c:documents and settingsAdminApplication DataLavasoft
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox2.idx
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox2.dat
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox.idx
2009-02-02 19:07 . 2009-02-02 19:08 32 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-29 10:13 . 2009-01-29 14:12d
c:documents and settingsAdminDoctorWeb
2009-01-28 14:20 . 2009-01-28 14:23d
c:program filesAnVir Task Manager
2009-01-28 10:44 . 2009-01-28 10:44d—h
c:windowssystem32GroupPolicy
2009-01-28 09:10 . 2009-01-28 09:17d
c:program filesЗоркий глаз
2009-01-28 09:10 . 2009-01-28 09:18 82 —a
c:windowsVir_Info.inf
2009-01-22 16:51 . 2009-01-22 16:51d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-08 11:22 . 2009-01-08 11:22d
c:temp8P_UPD611
2009-01-07 17:57 . 2006-10-18 15:31 105,472 —a
c:windowssystem32driversnvata.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 22:08
d
w c:program filesChameleon Clock
2009-02-05 21:14 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-02-05 21:14
d
w c:program filesVistaDriveIcon
2009-02-05 21:13 410,984 —-a-w c:windowssystem32deploytk.dll
2009-02-05 21:13
d
w c:program filesPaint.NET
2009-02-05 21:13
d
w c:program filesJava
2009-02-05 21:07
d
w c:program filesWindows Media Connect 2
2009-02-04 14:08
d
w c:documents and settingsAdminApplication DataDownload Master
2009-02-04 11:02
d
w c:program filesARM ZVIT
2009-01-30 08:06
d
w c:program files7-Zip
2009-01-22 13:59
d
w c:program filesEset
2009-01-15 11:47
d
w c:program filesOperaAC
2009-01-12 13:22
d
w c:program filesIntellect-Service
2008-12-25 21:09 1,571,840 —-a-w c:windowssystem32sfcfiles.dll
2008-12-25 19:40 23,040 —-a-w c:windowssystem32setup.exe
2008-12-25 18:59 99,328 —-a-w c:windowssystem32cabview.dll
2008-12-25 18:58 92,672 —-a-w c:windowssystem32acctres.dll
2008-12-25 18:58 67,072 —-a-w c:windowssystem32browselc.dll
2008-12-25 18:58 46,080 —-a-w c:windowssystem32ntsd.exe
2008-12-25 18:58 38,400 —-a-w c:windowssystem32batmeter.dll
2008-12-25 18:58 361,600 —-a-w c:windowssystem32driverstcpip.sys
2008-12-25 18:58 313,344 —-a-w c:windowssystem32accwiz.exe
2008-12-25 18:58 226,816 —-a-w c:windowsregedit.exe
2008-12-25 18:58 105,472 —-a-w c:windowssystem32telnet.exe
2008-12-25 18:58 102,912 —-a-w c:windowssystem32ahui.exe
2008-12-25 18:56 99,840 —-a-w c:windowssystem32wmpshell.dll
2008-12-25 18:56 603,648 —-a-w c:windowssystem32wmspdmod.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmvdmoe2.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmvdmod.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmsdmoe2.dll
2008-12-25 18:56 4,096 —-a-w c:windowssystem32wmsdmod.dll
2008-12-25 18:56 314,880 —-a-w c:windowssystem32wmpdxm.dll
2008-12-25 18:56 242,688 —-a-w c:windowssystem32wmpasf.dll
2008-12-25 18:56 1,329,152 —-a-w c:windowssystem32wmspdmoe.dll
2008-12-25 18:54 83,072 —-a-w c:windowssystem32driverswdmaud.sys
2008-12-25 18:52 90,112 —-a-w c:windowssystem32wshext.dll
2008-12-25 18:51 97,280 —-a-w c:windowssystem32psbase.dll
2008-12-21 11:19 991,744 —-a-w c:windowssystem32setupapi.dll
2008-12-12 12:54 9,481 —-a-r c:windowssystem32OEMINFO.CMD
2008-11-14 19:07 43,544 —-a-w c:windowssystem32wups2.dll
.
Sigcheck
2008-12-25 22:00 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-12-25 22:00 952832 b3f3c4c16539f0ac20306e2a56df6aa6 c:windowssystem32wininet.dll
2008-12-25 21:58 361600 6a104ba98d99d53ab0c91825ce659fc6 c:windowssystem32driverstcpip.sys
2008-12-25 21:59 1721344 5d1804d43d799f7040ac1c2df3ee137a c:windowsexplorer.exe
2008-12-25 21:59 30208 e5eb62a6443a8720f7ec4941c42fae67 c:windowssystem32ctfmon.exe
2008-12-25 22:00 78360 a16b512841d703a84f773bd0dcc732dc c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-06_ 2.36.30.10 )))))))))))))))))))))))))))))))))))))))))
.
— 2005-10-20 17:02:28 163,328 —-a-w c:windowsERDNTHiv-backupERDNT.EXE
+ 2005-10-20 16:02:28 163,328 —-a-w c:windowsERDNTHiv-backupERDNT.EXE
— 2000-08-31 05:00:00 29,696 —-a-w c:windowsNIRCMD.exe
+ 2000-08-31 04:00:00 29,696 —-a-w c:windowsNIRCMD.exe
— 2000-08-31 05:00:00 161,792 —-a-w c:windowsSWREG.exe
+ 2000-08-31 04:00:00 161,792 —-a-w c:windowsSWREG.exe
— 2009-02-05 23:35:05 201,360 —-a-w c:windowssystem32inetsrvMetaBase.bin
+ 2002-09-30 19:52:04 200,954 —-a-w c:windowssystem32inetsrvMetaBase.bin
— 2009-02-05 23:12:49 92,294 —-a-w c:windowssystem32perfc009.dat
+ 2002-09-30 17:51:48 92,294 —-a-w c:windowssystem32perfc009.dat
— 2009-02-05 23:12:49 107,242 —-a-w c:windowssystem32perfc019.dat
+ 2002-09-30 17:51:48 107,242 —-a-w c:windowssystem32perfc019.dat
— 2009-02-05 23:12:49 502,130 —-a-w c:windowssystem32perfh009.dat
+ 2002-09-30 17:51:48 502,130 —-a-w c:windowssystem32perfh009.dat
— 2009-02-05 23:12:49 545,366 —-a-w c:windowssystem32perfh019.dat
+ 2002-09-30 17:51:48 545,366 —-a-w c:windowssystem32perfh019.dat
— 2004-12-13 05:20:04 6,995 —-a-w c:windowssystem32spooldriversw32x863ssgr3en.DAT
+ 2009-02-07 18:38:49 7,014 —-a-w c:windowssystem32spooldriversw32x863ssgr3en.DAT
+ 2002-09-30 19:52:06 16,384 —-atw c:windowsTempPerflib_Perfdata_1f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-12-25 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-08-01 13529088]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-08-01 86016]
«MsmqIntCert»=»mqrt.dll» [2008-04-15 c:windowssystem32mqrt.dll]
«RTHDCPL»=»RTHDCPL.EXE» [2008-04-10 c:windowsRTHDCPL.EXE]
«nwiz»=»nwiz.exe» [2008-08-01 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-01-25 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-18 44544]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll]
«ZZZZ1_FirstLogonSetting»=»advpack.dll» [2008-12-25 c:windowssystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«msacm.divxa32″= divxa32.acm[HKLM~startupfolderC:^Documents and Settings^Admin^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=c:documents and settingsAdminГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=c:windowspssTotal Commander.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
—a
2008-12-25 21:59 30208 c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHomeAlarm]
—a
2007-07-31 14:29 637440 c:program filesChameleon ClockChamClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a
2006-01-12 14:40 155648 c:windowssystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
2007-01-25 21:40 201728 c:program filesPunto Switcherps.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
—a
2008-01-02 13:52 132096 c:program filesVistaDriveIconVistaDrv.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
—a
2007-11-20 19:15 1826816 c:windowsSkyTel.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centermonitoringkasperskyantivirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\mqsvc.exe»=
«c:\WINDOWS\system32\mmc.exe»=
«c:\WINDOWS\system32\userinit.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3587:TCP»= 3587:TCP:Группирование одноранговой сети Windows
«3540:UDP»= 3540:UDP:PNRP-протокол (Peer Name Resolution Protocol)
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
«AllowInboundEchoRequest»= 1 (0x1)
«AllowInboundTimestampRequest»= 1 (0x1)
«AllowInboundMaskRequest»= 1 (0x1)
«AllowInboundRouterRequest»= 1 (0x1)
«AllowOutboundDestinationUnreachable»= 1 (0x1)
«AllowOutboundSourceQuench»= 1 (0x1)
«AllowOutboundParameterProblem»= 1 (0x1)
«AllowOutboundTimeExceeded»= 1 (0x1)
«AllowRedirect»= 1 (0x1)
«AllowOutboundPacketTooBig»= 1 (0x1)S3 ComFiltr;Panda Anti-Dialer;??c:windowssystem32DRIVERSCOMFiltr.sys —> c:windowssystem32DRIVERSCOMFiltr.sys [?]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c8149f5e-26f2-11dd-97f4-001d7dac9b97}]
shellautoruncommand — F:
shellexplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellfindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellopencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.
— — — — ORPHANS REMOVED — — — —MSConfigStartUp-Adobe Reader Speed Launcher — c:program filesAdobeReader 8.0ReaderReader_sl.exe
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.zvercd.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 00:07:10
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(984)
c:windowssystem32cscui.dll
.
Completion time: 2009-02-06 0:08:00
ComboFix-quarantined-files.txt 2009-02-05 21:07:51
ComboFix2.txt 2009-02-07 18:42:53
ComboFix3.txt 2009-02-06 22:02:23
ComboFix4.txt 2009-02-06 12:33:49
ComboFix5.txt 2002-09-30 20:05:41Pre-Run: 4 807 454 720 байт свободно
Post-Run: 4,791,398,400 байт свободно264
Последний Combofix лог выглядит нормально.
Появляется стабильно при загрузке
инструкция по адресу 0x7c91b1fa обратилась к памяти по адресу 0x00000010.Память не может быть writtenНа каком этапе загрузки выскакивает это сообщение ?
К вашему ответу приложите свежий Combofix лог.
Все уже приложил. Выскакивает на этапе загрузки во время окна приветствия.
Кроме того система не опознает USB контроллер, т.е. прсутствуют оба (1.1 и 2.0) без концентраторов и с желтымы ! знаками.Пробовал удалять устройства и заново устанавливать, все решилось сохранением необходимых параметров и переустановкой системы на отформатированный диск. Ерунда все советы. Логи я и сам могу посмотреть и запущенные процессы.
Тема закрыта.💡 Если вы ищете волшебников, которые могут решить все ваши проблемы, то обратились не по адресу.
ЗВОНИТЕ в MICROSOFT или другую компанию и платите деньги.Логи я и сам могу посмотреть и запущенные процессы.
Смотреть, не значит видеть 😆
И ещё, нужно быть благодарным людям, кто нашли время рассмотреть вашу проблему ❗
- Для ответа в этой теме необходимо авторизоваться.
