Созданные ответы форума
-
Сообщения
-
Вылеты все чаще. В половине случаев система загружается со 2-го, 3-го раза. Несколько раз, после перезагр., «каспер» кричал что базы повреждены-требовал обновления. Обновлял.Однажды не успел (снова вылет), после загрузки уже не требовал.Еще раз запустил ComboFix. Вот последний log.
ComboFix 09-04-30.05 — Администратор 04.05.2009 11:38.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.512.286 [GMT 3:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated)
FW: Антивирус Касперского *disabled*
.((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsАдминистраторApplication DataMAGIX
2009-04-30 19:30 . 2003-04-18 12:29 44544 —-a-w c:windowssystem32msxml4a.dll
2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsAll UsersApplication DataMAGIX
2009-04-30 19:29 . 2001-05-16 14:54 309616 —-a-w c:windowssystem32wmv8dmod.dll
2009-04-30 19:29 . 2001-05-11 10:18 420240 —-a-w c:windowssystem32mpg4c32.dll
2009-04-30 19:24 . 2009-04-30 19:29
d
w c:windowssystem32MAGIX
2009-04-30 19:24 . 2007-02-07 07:53 663552 —-a-w c:windowssystem32mgxoschk.dll
2009-04-30 08:11 . 2009-02-06 10:10 227840 -c—-w c:windowssystem32dllcachewmiprvse.exe
2009-04-30 08:11 . 2009-02-09 11:26 2190848 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-04-30 08:11 . 2009-03-06 14:23 284672 -c—-w c:windowssystem32dllcachepdh.dll
2009-04-30 08:11 . 2009-02-09 11:25 111104 -c—-w c:windowssystem32dllcacheservices.exe
2009-04-30 08:11 . 2009-02-09 10:54 401408 -c—-w c:windowssystem32dllcacherpcss.dll
2009-04-30 08:11 . 2009-02-09 10:54 473600 -c—-w c:windowssystem32dllcachefastprox.dll
2009-04-30 08:11 . 2009-02-09 10:54 687616 -c—-w c:windowssystem32dllcacheadvapi32.dll
2009-04-30 08:11 . 2009-02-09 10:54 731136 -c—-w c:windowssystem32dllcachelsasrv.dll
2009-04-30 08:11 . 2009-02-09 10:54 453120 -c—-w c:windowssystem32dllcachewmiprvsd.dll
2009-04-30 08:11 . 2009-02-09 10:54 718848 -c—-w c:windowssystem32dllcachentdll.dll
2009-04-30 08:11 . 2009-02-09 11:25 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-04-30 08:11 . 2009-02-09 11:26 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-04-30 05:30 . 2009-04-30 05:30
d
w c:program filesMSXML 4.0
2009-04-29 19:30 . 2008-10-15 16:37 337408 -c—-w c:windowssystem32dllcachenetapi32.dll
2009-04-29 19:22 . 2009-04-29 19:22
d
w c:windowsl2schemas
2009-04-29 19:19 . 2009-04-29 19:22
d
w c:windowsServicePackFiles
2009-04-29 19:02 . 2008-04-13 18:36 44672
w c:windowssystem32driversuagp35.sys
2009-04-29 19:01 . 2008-04-14 16:10 37376
w c:windowssystem32l2gpstore.dll
2009-04-29 18:56 . 2008-06-14 17:35 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-04-29 18:55 . 2008-12-20 22:15 1289728 -c—-w c:windowssystem32dllcachequartz.dll
2009-04-29 18:38 . 2008-08-14 10:04 138496 -c—-w c:windowssystem32dllcacheafd.sys
2009-04-29 18:30 . 2008-05-08 14:02 203136 -c—-w c:windowssystem32dllcachermcast.sys
2009-04-29 18:30 . 2008-10-24 11:21 455296 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-29 18:30 . 2008-12-11 10:57 333952 -c—-w c:windowssystem32dllcachesrv.sys
2009-04-29 18:30 . 2008-05-01 14:37 331776 -c—-w c:windowssystem32dllcachemsadce.dll
2009-04-29 18:29 . 2008-04-11 19:06 691712 -c—-w c:windowssystem32dllcacheinetcomm.dll
2009-04-29 18:26 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-04-29 18:26 . 2009-04-30 22:08
d—h—w c:windows$hf_mig$
2009-04-29 18:07 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-04-29 18:07 . 2008-05-05 04:25 3072
w c:windowssystem32xpsp4res.dll
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 09:01 . 2009-04-29 09:01
d
w c:documents and settingsАдминистраторApplication DataSun
2009-04-29 07:54 . 2009-04-30 09:53
d
w c:program filestrend micro
2009-04-29 07:54 . 2009-04-30 09:53
d
w C:rsit
2009-04-23 07:38 . 2009-04-23 09:39
d
w c:documents and settingsАдминистраторApplication DataSkype
2009-04-22 20:05 . 2009-04-22 20:05
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGHISLER
2009-04-22 13:35 . 2009-04-22 18:42
d
w c:program filesUnlocker
2009-04-20 20:00 . 2009-04-20 20:00 55808 —-a-w c:windowssystem32DevCon.exe
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsArj.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsLha.pif
2009-04-20 20:00 . 2009-04-20 20:00 24576 —-a-w c:windowsNoClose.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkunzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsRar.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsUc.pif
2009-04-17 11:37 . 2009-04-17 11:37
d
w c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-04-13 16:15 . 2009-04-13 16:15
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataIdentities
2009-04-13 15:44 . 2009-04-13 15:44
d
w c:documents and settingsAll UsersApplication DataInstallShield
2009-04-13 15:39 . 2009-04-13 15:39
d
w c:documents and settingsАдминистраторApplication DataInstallShield
2009-04-13 13:27 . 2009-04-13 13:27
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGoogle
2009-04-13 13:27 . 2009-04-13 13:27
d
w c:documents and settingsАдминистраторApplication DataGoogle
2009-04-13 11:14 . 2009-04-22 20:48
d
w c:program filesGoogle
2009-04-10 19:49 . 2009-04-10 19:49
d
w c:documents and settingsАдминистраторApplication DataCyberLink
2009-04-10 13:44 . 2009-04-10 13:47
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files
2009-04-10 10:07 . 2009-04-10 10:07
d
w c:documents and settingsAll UsersApplication DataEgoset
2009-04-07 14:54 . 1998-09-02 08:28 38160 —-a-w c:windowssystem32LMRTREND.dll
2009-04-07 14:54 . 1998-08-27 04:51 182032 —-a-w c:windowssystem32dxtmsft3.dll
2009-04-07 14:54 . 1998-09-02 08:28 63488 —-a-w c:windowssystem32unam4ie.exe
2009-04-07 14:54 . 1998-08-17 09:21 10240 —-a-w c:windowssystem32vidx16.dll
2009-04-07 14:54 . 1998-08-17 09:21 11776 —-a-w c:windowssystem32mciqtz.drv
2009-04-07 14:54 . 1998-09-02 08:02 194320 —-a-w c:windowssystem32qcut.dll
2009-04-07 14:54 . 2009-04-07 14:54 4608 —-a-w c:windowssystem32w95inf32.dll
2009-04-07 14:54 . 2009-04-07 14:54 2272 —-a-w c:windowssystem32w95inf16.dll
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-04-07 14:48 . 2009-04-07 14:48
d
w c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-04-07 14:45 . 2009-04-07 14:50
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-04-07 12:26 . 2009-05-01 17:28
d
w c:program filesAlawar.ru
2009-04-06 16:41 . 2009-05-01 23:13 2621440 —-a-w c:documents and settingsАдминистраторntuser.dat
2009-04-06 16:41 . 2009-05-01 23:13 2621440 —-a-w c:documents and settingsАдминистраторntuser.dat
2009-04-05 17:03 . 2009-04-05 17:03
d
w c:program filesuTorrent
2009-04-05 17:03 . 2009-04-22 20:43
d
w c:documents and settingsАдминистраторApplication DatauTorrent
2009-04-05 15:04 . 2009-04-29 17:06 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-05 15:04 . 2009-04-29 17:06 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-05 15:04 . 2009-05-01 23:13 2709536 —sha-w c:windowssystem32driversfidbox.dat
2009-04-05 15:04 . 2009-05-01 23:13 524320 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-05 15:04 . 2009-05-04 08:33
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesvetton.ru
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesK-Lite Codec Pack
2009-04-05 11:44 . 2009-04-05 13:28
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files(2)
2009-04-05 09:11 . 2009-04-05 09:11
d
w c:windowssystem32msmq.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 08:21 . 2009-04-01 07:44
d
w c:program filesMozilla Thunderbird
2009-05-01 23:13 . 2009-04-05 15:04 3920 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-01 23:13 . 2009-04-05 15:04 23296 —sha-w c:windowssystem32driversfidbox.idx
2009-05-01 08:47 . 2004-08-18 18:00 97456 —-a-w c:windowssystem32perfc019.dat
2009-05-01 08:47 . 2004-08-18 18:00 549504 —-a-w c:windowssystem32perfh019.dat
2009-04-30 19:31 . 2009-04-30 19:26
d
w c:program filesCommon FilesMAGIX Shared
2009-04-30 13:11 . 2002-01-01 01:25 64368 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-30 06:53 . 2009-04-29 14:37 98304 —-a-w c:windowsDUMP2f6c.tmp
2009-04-29 14:53 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP33c2.tmp
2009-04-29 14:52 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP2fda.tmp
2009-04-29 14:51 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP3102.tmp
2009-04-27 20:51 . 2002-01-01 00:15
d
w c:program filesCommon FilesAdobe
2009-04-13 15:41 . 2002-01-01 00:31
d—h—w c:program filesInstallShield Installation Information
2009-04-13 15:41 . 2002-01-01 00:31
d
w c:program filesCommon FilesInstallShield
2009-04-07 14:45 . 2001-12-31 23:17 717296 —-a-w c:windowssystem32driverssptd.sys
2009-04-07 14:27 . 2009-04-01 14:07 10 —-a-w c:windowspopcinfo.dat
2009-04-05 16:38 . 2009-04-01 15:24 664 —-a-w c:windowssystem32d3d9caps.dat
2009-04-05 15:28 . 2008-01-29 14:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-05 14:43 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP26a2.tmp
2009-04-05 14:31 . 2009-04-01 16:46
d
w c:program filesUninstall Tool
2009-04-05 14:14 . 2009-04-03 18:58
d
w c:program filesK-Lite Codec Pack(2)
2009-04-05 14:05 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30c4.tmp
2009-04-05 14:04 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2f1e.tmp
2009-04-05 14:03 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2e34.tmp
2009-04-05 13:47 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP321c.tmp
2009-04-05 13:45 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30b4.tmp
2009-04-05 13:44 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fe9.tmp
2009-04-05 05:01 . 2002-01-01 00:25
d
w c:program filesABBYY FineReader 8.0 Professional Edition
2009-04-03 11:29 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fca.tmp
2009-04-03 06:37 . 2001-12-31 23:12 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-04-02 05:29 . 2009-04-02 05:29 136 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication Datafusioncache.dat
2009-04-01 16:03 . 2009-04-01 16:03 552 —-a-w c:windowssystem32d3d8caps.dat
2009-04-01 09:42 . 2009-04-01 09:41 276749 —-a-w c:windowsPragma Uninstaller.exe
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesTrident Software
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesCommon FilesThraex Software
2009-04-01 08:54 . 2009-04-01 08:53 7168 —-a-w c:windowssystem32driversutm3mtq4.sys
2009-04-01 07:38 . 2009-04-01 07:38 0 —-a-w c:windowsnsreg.dat
2009-04-01 07:36 . 2009-04-01 07:35 7773824 —-a-w c:program filesFirefox Setup 3.0.8.exe
2009-03-06 14:23 . 2004-08-18 18:00 284672 —-a-w c:windowssystem32pdh.dll
2009-03-03 00:16 . 2008-02-08 14:38 828416 —-a-w c:windowssystem32wininet.dll
2009-02-20 17:19 . 2008-02-08 14:31 78336 —-a-w c:windowssystem32ieencode.dll
2009-02-10 16:09 . 2008-02-08 11:33 2067840 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 14:07 . 2008-02-08 14:30 1846912 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:26 . 2008-02-08 14:29 2190848 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:25 . 2004-08-18 18:00 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:54 . 2008-02-08 14:29 731136 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:54 . 2008-02-08 14:29 401408 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:54 . 2004-08-18 18:00 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:54 . 2004-08-18 18:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-06 10:39 . 2004-08-18 18:00 35328 —-a-w c:windowssystem32sc.exe
2009-02-03 19:58 . 2004-08-18 18:00 56832 —-a-w c:windowssystem32secur32.dll
.((((((((((((((((((((((((((((( SnapShot@2009-05-01_10.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 11:04 . 2009-05-03 14:14 84661 c:windowssystem32MacromedFlashuninstall_plugin.exe
— 2009-04-13 11:04 . 2009-04-13 11:04 84661 c:windowssystem32MacromedFlashuninstall_plugin.exe
+ 2009-05-03 15:02 . 2009-04-06 04:57 24921544 c:windowssystem32MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-04-05 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_013″=»rebuild.exe» — c:windowssystem32rebuild.exe [2007-11-01 114280][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R2 PTsup5;PsViatau;c:program filesTrident SoftwarePragmaptsup5.exe [2007-06-01 57344]
R3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance;d:commonDatabasebinfbserver.exe [2005-11-17 1527900]
S0 a348scsi;a348scsi;c:windowsSystem32Driversa348scsi.sys [2004-04-30 5248]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-05 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2008-04-30 24592].
Contents of the ‘Scheduled Tasks’ folder2009-04-29 c:windowsTasksWise Disk Cleaner 4.job
— d:program filesTotal CommanderUtilsDiskCleanerWiseDiskCleaner.exe [2009-04-20 20:00]2009-04-22 c:windowsTasksWise Registry Cleaner 4.job
— d:program filesTotal CommanderUtilsRegCleanerWiseRegistryCleaner.exe [2009-04-20 20:00]
.
.
Supplementary Scan
.
uStart Page = about:blank
mStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesrt3xjmr2.default
FF — plugin: c:program filesJavajre1.5.0_11binNPJava11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava12.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava13.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava14.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava32.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJPI150_11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPOJI610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpyaxmpb.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 11:40
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(984)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(3108)
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-05-04 11:41
ComboFix-quarantined-files.txt 2009-05-04 08:41
ComboFix2.txt 2009-05-03 06:01
ComboFix3.txt 2009-05-01 10:12Pre-Run: 8 792 907 776 байт свободно
Post-Run: 8 789 381 120 байт свободно243 — E O F — 2009-05-03 15:03
Здравствуйте Valeri. Еще раз спасибо.
ComboFix 09-04-30.05 — Администратор 03.05.2009 8:58.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.512.289 [GMT 3:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
FW: Антивирус Касперского *disabled*
.((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsАдминистраторApplication DataMAGIX
2009-04-30 19:30 . 2003-04-18 12:29 44544 —-a-w c:windowssystem32msxml4a.dll
2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsAll UsersApplication DataMAGIX
2009-04-30 19:29 . 2001-05-16 14:54 309616 —-a-w c:windowssystem32wmv8dmod.dll
2009-04-30 19:29 . 2001-05-11 10:18 420240 —-a-w c:windowssystem32mpg4c32.dll
2009-04-30 19:24 . 2009-04-30 19:29
d
w c:windowssystem32MAGIX
2009-04-30 19:24 . 2007-02-07 07:53 663552 —-a-w c:windowssystem32mgxoschk.dll
2009-04-30 08:11 . 2009-02-06 10:10 227840 -c—-w c:windowssystem32dllcachewmiprvse.exe
2009-04-30 08:11 . 2009-02-09 11:26 2190848 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-04-30 08:11 . 2009-03-06 14:23 284672 -c—-w c:windowssystem32dllcachepdh.dll
2009-04-30 08:11 . 2009-02-09 11:25 111104 -c—-w c:windowssystem32dllcacheservices.exe
2009-04-30 08:11 . 2009-02-09 10:54 401408 -c—-w c:windowssystem32dllcacherpcss.dll
2009-04-30 08:11 . 2009-02-09 10:54 473600 -c—-w c:windowssystem32dllcachefastprox.dll
2009-04-30 08:11 . 2009-02-09 10:54 687616 -c—-w c:windowssystem32dllcacheadvapi32.dll
2009-04-30 08:11 . 2009-02-09 10:54 731136 -c—-w c:windowssystem32dllcachelsasrv.dll
2009-04-30 08:11 . 2009-02-09 10:54 453120 -c—-w c:windowssystem32dllcachewmiprvsd.dll
2009-04-30 08:11 . 2009-02-09 10:54 718848 -c—-w c:windowssystem32dllcachentdll.dll
2009-04-30 08:11 . 2009-02-09 11:25 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-04-30 08:11 . 2009-02-09 11:26 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-04-30 05:30 . 2009-04-30 05:30
d
w c:program filesMSXML 4.0
2009-04-29 19:30 . 2008-10-15 16:37 337408 -c—-w c:windowssystem32dllcachenetapi32.dll
2009-04-29 19:22 . 2009-04-29 19:22
d
w c:windowsl2schemas
2009-04-29 19:19 . 2009-04-29 19:22
d
w c:windowsServicePackFiles
2009-04-29 19:02 . 2008-04-13 18:36 44672
w c:windowssystem32driversuagp35.sys
2009-04-29 19:01 . 2008-04-14 16:10 37376
w c:windowssystem32l2gpstore.dll
2009-04-29 18:56 . 2008-06-14 17:35 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-04-29 18:55 . 2008-12-20 22:15 1289728 -c—-w c:windowssystem32dllcachequartz.dll
2009-04-29 18:38 . 2008-08-14 10:04 138496 -c—-w c:windowssystem32dllcacheafd.sys
2009-04-29 18:30 . 2008-05-08 14:02 203136 -c—-w c:windowssystem32dllcachermcast.sys
2009-04-29 18:30 . 2008-10-24 11:21 455296 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-29 18:30 . 2008-12-11 10:57 333952 -c—-w c:windowssystem32dllcachesrv.sys
2009-04-29 18:30 . 2008-05-01 14:37 331776 -c—-w c:windowssystem32dllcachemsadce.dll
2009-04-29 18:29 . 2008-04-11 19:06 691712 -c—-w c:windowssystem32dllcacheinetcomm.dll
2009-04-29 18:26 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-04-29 18:26 . 2009-04-30 22:08
d—h—w c:windows$hf_mig$
2009-04-29 18:07 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-04-29 18:07 . 2008-05-05 04:25 3072
w c:windowssystem32xpsp4res.dll
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 09:01 . 2009-04-29 09:01
d
w c:documents and settingsАдминистраторApplication DataSun
2009-04-29 07:54 . 2009-04-30 09:53
d
w c:program filestrend micro
2009-04-29 07:54 . 2009-04-30 09:53
d
w C:rsit
2009-04-23 07:38 . 2009-04-23 09:39
d
w c:documents and settingsАдминистраторApplication DataSkype
2009-04-22 20:05 . 2009-04-22 20:05
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGHISLER
2009-04-22 13:35 . 2009-04-22 18:42
d
w c:program filesUnlocker
2009-04-20 20:00 . 2009-04-20 20:00 55808 —-a-w c:windowssystem32DevCon.exe
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsArj.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsLha.pif
2009-04-20 20:00 . 2009-04-20 20:00 24576 —-a-w c:windowsNoClose.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkunzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsRar.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsUc.pif
2009-04-17 11:37 . 2009-04-17 11:37
d
w c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-04-13 16:15 . 2009-04-13 16:15
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataIdentities
2009-04-13 15:44 . 2009-04-13 15:44
d
w c:documents and settingsAll UsersApplication DataInstallShield
2009-04-13 15:39 . 2009-04-13 15:39
d
w c:documents and settingsАдминистраторApplication DataInstallShield
2009-04-13 13:27 . 2009-04-13 13:27
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGoogle
2009-04-13 13:27 . 2009-04-13 13:27
d
w c:documents and settingsАдминистраторApplication DataGoogle
2009-04-13 11:14 . 2009-04-22 20:48
d
w c:program filesGoogle
2009-04-10 19:49 . 2009-04-10 19:49
d
w c:documents and settingsАдминистраторApplication DataCyberLink
2009-04-10 13:44 . 2009-04-10 13:47
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files
2009-04-10 10:07 . 2009-04-10 10:07
d
w c:documents and settingsAll UsersApplication DataEgoset
2009-04-07 14:54 . 1998-09-02 08:28 38160 —-a-w c:windowssystem32LMRTREND.dll
2009-04-07 14:54 . 1998-08-27 04:51 182032 —-a-w c:windowssystem32dxtmsft3.dll
2009-04-07 14:54 . 1998-09-02 08:28 63488 —-a-w c:windowssystem32unam4ie.exe
2009-04-07 14:54 . 1998-08-17 09:21 10240 —-a-w c:windowssystem32vidx16.dll
2009-04-07 14:54 . 1998-08-17 09:21 11776 —-a-w c:windowssystem32mciqtz.drv
2009-04-07 14:54 . 1998-09-02 08:02 194320 —-a-w c:windowssystem32qcut.dll
2009-04-07 14:54 . 2009-04-07 14:54 4608 —-a-w c:windowssystem32w95inf32.dll
2009-04-07 14:54 . 2009-04-07 14:54 2272 —-a-w c:windowssystem32w95inf16.dll
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-04-07 14:48 . 2009-04-07 14:48
d
w c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-04-07 14:45 . 2009-04-07 14:50
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-04-07 12:26 . 2009-05-01 17:28
d
w c:program filesAlawar.ru
2009-04-06 16:41 . 2009-05-01 23:13 2621440 —-a-w c:documents and settingsАдминистраторntuser.dat
2009-04-06 16:41 . 2009-05-01 23:13 2621440 —-a-w c:documents and settingsАдминистраторntuser.dat
2009-04-05 17:03 . 2009-04-05 17:03
d
w c:program filesuTorrent
2009-04-05 17:03 . 2009-04-22 20:43
d
w c:documents and settingsАдминистраторApplication DatauTorrent
2009-04-05 15:04 . 2009-04-29 17:06 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-05 15:04 . 2009-04-29 17:06 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-05 15:04 . 2009-05-01 23:13 2709536 —sha-w c:windowssystem32driversfidbox.dat
2009-04-05 15:04 . 2009-05-01 23:13 524320 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-05 15:04 . 2009-05-03 05:48
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesvetton.ru
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesK-Lite Codec Pack
2009-04-05 11:44 . 2009-04-05 13:28
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files(2)
2009-04-05 09:11 . 2009-04-05 09:11
d
w c:windowssystem32msmq
2009-04-03 19:53 . 2009-04-03 19:53
d
w c:documents and settingsАдминистраторApplication DataMedia Player Classic(2)
2009-04-03 18:58 . 2009-04-05 14:14
d
w c:program filesK-Lite Codec Pack(2)
2009-04-03 16:43 . 2009-04-07 13:27
d
w c:documents and settingsAll UsersApplication DataMumboJumbo
2009-04-03 16:42 . 2009-04-03 16:42
d
w C:Games
2009-04-03 10:12 . 2009-04-03 10:12
d
w c:documents and settingsАдминистраторDoctorWeb
2009-04-03 10:12 . 2009-04-03 10:12
d
w c:documents and settingsАдминистраторDoctorWeb.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 23:13 . 2009-04-05 15:04 3920 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-01 23:13 . 2009-04-05 15:04 23296 —sha-w c:windowssystem32driversfidbox.idx
2009-05-01 17:56 . 2009-04-01 07:44
d
w c:program filesMozilla Thunderbird
2009-05-01 08:47 . 2004-08-18 18:00 97456 —-a-w c:windowssystem32perfc019.dat
2009-05-01 08:47 . 2004-08-18 18:00 549504 —-a-w c:windowssystem32perfh019.dat
2009-04-30 19:31 . 2009-04-30 19:26
d
w c:program filesCommon FilesMAGIX Shared
2009-04-30 13:11 . 2002-01-01 01:25 64368 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-30 06:53 . 2009-04-29 14:37 98304 —-a-w c:windowsDUMP2f6c.tmp
2009-04-29 14:53 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP33c2.tmp
2009-04-29 14:52 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP2fda.tmp
2009-04-29 14:51 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP3102.tmp
2009-04-27 20:51 . 2002-01-01 00:15
d
w c:program filesCommon FilesAdobe
2009-04-13 15:41 . 2002-01-01 00:31
d—h—w c:program filesInstallShield Installation Information
2009-04-13 15:41 . 2002-01-01 00:31
d
w c:program filesCommon FilesInstallShield
2009-04-07 14:45 . 2001-12-31 23:17 717296 —-a-w c:windowssystem32driverssptd.sys
2009-04-07 14:27 . 2009-04-01 14:07 10 —-a-w c:windowspopcinfo.dat
2009-04-05 16:38 . 2009-04-01 15:24 664 —-a-w c:windowssystem32d3d9caps.dat
2009-04-05 15:28 . 2008-01-29 14:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-05 14:43 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP26a2.tmp
2009-04-05 14:31 . 2009-04-01 16:46
d
w c:program filesUninstall Tool
2009-04-05 14:05 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30c4.tmp
2009-04-05 14:04 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2f1e.tmp
2009-04-05 14:03 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2e34.tmp
2009-04-05 13:47 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP321c.tmp
2009-04-05 13:45 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30b4.tmp
2009-04-05 13:44 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fe9.tmp
2009-04-05 05:01 . 2002-01-01 00:25
d
w c:program filesABBYY FineReader 8.0 Professional Edition
2009-04-03 11:29 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fca.tmp
2009-04-03 06:37 . 2001-12-31 23:12 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-04-02 05:29 . 2009-04-02 05:29 136 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication Datafusioncache.dat
2009-04-01 16:03 . 2009-04-01 16:03 552 —-a-w c:windowssystem32d3d8caps.dat
2009-04-01 09:42 . 2009-04-01 09:41 276749 —-a-w c:windowsPragma Uninstaller.exe
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesTrident Software
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesCommon FilesThraex Software
2009-04-01 08:54 . 2009-04-01 08:53 7168 —-a-w c:windowssystem32driversutm3mtq4.sys
2009-04-01 07:38 . 2009-04-01 07:38 0 —-a-w c:windowsnsreg.dat
2009-04-01 07:36 . 2009-04-01 07:35 7773824 —-a-w c:program filesFirefox Setup 3.0.8.exe
2009-03-06 14:23 . 2004-08-18 18:00 284672 —-a-w c:windowssystem32pdh.dll
2009-03-03 00:16 . 2008-02-08 14:38 828416 —-a-w c:windowssystem32wininet.dll
2009-02-20 17:19 . 2008-02-08 14:31 78336 —-a-w c:windowssystem32ieencode.dll
2009-02-10 16:09 . 2008-02-08 11:33 2067840 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 14:07 . 2008-02-08 14:30 1846912 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:26 . 2008-02-08 14:29 2190848 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:25 . 2004-08-18 18:00 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:54 . 2008-02-08 14:29 731136 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:54 . 2008-02-08 14:29 401408 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:54 . 2004-08-18 18:00 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:54 . 2004-08-18 18:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-06 10:39 . 2004-08-18 18:00 35328 —-a-w c:windowssystem32sc.exe
2009-02-03 19:58 . 2004-08-18 18:00 56832 —-a-w c:windowssystem32secur32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-04-05 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_013″=»rebuild.exe» — c:windowssystem32rebuild.exe [2007-11-01 114280][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R2 PTsup5;PsViatau;c:program filesTrident SoftwarePragmaptsup5.exe [2007-06-01 57344]
R3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance;d:commonDatabasebinfbserver.exe [2005-11-17 1527900]
S0 a348scsi;a348scsi;c:windowsSystem32Driversa348scsi.sys [2004-04-30 5248]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-05 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2008-04-30 24592].
Contents of the ‘Scheduled Tasks’ folder2009-04-29 c:windowsTasksWise Disk Cleaner 4.job
— d:program filesTotal CommanderUtilsDiskCleanerWiseDiskCleaner.exe [2009-04-20 20:00]2009-04-22 c:windowsTasksWise Registry Cleaner 4.job
— d:program filesTotal CommanderUtilsRegCleanerWiseRegistryCleaner.exe [2009-04-20 20:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesrt3xjmr2.default
FF — plugin: c:program filesJavajre1.5.0_11binNPJava11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava12.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava13.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava14.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava32.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJPI150_11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPOJI610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpyaxmpb.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 09:00
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(992)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(1472)
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-05-03 9:01
ComboFix-quarantined-files.txt 2009-05-03 06:01
ComboFix2.txt 2009-05-01 10:12Pre-Run: 8 980 295 680 байт свободно
Post-Run: 9 005 858 816 байт свободно242 — E O F — 2009-04-30 22:08
Здравствуйте. Спасибо за ответ. Все зделал.Вот log
ComboFix 09-04-30.05 — Администратор 01.05.2009 13:06.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.512.282 [GMT 3:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Антивирус Касперского *On-access scanning enabled* (Updated)
FW: Антивирус Касперского *disabled*
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:recyclerBAK.reg
.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsАдминистраторApplication DataMAGIX
2009-04-30 19:30 . 2003-04-18 12:29 44544 —-a-w c:windowssystem32msxml4a.dll
2009-04-30 19:30 . 2009-04-30 19:30
d
w c:documents and settingsAll UsersApplication DataMAGIX
2009-04-30 19:29 . 2001-05-16 14:54 309616 —-a-w c:windowssystem32wmv8dmod.dll
2009-04-30 19:29 . 2001-05-11 10:18 420240 —-a-w c:windowssystem32mpg4c32.dll
2009-04-30 19:24 . 2009-04-30 19:29
d
w c:windowssystem32MAGIX
2009-04-30 19:24 . 2007-02-07 07:53 663552 —-a-w c:windowssystem32mgxoschk.dll
2009-04-30 08:11 . 2009-02-06 10:10 227840 -c—-w c:windowssystem32dllcachewmiprvse.exe
2009-04-30 08:11 . 2009-02-09 11:26 2190848 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-04-30 08:11 . 2009-03-06 14:23 284672 -c—-w c:windowssystem32dllcachepdh.dll
2009-04-30 08:11 . 2009-02-09 11:25 111104 -c—-w c:windowssystem32dllcacheservices.exe
2009-04-30 08:11 . 2009-02-09 10:54 401408 -c—-w c:windowssystem32dllcacherpcss.dll
2009-04-30 08:11 . 2009-02-09 10:54 473600 -c—-w c:windowssystem32dllcachefastprox.dll
2009-04-30 08:11 . 2009-02-09 10:54 687616 -c—-w c:windowssystem32dllcacheadvapi32.dll
2009-04-30 08:11 . 2009-02-09 10:54 731136 -c—-w c:windowssystem32dllcachelsasrv.dll
2009-04-30 08:11 . 2009-02-09 10:54 453120 -c—-w c:windowssystem32dllcachewmiprvsd.dll
2009-04-30 08:11 . 2009-02-09 10:54 718848 -c—-w c:windowssystem32dllcachentdll.dll
2009-04-30 08:11 . 2009-02-09 11:25 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-04-30 08:11 . 2009-02-09 11:26 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-04-30 05:30 . 2009-04-30 05:30
d
w c:program filesMSXML 4.0
2009-04-29 19:30 . 2008-10-15 16:37 337408 -c—-w c:windowssystem32dllcachenetapi32.dll
2009-04-29 19:22 . 2009-04-29 19:22
d
w c:windowsl2schemas
2009-04-29 19:19 . 2009-04-29 19:22
d
w c:windowsServicePackFiles
2009-04-29 19:02 . 2008-04-13 18:36 44672
w c:windowssystem32driversuagp35.sys
2009-04-29 19:01 . 2008-04-14 16:10 37376
w c:windowssystem32l2gpstore.dll
2009-04-29 18:56 . 2008-06-14 17:35 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-04-29 18:55 . 2008-12-20 22:15 1289728 -c—-w c:windowssystem32dllcachequartz.dll
2009-04-29 18:38 . 2008-08-14 10:04 138496 -c—-w c:windowssystem32dllcacheafd.sys
2009-04-29 18:30 . 2008-05-08 14:02 203136 -c—-w c:windowssystem32dllcachermcast.sys
2009-04-29 18:30 . 2008-10-24 11:21 455296 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-29 18:30 . 2008-12-11 10:57 333952 -c—-w c:windowssystem32dllcachesrv.sys
2009-04-29 18:30 . 2008-05-01 14:37 331776 -c—-w c:windowssystem32dllcachemsadce.dll
2009-04-29 18:29 . 2008-04-11 19:06 691712 -c—-w c:windowssystem32dllcacheinetcomm.dll
2009-04-29 18:26 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-04-29 18:26 . 2009-04-30 22:08
d—h—w c:windows$hf_mig$
2009-04-29 18:07 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-04-29 18:07 . 2008-05-05 04:25 3072
w c:windowssystem32xpsp4res.dll
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 09:02 . 2009-04-29 16:44
d
w c:documents and settingsАдминистратор.housecall6.6
2009-04-29 07:54 . 2009-04-30 09:53
d
w c:program filestrend micro
2009-04-29 07:54 . 2009-04-30 09:53
d
w C:rsit
2009-04-23 07:38 . 2009-04-23 09:39
d
w c:documents and settingsАдминистраторApplication DataSkype
2009-04-22 20:05 . 2009-04-22 20:05
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGHISLER
2009-04-22 13:35 . 2009-04-22 18:42
d
w c:program filesUnlocker
2009-04-20 20:00 . 2009-04-20 20:00 55808 —-a-w c:windowssystem32DevCon.exe
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsArj.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsLha.pif
2009-04-20 20:00 . 2009-04-20 20:00 24576 —-a-w c:windowsNoClose.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkunzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsPkzip.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsRar.pif
2009-04-20 20:00 . 2009-04-20 20:00 545 —-a-w c:windowsUc.pif
2009-04-17 11:37 . 2009-04-17 11:37
d
w c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-04-13 16:15 . 2009-04-13 16:15
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataIdentities
2009-04-13 15:44 . 2009-04-13 15:44
d
w c:documents and settingsAll UsersApplication DataInstallShield
2009-04-13 15:39 . 2009-04-13 15:39
d
w c:documents and settingsАдминистраторApplication DataInstallShield
2009-04-13 13:27 . 2009-04-13 13:27
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataGoogle
2009-04-13 11:14 . 2009-04-22 20:48
d
w c:program filesGoogle
2009-04-10 19:49 . 2009-04-10 19:49
d
w c:documents and settingsАдминистраторApplication DataCyberLink
2009-04-10 13:44 . 2009-04-10 13:47
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files
2009-04-10 10:07 . 2009-04-10 10:07
d
w c:documents and settingsAll UsersApplication DataEgoset
2009-04-07 14:54 . 1998-09-02 08:28 38160 —-a-w c:windowssystem32LMRTREND.dll
2009-04-07 14:54 . 1998-08-27 04:51 182032 —-a-w c:windowssystem32dxtmsft3.dll
2009-04-07 14:54 . 1998-09-02 08:28 63488 —-a-w c:windowssystem32unam4ie.exe
2009-04-07 14:54 . 1998-08-17 09:21 10240 —-a-w c:windowssystem32vidx16.dll
2009-04-07 14:54 . 1998-08-17 09:21 11776 —-a-w c:windowssystem32mciqtz.drv
2009-04-07 14:54 . 1998-09-02 08:02 194320 —-a-w c:windowssystem32qcut.dll
2009-04-07 14:54 . 2009-04-07 14:54 4608 —-a-w c:windowssystem32w95inf32.dll
2009-04-07 14:54 . 2009-04-07 14:54 2272 —-a-w c:windowssystem32w95inf16.dll
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-04-07 14:49 . 2009-04-07 14:49
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-04-07 14:48 . 2009-04-07 14:48
d
w c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-04-07 14:45 . 2009-04-07 14:50
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-04-07 12:26 . 2009-04-11 13:09
d
w c:program filesAlawar.ru
2009-04-05 17:03 . 2009-04-05 17:03
d
w c:program filesuTorrent
2009-04-05 17:03 . 2009-04-22 20:43
d
w c:documents and settingsАдминистраторApplication DatauTorrent
2009-04-05 15:04 . 2009-04-29 17:06 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-05 15:04 . 2009-04-29 17:06 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-05 15:04 . 2009-05-01 10:08 2705952 —sha-w c:windowssystem32driversfidbox.dat
2009-04-05 15:04 . 2009-05-01 10:08 516128 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-05 15:04 . 2009-05-01 09:04
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesvetton.ru
2009-04-05 14:14 . 2009-04-05 14:14
d
w c:program filesK-Lite Codec Pack
2009-04-05 11:44 . 2009-04-05 13:28
d
w c:documents and settingsАдминистраторLocal SettingsApplication DataWMTools Downloaded Files(2)
2009-04-05 09:11 . 2009-04-05 09:11
d
w c:windowssystem32msmq
2009-04-03 19:53 . 2009-04-03 19:53
d
w c:documents and settingsАдминистраторApplication DataMedia Player Classic(2)
2009-04-03 18:58 . 2009-04-05 14:14
d
w c:program filesK-Lite Codec Pack(2)
2009-04-03 16:43 . 2009-04-07 13:27
d
w c:documents and settingsAll UsersApplication DataMumboJumbo
2009-04-03 16:42 . 2009-04-03 16:42
d
w C:Games
2009-04-03 10:12 . 2009-04-03 10:12
d
w c:documents and settingsАдминистраторDoctorWeb
2009-04-03 10:12 . 2009-04-03 10:12
d
w c:documents and settingsАдминистраторDoctorWeb
2009-04-02 05:29 . 2009-04-02 05:29 136 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication Datafusioncache.dat
2009-04-01 17:31 . 2009-04-23 13:04
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-04-01 17:00 . 2009-04-01 17:00
d
w c:documents and settingsAll UsersApplication DataCrystalIdea Software
2009-04-01 16:46 . 2009-04-05 14:31
d
w c:program filesUninstall Tool
2009-04-01 16:03 . 2009-04-01 16:03 552 —-a-w c:windowssystem32d3d8caps.dat
2009-04-01 15:24 . 2009-04-05 16:38 664 —-a-w c:windowssystem32d3d9caps.dat
2009-04-01 14:07 . 2009-04-07 14:27 10 —-a-w c:windowspopcinfo.dat
2009-04-01 13:02 . 2009-04-05 14:14
d
w c:documents and settingsАдминистраторApplication DataIObit
2009-04-01 10:32 . 2009-04-01 10:34
d
w c:documents and settingsАдминистраторApplication DataDesktopicon.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 10:10 . 2009-04-05 15:04 3892 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-01 10:08 . 2009-04-05 15:04 23268 —sha-w c:windowssystem32driversfidbox.idx
2009-05-01 08:47 . 2004-08-18 18:00 97456 —-a-w c:windowssystem32perfc019.dat
2009-05-01 08:47 . 2004-08-18 18:00 549504 —-a-w c:windowssystem32perfh019.dat
2009-04-30 19:31 . 2009-04-30 19:26
d
w c:program filesCommon FilesMAGIX Shared
2009-04-30 19:21 . 2009-04-01 07:44
d
w c:program filesMozilla Thunderbird
2009-04-30 13:11 . 2002-01-01 01:25 64368 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-30 06:53 . 2009-04-29 14:37 98304 —-a-w c:windowsDUMP2f6c.tmp
2009-04-29 14:53 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP33c2.tmp
2009-04-29 14:52 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP2fda.tmp
2009-04-29 14:51 . 2009-04-29 14:37 102400 —-a-w c:windowsDUMP3102.tmp
2009-04-27 20:51 . 2002-01-01 00:15
d
w c:program filesCommon FilesAdobe
2009-04-13 15:41 . 2002-01-01 00:31
d—h—w c:program filesInstallShield Installation Information
2009-04-13 15:41 . 2002-01-01 00:31
d
w c:program filesCommon FilesInstallShield
2009-04-07 14:45 . 2001-12-31 23:17 717296 —-a-w c:windowssystem32driverssptd.sys
2009-04-05 15:28 . 2008-01-29 14:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-05 14:43 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP26a2.tmp
2009-04-05 14:05 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30c4.tmp
2009-04-05 14:04 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2f1e.tmp
2009-04-05 14:03 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2e34.tmp
2009-04-05 13:47 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP321c.tmp
2009-04-05 13:45 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP30b4.tmp
2009-04-05 13:44 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fe9.tmp
2009-04-05 05:01 . 2002-01-01 00:25
d
w c:program filesABBYY FineReader 8.0 Professional Edition
2009-04-03 11:29 . 2002-01-01 02:30 102400 —-a-w c:windowsDUMP2fca.tmp
2009-04-03 06:37 . 2001-12-31 23:12 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-04-01 09:42 . 2009-04-01 09:41 276749 —-a-w c:windowsPragma Uninstaller.exe
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesTrident Software
2009-04-01 09:41 . 2009-04-01 09:41
d
w c:program filesCommon FilesThraex Software
2009-04-01 08:54 . 2009-04-01 08:53 7168 —-a-w c:windowssystem32driversutm3mtq4.sys
2009-04-01 07:38 . 2009-04-01 07:38 0 —-a-w c:windowsnsreg.dat
2009-04-01 07:36 . 2009-04-01 07:35 7773824 —-a-w c:program filesFirefox Setup 3.0.8.exe
2009-03-06 14:23 . 2004-08-18 18:00 284672 —-a-w c:windowssystem32pdh.dll
2009-03-03 00:16 . 2008-02-08 14:38 828416 —-a-w c:windowssystem32wininet.dll
2009-02-20 17:19 . 2008-02-08 14:31 78336 —-a-w c:windowssystem32ieencode.dll
2009-02-10 16:09 . 2008-02-08 11:33 2067840 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 14:07 . 2008-02-08 14:30 1846912 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:26 . 2008-02-08 14:29 2190848 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:25 . 2004-08-18 18:00 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:54 . 2008-02-08 14:29 731136 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:54 . 2008-02-08 14:29 401408 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:54 . 2004-08-18 18:00 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:54 . 2004-08-18 18:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-06 10:39 . 2004-08-18 18:00 35328 —-a-w c:windowssystem32sc.exe
2009-02-03 19:58 . 2004-08-18 18:00 56832 —-a-w c:windowssystem32secur32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2009-04-05 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_013″=»rebuild.exe» — c:windowssystem32rebuild.exe [2007-11-01 114280][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R2 PTsup5;PsViatau;c:program filesTrident SoftwarePragmaptsup5.exe [2007-06-01 57344]
R3 FirebirdServerMAGIXInstance;Firebird Server — MAGIX Instance;d:commonDatabasebinfbserver.exe [2005-11-17 1527900]
S0 a348scsi;a348scsi;c:windowsSystem32Driversa348scsi.sys [2004-04-30 5248]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-05 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2008-04-30 24592][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{11d4e039-fe5d-11d5-95bf-000ee8095c4e}]
ShellAutocommand — sxs2.exe
ShellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs2.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-04-29 c:windowsTasksWise Disk Cleaner 4.job
— d:program filesTotal CommanderUtilsDiskCleanerWiseDiskCleaner.exe [2009-04-20 20:00]2009-04-22 c:windowsTasksWise Registry Cleaner 4.job
— d:program filesTotal CommanderUtilsRegCleanerWiseRegistryCleaner.exe [2009-04-20 20:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesrt3xjmr2.default
FF — plugin: c:program filesJavajre1.5.0_11binNPJava11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava12.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava13.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava14.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJava32.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPJPI150_11.dll
FF — plugin: c:program filesJavajre1.5.0_11binNPOJI610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpyaxmpb.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 13:10
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(984)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(3420)
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
.
**************************************************************************
.
Completion time: 2009-05-01 13:12 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 10:12Pre-Run: 8 868 306 944 байт свободно
Post-Run: 9 111 670 784 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect263 — E O F — 2009-04-30 22:08
