Созданные ответы форума
-
Сообщения
-
File.txt
Том в устройстве C не имеет метки.
Серийный номер тома: 7880-FD44Содержимое папки C:WINDOWSsystem32
17.09.2004 15:16 503 808 winlogon.exe
1 файлов 503 808 байтLOG.txt
ComboFix 09-05-08.03 — Айк 10.05.2009 14:16.8 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.283 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
Command switches used :: c:documents and settingsАйкРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowsIE4 Error Log.txt
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.2009-05-07 09:17 . 2009-05-10 10:21 5477 —-a-w c:windowssystem32driversoluenh.sys
2009-05-05 22:00 . 2009-05-05 22:00
d
w c:program filesAlwil Software
2009-04-29 07:51 . 2009-04-29 07:51
d
w c:program filesElectronic Arts
2009-04-29 07:34 . 1998-01-23 08:55 333824 —-a-w c:windowsIsUn0419.exe
2009-04-29 07:21 . 2009-04-29 07:21
d
w c:windowsUSB Vibration
2009-04-29 07:21 . 2009-04-29 07:21
d
w c:program filesUSB Vibration Joystick
2009-04-29 07:18 . 2001-08-17 18:02 9600 -c—a-w c:windowssystem32dllcachehidusb.sys
2009-04-29 07:18 . 2001-08-17 18:02 9600 —-a-w c:windowssystem32drivershidusb.sys
2009-04-27 08:15 . 2009-04-27 09:43
d
w c:program filesDownload Master
2009-04-27 08:08 . 2009-05-06 08:02
d
w C:Downloads
2009-04-27 07:59 . 2009-05-10 10:19
d
w c:program filesFlashGet
2009-04-24 19:21 . 2009-04-24 20:34
d
w C:RootkitRevealer
2009-04-19 07:36 . 2009-04-19 07:49
d
w C:Отчет.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 07:21 . 2009-02-18 17:57
d—h—w c:program filesInstallShield Installation Information
2009-04-29 07:21 . 2009-02-18 17:56
d
w c:program filesCommon FilesInstallShield
2009-04-09 09:29 . 2009-04-09 09:29
d
w c:program filesOpera
2009-03-31 07:36 . 2009-02-26 11:53
d
w c:program filestrend micro
2009-03-31 07:30 . 2009-03-31 07:30 3218 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-03-31 07:30 . 2001-10-20 11:00 70658 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:30 . 2001-10-20 11:00 433468 —-a-w c:windowssystem32perfh019.dat
2009-03-24 16:00 . 2009-03-24 15:57
d
w c:program filesNokia
2009-03-24 15:58 . 2009-03-24 15:58
d
w c:program filesDIFX
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesNokia
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesPCSuite
2009-03-21 15:35 . 2009-03-17 17:02
d
w c:program filesBararan Program
2009-03-21 10:15 . 2009-03-21 10:15
d
w c:program filesGames.Mail.Ru
2009-03-02 17:47 . 2009-03-02 12:39 10 —-a-w c:windowspopcinfo.dat
2009-02-17 19:24 . 2009-02-17 17:21 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-17 17:21 . 2001-10-20 11:00 67 —sha-w c:windowsFontsdesktop.ini
2009-02-17 17:15 . 2009-02-17 17:15 22564 —-a-w c:windowssystem32emptyregdb.dat
2005-04-19 15:25 . 2009-04-09 09:29 53323 —-a-w c:program filesoperaprogrampluginsPlugDef.dll
.
Sigcheck
[-] 2004-09-17 11:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_22.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 07:21 . 2006-01-20 05:56 30720 c:windowsUSB Vibration7906setreg64.exe
+ 2009-04-29 07:21 . 2006-01-20 05:06 86016 c:windowsUSB Vibration7906FCVAP32.dll
+ 2009-04-29 07:21 . 2006-01-20 04:48 65536 c:windowsUSB Vibration7906EZFRD32.dll
+ 2009-02-17 17:14 . 2001-10-20 11:00 19429 c:windowssystem32MsDtcTracemsdtcvtr.bat
+ 2009-04-29 07:21 . 2006-01-20 07:59 108032 c:windowsUSB Vibration7906FCVAP64.dll
+ 2009-04-29 07:21 . 2006-01-20 05:16 112640 c:windowsUSB Vibration7906EZFRD64.dll
+ 2009-02-17 20:02 . 2009-05-08 07:13 754160 c:windowssystem32FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\Common Files\Autodesk Shared\acstart17.exe»=
«c:\Downloads\Программы\NOR\555\333\launch.exe»=
«c:\Program Files\Download Master\dmaster.exe»=
«d:\ЛИЛИТ&АСМИК_xary\ИГРЫ\SuperJazz\Data\Jazz2.exe»=
«c:\WINDOWS\system32\WISPTIS.EXE»=
«d:\ЛИЛИТ&АСМИК_xary\Виртуальные уроки\ЧАСТЬ 1\start.exe»=
«c:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe»=R4 NdisFileServices32;NdisFileServices32;c:windowssystem32driversoluenh.sys [07.05.2009 13:17 5477]
S3 abp470n5;abp470n5;??c:windowssystem32driversptgpr.sys —> c:windowssystem32driversptgpr.sys [?]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать все при помощи FlashGet — c:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Закачать при помощи FlashGet — c:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 14:21
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3552)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE
c:program filesCommon FilesAheadLibNMBgMonitor.exe
c:program filesNokiaNokia PC Suite 6PcSync2.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-05-10 14:24 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-10 10:24
ComboFix2.txt 2009-05-07 09:20
ComboFix3.txt 2009-04-19 08:47
ComboFix4.txt 2009-04-19 07:48
ComboFix5.txt 2009-05-10 10:15Pre-Run: 10 153 349 120 байт свободно
Post-Run: 10 121 052 160 байт свободно165
Здравствуйте Valeri. Сделал все по вашему указанию. Но проверить компьютер с помощью virusscanner опять не удается, http://www.kaspersky.ru/virusscanner ссылка просто не открывается.
Отправляю результат ComboFix.exeComboFix 09-05-06.05 — Айк 07.05.2009 13:12.7 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.289 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
Command switches used :: c:documents and settingsАйкРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32driversoluenh.sys
c:windowssystem32driversptgpr.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowsIE4 Error Log.txt
c:windowssystem32driversoluenh.sys
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ABP470N5
Legacy_NDISFILESERVICES32
Service_abp470n5
Service_NdisFileServices32((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.2009-05-07 09:17 . 2009-05-07 09:18 5477 —-a-w c:windowssystem32driversoluenh.sys
2009-05-05 22:00 . 2009-05-05 22:00
d
w c:program filesAlwil Software
2009-04-29 07:51 . 2009-04-29 07:51
d
w c:program filesElectronic Arts
2009-04-29 07:34 . 1998-01-23 08:55 333824 —-a-w c:windowsIsUn0419.exe
2009-04-29 07:21 . 2009-04-29 07:21
d
w c:windowsUSB Vibration
2009-04-29 07:21 . 2009-04-29 07:21
d
w c:program filesUSB Vibration Joystick
2009-04-29 07:18 . 2001-08-17 18:02 9600 -c—a-w c:windowssystem32dllcachehidusb.sys
2009-04-29 07:18 . 2001-08-17 18:02 9600 —-a-w c:windowssystem32drivershidusb.sys
2009-04-27 08:15 . 2009-04-27 09:43
d
w c:program filesDownload Master
2009-04-27 08:08 . 2009-05-06 08:02
d
w C:Downloads
2009-04-27 07:59 . 2009-05-07 09:15
d
w c:program filesFlashGet
2009-04-24 19:21 . 2009-04-24 20:34
d
w C:RootkitRevealer
2009-04-19 07:36 . 2009-04-19 07:49
d
w C:Отчет
2009-04-09 09:29 . 2009-04-09 09:29
d
w c:program filesOpera.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 07:21 . 2009-02-18 17:57
d—h—w c:program filesInstallShield Installation Information
2009-04-29 07:21 . 2009-02-18 17:56
d
w c:program filesCommon FilesInstallShield
2009-03-31 07:36 . 2009-02-26 11:53
d
w c:program filestrend micro
2009-03-31 07:30 . 2009-03-31 07:30 3218 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-03-31 07:30 . 2001-10-20 11:00 70658 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:30 . 2001-10-20 11:00 433468 —-a-w c:windowssystem32perfh019.dat
2009-03-24 16:00 . 2009-03-24 15:57
d
w c:program filesNokia
2009-03-24 15:58 . 2009-03-24 15:58
d
w c:program filesDIFX
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesNokia
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesPCSuite
2009-03-21 15:35 . 2009-03-17 17:02
d
w c:program filesBararan Program
2009-03-21 10:15 . 2009-03-21 10:15
d
w c:program filesGames.Mail.Ru
2009-03-02 17:47 . 2009-03-02 12:39 10 —-a-w c:windowspopcinfo.dat
2009-02-17 19:24 . 2009-02-17 17:21 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-17 17:21 . 2001-10-20 11:00 67 —sha-w c:windowsFontsdesktop.ini
2009-02-17 17:15 . 2009-02-17 17:15 22564 —-a-w c:windowssystem32emptyregdb.dat
2005-04-19 15:25 . 2009-04-09 09:29 53323 —-a-w c:program filesoperaprogrampluginsPlugDef.dll
.
Sigcheck
[-] 2004-09-17 11:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_22.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 07:21 . 2006-01-20 05:56 30720 c:windowsUSB Vibration7906setreg64.exe
+ 2009-04-29 07:21 . 2006-01-20 05:06 86016 c:windowsUSB Vibration7906FCVAP32.dll
+ 2009-04-29 07:21 . 2006-01-20 04:48 65536 c:windowsUSB Vibration7906EZFRD32.dll
+ 2009-05-07 09:18 . 2009-05-07 09:18 16384 c:windowstempPerflib_Perfdata_5f8.dat
+ 2009-02-17 17:14 . 2001-10-20 11:00 19429 c:windowssystem32MsDtcTracemsdtcvtr.bat
+ 2009-04-29 07:21 . 2006-01-20 07:59 108032 c:windowsUSB Vibration7906FCVAP64.dll
+ 2009-04-29 07:21 . 2006-01-20 05:16 112640 c:windowsUSB Vibration7906EZFRD64.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\Common Files\Autodesk Shared\acstart17.exe»=
«c:\Downloads\Программы\NOR\555\333\launch.exe»=
«c:\Program Files\Download Master\dmaster.exe»=
«d:\ЛИЛИТ&АСМИК_xary\ИГРЫ\SuperJazz\Data\Jazz2.exe»=
«c:\WINDOWS\system32\WISPTIS.EXE»=— Other Services/Drivers In Memory —
*NewlyCreated* — NDISFILESERVICES32
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1c6c3d25-355c-11de-b684-b2d8fc2ca8b7}]
ShellAUtoPlaycOmmand — F:jpxgr.exe
ShellAutoRuncommand — F:jpxgr.exe
ShelleXPlorecOmMaND — F:jpxgr.exe
ShellOpeNcommanD — F:jpxgr.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{70b23c2a-18ba-11de-b64f-a7d04e3391b7}]
ShellAUtoPlaycOmmand — F:jpxgr.exe
ShellAutoRuncommand — F:jpxgr.exe
ShelleXPlorecOmMaND — F:jpxgr.exe
ShellOpeNcommanD — F:jpxgr.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{897f4a06-03e6-11de-b61a-c60ebc8a56be}]
sHellAuTOplAyCoMmAnd — F:dgsya.pif
sHellAutoRuncommand — F:dgsya.pif
sHellEXplOreCOmmand — F:dgsya.pif
sHellOPencommAND — F:dgsya.pif
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать все при помощи FlashGet — c:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Закачать при помощи FlashGet — c:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 13:17
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(1584)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE
c:program filesCommon FilesAheadLibNMBgMonitor.exe
c:program filesNokiaNokia PC Suite 6PcSync2.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-05-07 13:20 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 09:20
ComboFix2.txt 2009-04-19 08:47
ComboFix3.txt 2009-04-19 07:48
ComboFix4.txt 2009-04-18 22:35
ComboFix5.txt 2009-05-07 09:11Pre-Run: 11 007 315 968 байт свободно
Post-Run: 11 060 277 248 байт свободно189
Нет Valeri, опять не получается скачать из указанного места. Попробовал скачать эту программу (Kasperky Virus Removal Tool), из других сайтов но тоже не получается. Что делать?
Valeri опять не получается.
Скачал drweb-cureit.exe (13,1 Mb)и стал запускать программу но она начинает распаковаться с помощью WinRAR и выдает ошибку, что архив поврежден, файл поврежден. Но несмотря на это setup.exe появляется. И когда я запускаю setup, программа открывается, но появляется окошко с надписью — Cannot load engine, и когда нажимаю на OK, программа закрывается. Пробовал скачать программу 2 раза, но результат один тот же.
В чем проблема? Что делать?RootkitRevealer лог
HKU.DEFAULTControl PanelInternational 09.04.2009 13:08 0 bytes Security mismatch.
HKU.DEFAULTControl PanelInternationalGeo 09.04.2009 13:08 0 bytes Security mismatch.
HKUS-1-5-21-1482476501-1336601894-1801674531-1003Control PanelInternational 09.04.2009 13:08 0 bytes Security mismatch.
HKUS-1-5-21-1482476501-1336601894-1801674531-1003Control PanelInternationalGeo 09.04.2009 13:08 0 bytes Security mismatch.
HKUS-1-5-18Control PanelInternational 09.04.2009 13:08 0 bytes Security mismatch.
HKUS-1-5-18Control PanelInternationalGeo 09.04.2009 13:08 0 bytes Security mismatch.
HKLMSECURITYPolicySecretsSAC* 17.02.2009 21:39 0 bytes Key name contains embedded nulls (*)
HKLMSECURITYPolicySecretsSAI* 17.02.2009 21:39 0 bytes Key name contains embedded nulls (*)
HKLMSOFTWAREMicrosoftCryptographyRNGSeed 25.04.2009 0:34 80 bytes Data mismatch between Windows API and raw hive data.Ссылка http://www.kaspersky.ru/virusscanner не открывается.
Попробовал открыть http://www.kaspersky.ru но тоже не открывается.
В чем причина?Здравствуйте Valeri. Да вы правы, рано еще праздновать победу.
😥 Вот результат первой проверки ComboFix.exeComboFix 09-04-19.01 — Айк 19.04.2009 2:26.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.265 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
Command switches used :: c:documents and settingsАйкРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32driversoluenh.sys
c:windowssystem32driversptgpr.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32driversoluenh.sys
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ABP470N5
Legacy_NDISFILESERVICES32
Service_abp470n5
Service_NdisFileServices32((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.2009-04-18 22:32 . 2009-04-18 22:32 5477 —-a-w c:windowssystem32driversoluenh.sys
2009-03-31 11:08 . 2001-10-19 17:06 5632 —-a-w c:windowssystem32ptpusb.dll
2009-03-31 11:08 . 2004-08-17 12:04 159232 —-a-w c:windowssystem32ptpusd.dll
2009-03-31 11:08 . 2004-08-03 18:58 15104 -c—a-w c:windowssystem32dllcacheusbscan.sys
2009-03-31 11:08 . 2004-08-03 18:58 15104 —-a-w c:windowssystem32driversusbscan.sys
2009-03-31 07:30 . 2009-03-31 07:30 3218 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-03-24 16:08 . 2009-03-24 16:08
d
w c:documents and settingsАйкApplication DataNokia
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 15:59 . 2009-03-24 16:00
d
w c:windowsDownloaded Installations
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsАйкApplication DataPC Suite
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcm.sys
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcj.sys
2009-03-24 15:57 . 2006-05-29 05:26 8704 —-a-w c:windowssystem32driversnmwcdc.sys
2009-03-24 15:57 . 2009-03-24 15:58
dc—-w c:windowssystem32DRVSTORE
2009-03-24 15:57 . 2006-05-29 05:26 127488 —-a-w c:windowssystem32driversnmwcd.sys
2009-03-24 15:57 . 2006-05-29 05:26 50688 —-a-w c:windowssystem32nmwcdcls.dll
2009-03-24 15:57 . 2006-05-29 05:26 30720 —-a-w c:windowssystem32nmwcdcocls.dll
2009-03-24 15:57 . 2006-05-29 05:26 4608 —-a-w c:windowssystem32nmwcdlog.dll
2009-03-24 15:57 . 2009-03-24 15:57
d
w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-21 10:17 . 2009-03-21 10:19
d
w c:documents and settingsАйкApplication DataLuntik
2009-03-21 10:16 . 2009-03-24 18:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 09:29 . 2009-04-09 09:29
d
w c:program filesOpera
2009-03-31 07:36 . 2009-02-26 11:53
d
w c:program filestrend micro
2009-03-31 07:35 . 2009-03-31 07:35 3020 —-a-w C:avenger.txt
2009-03-31 07:30 . 2001-10-20 11:00 70658 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:30 . 2001-10-20 11:00 433468 —-a-w c:windowssystem32perfh019.dat
2009-03-24 16:00 . 2009-03-24 15:57
d
w c:program filesNokia
2009-03-24 15:58 . 2009-03-24 15:58
d
w c:program filesDIFX
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesNokia
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesPCSuite
2009-03-21 15:35 . 2009-03-17 17:02
d
w c:program filesBararan Program
2009-03-21 10:15 . 2009-03-21 10:15
d
w c:program filesGames.Mail.Ru
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-01 12:16 . 2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15 . 2009-02-18 17:49
d
w c:program filesCommon FilesAhead
2009-03-01 12:15 . 2009-03-01 12:15
d
w c:program filesNero
2009-03-01 11:49 . 2009-02-17 18:32
d
w c:program filesAhead
2009-02-27 12:38 . 2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46 . 2009-02-21 13:59
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51 . 2009-02-22 12:46
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47 . 2009-02-18 17:56
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56 . 2009-02-21 16:45
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49 . 2009-02-21 16:45
d
w c:program filesPinnacle
2009-02-21 16:48 . 2009-02-18 17:57
d—h—w c:program filesInstallShield Installation Information
2009-02-19 22:11 . 2009-02-18 18:49 44992 —ha-w C:_NavCClt.Log
2009-02-19 15:24 . 2009-02-19 15:23 1663 —-a-w C:Setup.wis
2009-02-19 15:24 . 2009-02-19 15:23 1246773 —-a-w C:Data1.cab
2009-02-19 15:24 . 2009-02-18 18:49 3678 —-a-w C:PkgClnup.log
2009-02-18 18:44 . 2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43 . 2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58 . 2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57 . 2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21 . 2009-02-18 15:04
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10 . 2009-02-18 15:04
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07 . 2009-02-18 15:04
d
w c:program filesAutoCAD 2007
2009-02-18 15:06 . 2009-02-18 15:00
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06 . 2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00 . 2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 19:24 . 2009-02-17 17:21 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-17 17:15 . 2009-02-17 17:15 22564 —-a-w c:windowssystem32emptyregdb.dat
2005-04-19 15:2009-04-09 09:29 25:30 . c:program filesoperaprogrampluginsPlugDef.dll
.
Sigcheck
[-] 2004-09-17 11:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=— Other Services/Drivers In Memory —
*NewlyCreated* — NDISFILESERVICES32
.
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 02:32
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3784)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE
c:program filesCommon FilesAheadLibNMBgMonitor.exe
c:program filesNokiaNokia PC Suite 6PcSync2.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-04-18 2:35 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 22:35
ComboFix2.txt 2009-04-09 09:08
ComboFix3.txt 2009-04-06 11:46
ComboFix4.txt 2009-04-02 16:35Pre-Run: 12 376 862 720 байт свободно
Post-Run: 12 388 249 600 байт свободно189
Сделал как вы написали, после этого перезагрузил компьютер и оставил включенным на ночь, утром опять перезагрузил и запустил ComboFix.exe. Вот результат
ComboFix 09-04-19.01 — Айк 19.04.2009 11:39.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.331 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.2009-04-19 07:36 . 2009-04-19 07:36
d
w C:Отчет
2009-04-18 22:32 . 2009-04-19 07:45 5477 —-a-w c:windowssystem32driversoluenh.sys
2009-04-18 11:32 . 2009-04-18 11:32
d-sha-r C:autorun.inf
2009-03-31 11:08 . 2001-10-19 17:06 5632 —-a-w c:windowssystem32ptpusb.dll
2009-03-31 11:08 . 2004-08-17 12:04 159232 —-a-w c:windowssystem32ptpusd.dll
2009-03-31 11:08 . 2004-08-03 18:58 15104 -c—a-w c:windowssystem32dllcacheusbscan.sys
2009-03-31 11:08 . 2004-08-03 18:58 15104 —-a-w c:windowssystem32driversusbscan.sys
2009-03-31 07:30 . 2009-03-31 07:30 3218 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-03-24 16:08 . 2009-03-24 16:08
d
w c:documents and settingsАйкApplication DataNokia
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 15:59 . 2009-03-24 16:00
d
w c:windowsDownloaded Installations
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsАйкApplication DataPC Suite
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcm.sys
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcj.sys
2009-03-24 15:57 . 2006-05-29 05:26 8704 —-a-w c:windowssystem32driversnmwcdc.sys
2009-03-24 15:57 . 2009-03-24 15:58
dc—-w c:windowssystem32DRVSTORE
2009-03-24 15:57 . 2006-05-29 05:26 127488 —-a-w c:windowssystem32driversnmwcd.sys
2009-03-24 15:57 . 2006-05-29 05:26 50688 —-a-w c:windowssystem32nmwcdcls.dll
2009-03-24 15:57 . 2006-05-29 05:26 30720 —-a-w c:windowssystem32nmwcdcocls.dll
2009-03-24 15:57 . 2006-05-29 05:26 4608 —-a-w c:windowssystem32nmwcdlog.dll
2009-03-24 15:57 . 2009-03-24 15:57
d
w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-21 10:17 . 2009-03-21 10:19
d
w c:documents and settingsАйкApplication DataLuntik
2009-03-21 10:16 . 2009-03-24 18:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 09:29 . 2009-04-09 09:29
d
w c:program filesOpera
2009-03-31 07:36 . 2009-02-26 11:53
d
w c:program filestrend micro
2009-03-31 07:35 . 2009-03-31 07:35 3020 —-a-w C:avenger.txt
2009-03-31 07:30 . 2001-10-20 11:00 70658 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:30 . 2001-10-20 11:00 433468 —-a-w c:windowssystem32perfh019.dat
2009-03-24 16:00 . 2009-03-24 15:57
d
w c:program filesNokia
2009-03-24 15:58 . 2009-03-24 15:58
d
w c:program filesDIFX
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesNokia
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesPCSuite
2009-03-21 15:35 . 2009-03-17 17:02
d
w c:program filesBararan Program
2009-03-21 10:15 . 2009-03-21 10:15
d
w c:program filesGames.Mail.Ru
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-01 12:16 . 2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15 . 2009-02-18 17:49
d
w c:program filesCommon FilesAhead
2009-03-01 12:15 . 2009-03-01 12:15
d
w c:program filesNero
2009-03-01 11:49 . 2009-02-17 18:32
d
w c:program filesAhead
2009-02-27 12:38 . 2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46 . 2009-02-21 13:59
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51 . 2009-02-22 12:46
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47 . 2009-02-18 17:56
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56 . 2009-02-21 16:45
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49 . 2009-02-21 16:45
d
w c:program filesPinnacle
2009-02-21 16:48 . 2009-02-18 17:57
d—h—w c:program filesInstallShield Installation Information
2009-02-19 22:11 . 2009-02-18 18:49 44992 —ha-w C:_NavCClt.Log
2009-02-19 15:24 . 2009-02-19 15:23 1663 —-a-w C:Setup.wis
2009-02-19 15:24 . 2009-02-19 15:23 1246773 —-a-w C:Data1.cab
2009-02-19 15:24 . 2009-02-18 18:49 3678 —-a-w C:PkgClnup.log
2009-02-18 18:44 . 2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43 . 2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58 . 2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57 . 2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21 . 2009-02-18 15:04
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10 . 2009-02-18 15:04
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07 . 2009-02-18 15:04
d
w c:program filesAutoCAD 2007
2009-02-18 15:06 . 2009-02-18 15:00
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06 . 2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00 . 2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 19:24 . 2009-02-17 17:21 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-17 17:15 . 2009-02-17 17:15 22564 —-a-w c:windowssystem32emptyregdb.dat
2005-04-19 15:2009-04-09 09:29 25:30 . c:program filesoperaprogrampluginsPlugDef.dll
.
Sigcheck
[-] 2004-09-17 11:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1478656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 364544][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=R3 abp470n5;abp470n5; [x]
S2 NdisFileServices32;NdisFileServices32;c:windowssystem32driversoluenh.sys [2009-04-19 5477].
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 11:45
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(1492)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-04-19 11:48 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 07:48
ComboFix2.txt 2009-04-18 22:35
ComboFix3.txt 2009-04-09 09:08
ComboFix4.txt 2009-04-06 11:46
ComboFix5.txt 2009-04-19 07:39Pre-Run: 12 508 913 664 байт свободно
Post-Run: 12 435 763 200 байт свободно180
И для надежности через 5 минут опять перезагрузил компьютер и проверил его с помощью ComboFix.exe еще раз.
Вот результат последней проверки.ComboFix 09-04-19.01 — Айк 19.04.2009 11:52.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.326 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.2009-04-19 07:36 . 2009-04-19 07:49
d
w C:Отчет
2009-04-18 22:32 . 2009-04-19 08:23 5477 —-a-w c:windowssystem32driversoluenh.sys
2009-04-18 11:32 . 2009-04-18 11:32
d-sha-r C:autorun.inf
2009-03-31 11:08 . 2001-10-19 17:06 5632 —-a-w c:windowssystem32ptpusb.dll
2009-03-31 11:08 . 2004-08-17 12:04 159232 —-a-w c:windowssystem32ptpusd.dll
2009-03-31 11:08 . 2004-08-03 18:58 15104 -c—a-w c:windowssystem32dllcacheusbscan.sys
2009-03-31 11:08 . 2004-08-03 18:58 15104 —-a-w c:windowssystem32driversusbscan.sys
2009-03-31 07:30 . 2009-03-31 07:30 3218 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-03-24 16:08 . 2009-03-24 16:08
d
w c:documents and settingsАйкApplication DataNokia
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 16:04 . 2009-03-24 21:26
d
w c:documents and settingsАйкPhone Browser
2009-03-24 15:59 . 2009-03-24 16:00
d
w c:windowsDownloaded Installations
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsАйкApplication DataPC Suite
2009-03-24 15:57 . 2009-03-24 15:58
d
w c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcm.sys
2009-03-24 15:57 . 2006-05-29 05:26 13312 —-a-w c:windowssystem32driversnmwcdcj.sys
2009-03-24 15:57 . 2006-05-29 05:26 8704 —-a-w c:windowssystem32driversnmwcdc.sys
2009-03-24 15:57 . 2009-03-24 15:58
dc—-w c:windowssystem32DRVSTORE
2009-03-24 15:57 . 2006-05-29 05:26 127488 —-a-w c:windowssystem32driversnmwcd.sys
2009-03-24 15:57 . 2006-05-29 05:26 50688 —-a-w c:windowssystem32nmwcdcls.dll
2009-03-24 15:57 . 2006-05-29 05:26 30720 —-a-w c:windowssystem32nmwcdcocls.dll
2009-03-24 15:57 . 2006-05-29 05:26 4608 —-a-w c:windowssystem32nmwcdlog.dll
2009-03-24 15:57 . 2009-03-24 15:57
d
w c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-21 10:17 . 2009-03-21 10:19
d
w c:documents and settingsАйкApplication DataLuntik
2009-03-21 10:16 . 2009-03-24 18:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 09:29 . 2009-04-09 09:29
d
w c:program filesOpera
2009-03-31 07:36 . 2009-02-26 11:53
d
w c:program filestrend micro
2009-03-31 07:35 . 2009-03-31 07:35 3020 —-a-w C:avenger.txt
2009-03-31 07:30 . 2001-10-20 11:00 70658 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:30 . 2001-10-20 11:00 433468 —-a-w c:windowssystem32perfh019.dat
2009-03-24 16:00 . 2009-03-24 15:57
d
w c:program filesNokia
2009-03-24 15:58 . 2009-03-24 15:58
d
w c:program filesDIFX
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesNokia
2009-03-24 15:58 . 2009-03-24 15:57
d
w c:program filesCommon FilesPCSuite
2009-03-21 15:35 . 2009-03-17 17:02
d
w c:program filesBararan Program
2009-03-21 10:15 . 2009-03-21 10:15
d
w c:program filesGames.Mail.Ru
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 18:17 . 2009-02-18 15:10 254208 —-a-w c:documents and settingsАйкLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-01 12:16 . 2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15 . 2009-02-18 17:49
d
w c:program filesCommon FilesAhead
2009-03-01 12:15 . 2009-03-01 12:15
d
w c:program filesNero
2009-03-01 11:49 . 2009-02-17 18:32
d
w c:program filesAhead
2009-02-27 12:38 . 2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46 . 2009-02-21 13:59
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51 . 2009-02-22 12:46
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47 . 2009-02-18 17:56
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56 . 2009-02-21 16:45
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53 . 2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49 . 2009-02-21 16:45
d
w c:program filesPinnacle
2009-02-21 16:48 . 2009-02-18 17:57
d—h—w c:program filesInstallShield Installation Information
2009-02-19 22:11 . 2009-02-18 18:49 44992 —ha-w C:_NavCClt.Log
2009-02-19 15:24 . 2009-02-19 15:23 1663 —-a-w C:Setup.wis
2009-02-19 15:24 . 2009-02-19 15:23 1246773 —-a-w C:Data1.cab
2009-02-19 15:24 . 2009-02-18 18:49 3678 —-a-w C:PkgClnup.log
2009-02-18 18:44 . 2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43 . 2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58 . 2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57 . 2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21 . 2009-02-18 15:04
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10 . 2009-02-18 15:04
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07 . 2009-02-18 15:04
d
w c:program filesAutoCAD 2007
2009-02-18 15:06 . 2009-02-18 15:00
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06 . 2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00 . 2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 19:24 . 2009-02-17 17:21 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-02-17 17:15 . 2009-02-17 17:15 22564 —-a-w c:windowssystem32emptyregdb.dat
2005-04-19 15:2009-04-09 09:29 25:30 . c:program filesoperaprogrampluginsPlugDef.dll
.
Sigcheck
[-] 2004-09-17 11:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_22.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 08:22 . 2009-04-19 08:22 16384 c:windowstempPerflib_Perfdata_4d4.dat
+ 2009-04-19 07:51 . 2009-04-19 07:51 16384 c:windowstempPerflib_Perfdata_2ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-3-5 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=
«c:\WINDOWS\system32\CF3072.exe»=S2 NdisFileServices32;NdisFileServices32;c:windowssystem32driversoluenh.sys [2009-04-19 5477]
S3 abp470n5;abp470n5; [x].
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 12:22
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2608)
c:windowssystem32msi.dll
.
Other Running Processes
.
c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE
c:program filesCommon FilesAheadLibNMBgMonitor.exe
c:program filesNokiaNokia PC Suite 6PcSync2.exe
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-19 12:47 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 08:47
ComboFix2.txt 2009-04-19 07:48
ComboFix3.txt 2009-04-18 22:35
ComboFix4.txt 2009-04-09 09:08
ComboFix5.txt 2009-04-19 07:52Pre-Run: 12 375 068 672 байт свободно
Post-Run: 12 219 314 176 байт свободно186
Вот результат последней проверки.
ComboFix 09-04-04.01 — Айк 2009-04-09 13:01:12.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.289 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
Command switches used :: c:documents and settingsАйкРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32driversoluenh.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32driversoluenh.sys
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll
F:autorun.inf
F:npidwi.pif.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.2009-03-31 15:08 . 2004-08-17 16:04 159,232 —a
c:windowssystem32ptpusd.dll
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a
c:windowssystem32driversusbscan.sys
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a—c— c:windowssystem32dllcacheusbscan.sys
2009-03-31 15:08 . 2001-10-19 21:06 5,632 —a
c:windowssystem32ptpusb.dll
2009-03-31 11:30 . 2009-03-31 11:30 3,218 —a
c:windowssystem32PerfStringBackup.TMP
2009-03-24 20:08 . 2009-03-24 20:08d
c:documents and settingsАйкApplication DataNokia
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 19:59 . 2009-03-24 20:00d
c:windowsDownloaded Installations
2009-03-24 19:58 . 2009-03-24 19:58d
c:program filesDIFX
2009-03-24 19:57 . 2009-03-24 19:58d—-c— c:windowssystem32DRVSTORE
2009-03-24 19:57 . 2009-03-24 20:00d
c:program filesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesPCSuite
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 19:57 . 2009-03-24 19:57d
c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsАйкApplication DataPC Suite
2009-03-24 19:57 . 2006-05-29 09:26 127,488 —a
c:windowssystem32driversnmwcd.sys
2009-03-24 19:57 . 2006-05-29 09:26 50,688 —a
c:windowssystem32nmwcdcls.dll
2009-03-24 19:57 . 2006-05-29 09:26 30,720 —a
c:windowssystem32nmwcdcocls.dll
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcm.sys
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcj.sys
2009-03-24 19:57 . 2006-05-29 09:26 8,704 —a
c:windowssystem32driversnmwcdc.sys
2009-03-24 19:57 . 2006-05-29 09:26 4,608 —a
c:windowssystem32nmwcdlog.dll
2009-03-21 14:17 . 2009-03-21 14:19d
c:documents and settingsАйкApplication DataLuntik
2009-03-21 14:16 . 2009-03-24 22:22d
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-21 14:15 . 2009-03-21 14:15d
c:program filesGames.Mail.Ru
2009-03-17 21:02 . 2009-03-21 19:35d
c:program filesBararan Program
2009-03-17 21:02 . 2009-03-17 21:02d
C:ArmDicto
2009-03-17 21:02 . 1999-03-09 11:50 557,328 —a
c:windowssystem32Dao360.dll
2009-03-17 21:02 . 1999-05-07 01:00 209,408 —a
c:windowssystem32Tabctl32.ocx
2009-03-17 21:02 . 2009-03-17 21:02 115 —a
c:windowsdictionary.ini
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 1997-08-26 13:06 344,576 —a
c:windowsIsUninst.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 09:05 5,477 —-a-w c:windowssystem32driversoluenh.sys
2009-03-31 07:36
d
w c:program filestrend micro
2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15
d
w c:program filesNero
2009-03-01 12:15
d
w c:program filesCommon FilesAhead
2009-03-01 11:49
d
w c:program filesAhead
2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49
d
w c:program filesPinnacle
2009-02-21 16:48
d—h—w c:program filesInstallShield Installation Information
2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07
d
w c:program filesAutoCAD 2007
2009-02-18 15:06
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 17:23
d
w c:program filesmicrosoft frontpage
.
Sigcheck
2004-09-17 15:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.34.00.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 192,000 —-a-w c:windowsERDNTsubsERDNT.EXE
— 2000-08-31 04:00:00 89,504 —-a-w c:windowsfdsv.exe
+ 2000-08-31 04:00:00 114,688 —-a-w c:windowsfdsv.exe
— 2000-08-31 04:00:00 80,412 —-a-w c:windowsgrep.exe
+ 2000-08-31 04:00:00 109,056 —-a-w c:windowsgrep.exe
— 2000-08-31 04:00:00 98,816 —-a-w c:windowssed.exe
+ 2000-08-31 04:00:00 127,488 —-a-w c:windowssed.exe
— 2000-08-31 04:00:00 136,704 —-a-w c:windowsSWSC.exe
+ 2000-08-31 04:00:00 165,376 —-a-w c:windowsSWSC.exe
— 2000-08-31 04:00:00 212,480 —-a-w c:windowsSWXCACLS.exe
+ 2000-08-31 04:00:00 241,152 —-a-w c:windowsSWXCACLS.exe
— 2000-08-31 04:00:00 49,152 —-a-w c:windowsVFIND.exe
+ 2000-08-31 04:00:00 77,824 —-a-w c:windowsVFIND.exe
— 2000-08-31 04:00:00 68,096 —-a-w c:windowszip.exe
+ 2000-08-31 04:00:00 96,768 —-a-w c:windowszip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1478656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 364544]
«PCSuiteTrayApplication»=»c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 258048][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-03-05 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\ComboFix\NirCmdC.cfexe»=R2 NdisFileServices32;NdisFileServices32;c:windowssystem32driversoluenh.sys [2009-04-09 5477]
S3 abp470n5;abp470n5;??c:windowssystem32driversptgpr.sys —> c:windowssystem32driversptgpr.sys [?]
.
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 13:05:22
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-09 13:08:27 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 09:08:24
ComboFix2.txt 2009-04-06 11:46:02
ComboFix3.txt 2009-04-02 16:35:57Pre-Run: 12 530 536 448 байт свободно
Post-Run: 12,494,643,200 байт свободно182
После этого я проверил компьютер и кажется все неполадки исправились.
Valeri можно сказать что мы уже окончательно победили вирус и обрадоваться этой победой, или пока преждевременно????Вот Log.txt
ComboFix 09-04-04.01 — Айк 2009-04-06 15:38:20.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.308 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столComboFix.exe
Command switches used :: c:documents and settingsАйкРабочий столCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32driversoluenh.sys
c:windowssystem32driversptgpr.sys
F:igsqe.cmd
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32driversoluenh.sys
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll
F:autorun.inf
F:cvch.pif
F:igsqe.cmd
F:stevgi.pif.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ABP470N5
Legacy_NDISFILESERVICES32
Service_abp470n5
Service_NdisFileServices32((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.2009-03-31 15:08 . 2004-08-17 16:04 159,232 —a
c:windowssystem32ptpusd.dll
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a
c:windowssystem32driversusbscan.sys
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a—c— c:windowssystem32dllcacheusbscan.sys
2009-03-31 15:08 . 2001-10-19 21:06 5,632 —a
c:windowssystem32ptpusb.dll
2009-03-31 11:30 . 2009-03-31 11:30 3,218 —a
c:windowssystem32PerfStringBackup.TMP
2009-03-24 20:08 . 2009-03-24 20:08d
c:documents and settingsАйкApplication DataNokia
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 19:59 . 2009-03-24 20:00d
c:windowsDownloaded Installations
2009-03-24 19:58 . 2009-03-24 19:58d
c:program filesDIFX
2009-03-24 19:57 . 2009-03-24 19:58d—-c— c:windowssystem32DRVSTORE
2009-03-24 19:57 . 2009-03-24 20:00d
c:program filesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesPCSuite
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 19:57 . 2009-03-24 19:57d
c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsАйкApplication DataPC Suite
2009-03-24 19:57 . 2006-05-29 09:26 127,488 —a
c:windowssystem32driversnmwcd.sys
2009-03-24 19:57 . 2006-05-29 09:26 50,688 —a
c:windowssystem32nmwcdcls.dll
2009-03-24 19:57 . 2006-05-29 09:26 30,720 —a
c:windowssystem32nmwcdcocls.dll
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcm.sys
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcj.sys
2009-03-24 19:57 . 2006-05-29 09:26 8,704 —a
c:windowssystem32driversnmwcdc.sys
2009-03-24 19:57 . 2006-05-29 09:26 4,608 —a
c:windowssystem32nmwcdlog.dll
2009-03-21 14:17 . 2009-03-21 14:19d
c:documents and settingsАйкApplication DataLuntik
2009-03-21 14:16 . 2009-03-24 22:22d
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-21 14:15 . 2009-03-21 14:15d
c:program filesGames.Mail.Ru
2009-03-17 21:02 . 2009-03-21 19:35d
c:program filesBararan Program
2009-03-17 21:02 . 2009-03-17 21:02d
C:ArmDicto
2009-03-17 21:02 . 1999-03-09 11:50 557,328 —a
c:windowssystem32Dao360.dll
2009-03-17 21:02 . 1999-05-07 01:00 209,408 —a
c:windowssystem32Tabctl32.ocx
2009-03-17 21:02 . 2009-03-17 21:02 115 —a
c:windowsdictionary.ini
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 1997-08-26 13:06 344,576 —a
c:windowsIsUninst.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 11:43 5,477 —-a-w c:windowssystem32driversoluenh.sys
2009-03-31 07:36
d
w c:program filestrend micro
2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15
d
w c:program filesNero
2009-03-01 12:15
d
w c:program filesCommon FilesAhead
2009-03-01 11:49
d
w c:program filesAhead
2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49
d
w c:program filesPinnacle
2009-02-21 16:48
d—h—w c:program filesInstallShield Installation Information
2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07
d
w c:program filesAutoCAD 2007
2009-02-18 15:06
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 17:23
d
w c:program filesmicrosoft frontpage
.
Sigcheck
2004-09-17 15:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_20.34.00.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 —-a-w c:windowsERDNTsubsERDNT.EXE
— 2000-08-31 04:00:00 89,504 —-a-w c:windowsfdsv.exe
+ 2000-08-31 04:00:00 114,688 —-a-w c:windowsfdsv.exe
— 2000-08-31 04:00:00 80,412 —-a-w c:windowsgrep.exe
+ 2000-08-31 04:00:00 109,056 —-a-w c:windowsgrep.exe
— 2000-08-31 04:00:00 98,816 —-a-w c:windowssed.exe
+ 2000-08-31 04:00:00 127,488 —-a-w c:windowssed.exe
— 2000-08-31 04:00:00 136,704 —-a-w c:windowsSWSC.exe
+ 2000-08-31 04:00:00 165,376 —-a-w c:windowsSWSC.exe
— 2000-08-31 04:00:00 212,480 —-a-w c:windowsSWXCACLS.exe
+ 2000-08-31 04:00:00 241,152 —-a-w c:windowsSWXCACLS.exe
— 2000-08-31 04:00:00 49,152 —-a-w c:windowsVFIND.exe
+ 2000-08-31 04:00:00 77,824 —-a-w c:windowsVFIND.exe
— 2000-08-31 04:00:00 68,096 —-a-w c:windowszip.exe
+ 2000-08-31 04:00:00 96,768 —-a-w c:windowszip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1478656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 364544]
«PCSuiteTrayApplication»=»c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 258048][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-03-05 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Documents and Settings\Айк\Мои документы\Самоучитель AutoCAD\WinDjView-0.5.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=
«c:\WINDOWS\system32\CF16559.exe»=
«c:\ComboFix\NirCmdC.cfexe»=— Other Services/Drivers In Memory —
*NewlyCreated* — NDISFILESERVICES32
.
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {E976EFF6-F957-41A8-91CF-232E00032C25} = 212.73.65.40 217.113.0.8
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 15:42:44
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-06 15:45:59 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 11:45:55
ComboFix2.txt 2009-04-02 16:35:57Pre-Run: 11 438 526 464 байт свободно
Post-Run: 11,184,611,328 байт свободно209
Здравствуйте Valeri. Вот результат проверки ComboFix.
ComboFix 09-04-01.01 — Айк 2009-04-02 20:27:41.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.311 [GMT 4:00]
Running from: c:documents and settingsАйкРабочий столmyapp.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:autorun.inf
C:nideiect.com
c:windowssystem32wmdrtc32.dl_
c:windowssystem32wmdrtc32.dll
D:Autorun.inf
D:nideiect.com
D:ntde1ect.com.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.2009-03-31 15:08 . 2004-08-17 16:04 159,232 —a
c:windowssystem32ptpusd.dll
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a
c:windowssystem32driversusbscan.sys
2009-03-31 15:08 . 2004-08-03 22:58 15,104 —a—c— c:windowssystem32dllcacheusbscan.sys
2009-03-31 15:08 . 2001-10-19 21:06 5,632 —a
c:windowssystem32ptpusb.dll
2009-03-31 11:30 . 2009-03-31 11:30 3,218 —a
c:windowssystem32PerfStringBackup.TMP
2009-03-24 20:08 . 2009-03-24 20:08d
c:documents and settingsАйкApplication DataNokia
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 20:04 . 2009-03-25 01:26d
c:documents and settingsАйкPhone Browser
2009-03-24 19:59 . 2009-03-24 20:00d
c:windowsDownloaded Installations
2009-03-24 19:58 . 2009-03-24 19:58d
c:program filesDIFX
2009-03-24 19:57 . 2009-03-24 19:58d—-c— c:windowssystem32DRVSTORE
2009-03-24 19:57 . 2009-03-24 20:00d
c:program filesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesPCSuite
2009-03-24 19:57 . 2009-03-24 19:58d
c:program filesCommon FilesNokia
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsAll UsersApplication DataPC Suite
2009-03-24 19:57 . 2009-03-24 19:57d
c:documents and settingsAll UsersApplication DataDownloaded Installations
2009-03-24 19:57 . 2009-03-24 19:58d
c:documents and settingsАйкApplication DataPC Suite
2009-03-24 19:57 . 2006-05-29 09:26 127,488 —a
c:windowssystem32driversnmwcd.sys
2009-03-24 19:57 . 2006-05-29 09:26 50,688 —a
c:windowssystem32nmwcdcls.dll
2009-03-24 19:57 . 2006-05-29 09:26 30,720 —a
c:windowssystem32nmwcdcocls.dll
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcm.sys
2009-03-24 19:57 . 2006-05-29 09:26 13,312 —a
c:windowssystem32driversnmwcdcj.sys
2009-03-24 19:57 . 2006-05-29 09:26 8,704 —a
c:windowssystem32driversnmwcdc.sys
2009-03-24 19:57 . 2006-05-29 09:26 4,608 —a
c:windowssystem32nmwcdlog.dll
2009-03-21 14:17 . 2009-03-21 14:19d
c:documents and settingsАйкApplication DataLuntik
2009-03-21 14:16 . 2009-03-24 22:22d
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-21 14:15 . 2009-03-21 14:15d
c:program filesGames.Mail.Ru
2009-03-17 21:02 . 2009-03-21 19:35d
c:program filesBararan Program
2009-03-17 21:02 . 2009-03-17 21:02d
C:ArmDicto
2009-03-17 21:02 . 1999-03-09 11:50 557,328 —a
c:windowssystem32Dao360.dll
2009-03-17 21:02 . 1999-05-07 01:00 209,408 —a
c:windowssystem32Tabctl32.ocx
2009-03-17 21:02 . 2009-03-17 21:02 115 —a
c:windowsdictionary.ini
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 2009-03-17 21:01d
c:documents and settingsАйкWINDOWS
2009-03-17 21:01 . 1997-08-26 13:06 344,576 —a
c:windowsIsUninst.exe
2009-03-02 21:56 . 2009-03-02 22:06 116 —a
c:windowsNeroDigital.ini
2009-03-02 16:39 . 2009-03-02 21:47 10 —a
c:windowspopcinfo.dat
2009-03-02 13:01 . 2009-04-02 20:32 5,477 —a
c:windowssystem32driversoluenh.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 07:36
d
w c:program filestrend micro
2009-03-01 12:16
d
w c:documents and settingsАйкApplication DataAhead
2009-03-01 12:15
d
w c:program filesNero
2009-03-01 12:15
d
w c:program filesCommon FilesAhead
2009-03-01 11:49
d
w c:program filesAhead
2009-02-27 12:38
d
w c:program filesArmenian NLS
2009-02-24 14:46
d
w c:documents and settingsАйкApplication DataCyberLink
2009-02-22 12:51
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-02-22 12:47
d
w c:program filesCommon FilesInstallShield
2009-02-21 16:56
d
w c:documents and settingsAll UsersApplication DataPinnacle
2009-02-21 16:53
d
w c:program filesSmartSound Software
2009-02-21 16:53
d
w c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 16:49
d
w c:program filesPinnacle
2009-02-21 16:48
d—h—w c:program filesInstallShield Installation Information
2009-02-18 18:44
d
w c:documents and settingsАйкApplication DataAdobeUM
2009-02-18 18:43
d
w c:program filesCommon FilesAdobe
2009-02-18 17:58
d
w c:documents and settingsAll UsersApplication DataCyberLink
2009-02-18 17:57
d
w c:program filesCyberLink
2009-02-18 15:21
d
w c:documents and settingsАйкApplication DataAutodesk
2009-02-18 15:10
d
w c:documents and settingsAll UsersApplication DataAutodesk
2009-02-18 15:07
d
w c:program filesAutoCAD 2007
2009-02-18 15:06
d
w c:program filesCommon FilesAutodesk Shared
2009-02-18 15:06
d
w c:program filesAnswerWorks 4.0
2009-02-18 15:00
d
w c:program filesAutodesk
2009-02-17 17:23
d
w c:program filesmicrosoft frontpage
.
Sigcheck
2004-09-17 15:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1478656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 364544]
«PCSuiteTrayApplication»=»c:progra~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 258048][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
AutoCAD Startup Accelerator.lnk — c:program filesCommon FilesAutodesk Sharedacstart17.exe [2006-03-05 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\С-i failer\Мои документы\Антивирус\savceclt.exe»=
«c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE»=
«c:\WINDOWS\system32\dwwin.exe»=
«c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe»=
«c:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe»=
«c:\WINDOWS\system32\netsh.exe»=
«c:\WINDOWS\system32\NeroCheck.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe»=
«c:\Program Files\AutoCAD 2007\acad.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=
«c:\Documents and Settings\Айк\Мои документы\Самоучитель AutoCAD\WinDjView-0.5.exe»=
«c:\Program Files\Windows Media Player\wmplayer.exe»=
«c:\Documents and Settings\Айк\Рабочий стол\ДЛЯ уничтожения вирусов\RSIT\RSIT.exe»=
«c:\Program Files\Bararan Program\Bararan.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE»=
«c:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe»=
«c:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE»=
«c:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe»=R4 NdisFileServices32;NdisFileServices32;c:windowssystem32driversoluenh.sys [2009-03-02 5477]
S3 abp470n5;abp470n5;??c:windowssystem32driversptgpr.sys —> c:windowssystem32driversptgpr.sys [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{897f4a06-03e6-11de-b61a-c60ebc8a56be}]
ShellAuToPLAycomMANd — F:igsqe.cmd
ShellAutoRuncommand — F:igsqe.cmd
ShelleXpLorecoMManD — F:igsqe.cmd
ShellOpeNCommAnd — F:igsqe.cmd
.
.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {E976EFF6-F957-41A8-91CF-232E00032C25} = 212.73.65.40 217.113.0.8
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:32:23
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:progra~1COMMON~1NokiaMPAPIMPAPI3s.exe
c:program filesCommon FilesPCSuiteServicesServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-02 20:35:55 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 16:35:51Pre-Run: 11 892 961 280 байт свободно
Post-Run: 11,984,519,168 байт свободно179
Avenger LOG
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Error: registry key «RegistryMachineSystemCurrentControlSetServicesNdisFileServices32» not found!
Deletion of driver «NdisFileServices32» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existDriver «abp470n5» deleted successfully.
Error: registry key «RegistryMachineSystemCurrentControlSetServicesFile::» not found!
Deletion of driver «File::» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: registry key «RegistryMachineSystemCurrentControlSetServicesC:WINDOWSsystem32driversoluenh.sys» not found!
Deletion of driver «C:WINDOWSsystem32driversoluenh.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: registry key «RegistryMachineSystemCurrentControlSetServicesC:WINDOWSsystem32driversptgpr.sys» not found!
Deletion of driver «C:WINDOWSsystem32driversptgpr.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existCompleted script processing.
*******************
Finished! Terminate.
А вот свежий RSIT LOG
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Айк at 2009-03-31 11:36:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (33%) free of 35 GB
Total RAM: 511 MB (64% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:18, on 26.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DOCUME~1C14C~1LOCALS~1Tempwinkbplue.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsАйкРабочий столRSIT.exe
C:Program Filestrend microАйк.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart17.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{E976EFF6-F957-41A8-91CF-232E00032C25}: NameServer = 212.73.65.40 217.113.0.8
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 3404 bytes======Registry dump======
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 364544]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 258048][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadlibNMBgMonitor.exe [2005-10-28 94208]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2006-06-27 1478656]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart17.exe[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:С-i failerМои документыАнтивирусsavceclt.exe»=»D:С-i failerМои документыАнтивирусsavceclt.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE»=»C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE:*:Enabled:ipsec»
«C:WINDOWSsystem32dwwin.exe»=»C:WINDOWSsystem32dwwin.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Templqni.exe»=»C:DOCUME~1C14C~1LOCALS~1Templqni.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe»=»C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe:*:Enabled:ipsec»
«C:Program FilesAheadNero StartSmartNeroStartSmart.exe»=»C:Program FilesAheadNero StartSmartNeroStartSmart.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe»=»C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:Nero 7.0 уст.папкаSetupX.exe»=»C:Nero 7.0 уст.папкаSetupX.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столRSIT.exe»=»C:Documents and SettingsАйкРабочий столRSIT.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32NeroCheck.exe»=»C:WINDOWSsystem32NeroCheck.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadlibNMBgMonitor.exe»=»C:Program FilesCommon FilesAheadlibNMBgMonitor.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe:*:Enabled:ipsec»
«C:Program FilesAutoCAD 2007acad.exe»=»C:Program FilesAutoCAD 2007acad.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinvmnu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinvmnu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempmweq.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempmweq.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinrnembe.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinrnembe.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempksltmk.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempksltmk.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinkyjg.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinkyjg.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempvvgj.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempvvgj.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempmfujkj.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempmfujkj.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinsiwhuh.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinsiwhuh.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=»C:Documents and SettingsАйкРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinyxfph.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinyxfph.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкМои документыСамоучитель AutoCADWinDjView-0.5.exe»=»C:Documents and SettingsАйкМои документыСамоучитель AutoCADWinDjView-0.5.exe:*:Enabled:ipsec»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinaqrfb.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinaqrfb.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinaeiysr.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinaeiysr.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinufvcby.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinufvcby.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinojms.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinojms.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столДЛЯ уничтожения вирусовRSITRSIT.exe»=»C:Documents and SettingsАйкРабочий столДЛЯ уничтожения вирусовRSITRSIT.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwintpne.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwintpne.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinlquwp.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinlquwp.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinufxgfy.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinufxgfy.exe:*:Enabled:ipsec»
«C:Program FilesBararan ProgramBararan.exe»=»C:Program FilesBararan ProgramBararan.exe:*:Enabled:ipsec»
«D:Лунтик играЛунтик. Пропавшие краскиLuntikLostColors.exe»=»D:Лунтик играЛунтик. Пропавшие краскиLuntikLostColors.exe:*:Enabled:ipsec»
«C:PROGRA~1NokiaNOKIAP~1GETCON~1.EXE»=»C:PROGRA~1NokiaNOKIAP~1GETCON~1.EXE:*:Enabled:ipsec»
«C:Program FilesNokiaNokia PC Suite 6PcSync2.exe»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe:*:Enabled:ipsec»
«C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE:*:Enabled:ipsec»
«C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe»=»C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwincxlvs.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwincxlvs.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 3 months======
2009-03-31 11:35:01 —-A—- C:avenger.txt
2009-03-31 11:30:43 —-A—- C:WINDOWSsystem32PerfStringBackup.TMP
2009-03-24 22:19:11 —-D—- C:WINDOWSsystem32appmgmt
2009-03-24 20:08:36 —-D—- C:Documents and SettingsАйкApplication DataNokia
2009-03-24 19:59:46 —-D—- C:WINDOWSDownloaded Installations
2009-03-24 19:58:35 —-D—- C:Program FilesDIFX
2009-03-24 19:57:58 —-D—- C:Program FilesCommon FilesNokia
2009-03-24 19:57:39 —-D—- C:Documents and SettingsАйкApplication DataPC Suite
2009-03-24 19:57:38 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-03-24 19:57:34 —-D—- C:Program FilesCommon FilesPCSuite
2009-03-24 19:57:26 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-03-24 19:57:26 —-A—- C:WINDOWSsystem32nmwcdlog.dll
2009-03-24 19:57:26 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
2009-03-24 19:57:26 —-A—- C:WINDOWSsystem32nmwcdcls.dll
2009-03-24 19:57:25 —-D—- C:Program FilesNokia
2009-03-24 19:57:17 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2009-03-21 14:17:26 —-D—- C:Documents and SettingsАйкApplication DataLuntik
2009-03-21 14:16:16 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-03-21 14:15:32 —-D—- C:Program FilesGames.Mail.Ru
2009-03-17 21:02:36 —-A—- C:WINDOWSsystem32Dao360.dll
2009-03-17 21:02:35 —-D—- C:Program FilesBararan Program
2009-03-17 21:02:02 —-A—- C:WINDOWSdictionary.ini
2009-03-17 21:02:01 —-D—- C:ArmDicto
2009-03-17 21:01:53 —-A—- C:WINDOWSIsUninst.exe
2009-03-16 19:17:25 —-D—- C:WINDOWSMinidump
2009-03-05 12:33:47 —-D—- C:Avenger
2009-03-02 21:56:20 —-A—- C:WINDOWSNeroDigital.ini
2009-03-01 16:26:39 —-D—- C:_OTMoveIt
2009-03-01 16:16:34 —-D—- C:Documents and SettingsАйкApplication DataAhead
2009-03-01 16:15:11 —-D—- C:Program FilesNero
2009-03-01 15:43:42 —-D—- C:Nero 7.0 уст.папка
2009-02-27 16:38:11 —-D—- C:Program FilesArmenian NLS
2009-02-26 21:20:29 —-D—- C:rms
2009-02-26 15:53:31 —-D—- C:Program Filestrend micro
2009-02-26 15:53:29 —-D—- C:rsit
2009-02-26 15:21:49 —-D—- C:Образ установочного диска
2009-02-26 14:34:27 —-D—- C:Антивирус_для_Троян
2009-02-22 22:50:09 —-D—- C:Жизнь после жизни
2009-02-22 17:35:49 —-D—- C:Антивирус
2009-02-22 16:46:04 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-02-21 21:03:45 —-D—- C:Фрида
2009-02-21 20:53:15 —-D—- C:WINDOWSsystem32Quicktime
2009-02-21 20:53:13 —-D—- C:Program FilesSmartSound Software
2009-02-21 20:53:13 —-D—- C:Documents and SettingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 20:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataPinnacle
2009-02-21 20:45:54 —-D—- C:Program FilesPinnacle
2009-02-21 17:59:33 —-D—- C:Documents and SettingsАйкApplication DataCyberLink
2009-02-20 22:59:35 —-SHD—- C:Config.Msi
2009-02-20 22:16:40 —-D—- C:WINDOWSpss
2009-02-19 19:30:43 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-02-19 19:23:24 —-D—- C:VirDefs
2009-02-19 19:23:23 —-D—- C:Data
2009-02-19 19:23:17 —-D—- C:Support
2009-02-19 19:02:54 —-D—- C:Documents and SettingsАйкApplication DataMacromedia
2009-02-19 19:00:13 —-A—- C:WINDOWSModemLog_Best Data Data Fax Modem.txt
2009-02-18 22:48:06 —-SHD—- C:RECYCLER
2009-02-18 22:44:16 —-D—- C:Documents and SettingsАйкApplication DataAdobeUM
2009-02-18 22:43:57 —-D—- C:Documents and SettingsАйкApplication DataAdobe
2009-02-18 22:43:56 —-D—- C:Program FilesCommon FilesAdobe
2009-02-18 22:36:23 —-A—- C:WINDOWSsystem32capicom.dll
2009-02-18 22:36:12 —-D—- C:WINDOWSRegisteredPackages
2009-02-18 21:58:17 —-D—- C:Documents and SettingsAll UsersApplication DataCyberLink
2009-02-18 21:57:31 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-18 21:57:09 —-D—- C:Program FilesCyberLink
2009-02-18 21:56:59 —-D—- C:Program FilesCommon FilesInstallShield
2009-02-18 21:49:49 —-RA—- C:WINDOWSsystem32picn20.dll
2009-02-18 21:49:46 —-RA—- C:WINDOWSsystem32imagx5.dll
2009-02-18 21:49:46 —-RA—- C:WINDOWSsystem32imagr5.dll
2009-02-18 21:49:45 —-RA—- C:WINDOWSsystem32ImagXpr5.dll
2009-02-18 21:49:40 —-D—- C:Program FilesCommon FilesAhead
2009-02-18 21:43:55 —-RSH—- C:nideiect.com
2009-02-18 21:43:33 —-D—- C:AutoCAD
2009-02-18 21:43:26 —-A—- C:WINDOWSsystem32wmdrtc32.dll
2009-02-18 19:34:54 —-D—- C:Program FilesWinRAR
2009-02-18 19:34:32 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-02-18 19:34:29 —-D—- C:Program FilesAdobe
2009-02-18 19:32:11 —-D—- C:WINDOWSCache
2009-02-18 19:06:32 —-D—- C:Program FilesAnswerWorks 4.0
2009-02-18 19:04:40 —-D—- C:Program FilesAutoCAD 2007
2009-02-18 19:04:40 —-D—- C:Documents and SettingsАйкApplication DataAutodesk
2009-02-18 19:04:40 —-D—- C:Documents and SettingsAll UsersApplication DataAutodesk
2009-02-18 19:00:54 —-D—- C:Program FilesCommon FilesAutodesk Shared
2009-02-18 19:00:45 —-D—- C:Program FilesAutodesk
2009-02-18 19:00:40 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2009-02-18 18:55:46 —-RSD—- C:WINDOWSassembly
2009-02-18 18:55:09 —-D—- C:WINDOWSMicrosoft.NET
2009-02-18 18:54:18 —-N—- C:WINDOWSsystem32spmsg.dll
2009-02-18 18:54:05 —-HDC—- C:WINDOWS$MSI31Uninstall_KB893803v2$
2009-02-18 00:11:17 —-A—- C:WINDOWSsystem32h323log.txt
2009-02-18 00:07:20 —-A—- C:WINDOWSsystem32nv4_disp.dll
2009-02-18 00:06:26 —-A—- C:WINDOWSsystem32usbui.dll
2009-02-18 00:04:32 —-A—- C:WINDOWSimsins.BAK
2009-02-18 00:04:28 —-SHD—- C:WINDOWSInstaller
2009-02-18 00:04:28 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-18 00:04:27 —-D—- C:Program FilesCommon FilesODBC
2009-02-18 00:04:27 —-A—- C:WINDOWSODBCINST.INI
2009-02-18 00:04:21 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-02-18 00:04:19 —-RD—- C:Program Files
2009-02-18 00:04:19 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-18 00:04:19 —-D—- C:Program FilesCommon Files
2009-02-18 00:04:14 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-02-18 00:04:14 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-02-18 00:04:14 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-02-18 00:04:10 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-02-18 00:04:06 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-02-18 00:04:06 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-02-18 00:04:06 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-02-18 00:04:06 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-02-18 00:04:06 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-02-18 00:04:02 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-02-18 00:04:01 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-02-18 00:03:54 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-02-18 00:03:54 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbdur.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-02-18 00:03:53 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-02-18 00:03:52 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-02-18 00:03:52 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-02-18 00:03:50 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-18 00:03:50 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-02-18 00:03:49 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-18 00:03:49 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-02-18 00:03:49 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-02-18 00:03:44 —-A—- C:WINDOWSTASKMAN.EXE
2009-02-18 00:03:43 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-02-18 00:03:43 —-A—- C:WINDOWSsystem32batt.dll
2009-02-18 00:03:42 —-A—- C:WINDOWSNOTEPAD.EXE
2009-02-18 00:03:39 —-A—- C:WINDOWSsystem32storprop.dll
2009-02-18 00:03:28 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-18 00:03:19 —-RA—- C:WINDOWSSET8.tmp
2009-02-18 00:03:14 —-RA—- C:WINDOWSSET4.tmp
2009-02-18 00:03:12 —-RA—- C:WINDOWSSET3.tmp
2009-02-18 00:03:06 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-18 00:03:06 —-D—- C:WINDOWSsystem32CatRoot
2009-02-18 00:03:00 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-02-18 00:02:21 —-A—- C:WINDOWSsetuplog.txt
2009-02-18 00:02:17 —-D—- C:Documents and Settings
2009-02-18 00:01:22 —-SH—- C:boot.ini
2009-02-17 23:56:30 —-SHD—- C:System Volume Information
2009-02-17 23:54:17 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-17 23:54:17 —-RSD—- C:WINDOWSFonts
2009-02-17 23:54:17 —-RD—- C:WINDOWSWeb
2009-02-17 23:54:17 —-HD—- C:WINDOWSinf
2009-02-17 23:54:17 —-D—- C:WINDOWSWinSxS
2009-02-17 23:54:17 —-D—- C:WINDOWStwain_32
2009-02-17 23:54:17 —-D—- C:WINDOWSTemp
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32wins
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32wbem
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32usmt
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32spool
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32ShellExt
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32Setup
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32ras
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32oobe
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32npp
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32mui
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32inetsrv
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32IME
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32icsxml
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32ias
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32export
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32drivers
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32dhcp
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32config
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem323com_dmi
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem323076
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem322052
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321054
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321049
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321042
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321041
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321037
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321033
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321031
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321028
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem321025
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem32
2009-02-17 23:54:17 —-D—- C:WINDOWSsystem
2009-02-17 23:54:17 —-D—- C:WINDOWSsecurity
2009-02-17 23:54:17 —-D—- C:WINDOWSResources
2009-02-17 23:54:17 —-D—- C:WINDOWSrepair
2009-02-17 23:54:17 —-D—- C:WINDOWSProvisioning
2009-02-17 23:54:17 —-D—- C:WINDOWSPeerNet
2009-02-17 23:54:17 —-D—- C:WINDOWSpchealth
2009-02-17 23:54:17 —-D—- C:WINDOWSmui
2009-02-17 23:54:17 —-D—- C:WINDOWSmsapps
2009-02-17 23:54:17 —-D—- C:WINDOWSmsagent
2009-02-17 23:54:17 —-D—- C:WINDOWSMedia
2009-02-17 23:54:17 —-D—- C:WINDOWSjava
2009-02-17 23:54:17 —-D—- C:WINDOWSime
2009-02-17 23:54:17 —-D—- C:WINDOWSHelp
2009-02-17 23:54:17 —-D—- C:WINDOWSehome
2009-02-17 23:54:17 —-D—- C:WINDOWSDriver Cache
2009-02-17 23:54:17 —-D—- C:WINDOWSDebug
2009-02-17 23:54:17 —-D—- C:WINDOWSCursors
2009-02-17 23:54:17 —-D—- C:WINDOWSConnection Wizard
2009-02-17 23:54:17 —-D—- C:WINDOWSConfig
2009-02-17 23:54:17 —-D—- C:WINDOWSAppPatch
2009-02-17 23:54:17 —-D—- C:WINDOWSaddins
2009-02-17 23:54:17 —-D—- C:WINDOWS
2009-02-17 22:32:51 —-D—- C:Program FilesAhead
2009-02-17 22:18:15 —-A—- C:WINDOWSsystem32ksuser.dll
2009-02-17 22:10:02 —-A—- C:WINDOWSdemo.INI
2009-02-17 21:56:16 —-A—- C:WINDOWSODBC.INI
2009-02-17 21:56:12 —-A—- C:WINDOWSsystem32mdimon.dll
2009-02-17 21:55:15 —-D—- C:Program FilesCommon FilesDESIGNER
2009-02-17 21:54:59 —-D—- C:WINDOWSSHELLNEW
2009-02-17 21:54:58 —-D—- C:Program FilesMicrosoft Office
2009-02-17 21:32:00 —-D—- C:Documents and SettingsАйкApplication DataIdentities
2009-02-17 21:31:56 —-HD—- C:Program FilesUninstall Information
2009-02-17 21:31:48 —-ASH—- C:Documents and SettingsАйкApplication Datadesktop.ini
2009-02-17 21:31:47 —-SD—- C:Documents and SettingsАйкApplication DataMicrosoft
2009-02-17 21:29:30 —-D—- C:WINDOWSSoftwareDistribution
2009-02-17 21:29:29 —-D—- C:WINDOWSPrefetch
2009-02-17 21:29:28 —-SD—- C:WINDOWSsystem32Microsoft
2009-02-17 21:29:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-17 21:23:41 —-D—- C:WINDOWSsystem32xircom
2009-02-17 21:23:41 —-D—- C:Program Filesxerox
2009-02-17 21:23:41 —-D—- C:Program Filesmicrosoft frontpage
2009-02-17 21:22:47 —-A—- C:WINDOWScontrol.ini
2009-02-17 21:22:47 —-A—- C:AUTOEXEC.BAT
2009-02-17 21:22:26 —-A—- C:WINDOWSOEWABLog.txt
2009-02-17 21:22:21 —-A—- C:WINDOWSsystem32mapi32.dll
2009-02-17 21:20:40 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-17 21:20:40 —-RD—- C:WINDOWSOffline Web Pages
2009-02-17 21:20:40 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-17 21:20:27 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-17 21:20:19 —-D—- C:Program FilesWindowsUpdate
2009-02-17 21:20:13 —-D—- C:Program FilesOnline Services
2009-02-17 21:19:39 —-D—- C:WINDOWSsystem32DirectX
2009-02-17 21:18:52 —-A—- C:WINDOWSsystem32atrace.dll
2009-02-17 21:18:48 —-A—- C:WINDOWSsystem32desktop.ini
2009-02-17 21:18:48 —-A—- C:WINDOWSdesktop.ini
2009-02-17 21:18:33 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-02-17 21:18:31 —-A—- C:WINDOWSsystem32acctres.dll
2009-02-17 21:18:30 —-D—- C:Program FilesCommon FilesServices
2009-02-17 21:18:24 —-SD—- C:WINDOWSTasks
2009-02-17 21:18:24 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-02-17 21:18:22 —-D—- C:Program FilesCommon FilesMSSoap
2009-02-17 21:18:14 —-D—- C:WINDOWSsrchasst
2009-02-17 21:18:12 —-D—- C:WINDOWSsystem32Macromed
2009-02-17 21:18:05 —-A—- C:WINDOWSsystem32wuweb.dll
2009-02-17 21:18:05 —-A—- C:WINDOWSsystem32wucltui.dll
2009-02-17 21:18:05 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-02-17 21:18:05 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-02-17 21:18:04 —-A—- C:WINDOWSsystem32wups.dll
2009-02-17 21:18:04 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-02-17 21:18:03 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-02-17 21:18:03 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-02-17 21:18:03 —-A—- C:WINDOWSsystem32wuapi.dll
2009-02-17 21:18:03 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-02-17 21:18:03 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-02-17 21:18:02 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-02-17 21:18:02 —-A—- C:WINDOWSsystem32qmgr.dll
2009-02-17 21:17:54 —-D—- C:Program FilesMovie Maker
2009-02-17 21:17:45 —-A—- C:WINDOWSsystem32safrslv.dll
2009-02-17 21:17:45 —-A—- C:WINDOWSsystem32safrdm.dll
2009-02-17 21:17:45 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-02-17 21:17:45 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-02-17 21:17:38 —-A—- C:WINDOWSsystem32fltMc.exe
2009-02-17 21:17:38 —-A—- C:WINDOWSsystem32fltlib.dll
2009-02-17 21:17:37 —-D—- C:WINDOWSsystem32Restore
2009-02-17 21:17:37 —-A—- C:WINDOWSsystem32srrstr.dll
2009-02-17 21:17:36 —-A—- C:WINDOWSsystem32srsvc.dll
2009-02-17 21:17:36 —-A—- C:WINDOWSsystem32srclient.dll
2009-02-17 21:17:35 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-02-17 21:17:35 —-A—- C:WINDOWSsystem32ils.dll
2009-02-17 21:17:34 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-02-17 21:17:34 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-02-17 21:17:33 —-A—- C:WINDOWSsystem32msconf.dll
2009-02-17 21:17:33 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-02-17 21:17:28 —-D—- C:Program FilesNetMeeting
2009-02-17 21:17:28 —-A—- C:WINDOWSsystem32msoert2.dll
2009-02-17 21:17:28 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-02-17 21:17:25 —-A—- C:WINDOWSsystem32inetres.dll
2009-02-17 21:17:24 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-02-17 21:17:20 —-D—- C:Program FilesOutlook Express
2009-02-17 21:17:20 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-02-17 21:17:19 —-A—- C:WINDOWSsystem32mstinit.exe
2009-02-17 21:17:19 —-A—- C:WINDOWSsystem32mstask.dll
2009-02-17 21:17:18 —-A—- C:WINDOWSsystem32isign32.dll
2009-02-17 21:17:18 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-02-17 21:17:18 —-A—- C:WINDOWSsystem32icwdial.dll
2009-02-17 21:17:17 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-02-17 21:17:05 —-D—- C:Program FilesCommon FilesSystem
2009-02-17 21:17:03 —-D—- C:Program FilesInternet Explorer
2009-02-17 21:15:44 —-D—- C:Program FilesComPlus Applications
2009-02-17 21:15:41 —-A—- C:WINDOWSvbaddin.ini
2009-02-17 21:15:41 —-A—- C:WINDOWSvb.ini
2009-02-17 21:15:36 —-D—- C:WINDOWSRegistration
2009-02-17 21:15:27 —-D—- C:Program FilesWindows Media Player
2009-02-17 21:15:17 —-D—- C:Program FilesMessenger
2009-02-17 21:15:10 —-D—- C:Program FilesMSN Gaming Zone
2009-02-17 21:15:10 —-A—- C:WINDOWSsystem32write.exe
2009-02-17 21:14:50 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-02-17 21:14:50 —-A—- C:WINDOWSsystem32hticons.dll
2009-02-17 21:14:49 —-A—- C:WINDOWSsystem32avwav.dll
2009-02-17 21:14:49 —-A—- C:WINDOWSsystem32avmeter.dll
2009-02-17 21:14:48 —-A—- C:WINDOWSsystem32avtapi.dll
2009-02-17 21:14:47 —-A—- C:WINDOWSsystem32winchat.exe
2009-02-17 21:14:32 —-A—- C:WINDOWSsystem32getuname.dll
2009-02-17 21:14:31 —-A—- C:WINDOWSsystem32charmap.exe
2009-02-17 21:14:30 —-A—- C:WINDOWSsystem32calc.exe
2009-02-17 21:14:29 —-A—- C:WINDOWSsystem32winmine.exe
2009-02-17 21:14:29 —-A—- C:WINDOWSsystem32sol.exe
2009-02-17 21:14:28 —-A—- C:WINDOWSsystem32reset.exe
2009-02-17 21:14:28 —-A—- C:WINDOWSsystem32mshearts.exe
2009-02-17 21:14:28 —-A—- C:WINDOWSsystem32freecell.exe
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32tslabels.ini
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32tskill.exe
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-02-17 21:14:27 —-A—- C:WINDOWSsystem32tscon.exe
2009-02-17 21:14:26 —-A—- C:WINDOWSsystem32shadow.exe
2009-02-17 21:14:26 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-02-17 21:14:26 —-A—- C:WINDOWSsystem32regini.exe
2009-02-17 21:14:26 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-02-17 21:14:26 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-02-17 21:14:25 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-02-17 21:14:25 —-A—- C:WINDOWSsystem32msg.exe
2009-02-17 21:14:25 —-A—- C:WINDOWSsystem32logoff.exe
2009-02-17 21:14:25 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-02-17 21:14:24 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-02-17 21:14:23 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-02-17 21:14:22 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-02-17 21:14:22 —-A—- C:WINDOWSsystem32mtxex.dll
2009-02-17 21:14:22 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-02-17 21:14:22 —-A—- C:WINDOWSsystem32comrepl.dll
2009-02-17 21:14:22 —-A—- C:WINDOWSsystem32comaddin.dll
2009-02-17 21:14:21 —-A—- C:WINDOWSsystem32stclient.dll
2009-02-17 21:14:21 —-A—- C:WINDOWSsystem32comsnap.dll
2009-02-17 21:14:10 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-02-17 21:14:08 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-02-17 21:14:08 —-A—- C:WINDOWSsystem32accwiz.exe
2009-02-17 21:14:07 —-A—- C:WINDOWSsystem32mplay32.exe
2009-02-17 21:14:07 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-02-17 21:14:06 —-D—- C:Program FilesWindows NT
2009-02-17 21:14:05 —-A—- C:WINDOWSsystem32mspaint.exe
2009-02-17 21:14:05 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-02-17 21:14:04 —-A—- C:WINDOWSsystem32spider.exe
2009-02-17 21:14:03 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-02-17 21:14:02 —-A—- C:WINDOWSsystem32remotepg.dll
2009-02-17 21:14:02 —-A—- C:WINDOWSsystem32mstscax.dll
2009-02-17 21:14:02 —-A—- C:WINDOWSsystem32mstsc.exe
2009-02-17 21:14:01 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-02-17 21:14:01 —-A—- C:WINDOWSsystem32rdshost.exe
2009-02-17 21:14:01 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-02-17 21:14:01 —-A—- C:WINDOWSsystem32rdchost.dll
2009-02-17 21:14:00 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-02-17 21:14:00 —-A—- C:WINDOWSsystem32termsrv.dll
2009-02-17 21:14:00 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-02-17 21:14:00 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-02-17 21:13:59 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-02-17 21:13:59 —-A—- C:WINDOWSsystem32qprocess.exe
2009-02-17 21:13:59 —-A—- C:WINDOWSsystem32icaapi.dll
2009-02-17 21:13:59 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-02-17 21:13:58 —-D—- C:WINDOWSsystem32MsDtc
2009-02-17 21:13:58 —-A—- C:WINDOWSsystem32mtxoci.dll
2009-02-17 21:13:58 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2009-02-17 21:13:57 —-A—- C:WINDOWSsystem32msdtcprx.dll
2009-02-17 21:13:56 —-A—- C:WINDOWSsystem32xolehlp.dll
2009-02-17 21:13:56 —-A—- C:WINDOWSsystem32msdtctm.dll
2009-02-17 21:13:56 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-02-17 21:13:56 —-A—- C:WINDOWSsystem32msdtc.exe
2009-02-17 21:13:54 —-D—- C:WINDOWSsystem32Com
2009-02-17 21:13:54 —-A—- C:WINDOWSsystem32colbact.dll
2009-02-17 21:13:53 —-A—- C:WINDOWSsystem32clbcatex.dll
2009-02-17 21:13:53 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-02-17 21:13:52 —-A—- C:WINDOWSsystem32catsrvut.dll
2009-02-17 21:13:52 —-A—- C:WINDOWSsystem32catsrv.dll
2009-02-17 21:13:51 —-A—- C:WINDOWSsystem32comsvcs.dll
2009-02-17 21:13:50 —-A—- C:WINDOWSsystem32comuid.dll
2009-02-17 21:13:50 —-A—- C:WINDOWSsystem32clbcatq.dll
2009-02-17 21:13:37 —-A—- C:WINDOWSsystem32servdeps.dll
2009-02-17 21:13:37 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-02-17 21:13:37 —-A—- C:WINDOWSsystem32licwmi.dll
2009-02-17 21:13:31 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 3 months======
2009-03-10 22:39:21 —-A—- C:WINDOWSwin.ini
2009-02-20 22:19:23 —-A—- C:WINDOWSsystem.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 P3;Драйвер Intel PentiumIII процессора; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-17 46848]
R2 NdisFileServices32;NdisFileServices32; ??C:WINDOWSsystem32driversoluenh.sys []
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversptgpr.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmpci.sys [2000-05-08 31796]
R3 HCF_MSFT;HCF_MSFT; C:WINDOWSsystem32DRIVERSHCF_MSFT.sys [2001-10-20 907968]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-02-18 155768]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 158768]
EOF
Здравствуйте Валери.
Вот результат проверки программы GMER.GMER 1.0.15.14944 — http://www.gmer.net
Rootkit scan 2009-03-21 17:06:42
Windows 5.1.2600 Service Pack 2—- Registry — GMER 1.0.15 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?—- EOF — GMER 1.0.15 —-
Результат проверки avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Driver «abp470n5» deleted successfully.
Error: file «C:WINDOWSsystem32driversptgpr.sys» not found!
Deletion of file «C:WINDOWSsystem32driversptgpr.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existCompleted script processing.
*******************
Finished! Terminate.
А вот свежий RSIT.exe log
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Айк at 2009-03-19 11:24:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (35%) free of 35 GB
Total RAM: 511 MB (71% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:18, on 26.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DOCUME~1C14C~1LOCALS~1Tempwinkbplue.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsАйкРабочий столRSIT.exe
C:Program Filestrend microАйк.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart17.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{E976EFF6-F957-41A8-91CF-232E00032C25}: NameServer = 212.73.65.40 217.113.0.8
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 3404 bytes======Registry dump======
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 262144][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadlibNMBgMonitor.exe [2005-10-28 94208]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart17.exe[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:С-i failerМои документыАнтивирусsavceclt.exe»=»D:С-i failerМои документыАнтивирусsavceclt.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE»=»C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE:*:Enabled:ipsec»
«C:WINDOWSsystem32dwwin.exe»=»C:WINDOWSsystem32dwwin.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Templqni.exe»=»C:DOCUME~1C14C~1LOCALS~1Templqni.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe»=»C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe:*:Enabled:ipsec»
«C:Program FilesAheadNero StartSmartNeroStartSmart.exe»=»C:Program FilesAheadNero StartSmartNeroStartSmart.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe»=»C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:Nero 7.0 уст.папкаSetupX.exe»=»C:Nero 7.0 уст.папкаSetupX.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столRSIT.exe»=»C:Documents and SettingsАйкРабочий столRSIT.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32NeroCheck.exe»=»C:WINDOWSsystem32NeroCheck.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadlibNMBgMonitor.exe»=»C:Program FilesCommon FilesAheadlibNMBgMonitor.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe:*:Enabled:ipsec»
«C:Program FilesAutoCAD 2007acad.exe»=»C:Program FilesAutoCAD 2007acad.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinvmnu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinvmnu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempmweq.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempmweq.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinrnembe.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinrnembe.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempksltmk.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempksltmk.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinkyjg.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinkyjg.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempvvgj.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempvvgj.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempmfujkj.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempmfujkj.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinsiwhuh.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinsiwhuh.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe»=»C:Documents and SettingsАйкРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinyxfph.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinyxfph.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкМои документыСамоучитель AutoCADWinDjView-0.5.exe»=»C:Documents and SettingsАйкМои документыСамоучитель AutoCADWinDjView-0.5.exe:*:Enabled:ipsec»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinaqrfb.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinaqrfb.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinaeiysr.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinaeiysr.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinufvcby.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinufvcby.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinojms.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinojms.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столДЛЯ уничтожения вирусовRSITRSIT.exe»=»C:Documents and SettingsАйкРабочий столДЛЯ уничтожения вирусовRSITRSIT.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-03-19 11:23:33 —-A—- C:avenger.txt
2009-03-17 20:02:36 —-A—- C:WINDOWSsystem32Dao360.dll
2009-03-17 20:02:35 —-D—- C:Program FilesBararan Program
2009-03-17 20:02:02 —-A—- C:WINDOWSdictionary.ini
2009-03-17 20:02:01 —-D—- C:ArmDicto
2009-03-17 20:01:53 —-A—- C:WINDOWSIsUninst.exe
2009-03-16 18:17:25 —-D—- C:WINDOWSMinidump
2009-03-05 11:33:47 —-D—- C:Avenger
2009-03-02 20:56:20 —-A—- C:WINDOWSNeroDigital.ini
2009-03-01 15:26:39 —-D—- C:_OTMoveIt
2009-03-01 15:16:34 —-D—- C:Documents and SettingsАйкApplication DataAhead
2009-03-01 15:15:11 —-D—- C:Program FilesNero
2009-03-01 14:43:42 —-D—- C:Nero 7.0 уст.папка
2009-02-27 15:38:11 —-D—- C:Program FilesArmenian NLS
2009-02-26 20:20:29 —-D—- C:rms
2009-02-26 14:53:31 —-D—- C:Program Filestrend micro
2009-02-26 14:53:29 —-D—- C:rsit
2009-02-26 14:21:49 —-D—- C:Образ установочного диска
2009-02-26 13:34:27 —-D—- C:Антивирус_для_Троян
2009-02-22 21:50:09 —-D—- C:Жизнь после жизни
2009-02-22 16:35:49 —-D—- C:Антивирус
2009-02-22 15:46:04 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-02-21 20:03:45 —-D—- C:Фрида
2009-02-21 19:53:15 —-D—- C:WINDOWSsystem32Quicktime
2009-02-21 19:53:13 —-D—- C:Program FilesSmartSound Software
2009-02-21 19:53:13 —-D—- C:Documents and SettingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 19:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataPinnacle
2009-02-21 19:45:54 —-D—- C:Program FilesPinnacle
2009-02-21 16:59:33 —-D—- C:Documents and SettingsАйкApplication DataCyberLink
2009-02-20 21:59:35 —-SHD—- C:Config.Msi
2009-02-20 21:16:40 —-D—- C:WINDOWSpss======List of files/folders modified in the last 1 months======
2009-03-19 11:24:28 —-D—- C:WINDOWSsystem32drivers
2009-03-19 11:24:06 —-A—- C:WINDOWSsystem32wmdrtc32.dll
2009-03-19 11:23:33 —-D—- C:WINDOWS
2009-03-19 11:22:04 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-19 11:22:03 —-A—- C:WINDOWSModemLog_Best Data Data Fax Modem.txt
2009-03-19 11:20:43 —-D—- C:WINDOWSPrefetch
2009-03-19 11:16:59 —-D—- C:WINDOWSTemp
2009-03-18 00:17:45 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-17 20:07:01 —-RSD—- C:WINDOWSFonts
2009-03-17 20:02:36 —-D—- C:WINDOWSsystem32
2009-03-17 20:02:35 —-RD—- C:Program Files
2009-03-17 19:56:39 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-10 21:39:21 —-A—- C:WINDOWSwin.ini
2009-03-05 18:32:23 —-SD—- C:Documents and SettingsАйкApplication DataMicrosoft
2009-03-01 15:16:46 —-SHD—- C:WINDOWSInstaller
2009-03-01 15:15:12 —-D—- C:Program FilesCommon FilesAhead
2009-03-01 14:49:09 —-D—- C:Program FilesAhead
2009-02-26 12:37:18 —-D—- C:WINDOWSHelp
2009-02-26 12:29:09 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-02-24 20:06:37 —-D—- C:WINDOWSsystem32CatRoot
2009-02-22 16:36:35 —-A—- C:WINDOWSsetuplog.txt
2009-02-22 16:34:01 —-D—- C:Program FilesCommon Files
2009-02-22 15:55:07 —-D—- C:WINDOWSsystem32config
2009-02-22 15:54:55 —-D—- C:WINDOWSsystem32wbem
2009-02-22 15:54:54 —-D—- C:WINDOWSRegistration
2009-02-22 15:50:42 —-D—- C:VirDefs
2009-02-22 15:50:42 —-D—- C:Support
2009-02-22 15:50:42 —-D—- C:Data
2009-02-22 15:47:56 —-D—- C:Program FilesCommon FilesInstallShield
2009-02-22 15:47:52 —-HD—- C:WINDOWSinf
2009-02-22 15:45:42 —-D—- C:WINDOWSsystem32Restore
2009-02-21 19:48:00 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-20 21:19:23 —-A—- C:WINDOWSsystem.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 P3;Драйвер Intel PentiumIII процессора; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-17 46848]
R2 NdisFileServices32;NdisFileServices32; ??C:WINDOWSsystem32driversoluenh.sys []
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversptgpr.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmpci.sys [2000-05-08 31796]
R3 HCF_MSFT;HCF_MSFT; C:WINDOWSsystem32DRIVERSHCF_MSFT.sys [2001-10-19 907968]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-02-18 155768]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 158768]
EOF
Здравствуйте Valeri. Сделал как вы написали,
и вот что пишет компьютер когда я запускаю программу ComboFix.exe
<Запрос ReadProcessMemory или WriteProcessMemory был выполнен только частично>. И больше ничего.
Что делать?Здравствуйте Valeri.
Сделал как вы сказали. Но перед тем, чтобы потвердить запрос программы avenger.exe появилось тот же противное окошко с надписью <Редактирование реестра запрещено администратором системы>, я нажал на OK после этого опять появилось тот же окно и так eще 2 раза, после этого avenger.exe выполнила проверку и потребовала перезагрузить компьютер, и 2 раза компьютер перезагрузился и появилась следующая надпись*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Driver «abp470n5» deleted successfully.
Error: registry key «RegistryMachineSystemCurrentControlSetServicesFile::» not found!
Deletion of driver «File::» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: registry key «RegistryMachineSystemCurrentControlSetServicesC:WINDOWSsystem32driversptgpr.sys» not found!
Deletion of driver «C:WINDOWSsystem32driversptgpr.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existCompleted script processing.
*******************
Finished! Terminate.
А вот свежий RSIT.exe log
🙁
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Айк at 2009-03-05 11:34:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (29%) free of 35 GB
Total RAM: 511 MB (72% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:18, on 26.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DOCUME~1C14C~1LOCALS~1Tempwinkbplue.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsАйкРабочий столRSIT.exe
C:Program Filestrend microАйк.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart17.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{E976EFF6-F957-41A8-91CF-232E00032C25}: NameServer = 212.73.65.40 217.113.0.8
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 3404 bytes======Registry dump======
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 262144][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadlibNMBgMonitor.exe [2005-10-28 94208]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart17.exe[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableRegistryTools»=1
«DisableTaskMgr»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:С-i failerМои документыАнтивирусsavceclt.exe»=»D:С-i failerМои документыАнтивирусsavceclt.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ipsec»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinikmon.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE»=»C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE:*:Enabled:ipsec»
«C:WINDOWSsystem32dwwin.exe»=»C:WINDOWSsystem32dwwin.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinfqxvp.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Templqni.exe»=»C:DOCUME~1C14C~1LOCALS~1Templqni.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinofomyu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinhhljbh.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe»=»C:Documents and SettingsАйкРабочий столFlash_Disinfector.exe:*:Enabled:ipsec»
«C:Program FilesAheadNero StartSmartNeroStartSmart.exe»=»C:Program FilesAheadNero StartSmartNeroStartSmart.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe»=»C:Program FilesCommon FilesAutodesk SharedWSCommCntr1.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:Nero 7.0 уст.папкаSetupX.exe»=»C:Nero 7.0 уст.папкаSetupX.exe:*:Enabled:ipsec»
«C:Documents and SettingsАйкРабочий столRSIT.exe»=»C:Documents and SettingsАйкРабочий столRSIT.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinvafs.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32NeroCheck.exe»=»C:WINDOWSsystem32NeroCheck.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadlibNMBgMonitor.exe»=»C:Program FilesCommon FilesAheadlibNMBgMonitor.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempbibu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinjivqiu.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwincfsfl.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinbycrnv.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempcdeq.exe:*:Enabled:ipsec»
«C:Program FilesAutoCAD 2007acad.exe»=»C:Program FilesAutoCAD 2007acad.exe:*:Enabled:ipsec»
«C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe»=»C:DOCUME~1C14C~1LOCALS~1Tempwinmyxv.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-03-05 11:33:47 —-D—- C:Avenger
2009-03-05 11:33:47 —-A—- C:avenger.txt
2009-03-02 20:56:20 —-A—- C:WINDOWSNeroDigital.ini
2009-03-01 15:26:39 —-D—- C:_OTMoveIt
2009-03-01 15:16:34 —-D—- C:Documents and SettingsАйкApplication DataAhead
2009-03-01 15:15:11 —-D—- C:Program FilesNero
2009-03-01 14:43:42 —-D—- C:Nero 7.0 уст.папка
2009-02-27 15:38:11 —-D—- C:Program FilesArmenian NLS
2009-02-26 20:20:29 —-D—- C:rms
2009-02-26 14:53:31 —-D—- C:Program Filestrend micro
2009-02-26 14:53:29 —-D—- C:rsit
2009-02-26 14:21:49 —-D—- C:Образ установочного диска
2009-02-26 13:34:27 —-D—- C:Антивирус_для_Троян
2009-02-22 21:50:09 —-D—- C:Жизнь после жизни
2009-02-22 16:35:49 —-D—- C:Антивирус
2009-02-22 15:46:04 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-02-21 20:03:45 —-D—- C:Фрида
2009-02-21 19:53:15 —-D—- C:WINDOWSsystem32Quicktime
2009-02-21 19:53:13 —-D—- C:Program FilesSmartSound Software
2009-02-21 19:53:13 —-D—- C:Documents and SettingsAll UsersApplication DataSmartSound Software Inc
2009-02-21 19:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataPinnacle
2009-02-21 19:45:54 —-D—- C:Program FilesPinnacle
2009-02-21 16:59:33 —-D—- C:Documents and SettingsАйкApplication DataCyberLink
2009-02-20 21:59:35 —-SHD—- C:Config.Msi
2009-02-20 21:16:40 —-D—- C:WINDOWSpss
2009-02-19 18:30:43 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-02-19 18:23:24 —-D—- C:VirDefs
2009-02-19 18:23:23 —-D—- C:Data
2009-02-19 18:23:17 —-D—- C:Support
2009-02-19 18:02:54 —-D—- C:Documents and SettingsАйкApplication DataMacromedia
2009-02-19 18:00:13 —-A—- C:WINDOWSModemLog_Best Data Data Fax Modem.txt
2009-02-18 21:48:06 —-SHD—- C:RECYCLER
2009-02-18 21:44:16 —-D—- C:Documents and SettingsАйкApplication DataAdobeUM
2009-02-18 21:43:57 —-D—- C:Documents and SettingsАйкApplication DataAdobe
2009-02-18 21:43:56 —-D—- C:Program FilesCommon FilesAdobe
2009-02-18 21:36:23 —-A—- C:WINDOWSsystem32capicom.dll
2009-02-18 21:36:12 —-D—- C:WINDOWSRegisteredPackages
2009-02-18 20:58:17 —-D—- C:Documents and SettingsAll UsersApplication DataCyberLink
2009-02-18 20:57:31 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-18 20:57:09 —-D—- C:Program FilesCyberLink
2009-02-18 20:56:59 —-D—- C:Program FilesCommon FilesInstallShield
2009-02-18 20:49:49 —-RA—- C:WINDOWSsystem32picn20.dll
2009-02-18 20:49:46 —-RA—- C:WINDOWSsystem32imagx5.dll
2009-02-18 20:49:46 —-RA—- C:WINDOWSsystem32imagr5.dll
2009-02-18 20:49:45 —-RA—- C:WINDOWSsystem32ImagXpr5.dll
2009-02-18 20:49:40 —-D—- C:Program FilesCommon FilesAhead
2009-02-18 20:43:55 —-RSH—- C:nideiect.com
2009-02-18 20:43:33 —-D—- C:AutoCAD
2009-02-18 20:43:26 —-A—- C:WINDOWSsystem32wmdrtc32.dll
2009-02-18 18:34:54 —-D—- C:Program FilesWinRAR
2009-02-18 18:34:32 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-02-18 18:34:29 —-D—- C:Program FilesAdobe
2009-02-18 18:32:11 —-D—- C:WINDOWSCache
2009-02-18 18:06:32 —-D—- C:Program FilesAnswerWorks 4.0
2009-02-18 18:04:40 —-D—- C:Program FilesAutoCAD 2007
2009-02-18 18:04:40 —-D—- C:Documents and SettingsАйкApplication DataAutodesk
2009-02-18 18:04:40 —-D—- C:Documents and SettingsAll UsersApplication DataAutodesk
2009-02-18 18:00:54 —-D—- C:Program FilesCommon FilesAutodesk Shared
2009-02-18 18:00:45 —-D—- C:Program FilesAutodesk
2009-02-18 18:00:40 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2009-02-18 17:55:46 —-RSD—- C:WINDOWSassembly
2009-02-18 17:55:09 —-D—- C:WINDOWSMicrosoft.NET
2009-02-18 17:54:18 —-N—- C:WINDOWSsystem32spmsg.dll
2009-02-18 17:54:05 —-HDC—- C:WINDOWS$MSI31Uninstall_KB893803v2$
2009-02-17 23:11:17 —-A—- C:WINDOWSsystem32h323log.txt
2009-02-17 23:07:20 —-A—- C:WINDOWSsystem32nv4_disp.dll
2009-02-17 23:06:26 —-A—- C:WINDOWSsystem32usbui.dll
2009-02-17 23:04:32 —-A—- C:WINDOWSimsins.BAK
2009-02-17 23:04:28 —-SHD—- C:WINDOWSInstaller
2009-02-17 23:04:28 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-17 23:04:27 —-D—- C:Program FilesCommon FilesODBC
2009-02-17 23:04:27 —-A—- C:WINDOWSODBCINST.INI
2009-02-17 23:04:21 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-02-17 23:04:19 —-RD—- C:Program Files
2009-02-17 23:04:19 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-17 23:04:19 —-D—- C:Program FilesCommon Files
2009-02-17 23:04:14 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-02-17 23:04:14 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-02-17 23:04:14 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-02-17 23:04:10 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-02-17 23:04:06 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-02-17 23:04:06 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-02-17 23:04:06 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-02-17 23:04:06 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-02-17 23:04:06 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-02-17 23:04:02 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-02-17 23:04:01 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-02-17 23:03:54 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-02-17 23:03:54 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbdur.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-02-17 23:03:53 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-02-17 23:03:52 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-02-17 23:03:52 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-02-17 23:03:50 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-17 23:03:50 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-02-17 23:03:49 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-17 23:03:49 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-02-17 23:03:49 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-02-17 23:03:44 —-A—- C:WINDOWSTASKMAN.EXE
2009-02-17 23:03:43 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-02-17 23:03:43 —-A—- C:WINDOWSsystem32batt.dll
2009-02-17 23:03:42 —-A—- C:WINDOWSNOTEPAD.EXE
2009-02-17 23:03:39 —-A—- C:WINDOWSsystem32storprop.dll
2009-02-17 23:03:28 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-17 23:03:19 —-RA—- C:WINDOWSSET8.tmp
2009-02-17 23:03:14 —-RA—- C:WINDOWSSET4.tmp
2009-02-17 23:03:12 —-RA—- C:WINDOWSSET3.tmp
2009-02-17 23:03:06 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-17 23:03:06 —-D—- C:WINDOWSsystem32CatRoot
2009-02-17 23:03:00 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-02-17 23:02:21 —-A—- C:WINDOWSsetuplog.txt
2009-02-17 23:02:17 —-D—- C:Documents and Settings
2009-02-17 23:01:22 —-SH—- C:boot.ini
2009-02-17 22:56:30 —-SHD—- C:System Volume Information
2009-02-17 22:54:17 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-17 22:54:17 —-RSD—- C:WINDOWSFonts
2009-02-17 22:54:17 —-RD—- C:WINDOWSWeb
2009-02-17 22:54:17 —-HD—- C:WINDOWSinf
2009-02-17 22:54:17 —-D—- C:WINDOWSWinSxS
2009-02-17 22:54:17 —-D—- C:WINDOWStwain_32
2009-02-17 22:54:17 —-D—- C:WINDOWSTemp
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32wins
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32wbem
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32usmt
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32spool
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32ShellExt
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32Setup
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32ras
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32oobe
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32npp
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32mui
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32inetsrv
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32IME
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32icsxml
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32ias
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32export
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32drivers
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32dhcp
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32config
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem323com_dmi
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem323076
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem322052
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321054
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321049
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321042
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321041
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321037
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321033
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321031
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321028
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem321025
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem32
2009-02-17 22:54:17 —-D—- C:WINDOWSsystem
2009-02-17 22:54:17 —-D—- C:WINDOWSsecurity
2009-02-17 22:54:17 —-D—- C:WINDOWSResources
2009-02-17 22:54:17 —-D—- C:WINDOWSrepair
2009-02-17 22:54:17 —-D—- C:WINDOWSProvisioning
2009-02-17 22:54:17 —-D—- C:WINDOWSPeerNet
2009-02-17 22:54:17 —-D—- C:WINDOWSpchealth
2009-02-17 22:54:17 —-D—- C:WINDOWSmui
2009-02-17 22:54:17 —-D—- C:WINDOWSmsapps
2009-02-17 22:54:17 —-D—- C:WINDOWSmsagent
2009-02-17 22:54:17 —-D—- C:WINDOWSMedia
2009-02-17 22:54:17 —-D—- C:WINDOWSjava
2009-02-17 22:54:17 —-D—- C:WINDOWSime
2009-02-17 22:54:17 —-D—- C:WINDOWSHelp
2009-02-17 22:54:17 —-D—- C:WINDOWSehome
2009-02-17 22:54:17 —-D—- C:WINDOWSDriver Cache
2009-02-17 22:54:17 —-D—- C:WINDOWSDebug
2009-02-17 22:54:17 —-D—- C:WINDOWSCursors
2009-02-17 22:54:17 —-D—- C:WINDOWSConnection Wizard
2009-02-17 22:54:17 —-D—- C:WINDOWSConfig
2009-02-17 22:54:17 —-D—- C:WINDOWSAppPatch
2009-02-17 22:54:17 —-D—- C:WINDOWSaddins
2009-02-17 22:54:17 —-D—- C:WINDOWS
2009-02-17 21:32:51 —-D—- C:Program FilesAhead
2009-02-17 21:18:15 —-A—- C:WINDOWSsystem32ksuser.dll
2009-02-17 21:10:02 —-A—- C:WINDOWSdemo.INI
2009-02-17 20:56:16 —-A—- C:WINDOWSODBC.INI
2009-02-17 20:56:12 —-A—- C:WINDOWSsystem32mdimon.dll
2009-02-17 20:55:15 —-D—- C:Program FilesCommon FilesDESIGNER
2009-02-17 20:54:59 —-D—- C:WINDOWSSHELLNEW
2009-02-17 20:54:58 —-D—- C:Program FilesMicrosoft Office
2009-02-17 20:32:00 —-D—- C:Documents and SettingsАйкApplication DataIdentities
2009-02-17 20:31:56 —-HD—- C:Program FilesUninstall Information
2009-02-17 20:31:48 —-ASH—- C:Documents and SettingsАйкApplication Datadesktop.ini
2009-02-17 20:31:47 —-SD—- C:Documents and SettingsАйкApplication DataMicrosoft
2009-02-17 20:29:30 —-D—- C:WINDOWSSoftwareDistribution
2009-02-17 20:29:29 —-D—- C:WINDOWSPrefetch
2009-02-17 20:29:28 —-SD—- C:WINDOWSsystem32Microsoft
2009-02-17 20:29:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-17 20:23:41 —-D—- C:WINDOWSsystem32xircom
2009-02-17 20:23:41 —-D—- C:Program Filesxerox
2009-02-17 20:23:41 —-D—- C:Program Filesmicrosoft frontpage
2009-02-17 20:22:47 —-A—- C:WINDOWScontrol.ini
2009-02-17 20:22:47 —-A—- C:AUTOEXEC.BAT
2009-02-17 20:22:26 —-A—- C:WINDOWSOEWABLog.txt
2009-02-17 20:22:21 —-A—- C:WINDOWSsystem32mapi32.dll
2009-02-17 20:20:40 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-17 20:20:40 —-RD—- C:WINDOWSOffline Web Pages
2009-02-17 20:20:40 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-17 20:20:27 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-17 20:20:19 —-D—- C:Program FilesWindowsUpdate
2009-02-17 20:20:13 —-D—- C:Program FilesOnline Services
2009-02-17 20:19:39 —-D—- C:WINDOWSsystem32DirectX
2009-02-17 20:18:52 —-A—- C:WINDOWSsystem32atrace.dll
2009-02-17 20:18:48 —-A—- C:WINDOWSsystem32desktop.ini
2009-02-17 20:18:48 —-A—- C:WINDOWSdesktop.ini
2009-02-17 20:18:33 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-02-17 20:18:31 —-A—- C:WINDOWSsystem32acctres.dll
2009-02-17 20:18:30 —-D—- C:Program FilesCommon FilesServices
2009-02-17 20:18:24 —-SD—- C:WINDOWSTasks
2009-02-17 20:18:24 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-02-17 20:18:22 —-D—- C:Program FilesCommon FilesMSSoap
2009-02-17 20:18:14 —-D—- C:WINDOWSsrchasst
2009-02-17 20:18:12 —-D—- C:WINDOWSsystem32Macromed
2009-02-17 20:18:05 —-A—- C:WINDOWSsystem32wuweb.dll
2009-02-17 20:18:05 —-A—- C:WINDOWSsystem32wucltui.dll
2009-02-17 20:18:05 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-02-17 20:18:05 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-02-17 20:18:04 —-A—- C:WINDOWSsystem32wups.dll
2009-02-17 20:18:04 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-02-17 20:18:03 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-02-17 20:18:03 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-02-17 20:18:03 —-A—- C:WINDOWSsystem32wuapi.dll
2009-02-17 20:18:03 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-02-17 20:18:03 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-02-17 20:18:02 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-02-17 20:18:02 —-A—- C:WINDOWSsystem32qmgr.dll
2009-02-17 20:17:54 —-D—- C:Program FilesMovie Maker
2009-02-17 20:17:45 —-A—- C:WINDOWSsystem32safrslv.dll
2009-02-17 20:17:45 —-A—- C:WINDOWSsystem32safrdm.dll
2009-02-17 20:17:45 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-02-17 20:17:45 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-02-17 20:17:38 —-A—- C:WINDOWSsystem32fltMc.exe
2009-02-17 20:17:38 —-A—- C:WINDOWSsystem32fltlib.dll
2009-02-17 20:17:37 —-D—- C:WINDOWSsystem32Restore
2009-02-17 20:17:37 —-A—- C:WINDOWSsystem32srrstr.dll
2009-02-17 20:17:36 —-A—- C:WINDOWSsystem32srsvc.dll
2009-02-17 20:17:36 —-A—- C:WINDOWSsystem32srclient.dll
2009-02-17 20:17:35 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-02-17 20:17:35 —-A—- C:WINDOWSsystem32ils.dll
2009-02-17 20:17:34 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-02-17 20:17:34 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-02-17 20:17:33 —-A—- C:WINDOWSsystem32msconf.dll
2009-02-17 20:17:33 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-02-17 20:17:28 —-D—- C:Program FilesNetMeeting
2009-02-17 20:17:28 —-A—- C:WINDOWSsystem32msoert2.dll
2009-02-17 20:17:28 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-02-17 20:17:25 —-A—- C:WINDOWSsystem32inetres.dll
2009-02-17 20:17:24 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-02-17 20:17:20 —-D—- C:Program FilesOutlook Express
2009-02-17 20:17:20 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-02-17 20:17:19 —-A—- C:WINDOWSsystem32mstinit.exe
2009-02-17 20:17:19 —-A—- C:WINDOWSsystem32mstask.dll
2009-02-17 20:17:18 —-A—- C:WINDOWSsystem32isign32.dll
2009-02-17 20:17:18 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-02-17 20:17:18 —-A—- C:WINDOWSsystem32icwdial.dll
2009-02-17 20:17:17 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-02-17 20:17:05 —-D—- C:Program FilesCommon FilesSystem
2009-02-17 20:17:03 —-D—- C:Program FilesInternet Explorer
2009-02-17 20:15:44 —-D—- C:Program FilesComPlus Applications
2009-02-17 20:15:41 —-A—- C:WINDOWSvbaddin.ini
2009-02-17 20:15:41 —-A—- C:WINDOWSvb.ini
2009-02-17 20:15:36 —-D—- C:WINDOWSRegistration
2009-02-17 20:15:27 —-D—- C:Program FilesWindows Media Player
2009-02-17 20:15:17 —-D—- C:Program FilesMessenger
2009-02-17 20:15:10 —-D—- C:Program FilesMSN Gaming Zone
2009-02-17 20:15:10 —-A—- C:WINDOWSsystem32write.exe
2009-02-17 20:14:50 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-02-17 20:14:50 —-A—- C:WINDOWSsystem32hticons.dll
2009-02-17 20:14:49 —-A—- C:WINDOWSsystem32avwav.dll
2009-02-17 20:14:49 —-A—- C:WINDOWSsystem32avmeter.dll
2009-02-17 20:14:48 —-A—- C:WINDOWSsystem32avtapi.dll
2009-02-17 20:14:47 —-A—- C:WINDOWSsystem32winchat.exe
2009-02-17 20:14:32 —-A—- C:WINDOWSsystem32getuname.dll
2009-02-17 20:14:31 —-A—- C:WINDOWSsystem32charmap.exe
2009-02-17 20:14:30 —-A—- C:WINDOWSsystem32calc.exe
2009-02-17 20:14:29 —-A—- C:WINDOWSsystem32winmine.exe
2009-02-17 20:14:29 —-A—- C:WINDOWSsystem32sol.exe
2009-02-17 20:14:28 —-A—- C:WINDOWSsystem32reset.exe
2009-02-17 20:14:28 —-A—- C:WINDOWSsystem32mshearts.exe
2009-02-17 20:14:28 —-A—- C:WINDOWSsystem32freecell.exe
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32tslabels.ini
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32tskill.exe
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-02-17 20:14:27 —-A—- C:WINDOWSsystem32tscon.exe
2009-02-17 20:14:26 —-A—- C:WINDOWSsystem32shadow.exe
2009-02-17 20:14:26 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-02-17 20:14:26 —-A—- C:WINDOWSsystem32regini.exe
2009-02-17 20:14:26 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-02-17 20:14:26 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-02-17 20:14:25 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-02-17 20:14:25 —-A—- C:WINDOWSsystem32msg.exe
2009-02-17 20:14:25 —-A—- C:WINDOWSsystem32logoff.exe
2009-02-17 20:14:25 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-02-17 20:14:24 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-02-17 20:14:23 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-02-17 20:14:22 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-02-17 20:14:22 —-A—- C:WINDOWSsystem32mtxex.dll
2009-02-17 20:14:22 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-02-17 20:14:22 —-A—- C:WINDOWSsystem32comrepl.dll
2009-02-17 20:14:22 —-A—- C:WINDOWSsystem32comaddin.dll
2009-02-17 20:14:21 —-A—- C:WINDOWSsystem32stclient.dll
2009-02-17 20:14:21 —-A—- C:WINDOWSsystem32comsnap.dll
2009-02-17 20:14:10 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-02-17 20:14:08 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-02-17 20:14:08 —-A—- C:WINDOWSsystem32accwiz.exe
2009-02-17 20:14:07 —-A—- C:WINDOWSsystem32mplay32.exe
2009-02-17 20:14:07 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-02-17 20:14:06 —-D—- C:Program FilesWindows NT
2009-02-17 20:14:05 —-A—- C:WINDOWSsystem32mspaint.exe
2009-02-17 20:14:05 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-02-17 20:14:04 —-A—- C:WINDOWSsystem32spider.exe
2009-02-17 20:14:03 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-02-17 20:14:02 —-A—- C:WINDOWSsystem32remotepg.dll
2009-02-17 20:14:02 —-A—- C:WINDOWSsystem32mstscax.dll
2009-02-17 20:14:02 —-A—- C:WINDOWSsystem32mstsc.exe
2009-02-17 20:14:01 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-02-17 20:14:01 —-A—- C:WINDOWSsystem32rdshost.exe
2009-02-17 20:14:01 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-02-17 20:14:01 —-A—- C:WINDOWSsystem32rdchost.dll
2009-02-17 20:14:00 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-02-17 20:14:00 —-A—- C:WINDOWSsystem32termsrv.dll
2009-02-17 20:14:00 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-02-17 20:14:00 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-02-17 20:13:59 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-02-17 20:13:59 —-A—- C:WINDOWSsystem32qprocess.exe
2009-02-17 20:13:59 —-A—- C:WINDOWSsystem32icaapi.dll
2009-02-17 20:13:59 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-02-17 20:13:58 —-D—- C:WINDOWSsystem32MsDtc
2009-02-17 20:13:58 —-A—- C:WINDOWSsystem32mtxoci.dll
2009-02-17 20:13:58 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2009-02-17 20:13:57 —-A—- C:WINDOWSsystem32msdtcprx.dll
2009-02-17 20:13:56 —-A—- C:WINDOWSsystem32xolehlp.dll
2009-02-17 20:13:56 —-A—- C:WINDOWSsystem32msdtctm.dll
2009-02-17 20:13:56 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-02-17 20:13:56 —-A—- C:WINDOWSsystem32msdtc.exe
2009-02-17 20:13:54 —-D—- C:WINDOWSsystem32Com
2009-02-17 20:13:54 —-A—- C:WINDOWSsystem32colbact.dll
2009-02-17 20:13:53 —-A—- C:WINDOWSsystem32clbcatex.dll
2009-02-17 20:13:53 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-02-17 20:13:52 —-A—- C:WINDOWSsystem32catsrvut.dll
2009-02-17 20:13:52 —-A—- C:WINDOWSsystem32catsrv.dll
2009-02-17 20:13:51 —-A—- C:WINDOWSsystem32comsvcs.dll
2009-02-17 20:13:50 —-A—- C:WINDOWSsystem32comuid.dll
2009-02-17 20:13:50 —-A—- C:WINDOWSsystem32clbcatq.dll
2009-02-17 20:13:37 —-A—- C:WINDOWSsystem32servdeps.dll
2009-02-17 20:13:37 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-02-17 20:13:37 —-A—- C:WINDOWSsystem32licwmi.dll
2009-02-17 20:13:31 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 1 months======
2009-02-20 21:19:23 —-A—- C:WINDOWSwin.ini
2009-02-20 21:19:23 —-A—- C:WINDOWSsystem.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 P3;Драйвер Intel PentiumIII процессора; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-17 46848]
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversptgpr.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmpci.sys [2000-05-08 31796]
R3 HCF_MSFT;HCF_MSFT; C:WINDOWSsystem32DRIVERSHCF_MSFT.sys [2001-10-19 907968]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R4 NdisFileServices32;NdisFileServices32; ??C:WINDOWSsystem32driversoluenh.sys []
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-02-18 155768]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 158768]
EOF
Я проверил CTRL+ALT+Delete опять пишет <Диспетчер задач отключен администратором>. 🙁
