Созданные ответы форума
-
Сообщения
-
Тем не менее, Касперский продолжает находить некоторые файлы которые не может вылечить:
24.09.2009 21:42:33 File C:WINDOWS:AstInfo: detected modification of new threat ‘Hidden.Object’.
24.09.2009 21:50:24 File c:documents and settingsàäìèíèñòðàòîððàáî÷èé ñòîëcombofix.exe//PE_Patch.UPX/32788R22FWJFWcatchme.cfxxe: detected modification of virus ‘Heur.Invader’.
24.09.2009 21:50:25 File c:documents and settingsàäìèíèñòðàòîððàáî÷èé ñòîëcombofix.exe//PE_Patch.UPX/32788R22FWJFWFileKill.cfxxe: detected modification of virus ‘Heur.Invader’.Спасибо. По-моему помогло.
ComboFix 09-09-20.04 — Администратор 24.09.2009 20:09.6.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1498 [GMT 4:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::
«c:windowssystem32JVMOD32.DLL»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32JVMOD32.DLL
.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.2009-09-22 17:35 . 2009-09-22 17:35
d
w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2009-09-13 19:21 . 2009-09-13 19:21
d
w- c:documents and settingsАдминистраторApplication DataPublish Providers
2009-09-13 19:17 . 2009-09-13 19:21
d
w- c:documents and settingsАдминистраторApplication DataSony
2009-09-13 19:17 . 2009-09-13 19:17
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataSony
2009-09-13 19:14 . 2009-09-13 19:14
d
w- c:documents and settingsAll UsersApplication DataSony
2009-09-13 19:14 . 2009-09-13 19:14
d
w- c:program filesSony
2009-09-06 20:23 . 2009-09-06 20:23
d
w- c:program filesWomble Multimedia
2009-09-06 12:30 . 2009-09-06 12:30
d
w- c:documents and settingsАдминистраторLocal SettingsApplication Datastellarium
2009-09-05 18:44 . 2009-09-05 18:44
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataGoogle
2009-09-05 18:40 . 2009-09-23 11:46
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataTemp
2009-09-05 18:39 . 2009-09-05 18:39
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataGoogle
2009-09-05 18:27 . 2009-09-05 18:27
d
w- c:documents and settingsАдминистраторApplication DataStellarium
2009-09-05 18:27 . 2009-09-05 18:27
d
w- c:program filesStellarium
2009-08-28 18:43 . 2009-08-30 08:29
d
w- c:documents and settingsAll UsersApplication DataArcSoft
2009-08-28 18:35 . 2009-08-29 05:15
d
w- c:documents and settingsАдминистраторApplication DataArcSoft
2009-08-28 18:31 . 2009-08-28 18:31
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataArcSoft
2009-08-28 18:24 . 2005-04-27 12:36 245408 —-a-w- c:windowssystem32unicows.dll
2009-08-28 18:24 . 2005-02-23 10:58 11776 —-a-w- c:windowssystem32driversafc.sys
2009-08-28 18:24 . 2009-08-28 18:30
d
w- c:program filesCommon FilesArcSoft
2009-08-28 18:23 . 2007-02-13 07:22 126976 —-a-w- c:windowssystem32MediaImpression Slideshow.scr
2009-08-28 18:22 . 2009-08-28 18:24
d
w- c:windowssystem32MediaImpression Slideshow
2009-08-28 18:21 . 2009-08-28 18:21
d
w- c:program filesArcSoft.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 16:23 . 2008-05-24 11:40 2777120 —sha-w- c:windowssystem32driversfidbox2.dat
2009-09-24 16:22 . 2008-05-24 11:40 528672 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-24 16:15 . 2008-05-24 11:40 32 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-24 16:05 . 2007-09-30 10:32
d
w- c:documents and settingsАдминистраторApplication DataAzureus
2009-09-24 15:37 . 2007-10-09 17:04
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-09-24 15:36 . 2007-10-06 21:58
d
w- c:program filesSpeedFan
2009-09-24 15:36 . 2007-09-30 05:59 16 —-a-w- c:windowssystem32magicpvt.dat
2009-09-24 15:35 . 2009-08-02 08:41 32 —-a-w- c:windowssystem32driver.dat
2009-09-24 12:56 . 2008-05-24 11:40 261044 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-23 11:46 . 2008-06-08 04:59
d
w- c:program filesGoogle
2009-09-22 12:27 . 2008-05-24 11:41 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-22 12:27 . 2008-05-24 11:41 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-19 17:58 . 2009-07-23 17:44
d
w- c:documents and settingsАдминистраторApplication DataBSplayer PRO
2009-09-11 19:15 . 2008-04-30 16:49
d
w- c:program filesSKTools
2009-09-11 19:14 . 2008-10-01 17:23 162816 —-a-w- c:windowssystem32fmod.dll
2009-08-30 11:28 . 2001-10-20 09:00 85140 —-a-w- c:windowssystem32perfc019.dat
2009-08-30 11:28 . 2001-10-20 09:00 487750 —-a-w- c:windowssystem32perfh019.dat
2009-08-30 09:31 . 2007-09-30 05:59
d—h—w- c:program filesInstallShield Installation Information
2009-08-29 05:16 . 2007-09-30 10:24
d
w- c:program filesAzureus
2009-08-14 19:58 . 2009-08-14 19:58
d
w- c:program filesCommon FilesPCSuite
2009-08-14 19:57 . 2008-11-16 11:51
d
w- c:program filesCommon FilesNokia
2009-08-14 19:57 . 2007-12-22 20:33
d
w- c:program filesNokia
2009-08-14 19:53 . 2007-12-22 20:32
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-08-08 12:41 . 2009-08-08 12:40
d
w- c:program filesK-Lite Codec Pack
2009-08-02 18:18 . 2009-08-02 18:18
d
w- c:program filesDisplay Tuner
2009-08-02 13:15 . 2009-08-02 13:15
d
w- c:documents and settingsАдминистраторApplication DataHDRsoft
2009-08-02 13:05 . 2009-08-02 13:05
d
w- c:program filesPhotomatixPro3
2009-08-02 12:52 . 2007-09-30 05:59
d
w- c:program filesSEC
2009-08-02 08:29 . 2008-12-18 17:54
d
w- c:program filesCommon FilesWise Installation Wizard
2009-08-02 08:29 . 2008-12-18 17:55
d
w- c:program filesAGEIA Technologies
2009-08-02 08:20 . 2009-08-02 08:20
d
w- c:program filesSystemRequirementsLab
2009-08-01 20:34 . 2009-07-15 18:42
d
w- c:program filesPTGui
2009-08-01 13:26 . 2007-10-03 17:34
d
w- c:documents and settingsАдминистраторApplication DataApple Computer
2009-08-01 09:56 . 2009-07-15 19:34
d
w- c:program filesArtizen HDR
2009-07-29 18:34 . 2009-07-25 20:53
d
w- c:program filesImagenomic
2009-07-29 18:17 . 2007-09-30 05:25 70792 —-a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-29 18:07 . 2009-07-29 18:07
d
w- c:documents and settingsAll UsersApplication DataALM
2009-07-29 18:01 . 2007-10-07 05:54
d
w- c:program filesCommon FilesAdobe
2009-07-29 17:51 . 2009-07-29 17:51
d
w- c:program filesAdobe Media Player
2009-07-29 17:49 . 2009-07-29 17:49
d
w- c:program filesCommon FilesAdobe AIR
2009-07-26 20:24 . 2009-07-26 20:24
d
w- c:documents and settingsАдминистраторApplication DataAlien Skin
2009-07-26 20:21 . 2009-07-26 20:21
d
w- c:program filesAlien Skin
2009-07-20 18:15 . 2009-07-20 17:18 8 —-a-w- c:windowssystem32nvModes.dat
2009-07-14 18:54 . 2009-08-02 08:27 2189856 —-a-w- c:windowssystem32nvcuvid.dll
2009-07-14 18:54 . 2009-08-02 08:27 1706528 —-a-w- c:windowssystem32nvcuvenc.dll
2009-07-14 18:54 . 2009-08-02 08:27 1597690 —-a-w- c:windowssystem32nvdata.bin
2009-07-14 18:54 . 2008-10-07 10:33 2002944 —-a-w- c:windowssystem32nvcuda.dll
2009-07-14 18:54 . 2007-09-30 05:22 485920 —-a-w- c:windowssystem32nvudisp.exe
2009-07-14 18:54 . 2007-09-16 21:07 868352 —-a-w- c:windowssystem32nvapi.dll
2009-07-14 18:54 . 2007-09-16 21:07 7741664 —-a-w- c:windowssystem32driversnv4_mini.sys
2009-07-14 18:54 . 2007-09-16 21:07 5842816 —-a-w- c:windowssystem32nv4_disp.dll
2009-07-14 18:54 . 2007-09-16 21:07 151552 —-a-w- c:windowssystem32nvcodins.dll
2009-07-14 18:54 . 2007-09-16 21:07 151552 —-a-w- c:windowssystem32nvcod.dll
2009-07-14 18:54 . 2007-09-16 21:07 10457088 —-a-w- c:windowssystem32nvoglnt.dll
2009-07-14 09:34 . 2009-07-14 09:34 86016 —-a-w- c:windowssystem32nvmctray.dll
2009-07-14 09:34 . 2009-07-14 09:34 8085504 —-a-w- c:windowssystem32nvdispsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 4923392 —-a-w- c:windowssystem32nvdisps.dll
2009-07-14 09:34 . 2009-07-14 09:34 4640768 —-a-w- c:windowssystem32nvgamesr.dll
2009-07-14 09:34 . 2009-07-14 09:34 458752 —-a-w- c:windowssystem32nvmccssr.dll
2009-07-14 09:34 . 2009-07-14 09:34 3547136 —-a-w- c:windowssystem32nvgames.dll
2009-07-14 09:34 . 2009-07-14 09:34 2854912 —-a-w- c:windowssystem32nvmoblsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 188416 —-a-w- c:windowssystem32nvmccss.dll
2009-07-14 09:34 . 2009-07-14 09:34 168004 —-a-w- c:windowssystem32nvsvc32.exe
2009-07-14 09:34 . 2009-07-14 09:34 143360 —-a-w- c:windowssystem32nvcolor.exe
2009-07-14 09:34 . 2009-07-14 09:34 13877248 —-a-w- c:windowssystem32nvcpl.dll
2009-07-14 09:34 . 2009-07-14 09:34 1286144 —-a-w- c:windowssystem32nvmobls.dll
2009-07-14 09:34 . 2009-07-14 09:34 229376 —-a-w- c:windowssystem32nvmccs.dll
2009-07-10 03:01 . 2007-09-30 05:22 485920 —-a-w- c:windowssystem32NVUNINST.EXE
2009-07-02 20:07 . 2009-05-26 20:10 195248 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
.
Sigcheck
[-] 2009-05-30 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[-] 2009-03-22 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:windows$NtUninstallKB951748$tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcachetcpip.sys
[-] 2008-05-18 . 482AB7F9CD41702E8F856C11CFEFB02D . 360064 . . [5.1.2600.3244] . . c:windows$NtServicePackUninstall$tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386TCPIP.SYS
[-] 2008-01-22 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:windows$NtUninstallKB941644$tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:windows$hf_mig$KB917953SP2QFEtcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:windows$NtUninstallKB917953$tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-21_18.35.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 11:47 . 2009-09-23 11:47 25214 c:windowsInstaller{FE24D361-A3E8-11DE-88F3-005056806466}UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-09-23 11:47 . 2009-09-23 11:47 25214 c:windowsInstaller{FE24D361-A3E8-11DE-88F3-005056806466}ARPPRODUCTICON.exe
+ 2009-09-23 11:47 . 2009-09-23 11:47 914944 c:windowsInstaller2b6c46.msi
+ 2007-04-24 07:32 . 2007-03-11 17:51 1488688 c:windowssystem32LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 —-a-w- c:program filesAskBarDisbarbinaskBar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3041d03e-fd4b-44e0-b742-2d9b88305f98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-12-09 333192][HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3041D03E-FD4B-44E0-B742-2D9B88305F98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-12-09 333192][HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«NCLaunch»=»c:windowsNCLAUNCH.EXe» [2009-04-17 65536]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144]
«DTuner»=»c:program filesDisplay TunerDTuner.exe» [2009-02-16 1426944][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-10-29 462848]
«MagicRotation»=»c:program filesMagicRotationMagicPvt.exe» [2005-11-21 1089536]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«Ai Nap»=»c:program filesASUSAi SuiteAiNapAiNap.exe» [2007-04-09 1423360]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-22 136600]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2007-01-09 167936]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-10 40048]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«RemoteControl9″=»c:program filesCyberLinkPowerDVD9PDVD9Serv.exe» [2009-02-16 87336]
«PDVD9LanguageShortcut»=»c:program filesCyberLinkPowerDVD9LanguageLanguage.exe» [2008-10-13 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2009-02-28 75048]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-07-14 13877248]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-07-14 86016]
«ArcSoft Connection Service»=»c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe» [2009-07-10 195072][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
SpeedFan.lnk — c:program filesSpeedFanspeedfan.exe [2007-9-17 2902528]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ASUS WiFi-AP Solo.lnk — c:program filesASUS WiFi-AP SoloRtWLan.exe [2008-6-11 987136]
Azureus Vuze.lnk — c:program filesAzureusAzureus.exe [2007-9-30 199616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\xrEngine.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\dedicated\xrEngine.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«»=
«5353:TCP»= 5353:TCP:Adobe CSI CS4R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [06.09.2008 1:47 2915944]
R1 magicpvt;magicpvt;c:windowssystem32driversmagicpvt.sys [30.09.2007 9:59 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/22 20:42];c:program filesCyberLinkPowerDVD900.fcl [28.02.2009 20:40 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 19:58 566560]
R2 ASKService;ASKService;c:program filesAskBarDisbarbinAskService.exe [23.03.2009 21:09 464264]
R2 ASKUpgrade;ASKUpgrade;c:program filesAskBarDisbarbinASKUpgrade.exe [23.03.2009 21:09 234888]
R2 ASTSRV;Nalpeiron Licensing Service;c:windowssystem32ASTSRV.EXE [27.07.2009 0:21 57344]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:windowssystem32driversddcdrv.sys [02.08.2009 22:18 10240]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [30.09.2007 8:37 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [30.09.2007 8:37 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [30.09.2007 8:37 108675]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 13:28 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [11.06.2008 21:01 176128]
R3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [11.06.2008 21:01 13532]
S2 Планировщик автоматического запуска LiveUpdate;Планировщик автоматического запуска LiveUpdate; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [05.09.2009 22:39 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [19.06.2009 23:30 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [19.06.2009 23:30 8320]— Other Services/Drivers In Memory —
*NewlyCreated* — SJYPKT
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-09-23 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]2009-09-24 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-05 18:39]2009-09-24 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-05 18:39]2009-09-24 c:windowsTasksUser_Feed_Synchronization-{EF8C4079-FA2B-4F41-9309-B856A348FB7B}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 01:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 152.3.138.2:3127
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CDA567A6-D702-49EF-90B2-8D2A3329AE96} = 195.34.32.116 212.188.4.10
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} — hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilestp9xiy2w.default
FF — component: c:program filesNokiaNokia PC Suite 7bkmrksynccomponentsBkMrkExt.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 20:23
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-583907252-515967899-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1428)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1500)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
.
Completion time: 2009-09-24 20:26
ComboFix-quarantined-files.txt 2009-09-24 16:26
ComboFix2.txt 2009-09-22 17:04
ComboFix3.txt 2009-09-21 19:05
ComboFix4.txt 2009-09-21 18:47
ComboFix5.txt 2009-09-24 16:08Pre-Run: 80 385 519 616 байт свободно
Post-Run: 80 456 908 800 байт свободно300
Опять столкнулся с той же проблемой, которая рписана в исходном сообщении, но приведенный в нем скрипт не помогает.
Помогите, пожалуйста, решить проблему. Ниже привожу лог Combofix.ComboFix 09-09-20.04 — Администратор 21.09.2009 22:49.4.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1324 [GMT 4:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.2009-09-21 12:12 . 2008-06-17 19:02 20530 —-a-w- c:windowssystem32JVMOD32.DLL
2009-09-13 19:21 . 2009-09-13 19:21
d
w- c:documents and settingsАдминистраторApplication DataPublish Providers
2009-09-13 19:17 . 2009-09-13 19:21
d
w- c:documents and settingsАдминистраторApplication DataSony
2009-09-13 19:17 . 2009-09-13 19:17
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataSony
2009-09-13 19:14 . 2009-09-13 19:14
d
w- c:documents and settingsAll UsersApplication DataSony
2009-09-13 19:14 . 2009-09-13 19:14
d
w- c:program filesSony
2009-09-06 20:23 . 2009-09-06 20:23
d
w- c:program filesWomble Multimedia
2009-09-06 12:30 . 2009-09-06 12:30
d
w- c:documents and settingsАдминистраторLocal SettingsApplication Datastellarium
2009-09-05 18:44 . 2009-09-05 18:44
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataGoogle
2009-09-05 18:40 . 2009-09-06 08:21
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataTemp
2009-09-05 18:39 . 2009-09-05 18:39
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataGoogle
2009-09-05 18:27 . 2009-09-05 18:27
d
w- c:documents and settingsАдминистраторApplication DataStellarium
2009-09-05 18:27 . 2009-09-05 18:27
d
w- c:program filesStellarium
2009-08-28 18:43 . 2009-08-30 08:29
d
w- c:documents and settingsAll UsersApplication DataArcSoft
2009-08-28 18:35 . 2009-08-29 05:15
d
w- c:documents and settingsАдминистраторApplication DataArcSoft
2009-08-28 18:31 . 2009-08-28 18:31
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataArcSoft
2009-08-28 18:24 . 2005-04-27 12:36 245408 —-a-w- c:windowssystem32unicows.dll
2009-08-28 18:24 . 2005-02-23 10:58 11776 —-a-w- c:windowssystem32driversafc.sys
2009-08-28 18:24 . 2009-08-28 18:30
d
w- c:program filesCommon FilesArcSoft
2009-08-28 18:23 . 2007-02-13 07:22 126976 —-a-w- c:windowssystem32MediaImpression Slideshow.scr
2009-08-28 18:22 . 2009-08-28 18:24
d
w- c:windowssystem32MediaImpression Slideshow
2009-08-28 18:21 . 2009-08-28 18:21
d
w- c:program filesArcSoft.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 19:02 . 2008-05-24 11:40 78880 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-21 19:02 . 2008-05-24 11:40 32 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-21 19:01 . 2008-05-24 11:40 2745376 —sha-w- c:windowssystem32driversfidbox2.dat
2009-09-21 18:43 . 2007-09-30 10:32
d
w- c:documents and settingsАдминистраторApplication DataAzureus
2009-09-21 18:35 . 2007-10-06 21:58
d
w- c:program filesSpeedFan
2009-09-21 18:35 . 2007-09-30 05:59 16 —-a-w- c:windowssystem32magicpvt.dat
2009-09-21 18:34 . 2009-08-02 08:41 32 —-a-w- c:windowssystem32driver.dat
2009-09-21 17:18 . 2007-10-09 17:04
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-09-21 17:15 . 2008-05-24 11:40 257876 —sha-w- c:windowssystem32driversfidbox2.idx
2009-09-19 17:58 . 2009-07-23 17:44
d
w- c:documents and settingsАдминистраторApplication DataBSplayer PRO
2009-09-11 19:15 . 2008-04-30 16:49
d
w- c:program filesSKTools
2009-09-11 19:14 . 2008-10-01 17:23 162816 —-a-w- c:windowssystem32fmod.dll
2009-09-11 05:15 . 2008-05-24 11:41 95259 —-a-w- c:windowssystem32driversklick.dat
2009-09-11 05:15 . 2008-05-24 11:41 107547 —-a-w- c:windowssystem32driversklin.dat
2009-09-05 18:43 . 2008-06-08 04:59
d
w- c:program filesGoogle
2009-08-30 11:28 . 2001-10-20 09:00 85140 —-a-w- c:windowssystem32perfc019.dat
2009-08-30 11:28 . 2001-10-20 09:00 487750 —-a-w- c:windowssystem32perfh019.dat
2009-08-30 09:31 . 2007-09-30 05:59
d—h—w- c:program filesInstallShield Installation Information
2009-08-29 05:16 . 2007-09-30 10:24
d
w- c:program filesAzureus
2009-08-14 19:58 . 2009-08-14 19:58
d
w- c:program filesCommon FilesPCSuite
2009-08-14 19:57 . 2008-11-16 11:51
d
w- c:program filesCommon FilesNokia
2009-08-14 19:57 . 2007-12-22 20:33
d
w- c:program filesNokia
2009-08-14 19:53 . 2007-12-22 20:32
d
w- c:documents and settingsAll UsersApplication DataInstallations
2009-08-08 12:41 . 2009-08-08 12:40
d
w- c:program filesK-Lite Codec Pack
2009-08-02 18:18 . 2009-08-02 18:18
d
w- c:program filesDisplay Tuner
2009-08-02 13:15 . 2009-08-02 13:15
d
w- c:documents and settingsАдминистраторApplication DataHDRsoft
2009-08-02 13:05 . 2009-08-02 13:05
d
w- c:program filesPhotomatixPro3
2009-08-02 12:52 . 2007-09-30 05:59
d
w- c:program filesSEC
2009-08-02 08:29 . 2008-12-18 17:54
d
w- c:program filesCommon FilesWise Installation Wizard
2009-08-02 08:29 . 2008-12-18 17:55
d
w- c:program filesAGEIA Technologies
2009-08-02 08:20 . 2009-08-02 08:20
d
w- c:program filesSystemRequirementsLab
2009-08-01 20:34 . 2009-07-15 18:42
d
w- c:program filesPTGui
2009-08-01 13:26 . 2007-10-03 17:34
d
w- c:documents and settingsАдминистраторApplication DataApple Computer
2009-08-01 09:56 . 2009-07-15 19:34
d
w- c:program filesArtizen HDR
2009-07-29 18:34 . 2009-07-25 20:53
d
w- c:program filesImagenomic
2009-07-29 18:17 . 2007-09-30 05:25 70792 —-a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-29 18:07 . 2009-07-29 18:07
d
w- c:documents and settingsAll UsersApplication DataALM
2009-07-29 18:01 . 2007-10-07 05:54
d
w- c:program filesCommon FilesAdobe
2009-07-29 17:51 . 2009-07-29 17:51
d
w- c:program filesAdobe Media Player
2009-07-29 17:49 . 2009-07-29 17:49
d
w- c:program filesCommon FilesAdobe AIR
2009-07-26 20:24 . 2009-07-26 20:24
d
w- c:documents and settingsАдминистраторApplication DataAlien Skin
2009-07-26 20:21 . 2009-07-26 20:21
d
w- c:program filesAlien Skin
2009-07-25 20:58 . 2009-07-25 20:54
d
w- c:documents and settingsАдминистраторApplication DataImagenomic
2009-07-20 18:15 . 2009-07-20 17:18 8 —-a-w- c:windowssystem32nvModes.dat
2009-07-14 18:54 . 2009-08-02 08:27 2189856 —-a-w- c:windowssystem32nvcuvid.dll
2009-07-14 18:54 . 2009-08-02 08:27 1706528 —-a-w- c:windowssystem32nvcuvenc.dll
2009-07-14 18:54 . 2009-08-02 08:27 1597690 —-a-w- c:windowssystem32nvdata.bin
2009-07-14 18:54 . 2008-10-07 10:33 2002944 —-a-w- c:windowssystem32nvcuda.dll
2009-07-14 18:54 . 2007-09-30 05:22 485920 —-a-w- c:windowssystem32nvudisp.exe
2009-07-14 18:54 . 2007-09-16 21:07 868352 —-a-w- c:windowssystem32nvapi.dll
2009-07-14 18:54 . 2007-09-16 21:07 7741664 —-a-w- c:windowssystem32driversnv4_mini.sys
2009-07-14 18:54 . 2007-09-16 21:07 5842816 —-a-w- c:windowssystem32nv4_disp.dll
2009-07-14 18:54 . 2007-09-16 21:07 151552 —-a-w- c:windowssystem32nvcodins.dll
2009-07-14 18:54 . 2007-09-16 21:07 151552 —-a-w- c:windowssystem32nvcod.dll
2009-07-14 18:54 . 2007-09-16 21:07 10457088 —-a-w- c:windowssystem32nvoglnt.dll
2009-07-14 09:34 . 2009-07-14 09:34 86016 —-a-w- c:windowssystem32nvmctray.dll
2009-07-14 09:34 . 2009-07-14 09:34 8085504 —-a-w- c:windowssystem32nvdispsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 4923392 —-a-w- c:windowssystem32nvdisps.dll
2009-07-14 09:34 . 2009-07-14 09:34 4640768 —-a-w- c:windowssystem32nvgamesr.dll
2009-07-14 09:34 . 2009-07-14 09:34 458752 —-a-w- c:windowssystem32nvmccssr.dll
2009-07-14 09:34 . 2009-07-14 09:34 3547136 —-a-w- c:windowssystem32nvgames.dll
2009-07-14 09:34 . 2009-07-14 09:34 2854912 —-a-w- c:windowssystem32nvmoblsr.dll
2009-07-14 09:34 . 2009-07-14 09:34 188416 —-a-w- c:windowssystem32nvmccss.dll
2009-07-14 09:34 . 2009-07-14 09:34 168004 —-a-w- c:windowssystem32nvsvc32.exe
2009-07-14 09:34 . 2009-07-14 09:34 143360 —-a-w- c:windowssystem32nvcolor.exe
2009-07-14 09:34 . 2009-07-14 09:34 13877248 —-a-w- c:windowssystem32nvcpl.dll
2009-07-14 09:34 . 2009-07-14 09:34 1286144 —-a-w- c:windowssystem32nvmobls.dll
2009-07-14 09:34 . 2009-07-14 09:34 229376 —-a-w- c:windowssystem32nvmccs.dll
2009-07-10 03:01 . 2007-09-30 05:22 485920 —-a-w- c:windowssystem32NVUNINST.EXE
2009-07-02 20:07 . 2009-05-26 20:10 195248 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
.
Sigcheck
[-] 2009-05-30 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[-] 2009-03-22 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:windows$NtUninstallKB951748$tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcachetcpip.sys
[-] 2008-05-18 . 482AB7F9CD41702E8F856C11CFEFB02D . 360064 . . [5.1.2600.3244] . . c:windows$NtServicePackUninstall$tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386TCPIP.SYS
[-] 2008-01-22 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:windows$NtUninstallKB941644$tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:windows$hf_mig$KB917953SP2QFEtcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:windows$NtUninstallKB917953$tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 —-a-w- c:program filesAskBarDisbarbinaskBar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3041d03e-fd4b-44e0-b742-2d9b88305f98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-12-09 333192][HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3041D03E-FD4B-44E0-B742-2D9B88305F98}»= «c:program filesAskBarDisbarbinaskBar.dll» [2008-12-09 333192][HKEY_CLASSES_ROOTclsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOTTypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«NCLaunch»=»c:windowsNCLAUNCH.EXe» [2009-04-17 65536]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144]
«DTuner»=»c:program filesDisplay TunerDTuner.exe» [2009-02-16 1426944][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-10-29 462848]
«MagicRotation»=»c:program filesMagicRotationMagicPvt.exe» [2005-11-21 1089536]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«Ai Nap»=»c:program filesASUSAi SuiteAiNapAiNap.exe» [2007-04-09 1423360]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-22 136600]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2007-01-09 167936]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-10 40048]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«RemoteControl9″=»c:program filesCyberLinkPowerDVD9PDVD9Serv.exe» [2009-02-16 87336]
«PDVD9LanguageShortcut»=»c:program filesCyberLinkPowerDVD9LanguageLanguage.exe» [2008-10-13 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2009-02-28 75048]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-07-14 13877248]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-07-14 86016]
«ArcSoft Connection Service»=»c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe» [2009-07-10 195072][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
SpeedFan.lnk — c:program filesSpeedFanspeedfan.exe [2007-9-17 2902528]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ASUS WiFi-AP Solo.lnk — c:program filesASUS WiFi-AP SoloRtWLan.exe [2008-6-11 987136]
Azureus Vuze.lnk — c:program filesAzureusAzureus.exe [2007-9-30 199616][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«WebCheck»= {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} — JVMOD32.DLL [2008-06-17 20530][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\xrEngine.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\dedicated\xrEngine.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«»=
«5353:TCP»= 5353:TCP:Adobe CSI CS4R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [06.09.2008 1:47 2915944]
R1 magicpvt;magicpvt;c:windowssystem32driversmagicpvt.sys [30.09.2007 9:59 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/22 20:42];c:program filesCyberLinkPowerDVD900.fcl [28.02.2009 20:40 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 19:58 566560]
R2 ASKService;ASKService;c:program filesAskBarDisbarbinAskService.exe [23.03.2009 21:09 464264]
R2 ASKUpgrade;ASKUpgrade;c:program filesAskBarDisbarbinASKUpgrade.exe [23.03.2009 21:09 234888]
R2 ASTSRV;Nalpeiron Licensing Service;c:windowssystem32ASTSRV.EXE [27.07.2009 0:21 57344]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:windowssystem32driversddcdrv.sys [02.08.2009 22:18 10240]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [30.09.2007 8:37 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [30.09.2007 8:37 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [30.09.2007 8:37 108675]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 13:28 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [11.06.2008 21:01 176128]
R3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [11.06.2008 21:01 13532]
S2 Планировщик автоматического запуска LiveUpdate;Планировщик автоматического запуска LiveUpdate; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [05.09.2009 22:39 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [19.06.2009 23:30 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [19.06.2009 23:30 8320][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-09-16 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]2009-09-21 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-05 18:39]2009-09-21 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-05 18:39]2009-09-21 c:windowsTasksUser_Feed_Synchronization-{EF8C4079-FA2B-4F41-9309-B856A348FB7B}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 01:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 152.3.138.2:3127
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CDA567A6-D702-49EF-90B2-8D2A3329AE96} = 195.34.32.116 212.188.4.10
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} — hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilestp9xiy2w.default
FF — component: c:program filesNokiaNokia PC Suite 7bkmrksynccomponentsBkMrkExt.dll
.
.
File Associations
.
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 23:01
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-583907252-515967899-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1432)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1492)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll— — — — — — — > ‘explorer.exe'(512)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0scrchpg.dll
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32JVMOD32.DLL
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
c:program filesRescoPocket EncryptionRExpCtxU.dll
.
Completion time: 2009-09-21 23:04
ComboFix-quarantined-files.txt 2009-09-21 19:04
ComboFix2.txt 2009-09-21 18:47
ComboFix3.txt 2009-05-30 20:03Pre-Run: 80 647 487 488 байт свободно
Post-Run: 80 621 461 504 байт свободно300
Еще раз большое спасибо. Писал о проблеме еще на нескольких крупнейших российских форумах, но реальную помощь получил только здесь.
Большое спасибо за помощь. Касперский успокоился, Internet Explorer работает корректно.
Здравствуйте, спасибо за отклик. Прикладываю лог выполненных действий:
ComboFix 09-05-30.03 — Администратор 30.05.2009 23:39.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1310 [GMT 4:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:docume~1АДМИНИ~1LOCALS~1Tempswt-gdip-win32-3448.dll
c:docume~1АДМИНИ~1LOCALS~1Tempswt-win32-3448.dll
c:documents and settingsАдминистраторLocal SettingsTempswt-gdip-win32-3448.dll
c:documents and settingsАдминистраторLocal SettingsTempswt-win32-3448.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ALSYSIO
Service_ALSysIO((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.2009-05-30 05:39 . 2009-05-30 18:37
d
w c:program filesTrojan Remover
2009-05-30 05:39 . 2009-05-30 05:39
d
w c:documents and settingsAll UsersApplication DataSimply Super Software
2009-05-29 18:14 . 2009-05-29 18:14
d
w c:documents and settingsLocalServiceРабочий стол
2009-05-29 18:01 . 2009-05-30 18:39
d
w c:program filesLavasoft
2009-05-29 18:01 . 2009-05-30 18:38
d
w c:documents and settingsAll UsersApplication DataLavasoft
2009-05-28 17:07 . 2009-05-28 17:07
d
w c:program filesPivim Multibar
2009-05-26 20:10 . 2009-05-30 19:48 195248 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-05-26 20:09 . 2009-05-26 20:09
d
w c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2009-05-26 19:37 . 2009-05-26 19:37
d
w C:f4329c6b5c8e70f6a49245de07
2009-05-26 19:37 . 2009-05-26 19:59
d
w c:windowsSxsCaPendDel
2009-05-26 19:26 . 2009-02-06 10:10 227840
w c:windowssystem32dllcachewmiprvse.exe
2009-05-26 19:26 . 2009-03-06 14:23 284672
w c:windowssystem32dllcachepdh.dll
2009-05-26 19:26 . 2009-02-09 11:26 2190848
w c:windowssystem32dllcachentoskrnl.exe
2009-05-26 19:26 . 2009-02-09 11:25 111104
w c:windowssystem32dllcacheservices.exe
2009-05-26 19:26 . 2009-02-09 10:54 731136
w c:windowssystem32dllcachelsasrv.dll
2009-05-26 19:26 . 2009-02-09 10:54 687616
w c:windowssystem32dllcacheadvapi32.dll
2009-05-26 19:26 . 2009-02-09 10:54 401408
w c:windowssystem32dllcacherpcss.dll
2009-05-26 19:26 . 2009-02-09 10:54 718848
w c:windowssystem32dllcachentdll.dll
2009-05-26 19:26 . 2009-02-09 10:54 473600
w c:windowssystem32dllcachefastprox.dll
2009-05-26 19:26 . 2009-02-09 10:54 453120
w c:windowssystem32dllcachewmiprvsd.dll
2009-05-26 19:26 . 2009-02-09 11:26 2025984
w c:windowssystem32dllcachentkrpamp.exe
2009-05-26 19:26 . 2009-02-09 11:25 2147328
w c:windowssystem32dllcachentkrnlmp.exe
2009-05-26 19:25 . 2008-04-21 21:15 218624
w c:windowssystem32dllcachewordpad.exe
2009-05-26 19:24 . 2008-12-11 10:57 333952
w c:windowssystem32dllcachesrv.sys
2009-05-26 19:23 . 2008-10-24 11:21 455296
w c:windowssystem32dllcachemrxsmb.sys
2009-05-26 19:23 . 2008-09-04 17:17 1106944
w c:windowssystem32dllcachemsxml3.dll
2009-05-26 19:23 . 2008-10-15 16:37 337408
w c:windowssystem32dllcachenetapi32.dll
2009-05-26 19:23 . 2008-05-01 14:37 331776
w c:windowssystem32dllcachemsadce.dll
2009-05-26 19:21 . 2008-04-11 19:06 691712
w c:windowssystem32dllcacheinetcomm.dll
2009-05-26 19:20 . 2008-06-14 17:35 272512
w c:windowssystem32dllcachebthport.sys
2009-05-26 19:20 . 2008-05-08 14:02 203136
w c:windowssystem32dllcachermcast.sys
2009-05-26 06:53 . 2009-05-26 06:53
d
w c:documents and settingsАдминистраторApplication DataExplorer
2009-05-26 06:47 . 2008-04-14 16:10 19504 —-a-w c:windowssystem32java32w.dll
2009-05-25 07:50 . 2009-05-25 07:50
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-16 18:40 . 2009-05-16 18:40 0 —-a-w c:windowsnsreg.dat
2009-05-16 18:40 . 2009-05-16 18:40
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataMozilla
2009-05-10 06:10 . 2007-10-09 10:41 313856 —-a-w c:windowssystem32driversADIHdAud.sys
2009-05-10 06:10 . 2007-06-19 09:07 103424 —-a-w c:windowssystem32driversaeaudio.sys
2009-05-10 06:10 . 2007-03-27 06:36 28160 —-a-w c:windowssystem32PostProc.dll
2009-05-10 06:10 . 2006-03-17 14:18 392960 —-a-w c:windowssystem32driverssenfilt.sys
2009-05-10 06:10 . 2001-09-19 09:47 765952 —-a-w c:windowssystemcrlds3d.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 19:58 . 2007-09-30 10:32
d
w c:documents and settingsАдминистраторApplication DataAzureus
2009-05-30 19:51 . 2008-05-24 11:40 1731104 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-30 19:49 . 2008-05-24 11:40 64872224 —sha-w c:windowssystem32driversfidbox.dat
2009-05-30 19:49 . 2007-10-06 21:58
d
w c:program filesSpeedFan
2009-05-30 19:49 . 2007-09-30 05:59 16 —-a-w c:windowssystem32magicpvt.dat
2009-05-30 19:49 . 2008-12-18 18:14 32 —-a-w c:windowssystem32driver.dat
2009-05-30 19:48 . 2008-05-24 11:40 869732 —sha-w c:windowssystem32driversfidbox.idx
2009-05-30 19:48 . 2008-05-24 11:40 163244 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-30 14:34 . 2007-10-09 17:04
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-05-30 14:31 . 2004-08-03 15:14 361600 —-a-w c:windowssystem32driverstcpip.sys
2009-05-30 06:16 . 2009-03-22 17:38
d—a-w c:documents and settingsAll UsersApplication DataTemp
2009-05-29 17:41 . 2007-10-06 10:46
d
w c:program filesICQToolbar
2009-05-27 03:02 . 2001-10-20 09:00 85140 —-a-w c:windowssystem32perfc019.dat
2009-05-27 03:02 . 2001-10-20 09:00 487750 —-a-w c:windowssystem32perfh019.dat
2009-05-26 20:09 . 2007-09-30 05:25 70792 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-23 05:10 . 2008-02-06 18:17
d
w c:documents and settingsАдминистраторApplication DataSkype
2009-05-23 05:03 . 2008-02-06 18:19
d
w c:documents and settingsАдминистраторApplication DataskypePM
2009-05-20 14:25 . 2008-05-24 11:41 94643 —-a-w c:windowssystem32driversklick.dat
2009-05-20 14:25 . 2008-05-24 11:41 105395 —-a-w c:windowssystem32driversklin.dat
2009-05-10 06:18 . 2007-09-30 06:21
d
w c:program filesAnalog Devices
2009-05-09 17:20 . 2009-03-22 17:44
d
w c:documents and settingsАдминистраторApplication DataCyberLink
2009-04-25 05:11 . 2009-04-25 05:11
d
w c:program filesCommon FilesPCSuite
2009-04-25 05:11 . 2008-11-16 11:51
d
w c:program filesCommon FilesNokia
2009-04-25 05:11 . 2007-12-22 20:33
d
w c:program filesNokia
2009-04-25 05:05 . 2009-04-25 05:05
d
w c:program filesPC Connectivity Solution
2009-04-25 05:00 . 2009-04-25 05:00 8192 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstCCD.exe
2009-04-25 05:00 . 2009-04-25 05:00 61440 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-04-25 05:00 . 2009-04-25 05:00 10240 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCS.exe
2009-04-25 05:00 . 2007-12-22 20:32
d
w c:documents and settingsAll UsersApplication DataInstallations
2009-04-25 04:59 . 2009-04-25 05:02 34472008 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}Nokia_PC_Suite_7_1_26_0_rus.exe
2009-04-17 16:52 . 2009-04-17 16:52 850351 —-a-w c:windowsFreelander 2 — Slide Show.scr
2009-04-17 16:52 . 2009-04-17 16:52 65536 —-a-w c:windowsNCLAUNCH.EXe
2009-04-17 16:52 . 2009-04-17 16:52 45056 —-a-w c:windowsNCUNINST.EXe
2009-04-11 04:59 . 2007-09-30 10:24
d
w c:program filesAzureus
2009-03-22 17:37 . 2009-03-22 17:39 29480 —-a-w c:windowssystem32msxml3a.dll
2009-03-22 17:37 . 2009-03-22 17:38 53319 —-a-w c:documents and settingsAll UsersApplication DataTemp{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}PostBuild.exe
2009-03-22 05:16 . 2009-01-20 18:35 10684866 —-a-w c:documents and settingsАдминистраторApplication DataAzureuspluginsazumpmplayer.exe
2009-03-21 07:18 . 2009-03-21 07:18 56 —ha-w c:windowssystem32ezsidmv.dat
2009-03-08 01:34 . 2004-08-17 08:04 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 01:34 . 2004-08-17 08:04 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 01:33 . 2004-08-17 08:04 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 01:33 . 2004-08-17 08:04 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 01:32 . 2004-08-17 08:04 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 01:32 . 2004-08-17 08:04 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 01:31 . 2004-08-17 08:04 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 01:31 . 2004-08-17 08:02 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 01:31 . 2004-08-17 08:04 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 01:22 . 2001-10-20 09:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:23 . 2004-08-17 08:04 284672 —-a-w c:windowssystem32pdh.dll
.
Sigcheck
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:windows$hf_mig$KB917953SP2QFEtcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[-] 2008-05-18 19:20 360064 482AB7F9CD41702E8F856C11CFEFB02D c:windows$NtServicePackUninstall$tcpip.sys
[7] 2004-08-03 15:14 359040 9F4B36614A0FC234525BA224957DE55C c:windows$NtUninstallKB917953$tcpip.sys
[-] 2008-01-22 17:51 359808 DE891AD282E856ACFD40990094A63B6F c:windows$NtUninstallKB941644$tcpip.sys
[-] 2009-03-22 18:51 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windows$NtUninstallKB951748$tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386TCPIP.SYS
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3gdrtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3qfetcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
[-] 2009-05-30 14:31 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-28_17.32.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 04:05 . 2008-07-29 04:05 62976 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90rus.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 46080 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90kor.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 46592 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90jpn.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 64512 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90ita.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 66048 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90fra.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 65024 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90esp.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 65024 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90esn.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 56832 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90enu.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 66560 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90deu.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 39936 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90cht.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 38912 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90chs.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 59904 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfcm90u.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 59904 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfcm90.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 80896 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfcm90ud.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 80896 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfcm90d.dll
+ 2007-10-09 17:09 . 2009-05-30 05:28 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2007-10-09 17:09 . 2009-05-30 05:28 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2007-10-09 17:09 . 2009-05-30 05:28 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2008-07-29 04:05 . 2008-07-29 04:05 875520 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcp90d.dll
+ 2008-07-28 23:54 . 2008-07-28 23:54 312832 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcm90d.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 655872 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcr90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 572928 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcp90.dll
+ 2008-07-28 23:54 . 2008-07-28 23:54 225280 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcm90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 161784 c:windowsWinSxSx86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2atl90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 3783672 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfc90u.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 3768312 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfc90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 5982720 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfc90ud.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 5937144 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfc90d.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 1180672 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcr90d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 —-a-w c:program filesAskBarDisbarbinaskBar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-09-17 68856]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«RGSC»=»c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe» [2008-12-20 306088]
«NCLaunch»=»c:windowsNCLAUNCH.EXe» [2009-04-17 65536]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-03-20 1312256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-10-29 462848]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«MagicRotation»=»c:program filesMagicRotationMagicPvt.exe» [2005-11-21 1089536]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«Ai Nap»=»c:program filesASUSAi SuiteAiNapAiNap.exe» [2007-04-09 1423360]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-22 136600]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2007-01-09 167936]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-10 40048]
«Symantec PIF AlertEng»=»c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2007-03-12 517768]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«RemoteControl9″=»c:program filesCyberLinkPowerDVD9PDVD9Serv.exe» [2009-02-16 87336]
«PDVD9LanguageShortcut»=»c:program filesCyberLinkPowerDVD9LanguageLanguage.exe» [2008-10-13 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2009-02-28 75048]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-10-07 1630208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
SpeedFan.lnk — c:program filesSpeedFanspeedfan.exe [2007-9-17 2902528]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ASUS WiFi-AP Solo.lnk — c:program filesASUS WiFi-AP SoloRtWLan.exe [2008-6-11 987136]
Azureus Vuze.lnk — c:program filesAzureusAzureus.exe [2007-9-30 199616]
Color Calibration.lnk — c:program filesSECMagicTune3.6GammaTray.exe [2007-9-30 36864]
MagicTune 3.6.lnk — c:program filesSECMagicTune3.6MagicTuneTray.exe [2007-9-30 45056][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\xrEngine.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\dedicated\xrEngine.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«»=R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [06.09.2008 1:47 2915944]
R1 magicpvt;magicpvt;c:windowssystem32driversmagicpvt.sys [30.09.2007 9:59 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/22 20:42];c:program filesCyberLinkPowerDVD9000.fcl [28.02.2009 20:40 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 19:58 566560]
R2 ASKService;ASKService;c:program filesAskBarDisbarbinAskService.exe [23.03.2009 21:09 464264]
R2 ASKUpgrade;ASKUpgrade;c:program filesAskBarDisbarbinASKUpgrade.exe [23.03.2009 21:09 234888]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [30.09.2007 8:37 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [30.09.2007 8:37 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [30.09.2007 8:37 108675]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 13:28 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [11.06.2008 21:01 176128]
R3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [11.06.2008 21:01 13532]
S2 Планировщик автоматического запуска LiveUpdate;Планировщик автоматического запуска LiveUpdate; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-05-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]2009-05-30 c:windowsTasksUser_Feed_Synchronization-{EF8C4079-FA2B-4F41-9309-B856A348FB7B}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 01:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 152.3.138.2:3127
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CDA567A6-D702-49EF-90B2-8D2A3329AE96} = 195.34.32.116 212.188.4.10
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilestp9xiy2w.default
FF — component: c:program filesNokiaNokia PC Suite 7bkmrksynccomponentsBkMrkExt.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 23:50
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-583907252-515967899-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1424)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1480)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll— — — — — — — > ‘explorer.exe'(5628)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0scrchpg.dll
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32WgaTray.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:windowssystem32rundll32.exe
c:program filesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
c:program filesBonjourmDNSResponder.exe
c:progra~1MICROS~2rapimgr.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32PnkBstrA.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:program filesiPodbiniPodService.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:windowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-05-30 0:03 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 20:03
ComboFix2.txt 2009-05-28 17:34Pre-Run: 73 173 553 152 байт свободно
Post-Run: 73 193 652 224 байт свободно355
