[Gumixa]

Да нет, вроде не появлялся больше! а скачать по ссылке так и не смог! занято постоянно,блин! пытаться дальше?

[Gumixa]

Я не могу скачать по вашей ссылке, подскажите может другая есть? у меня выход в сеть через локалку с одним айпишником, следовательно, там постоянно занять! :-(((((((((((((

[Gumixa]

Знаете, еще хочу добавить, что постоянно (раз в неделю) провожу сканирование с помощью NODа, spy-ware, и утилита Зайцева! вот спайвар постоянно находит то 5 то 8 подозрительных файлов! вроде удаляю их там же, но потом вижу всплывающие окна от NODа, о том, что то червь, то вирус!что с моим компом происходит не пойму! Может я не правильно сканирую компьютер?

[Gumixa]

HKUS-1-5-21-2052111302-1614895754-682003330-1003SoftwareSecuROM!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 15.02.2009 16:35 0 bytes Key name contains embedded nulls (*)
HKUS-1-5-21-2052111302-1614895754-682003330-1003SoftwareSecuROMLicense information* 26.03.2009 4:07 0 bytes Key name contains embedded nulls (*)
HKLMSECURITYPolicySecretsSAC* 05.02.2009 20:41 0 bytes Key name contains embedded nulls (*)
HKLMSECURITYPolicySecretsSAI* 05.02.2009 20:41 0 bytes Key name contains embedded nulls (*)
HKLMSOFTWAREESETESET SecurityCurrentVersionSchedulerTimestamp 26.04.2009 23:16 4 bytes Data mismatch between Windows API and raw hive data.
HKLMSOFTWAREESETESET SecurityCurrentVersionScheduler100LastExec 26.04.2009 22:29 4 bytes Data mismatch between Windows API and raw hive data.
HKLMSOFTWAREMicrosoftCryptographyRNGSeed 26.04.2009 23:28 80 bytes Data mismatch between Windows API and raw hive data.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerMyComputerNameSpaceDelegateFolders{E211B736-43FD-11D1-9EFB-0000F8757FCD} 20.04.2009 0:31 19 bytes Data mismatch between Windows API and raw hive data.
HKLMSYSTEMControlSet001ServicessptdCfg 15.02.2009 15:45 0 bytes Access is denied.

[Gumixa]

Спасибо за помощь! Намного лучше сейчас, но ощущение что вирусня есть не пропадает! Но это наверное уже из области психологии! В любом случае, спасибо, помогли! Очень рад, что мне как чайнику, кто-то может адекватно помочь!

[Gumixa]

ComboFix 09-04-15.08 — Михаил 18.04.2009 22:29.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.592 [GMT 7:00]
Running from: c:documents and settingsМихаилРабочий столComboFix.exe
Command switches used :: c:documents and settingsМихаилРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *disabled*
FW: Outpost Firewall Pro *enabled*
* Created a new restore point
* Resident AV is active

FILE ::
c:windowssystem32ugpernuw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_ZFLNP

---

Service_zflnp

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-12 15:26 . 2009-04-12 15:26

---

d

---

w c:windows85EBB28365AF4C539EBE7C0A232762F7.TMP
2009-04-11 18:46 . 1998-10-29 09:45 306688 —-a-w c:windowsIsUninst.exe
2009-04-11 16:44 . 2009-04-11 16:44

---

d—h—w c:windows$hf_mig$
2009-04-11 16:10 . 2009-04-11 16:10

---

d-s—w c:documents and settingsМихаилUserData
2009-04-11 16:10 . 2009-04-11 16:10

---

d-s—w c:documents and settingsМихаилUserData
2009-04-11 15:48 . 2009-04-11 15:49

---

d

---

w C:rsit
2009-04-11 15:28 . 2009-04-18 15:44

---

d

---

w c:documents and settingsМихаилApplication DataSkype
2009-04-11 15:24 . 2009-04-11 15:24

---

d

---

w c:documents and settingsLocalServiceLocal SettingsApplication DataGoogle
2009-04-11 15:24 . 2009-04-11 15:30

---

d

---

w c:documents and settingsМихаилLocal SettingsApplication DataGoogle
2009-04-04 18:07 . 2007-11-02 15:33 1891008 —-a-r c:windowsunasetup.exe
2009-04-02 16:39 . 2007-11-02 15:33 1602240 —-a-r c:windowsuncsetup.exe
2009-03-31 17:00 . 2009-03-31 17:00

---

d

---

w c:documents and settingsОльгаLocal SettingsApplication DataMicrosoft Help
2009-03-25 21:06 . 2009-03-25 21:06 1700352 —-a-w c:windowssystem32gdiplus.dll
2009-03-25 21:00 . 2009-03-25 21:01

---

d

---

w c:windowssystem32driversumdf
2009-03-25 20:55 . 2009-03-25 20:55

---

d

---

w c:windowssystem32xlive
2009-03-24 04:46 . 2009-03-24 04:46

---

d

---

w c:documents and settingsОльгаApplication DataLavasoft
2009-03-22 14:03 . 2009-03-22 14:03 208 —-a-w c:windowsUpdateClientUI.INI
2009-03-20 07:31 . 2009-03-20 07:31

---

d

---

w c:documents and settings??????

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 10:27 . 2009-02-05 14:50

---

d

---

w c:documents and settingsОльгаApplication DataSpyware Terminator
2009-04-15 11:16 . 2009-02-05 13:35

---

d

---

w c:documents and settingsМихаилApplication DataSpyware Terminator
2009-04-13 14:15 . 2009-02-05 13:35

---

d

---

w c:program filesSpyware Terminator
2009-04-12 16:32 . 2009-02-05 13:01

---

d—h—w c:program filesInstallShield Installation Information
2009-04-12 15:26 . 2009-02-21 17:09

---

d

---

w c:program filesCommon FilesWise Installation Wizard
2009-04-12 06:15 . 2009-02-05 13:35

---

d

---

w c:documents and settingsAll UsersApplication DataSpyware Terminator
2009-04-11 16:46 . 2009-04-11 15:19

---

d

---

w c:program filesGoogle
2009-04-11 15:49 . 2009-04-11 15:48

---

d

---

w c:program filestrend micro
2009-04-11 15:33 . 2009-04-11 15:33

---

d

---

w c:program filesSkype
2009-04-11 15:33 . 2009-04-11 15:33

---

d

---

w c:program filesCommon FilesSkype
2009-04-11 15:32 . 2009-03-05 05:38

---

d

---

w c:documents and settingsAll UsersApplication DataSkype
2009-04-11 10:18 . 2009-02-25 13:30

---

d

---

w c:documents and settingsМихаилApplication DataskypePM
2009-03-28 20:01 . 2008-04-15 12:00 78770 —-a-w c:windowssystem32perfc019.dat
2009-03-28 20:01 . 2008-04-15 12:00 472114 —-a-w c:windowssystem32perfh019.dat
2009-03-25 21:25 . 2009-02-05 13:18 937864 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-03-25 20:55 . 2009-03-25 20:55

---

d

---

w c:program filesMicrosoft Games for Windows — LIVE
2009-03-22 13:57 . 2009-02-21 08:10

---

d

---

w c:program files2gis
2009-03-20 07:57 . 2009-03-20 07:56

---

d

---

w c:program filesPunto Switcher
2009-03-20 07:56 . 2009-02-05 13:20

---

d

---

w c:documents and settingsМихаилApplication DataYandex
2009-03-20 07:31 . 2009-03-05 03:43

---

d

---

w c:documents and settingsМихаилApplication DataNokia
2009-03-18 18:41 . 2009-02-05 16:59

---

d

---

w c:program filesQIP Infium
2009-03-18 04:00 . 2009-03-11 17:15

---

d

---

w c:documents and settingsОльгаApplication DataSkype
2009-03-16 17:11 . 2009-03-16 17:01

---

d

---

w c:documents and settingsМихаилApplication DataThinstall
2009-03-14 15:09 . 2009-03-14 15:09 2911848 —-a-w c:windowssystem32driversappdrv01.sys
2009-03-14 15:09 . 2009-03-14 15:09 304528 —-a-w c:windowssystem32appdrvrem01.exe
2009-03-14 15:03 . 2009-03-14 15:03

---

d

---

w c:documents and settingsAll UsersApplication DataTest Drive Unlimited
2009-03-13 06:24 . 2009-03-13 06:24

---

d

---

w c:documents and settingsОльгаApplication DataGrym
2009-03-11 17:26 . 2009-02-05 13:28

---

d

---

w c:program filesTotal Commander
2009-03-07 12:24 . 2009-03-07 12:24 60416 —-a-w c:windowsALCFDRTM.EXE
2009-03-05 09:16 . 2009-03-05 09:16

---

d

---

w c:documents and settingsОльгаApplication DataPC Suite
2009-03-05 05:27 . 2009-02-07 10:37

---

d

---

w c:program filesMicrosoft ActiveSync
2009-03-05 05:08 . 2009-03-05 05:08 0 —ha-w c:windowssystem32driversMsft_Kernel_ccdcmb_01007.Wdf
2009-03-05 05:08 . 2009-03-05 05:08 0 —ha-w c:windowssystem32driversMsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-05 05:02 . 2009-03-05 05:02

---

d

---

w c:program filesCommon FilesPCSuite
2009-03-05 05:01 . 2009-03-05 05:00

---

d

---

w c:program filesCommon FilesNokia
2009-03-05 05:01 . 2009-03-05 04:57

---

d

---

w c:program filesNokia
2009-03-05 04:59 . 2009-03-05 04:59

---

d

---

w c:program filesPC Connectivity Solution
2009-03-05 04:56 . 2009-03-05 03:37

---

d

---

w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-05 04:51 . 2009-03-05 04:51

---

d

---

w c:documents and settingsAll UsersApplication DataInstallations
2009-03-05 03:57 . 2009-03-05 03:57

---

d

---

w c:documents and settingsМихаилApplication DataDatalayer
2009-03-05 03:56 . 2009-03-05 03:40

---

d

---

w c:documents and settingsМихаилApplication DataPC Suite
2009-03-05 03:43 . 2009-03-05 03:43

---

d

---

w c:documents and settingsAll UsersApplication DataPC Suite
2009-03-05 03:40 . 2009-03-05 03:40

---

d

---

w c:program filesDIFX
2009-03-04 08:10 . 2009-03-04 08:10

---

d

---

w c:documents and settingsОльгаApplication DataDivX
2009-02-26 16:45 . 2009-02-26 16:45

---

d

---

w c:program filesCommon FilesPAC207
2009-02-26 16:45 . 2009-02-26 16:45

---

d

---

w c:program filesTrust
2009-02-26 16:29 . 2009-02-26 16:29

---

d

---

w c:documents and settingsМихаилApplication DataArcSoft
2009-02-23 07:06 . 2009-02-05 14:50 68456 —-a-w c:documents and settingsОльгаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-02-22 20:34 . 2009-02-22 20:34

---

d

---

w c:documents and settingsМихаилApplication Dataubi.com
2009-02-21 17:57 . 2009-02-05 13:22 68456 —-a-w c:documents and settingsМихаилLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-02-21 17:52 . 2009-02-10 05:00

---

d

---

w c:program filesCommon FilesAdobe
2009-02-21 17:46 . 2009-02-21 12:53

---

d

---

w c:program files1C
2009-02-21 17:12 . 2009-02-21 17:10

---

d

---

w c:program filesAGEIA Technologies
2009-02-21 15:37 . 2009-02-15 09:35 107888 —-a-w c:windowssystem32CmdLineExt.dll
2009-02-21 15:18 . 2009-02-21 15:18 22328 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-02-21 15:18 . 2009-02-21 15:18 22328 —-a-w c:documents and settingsМихаилApplication DataPnkBstrK.sys
2009-02-21 15:17 . 2009-02-21 15:17 107832 —-a-w c:windowssystem32PnkBstrB.exe
2009-02-21 15:16 . 2009-02-21 15:16 66872 —-a-w c:windowssystem32PnkBstrA.exe
2009-02-21 15:16 . 2009-02-21 15:16 2250024 —-a-w c:windowssystem32pbsvc.exe
2009-02-21 08:21 . 2009-02-21 08:10

---

d

---

w c:documents and settingsAll UsersApplication Data2GIS
2009-02-21 08:16 . 2009-02-21 08:16

---

d

---

w c:documents and settingsМихаилApplication DataGrym
2009-02-20 16:52 . 2009-02-20 16:52 138752 —-a-w c:windowssystem32driverssp_rsdrv2.sys
2009-02-05 13:34 . 2009-02-05 12:51 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-05 12:49 . 2009-02-05 12:49 22564 —-a-w c:windowssystem32emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_12.42.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-18 15:40 . 2005-10-20 13:02 163328 c:windowsERDNTsubsERDNT.EXE
— 2009-04-15 12:39 . 2005-10-20 13:02 163328 c:windowsERDNTsubsERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-09-20 202024]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2006-12-11 25343016]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-01 61440]
«Outpost Firewall»=»c:program filesAgnitumOutpost Firewalloutpost.exe» [2005-11-25 91648]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewallfeedback.exe» [2005-11-25 315460]
«SpywareTerminator»=»c:progra~1SPYWAR~1SpywareTerminatorShield.exe» [2009-02-05 2834432]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-09-20 1836328]
«HNMonitor»=»c:program filesHomeNetMonitorMonitor.exe» [2008-06-23 335872]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2007-11-14 1410304]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«Monitor»=»c:windowsPixArtPAC207Monitor.exe» [2006-11-03 319488]
«SoundMan»=»SOUNDMAN.EXE» — c:windowssoundman.exe [2007-04-16 577536]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]

c:documents and settingsЊЁе Ё«ѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
‚л१Є  нЄа ­  Ё Їа®Ја ¬¬  § ЇгбЄ  ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKLM~startupfolderC:^Documents and Settings^Михаил^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=c:documents and settingsМихаилГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=c:windowspssTotal Commander.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnTrayFw]
2005-04-29 12:22 266240 —-a-w c:program filesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
2007-11-06 13:48 468744 —-a-w c:program filesCommon FilesYandexYupdateyupdate.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\HomeNet\Monitor\Monitor.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8814:TCP»= 8814:TCP:zefptfzp

R1 VFILT;Outpost Firewall Kernel Driver; [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01); [x]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:program filesAgnitumOutpost FirewallkernelADBLOCK.DLL [2005-11-25 33568]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:program filesAgnitumOutpost FirewallkernelARP.DLL [2005-11-25 17440]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:program filesAgnitumOutpost FirewallkernelCONTENT.DLL [2005-11-25 4864]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:program filesAgnitumOutpost FirewallkernelDNSCACHE.DLL [2005-11-25 14176]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelFTPFILT.DLL [2005-11-25 8992]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTMLFILT.DLL [2005-11-25 11552]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelHTTPFILT.DLL [2005-11-25 13248]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelIMAPFILT.DLL [2005-11-25 7200]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:program filesAgnitumOutpost FirewallkernelMAILFILT.DLL [2005-11-25 14912]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:program filesAgnitumOutpost FirewallkernelNNTPFILT.DLL [2005-11-25 6752]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:program filesAgnitumOutpost FirewallkernelPOP3FILT.DLL [2005-11-25 9984]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:program filesAgnitumOutpost FirewallkernelPROTECT.DLL [2005-11-25 16928]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:program filesAgnitumOutpost FirewallkernelSECRET.DLL [2005-11-25 9664]
S1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2009-03-14 2911848]
S1 epfwtdir;epfwtdir;c:windowssystem32DRIVERSepfwtdir.sys [2007-11-14 30728]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowssystem32driverssp_rsdrv2.sys [2009-02-20 138752]
S2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
S2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2007-11-14 455936]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-10-16 7680]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:windowssystem32DRIVERSipgdnd51.sys [2005-01-28 33536]
S3 PAC207;Trust WB-1400T Webcam;c:windowssystem32DRIVERSPFC027.SYS [2007-05-14 508288]

.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: %SYSTEMROOT%system32nvappfilter.dll
TCP: {F4CBC39B-090C-4CD7-83C0-A4E288139F91} = 217.117.80.1
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 22:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-2052111302-1614895754-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(720)
c:windowssystem32Ati2evxx.dll

— — — — — — — > ‘lsass.exe'(776)
c:windowssystem32nvappfilter.dll

— — — — — — — > ‘explorer.exe'(3976)
c:program filesPunto Switcherpshook.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:program filesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
c:program filesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32PnkBstrB.exe
c:progra~1SPYWAR~1sp_rsser.exe
c:program filesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe
c:program filesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe
c:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-18 22:56 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 15:56
ComboFix2.txt 2009-04-15 12:44

Pre-Run: 33 098 854 400 байт свободно
Post-Run: 33 131 311 104 байт свободно

256

[Gumixa]

Посылаю Вам отчет!
Михаил

[Gumixa]

Info:info.txt logfile of random’s system information tool 1.06 2009-04-11 22:49:05

======Uninstall list======

—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware SE Professional—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Agnitum Outpost Firewall Pro—>C:Program FilesAgnitumOutpost Firewalluninst.exe
Application Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4CBBEFD0-B00F-41B7-987E-D785B4844CF0}Setup.exe» -l0x19
Application Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6BC06432-364C-46A1-BC6D-32526BB2B50C}Setup.exe» -l0x19
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Catalyst Control Center — Branding—>MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE}
Eset-NOD32: Fix Dasumo v3 until 2029—>C:Program FilesESETuninstall.exe
FlylinkDC++ r(370)—>»C:Program FilesFlylinkDC++unins000.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HomeNet Monitor (remove only)—>C:Program FilesHomeNetMonitorUninstall.exe
K-Lite Codec Pack 4.1.0 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
Lock On: Современная боевая авиация—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}setup.exe» -l0x9
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook 2007 Trial—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007—>MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8—>MsiExec.exe /X{81C6BFED-691E-402A-95DA-F6DE1A351049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver—>MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}Nokia_PC_Suite_7_1_18_0_rus_web.exe
Nokia PC Suite—>MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers—>C:WINDOWSsystem32NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Opera 9.25—>MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
PC Connectivity Solution—>MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
Realtek AC’97 Audio—>Alcrmv.exe -r -m
Skype 3.0—>»C:Program FilesSkypePhoneunins000.exe»
Skype Plugin Manager—>MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spyware Terminator—>»C:Program FilesSpyware Terminatorunins000.exe»
Trust WB-1400T Webcam—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{30837A37-8F9F-4817-8B52-C501B67DC3BE} /l1033
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Новосибирск 01.03.2009—>MsiExec.exe /X{C5A6E8D4-4CB7-4712-A636-97F173475BF2}
ДубльГИС 3.0.4.2—>MsiExec.exe /X{EBF56A8E-3483-4704-98B8-7685891F8EA7}
Пакет драйверов Windows — Nokia Modem (10/27/2008 3.9)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870nokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (10/27/2008 7.01.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}
Черная Акула—>»C:Program Files1CEagle DynamicsKa-50uninstall.exe»

======Security center information======

AV: ESET NOD32 Antivirus 3.0
FW: Outpost Firewall Pro
FW: NVIDIA Firewall (disabled)

======System event log======

Computer Name: VAH-33ED7D1AF99
Event Code: 7035
Message: Служба «Сетевые подключения» успешно отправила управляющий элемент «запустить».

Record Number: 7470
Source Name: Service Control Manager
Time Written: 20090329011230.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: VAH-33ED7D1AF99
Event Code: 7036
Message: Служба «Определение оборудования оболочки» перешла в состояние Работает.

Record Number: 7469
Source Name: Service Control Manager
Time Written: 20090329011229.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 7035
Message: Служба «Определение оборудования оболочки» успешно отправила управляющий элемент «запустить».

Record Number: 7468
Source Name: Service Control Manager
Time Written: 20090329011229.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: VAH-33ED7D1AF99
Event Code: 7036
Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.

Record Number: 7467
Source Name: Service Control Manager
Time Written: 20090329011223.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

Record Number: 7466
Source Name: Service Control Manager
Time Written: 20090329011223.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEM

=====Application event log=====

Computer Name: VAH-33ED7D1AF99
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 444
Source Name: SecurityCenter
Time Written: 20090207125041.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 0
Message:
Record Number: 443
Source Name: ForceWare Intelligent Application Manager (IAM)
Time Written: 20090207125039.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 0
Message:
Record Number: 442
Source Name: Nero BackItUp Scheduler 3
Time Written: 20090207125027.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 105
Message: The service was started.

Record Number: 441
Source Name: ATI Smart
Time Written: 20090207125023.000000+360
Event Type: информация
User:

Computer Name: VAH-33ED7D1AF99
Event Code: 1517
Message: Реестр пользователя VAH-33ED7D1AF99Михаил был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.

Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 440
Source Name: Userenv
Time Written: 20090207124929.000000+360
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=2f02
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Автор]

Сообщения