Untitled

Созданные ответы форума

Просмотр 1 сообщения - с 16 по 16 (всего 16)

← 1 2

Автор

Сообщения
21 июня, 2009 в 8:31 пп в ответ на: Avast4.8 home выдаёт-приложение не может запустить обложку #24389
serg601ey
Participant
- Темы:1
- Сообщений:17
Извиняюсь за неоперативность надеюсь на помощь

ComboFix 09-06-20.04 — 1 22.06.2009 0:04.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3070.1428 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
SP: Spybot — Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:$recycle.binS-1-5-21-1405738138-2289347539-1057924998-500
c:$recycle.binS-1-5-21-153102868-3693135318-921088734-500
c:$recycle.binS-1-5-21-1648099811-246627023-2587818502-500
c:$recycle.binS-1-5-21-1691397623-2201577076-505587374-500
c:$recycle.binS-1-5-21-1772114262-1360999920-620721864-500
c:$recycle.binS-1-5-21-1853654912-365008194-1279622445-500
c:$recycle.binS-1-5-21-1869386534-2254367095-3945110160-500
c:$recycle.binS-1-5-21-2017851823-2281611233-1403954346-500
c:$recycle.binS-1-5-21-203168575-1212697124-479606228-500
c:$recycle.binS-1-5-21-2152478756-3922319563-605102323-500
c:$recycle.binS-1-5-21-2491830286-607337906-305029218-500
c:$recycle.binS-1-5-21-2589120297-3309395610-3764323534-500
c:$recycle.binS-1-5-21-2623861358-102143816-1644023529-500
c:$recycle.binS-1-5-21-2703286045-1761956342-1102672868-500
c:$recycle.binS-1-5-21-2984956006-2339481881-1782170106-500
c:$recycle.binS-1-5-21-3106250216-2613901181-1345947890-500
c:$recycle.binS-1-5-21-3154338991-350946010-2519592564-500
c:$recycle.binS-1-5-21-3197467293-3468531898-4231332313-500
c:$recycle.binS-1-5-21-3638419973-2926469935-1625179899-500
c:$recycle.binS-1-5-21-3783375365-896004805-2589005050-500
c:$recycle.binS-1-5-21-3949978087-1409164705-2552012684-500
c:$recycle.binS-1-5-21-4256959862-3445402238-3180033593-500
c:$recycle.binS-1-5-21-876649235-2352594245-2618589158-500
c:$recycle.binS-1-5-21-957519118-2567105564-4123507885-1000
c:$recycle.binS-1-5-21-985097968-1196329334-3930429457-500
c:$recycle.binS-1-5-21-1405738138-2289347539-1057924998-500desktop.ini
c:$recycle.binS-1-5-21-153102868-3693135318-921088734-500desktop.ini
c:$recycle.binS-1-5-21-1648099811-246627023-2587818502-500desktop.ini
c:$recycle.binS-1-5-21-1691397623-2201577076-505587374-500desktop.ini
c:$recycle.binS-1-5-21-1772114262-1360999920-620721864-500desktop.ini
c:$recycle.binS-1-5-21-1853654912-365008194-1279622445-500desktop.ini
c:$recycle.binS-1-5-21-1869386534-2254367095-3945110160-500desktop.ini
c:$recycle.binS-1-5-21-2017851823-2281611233-1403954346-500desktop.ini
c:$recycle.binS-1-5-21-203168575-1212697124-479606228-500desktop.ini
c:$recycle.binS-1-5-21-2152478756-3922319563-605102323-500desktop.ini
c:$recycle.binS-1-5-21-2491830286-607337906-305029218-500desktop.ini
c:$recycle.binS-1-5-21-2589120297-3309395610-3764323534-500desktop.ini
c:$recycle.binS-1-5-21-2623861358-102143816-1644023529-500desktop.ini
c:$recycle.binS-1-5-21-2703286045-1761956342-1102672868-500desktop.ini
c:$recycle.binS-1-5-21-2984956006-2339481881-1782170106-500desktop.ini
c:$recycle.binS-1-5-21-3106250216-2613901181-1345947890-500desktop.ini
c:$recycle.binS-1-5-21-3154338991-350946010-2519592564-500desktop.ini
c:$recycle.binS-1-5-21-3197467293-3468531898-4231332313-500desktop.ini
c:$recycle.binS-1-5-21-3638419973-2926469935-1625179899-500desktop.ini
c:$recycle.binS-1-5-21-3783375365-896004805-2589005050-500desktop.ini
c:$recycle.binS-1-5-21-3949978087-1409164705-2552012684-500desktop.ini
c:$recycle.binS-1-5-21-4256959862-3445402238-3180033593-500desktop.ini
c:$recycle.binS-1-5-21-876649235-2352594245-2618589158-500desktop.ini
c:$recycle.binS-1-5-21-957519118-2567105564-4123507885-1000desktop.ini
c:$recycle.binS-1-5-21-985097968-1196329334-3930429457-500desktop.ini
c:windowssystem32temp.094

.
((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-20 12:03 . 2009-06-20 12:03

d

w- c:usersАняAppDataRoamingPCToolsFirewallPlus
2009-06-20 04:31 . 2009-06-20 04:31 267776 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.edusetigraphics_6.03_windows_intelx86.exe
2009-06-20 04:31 . 2009-06-20 04:31 406016 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.edusetiathome_6.03_windows_intelx86.exe
2009-06-18 18:52 . 2009-06-18 18:52

d

w- c:users1{30fbaace-cb98-4d43-a904-6155deec219d}
2009-06-18 18:47 . 2009-06-18 18:48

d

w- c:users1AppDataRoamingPCToolsFirewallPlus
2009-06-18 18:43 . 2008-09-22 08:29 97408 —-a-w- c:windowssystem32driverspctfw.sys
2009-06-18 18:43 . 2009-01-21 06:38 95640 —-a-w- c:windowssystem32driverspctplfw.sys
2009-06-18 18:43 . 2009-06-20 04:34

d

w- c:program filesPC Tools Firewall Plus
2009-06-18 18:37 . 2008-12-11 04:38 159600 —-a-w- c:windowssystem32driverspctgntdi.sys
2009-06-18 18:37 . 2009-04-03 07:18 130936 —-a-w- c:windowssystem32driversPCTCore.sys
2009-06-18 18:37 . 2008-12-18 08:16 73840 —-a-w- c:windowssystem32driversPCTAppEvent.sys
2009-06-18 18:37 . 2009-06-18 18:46

d

w- c:program filesCommon FilesPC Tools
2009-06-18 18:37 . 2008-12-10 07:36 64392 —-a-w- c:windowssystem32driverspctplsg.sys
2009-06-18 18:37 . 2009-06-18 18:37

d

w- c:users1AppDataRoamingPC Tools
2009-06-18 17:59 . 2009-06-18 18:05

d

w- c:programdataAvira
2009-06-18 15:18 . 2009-06-18 16:01

d

w- c:usersАняAppDataLocalAdobe
2009-06-15 13:23 . 2009-05-09 05:34 71680 —-a-w- c:windowssystem32iesetup.dll
2009-06-15 13:23 . 2009-05-09 05:50 915456 —-a-w- c:windowssystem32wininet.dll
2009-06-15 13:21 . 2009-03-08 11:33 109568 —-a-w- c:windowssystem32PDMSetup.exe
2009-06-15 13:21 . 2009-03-08 11:33 132608 —-a-w- c:windowssystem32ieUnatt.exe
2009-06-14 16:59 . 2009-04-30 12:37 293376 —-a-w- c:windowssystem32psisdecd.dll
2009-06-14 16:59 . 2009-04-30 12:37 428544 —-a-w- c:windowssystem32EncDec.dll
2009-06-14 09:47 . 2009-06-14 09:47

d

w- c:users1AppDataLocalApple Computer
2009-06-10 06:50 . 2009-04-21 11:55 2033152 —-a-w- c:windowssystem32win32k.sys
2009-06-10 06:50 . 2009-04-23 12:42 636928 —-a-w- c:windowssystem32localspl.dll
2009-06-10 06:50 . 2009-04-23 12:43 784896 —-a-w- c:windowssystem32rpcrt4.dll
2009-06-07 21:02 . 2009-06-07 21:02 410984 —-a-w- c:windowssystem32deploytk.dll
2009-06-07 21:02 . 2009-06-07 21:02

d

w- c:program filesJava
2009-06-05 18:26 . 2009-06-06 17:29

d

w- c:users1AppDataRoamingWildfire
2009-06-05 18:07 . 2009-06-05 18:07

d

w- c:programdataTrymedia
2009-05-31 14:13 . 2009-05-31 17:17

d

w- C:ArCon home2
2009-05-25 18:11 . 2008-10-10 00:52 452440 —-a-w- c:windowssystem32d3dx10_40.dll
2009-05-25 18:11 . 2008-10-10 00:52 4379984 —-a-w- c:windowssystem32D3DX9_40.dll
2009-05-25 18:11 . 2008-10-10 00:52 2036576 —-a-w- c:windowssystem32D3DCompiler_40.dll
2009-05-25 18:11 . 2008-10-27 06:04 514384 —-a-w- c:windowssystem32XAudio2_3.dll
2009-05-25 18:11 . 2008-10-27 06:04 235856 —-a-w- c:windowssystem32xactengine3_3.dll
2009-05-25 18:11 . 2008-10-27 06:04 23376 —-a-w- c:windowssystem32X3DAudio1_5.dll
2009-05-25 18:11 . 2008-10-27 06:04 70992 —-a-w- c:windowssystem32XAPOFX1_2.dll
2009-05-25 10:42 . 2009-05-25 10:42

d

w- c:program filesUbisoft
2009-05-24 10:06 . 2004-10-20 15:21 23552 —-a-w- c:windowssystem32SYNSOACC.dll
2009-05-24 09:53 . 2005-02-25 10:58 344064 —-a-w- c:windowssystem32AcShlExt.dll
2009-05-24 09:44 . 2009-05-24 09:55

d

w- C:ArCon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 20:13 . 2009-01-20 19:45

d

w- c:programdataBOINC
2009-06-21 20:03 . 2009-02-01 10:55 2621440 —sha-w- c:usersАняNTUSER.DAT
2009-06-21 19:31 . 2008-11-17 20:45

d

w- c:program filesSpyware Doctor
2009-06-21 16:22 . 2006-11-09 07:21 666052 —-a-w- c:windowssystem32perfh019.dat
2009-06-21 16:22 . 2006-11-09 07:21 130020 —-a-w- c:windowssystem32perfc019.dat
2009-06-20 12:03 . 2009-06-20 12:03

d

w- c:usersАняAppDataRoamingPCToolsFirewallPlus
2009-06-19 07:54 . 2008-06-01 15:38

d

w- c:users1AppDataRoaminguTorrent
2009-06-18 17:15 . 2008-09-29 18:27

d

w- c:program filesCommon FilesWise Installation Wizard
2009-06-18 15:19 . 2009-02-06 17:08

d

w- c:usersАняAppDataRoamingAdobe
2009-06-14 17:21 . 2008-12-31 07:45

d

w- c:program filestrend micro
2009-06-14 13:39 . 2008-09-26 19:48 8160 —-a-w- c:users1AppDataLocald3d9caps.dat
2009-06-14 06:15 . 2008-04-30 13:21

d

w- c:programdataFLEXnet
2009-06-12 14:01 . 2008-05-02 11:52

d

w- c:program filesmyxml4in
2009-06-12 14:01 . 2007-12-30 21:26 413696 —-a-w- c:windowssystem32wrap_oal.dll
2009-06-12 14:01 . 2007-12-30 21:26 110592 —-a-w- c:windowssystem32OpenAL32.dll
2009-06-08 14:09 . 2008-08-18 17:06

d

w- c:programdataAlawarWrapper
2009-06-08 13:30 . 2009-02-01 10:56 101232 —-a-w- c:usersАняAppDataLocalGDIPFONTCACHEV1.DAT
2009-06-07 13:10 . 2008-12-18 19:55

d

w- c:program files1C
2009-05-31 19:58 . 2007-12-29 21:00

d—h—w- c:program filesInstallShield Installation Information
2009-05-31 15:27 . 2007-12-20 09:08 101232 —-a-w- c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-05-24 14:51 . 2008-07-12 15:11 882144 —-a-w- c:windowssystem32driverstcpip.sys
2009-05-24 09:54 . 2009-05-22 15:08

d

w- c:program filesSyncrosoft
2009-05-23 08:06 . 2006-11-02 06:37 20480 —-a-w- c:windowssystem32driverssecdrv.sys
2009-05-23 08:03 . 2006-11-02 08:42 65536 —-a-w- c:windowssystem32driversIPMIDrv.sys
2009-05-23 08:03 . 2007-08-29 04:40 1183744 —-a-w- c:windowssystem32driversAVerBDA3x.sys
2009-05-23 08:03 . 2006-11-02 08:30 40960 —-a-w- c:windowssystem32driversamdk8.sys
2009-05-23 08:03 . 2006-02-28 08:41 61440 —-a-w- c:windowssystem32dns-sd.exe
2009-05-23 08:03 . 2006-02-28 08:41 53248 —-a-w- c:windowssystem32dnssd.dll
2009-05-23 08:03 . 2009-02-27 17:30 49152 —-a-w- c:windowssystem32CvoAPI.dll
2009-05-23 08:00 . 2008-01-18 17:19 4096 —-a-w- c:windowsd3dx.dat
2009-05-23 06:32 . 2008-10-29 18:01 233472 —-a-w- c:users1AppDataRoamingThinstallTotal Video Converter 3.14 080930%ProgramFilesDir%Total Video Convertertvp.exe
2009-05-23 06:32 . 2008-10-20 19:11 40960 —-a-r- c:users1AppDataRoamingMicrosoftInstaller{0ACD6BC8-0568-4286-86A2-D337F371D42B}NewIcon.exe
2009-05-23 06:32 . 2008-01-27 10:48 57344 —-a-r- c:users1AppDataRoamingMicrosoftInstaller{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}NewShortcut1_4F03CF542AC143F6A860D7EE370CC008.exe
2009-05-23 06:29 . 2008-09-28 08:10 57344 —-a-w- c:programdataVistaLib32.dll
2009-05-23 06:29 . 2008-09-28 08:10 57344 —-a-w- c:programdataVistaLib32.dll
2009-05-23 06:28 . 2009-01-21 04:27 1445888 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.edusetiathome_6.08_windows_intelx86__cuda.exe
2009-05-23 06:28 . 2009-01-20 21:56 389120 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.educufft.dll
2009-05-23 06:28 . 2009-01-20 21:55 192512 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.educudart.dll
2009-05-23 06:28 . 2009-01-20 19:45 466944 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.eduastropulse_5.00_windows_intelx86.exe
2009-05-23 06:28 . 2009-01-20 19:45 294912 —-a-w- c:programdataBOINCprojectssetiathome.berkeley.eduap_graphics_5.00_windows_intelx86.exe
2009-05-23 03:56 . 2009-05-02 18:17

d

w- c:users1AppDataRoamingAuslogics
2009-05-22 15:07 . 2009-05-22 15:07

d

w- c:users1AppDataRoamingpdfMachine
2009-05-22 12:22 . 2009-05-22 12:18

d

w- c:usersАняAppDataRoamingSuper-Cow
2009-05-14 19:30 . 2009-05-14 19:00

d

w- c:program files3D Home Architect
2009-05-14 19:23 . 2009-05-14 17:32 0 —-a-w- c:windowssystem32_r_a_p_.tmp
2009-05-14 12:49 . 2006-11-02 11:18

d

w- c:program filesWindows Mail
2009-05-10 13:37 . 2009-05-10 13:37

d

w- c:usersАняAppDataRoamingSony
2009-05-08 08:23 . 2008-03-01 12:05

d

w- c:program filesSteam
2009-05-02 19:30 . 2008-09-30 15:48

d

w- c:programdataSpybot — Search & Destroy
2009-05-02 18:05 . 2009-05-02 18:05

d

w- c:program filesAuslogics
2009-05-02 06:35 . 2008-05-01 10:10

d

w- c:users1AppDataRoamingApp Launcher Gadget
2009-05-02 06:28 . 2008-08-10 12:23

d

w- c:programdataActivision Value
2009-04-27 07:41 . 2009-02-01 10:55

d-s—w- c:usersАняAppDataRoamingMicrosoft
2009-03-24 20:02 . 2009-03-24 20:02 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-03-24 18:52 . 2009-03-24 18:52 1175700 —-a-w- c:windowssystem32RainySs.scr
2009-03-24 14:33 . 2009-03-24 14:33 237264 —-a-w- c:users1AppDataRoamingMozillapluginsnpgoogletalk.dll
2009-03-24 09:32 . 2008-12-25 19:55 138464 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-03-24 09:32 . 2008-12-25 19:55 111928 —-a-w- c:windowssystem32PnkBstrB.exe
2008-11-22 23:23 . 2009-04-10 07:03 2632648 —-a-w- c:program filesDAEMON4111-LITE-X86.EXE
2008-11-22 23:23 . 2009-04-10 07:03 2792904 —-a-w- c:program filesDAEMON4111-LITE-X64.EXE
2008-11-20 17:40 . 2009-04-10 07:03 2492360 —-a-w- c:program filesDAEMON411-LITE-X86.EXE
2008-11-20 17:40 . 2009-04-10 07:03 2654664 —-a-w- c:program filesDAEMON411-LITE-X64.EXE
.

Sigcheck

[-] 2009-05-24 14:51 882144 A2AA23A716A9CAF4D418F8DA55257C9C c:windowsSystem32driverstcpip.sys
[7] 2008-01-19 07:43 891448 FC6E2835D667774D409C7C7021EAF9C4 c:windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6tcpip.sys
[7] 2008-04-26 08:26 891448 82E266BEE5F0167E41C6ECFDD2A79C02 c:windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1tcpip.sys
[7] 2008-04-26 08:08 891448 01EC1E92595F839BEE70D439C46796E3 c:windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7tcpip.sys
[7] 2006-11-02 08:58 802816 D944522B048A5FEB7700B5170D3D9423 c:windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4tcpip.sys
[7] 2008-01-20 07:18 802816 028061C7F6D2D03068C72E2A27E4228A c:windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7tcpip.sys
[7] 2008-02-16 10:30 803328 5DF77458AA92FDB36FCE79C60F74AB5D c:windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030atcpip.sys
[7] 2008-01-20 07:18 804352 43EAE40B50FE3E60D194DD9C97EBB1FD c:windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001tcpip.sys
[7] 2008-02-16 10:30 806400 52A8BD6294F7D1443C6184C67AE13AF4 c:windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-19 1233920]
«SpybotSD TeaTimer»=»d:прогр разныеантишпионSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296]
«2IP StartGuard»=»c:program files2IPStartGuardStartGuard.exe» [2008-08-27 218624]
«Google Update»=»c:users1AppDataLocalGoogleUpdateGoogleUpdate.exe» [2009-02-18 133104]
«Auslogics BoostSpeed 4″=»c:program filesAuslogicsAuslogics BoostSpeedboostspeed.exe» [2009-03-16 362096]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«itype»=»c:program filesMicrosoft IntelliType Proitype.exe» [2006-11-21 813912]
«DSLSTATEXE»=»c:program filesConexantAdsldslstat.exe» [2007-04-26 376832]
«DSLAGENTEXE»=»c:program filesConexantAdsldslagent.exe» [2007-04-26 90112]
«boincmgr»=»c:программы для системыSETIboincmgr.exe» [2008-12-09 4289280]
«boinctray»=»c:программы для системыSETIboinctray.exe» [2008-12-09 58112]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2007-02-05 849280]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-05-23 413696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-02-09 13683232]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-02-09 92704]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-06-07 148888]
«UnlockerAssistant»=»d:прогр разныеUnlockerUnlockerAssistant.exe» [2008-05-02 15872]
«00PCTFW»=»c:program filesPC Tools Firewall PlusFirewallGUI.exe» [2009-02-23 2652056]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2009-06-12 1181576]
«RtHDVCpl»=»RtHDVCpl.exe» — c:windowsRtHDVCpl.exe [2007-01-18 4349952]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableInstallerDetection»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=»c:windowssystem32logonui.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«mixer2″=wdmaud.drv

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFDCENT.SYS]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHideFilesAndFolders_S]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{808E2AA6-6248-42EC-AB0B-A5DCEE8278A9}»= Profile=Private|c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«{9DF050F8-F2E3-4484-9630-E85D6ABF2813}»= Disabled:c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«{50458300-F6FD-4D0F-8CFB-8EBF65248056}»= Disabled:UDP:c:program filesWindows DefenderMSASCui.exe:Защитник Windows
«{F55A0B9E-DE20-4119-8E38-B9F08BB3E63F}»= Disabled:TCP:c:program filesWindows DefenderMSASCui.exe:Защитник Windows
«{2599767D-FA5E-4D67-9175-D466B2B31332}»= Profile=Private|c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«{247AE6D7-C716-4625-B9D7-705AC360C553}»= UDP:d:прогр разныеТоррентuTorrent.exe:µTorrent (TCP-In)
«{10283EC6-2CC0-4E17-8AA6-A18A25C38F06}»= TCP:d:прогр разныеТоррентuTorrent.exe:µTorrent (UDP-In)
«{E9C57DB6-FA21-4E8F-BD65-44DAA80CCDC5}»= Disabled:UDP:d:игрычернобыльS.T.A.L.K.E.RbinXR_3DA.exe:S.T.A.L.K.E.R. (CLI)
«{DAC4AC8E-AED1-4537-8739-0B056E7B6EBA}»= Disabled:TCP:d:игрычернобыльS.T.A.L.K.E.RbinXR_3DA.exe:S.T.A.L.K.E.R. (CLI)
«{087E5DD2-E966-484E-AF6E-F668244D69F4}»= Disabled:UDP:d:игрычернобыльS.T.A.L.K.E.RbindedicatedXR_3DA.exe:S.T.A.L.K.E.R. (SRV)
«{EEC7DA81-04A6-4013-9631-FFB5763B532E}»= Disabled:TCP:d:игрычернобыльS.T.A.L.K.E.RbindedicatedXR_3DA.exe:S.T.A.L.K.E.R. (SRV)
«{1AF78765-1663-47CE-93A1-CA7F4E6C3239}»= Disabled:c:program filesMSN Messengerlivecall.exe:Windows Live Messenger 8.1 (Phone)
«TCP Query User{BEC141C7-E722-4554-BF2A-47F1FDE35046}c:\users\1\desktop\разное\телефон\sip\netdetectpc.exe»= UDP:c:users1desktopразноетелефонsipnetdetectpc.exe:netdetectpc.exe
«UDP Query User{3D5E541F-0A55-488F-B66B-5F1ACF21641E}c:\users\1\desktop\разное\телефон\sip\netdetectpc.exe»= TCP:c:users1desktopразноетелефонsipnetdetectpc.exe:netdetectpc.exe
«{0A7F4426-3640-4F8A-840B-00682D55EE7E}»= UDP:c:program filesMozilla Firefoxfirefox.exe:Mozilla Firefox
«{9AA30F7E-4127-4669-8F9F-EE4956FF22E2}»= TCP:c:program filesMozilla Firefoxfirefox.exe:Mozilla Firefox
«TCP Query User{CBCCA766-07EB-4335-AACC-0E6258893F7B}d:\program files\internet explorer\iexplore.exe»= Disabled:UDP:d:program filesinternet exploreriexplore.exe:Internet Explorer
«UDP Query User{6AAFBA02-2FD1-45CC-A8E3-387C06F68877}d:\program files\internet explorer\iexplore.exe»= Disabled:TCP:d:program filesinternet exploreriexplore.exe:Internet Explorer
«{4A854FB4-5498-441B-8151-52C0DCD0C041}»= UDP:c:program filesSEGAGas Powered GamesGPGNetGPG.Multiplayer.Client.exe:GPGNet
«{553A6374-85E8-4E99-B6AE-4AC02338DA2F}»= TCP:c:program filesSEGAGas Powered GamesGPGNetGPG.Multiplayer.Client.exe:GPGNet
«{3A6BA2CF-F9E9-4627-9C71-098C646F9343}»= Disabled:UDP:c:program filesSEGAGas Powered GamesSpace SiegeSpaceSiege.exe:Space Siege
«{61B8B183-6EDE-4AAF-9416-83ABC6157854}»= Disabled:TCP:c:program filesSEGAGas Powered GamesSpace SiegeSpaceSiege.exe:Space Siege
«{D85133BD-3120-4370-9A00-8FF1E9DCE6BF}»= Disabled:UDP:c:program filesSony EricssonSony Ericsson Media ManagerMediaManager.exe:Sony Ericsson Media Manager 1.1
«{E546E422-5268-43DE-AE8A-F79864E78DEB}»= Disabled:TCP:c:program filesSony EricssonSony Ericsson Media ManagerMediaManager.exe:Sony Ericsson Media Manager 1.1
«{616EFC36-C3BA-4964-83F1-FB331CC61702}»= UDP:c:users1AppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.dll:Google Talk Plugin
«{FFE0B1BE-70DA-42F3-8661-071843B6ED2B}»= TCP:c:users1AppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.dll:Google Talk Plugin
«{865B7871-4D58-42D5-AD0D-2149AD3E2F12}»= UDP:c:users1AppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe:Google Talk Plugin
«{7CF0A655-3B14-4F6D-9EAA-D4384E899DFF}»= TCP:c:users1AppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe:Google Talk Plugin
«{70A9F10C-D340-46F1-B14A-DD4035610501}»= UDP:c:program filesPinnacleStudio 12ProgramsRM.exe:Render Manager
«{371A04B8-DFFF-4896-9AB1-B7CCD02697CC}»= TCP:c:program filesPinnacleStudio 12ProgramsRM.exe:Render Manager
«{48FED18B-5833-41D0-9611-41704C07F6C6}»= UDP:c:program filesPinnacleStudio 12ProgramsStudio.exe:Studio
«{F6CFB722-F139-4C33-AF85-A2DAE430FC8B}»= TCP:c:program filesPinnacleStudio 12ProgramsStudio.exe:Studio
«{7BBDBECF-E5B9-44D6-A4FF-8E0C4C8172D5}»= UDP:c:program filesPinnacleStudio 12Programsumi.exe:umi
«{6DD35252-1C5E-4D14-AAF5-84461263AEE0}»= TCP:c:program filesPinnacleStudio 12Programsumi.exe:umi
«{79E9C15A-E832-496A-B206-955F24E20871}»= UDP:d:прогр разныеТоррентuTorrent.exe:uTorrent.exe
«{D4AAABEC-007F-4006-B7F8-797C23291E5D}»= TCP:d:прогр разныеТоррентuTorrent.exe:uTorrent.exe

[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«d:\игры АНЯ\симс3\The Sims 3\game\bin\TS3.exe»= d:игры анясимс3The Sims 3gamebinTS3.exe:127.0.0.1/255.255.255.255:Enabled:TS3.exe
«d:\игры АНЯ\симс3\The Sims 3\game\bin\Sims3Launcher.exe»= d:игры анясимс3The Sims 3gamebinSims3Launcher.exe:127.0.0.1/255.255.255.255:Enabled:Sims3Launcher.exe

R0 PCTCore;PCTools KDS;c:windowsSystem32driversPCTCore.sys [18.06.2009 22:37 130936]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);c:windowsSystem32driverspe3ajtsc.sys [23.03.2007 20:00 64896]
R0 pe3anlqb;Unreal Tournament 3 Environment Driver (pe3anlqb);c:windowsSystem32driverspe3anlqb.sys [09.11.2007 9:40 65160]
R0 pf2anlqb;Unreal Tournament 3 File System Driver (pf2anlqb);c:windowsSystem32driverspf2anlqb.sys [09.11.2007 9:39 83592]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);c:windowsSystem32driversps6ajtsc.sys [23.03.2007 20:00 52104]
R0 ps7anlqb;Unreal Tournament 3 Synchronization Driver (ps7anlqb);c:windowsSystem32driversps7anlqb.sys [09.11.2007 9:39 68752]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowsSystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R0 sfdrv02;FrontLine Environment Driver (v2);c:windowsSystem32driverssfdrv02.sys [11.09.2006 15:57 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:windowsSystem32driverssfsync05.sys [11.08.2006 20:09 59776]
R1 appdrv01;Application Driver (01);c:windowsSystem32driversappdrv01.sys [08.02.2009 17:38 2911848]
R1 FDCENT;FDCENT;c:windowsSystem32driversFDCENT.SYS [04.10.2008 0:20 47854]
R1 pctgntdi;pctgntdi;c:windowsSystem32driverspctgntdi.sys [18.06.2009 22:37 159600]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:program filesNVIDIA CorporationPerformance DriversnvPDsvc.exe [11.12.2008 8:08 3575808]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowsSystem32driversPCTAppEvent.sys [18.06.2009 22:37 73840]
R2 SBSDWSCService;SBSD Security Center Service;d:прогр разныеантишпионSpybot — Search & DestroySDWinSec.exe [05.11.2008 0:48 809296]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [18.06.2009 22:37 348752]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:windowsSystem32driversAVerBDA3x.sys [29.08.2007 8:40 1183744]
R3 FStarForce;FStarForce;c:windowsSystem32driversFStarForce.sys [08.02.2009 14:06 9216]
R3 pctplfw;pctplfw;c:windowsSystem32driverspctplfw.sys [18.06.2009 22:43 95640]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);c:windowssystem32pr2ajtsc.exe svc —> c:windowssystem32pr2ajtsc.exe svc [?]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc —> c:windowssystem32sfrem02.exe svc [?]
S3 RTCore32;RTCore32;c:program filesRMClockRTCore32.sys [15.01.2009 0:19 4608]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:windowsSystem32driverss916bus.sys [02.11.2007 11:47 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:windowsSystem32driverss916mdfl.sys [11.12.2008 18:23 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:windowsSystem32driverss916mdm.sys [11.12.2008 18:23 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:windowsSystem32driverss916mgmt.sys [11.12.2008 18:24 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:windowsSystem32driverss916obex.sys [11.12.2008 18:24 100008]

— Other Services/Drivers In Memory —

*Deregistered* — mchInjDrv

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowsSystem32rundll32.exe» «c:windowsSystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-06-12 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3647130882-3954836051-3144391927-1001.job
— c:users1AppDataLocalGoogleUpdateGoogleUpdate.exe [2009-02-18 19:42]

2009-06-21 c:windowsTasksUser_Feed_Synchronization-{11B65A2E-7722-48CD-A756-4C7A21F56F4D}.job
— c:windowssystem32msfeedssync.exe [2009-06-15 11:31]

2009-06-21 c:windowsTasksUser_Feed_Synchronization-{D4975823-703F-48DD-98B4-3F1B485CA413}.job
— c:windowssystem32msfeedssync.exe [2009-06-15 11:31]
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-Ashampoo AntiSpyWare 2 Guard — c:program filesAshampooAshampoo AntiSpyWare 2AntiSpyWare2Guard.exe

.

Supplementary Scan

.
uStart Page = hxxp://www.apeha.ru
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=33634G6U&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=33634G6U&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=33634G6U&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=33634G6U&id=menu_ie_exclude
IE: Download Using &BitSpirit
IE: Online-словари — c:program filesPRMT8PRMTIEoda.htm
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=33634G6U&id=menu_ie_report
IE: Автоматически определить шаблон тематики — c:program filesPRMT8PRMTIEaot.htm
IE: Закачать ВСЕ при помощи Download Master — c:программы для системыменеджер загрузокDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:программы для системыменеджер загрузокDownload Masterdmie.htm
IE: Заполнить формы
IE: Настроить Меню
IE: Настроить параметры перевода — c:program filesPRMT8PRMTIEoptions.htm
IE: Незнакомые слова — c:program filesPRMT8PRMTIEinfopanel.htm
IE: Перевести — c:program filesPRMT8PRMTIEtranslat.htm
IE: Перевести страницу — c:program filesPRMT8PRMTIEpage.htm
IE: Поиск в Интернете — c:program filesPRMT8PRMTIEsearch.htm
IE: Сохранить формы
IE: Тулбар RoboForm
IE: УГ±ИМШѕ«БйПВФШ(&B)
IE: {{4034D172-4C52-49de-A6A1-E75F8F591FEC} — c:program filesPRMT8PRMTIEoptions.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:программы для системыменеджер загрузокDownload Masterdmaster.exe
IE: {{A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — c:program filesPRMT8PRMTIEprmtie5.htm
LSP: c:windowssystem32wpclsp.dll
FF — ProfilePath — c:users1AppDataRoamingMozillaFirefoxProfiles9k2ecrwu.default
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpqtplugin8.dll
FF — plugin: c:program filesQuickTimePluginsnpqtplugin8.dll
FF — plugin: c:program filesVistaCodecPackrmbrowserpluginsnppl3260.dll
FF — plugin: c:program filesVistaCodecPackrmbrowserpluginsnprpjplug.dll
FF — plugin: c:users1AppDataLocalGoogleUpdate1.2.145.5npGoogleOneClick8.dll
FF — plugin: c:users1AppDataRoamingMozillapluginsnpgoogletalk.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 00:12
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2009-06-21 0:15
ComboFix-quarantined-files.txt 2009-06-21 20:15

Pre-Run: 185 576 099 840 байт свободно
Post-Run: 185 665 400 832 байт свободно

377 — E O F —
Автор

Сообщения