Созданные ответы форума
-
Сообщения
-
Спасибо за ответ Ваш. Все сделал, как сказали. Вот содержимое лог файла:
ComboFix 09-04-23.A3 — Владимир 23.04.2009 20:10.11 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1596 [GMT 4:00]
Running from: c:documents and settingsВладимирРабочий столComboFix.exe
Command switches used :: c:documents and settingsВладимирРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.2009-04-21 16:30 . 2009-04-21 16:30
d
w c:documents and settingsВладимирApplication DataQIP
2009-04-21 16:30 . 2009-04-21 16:30
d
w c:program filesQIP Infium
2009-04-19 08:39 . 2004-09-07 09:42 86085 —-a-w c:windowssystem32ImageDrive.cpl
2009-04-19 08:16 . 2009-04-19 08:16
d
w c:documents and settingsВладимирLocal SettingsApplication DataAhead
2009-04-16 18:44 . 2009-04-16 18:44
d—h—w c:windowsPIF
2009-04-15 09:01 . 2009-02-20 17:19 78336 -c—-w c:windowssystem32dllcacheieencode.dll
2009-04-15 09:00 . 2008-12-20 22:15 1289728 -c—-w c:windowssystem32dllcachequartz.dll
2009-04-15 05:31 . 2009-03-21 14:09 995840 -c—-w c:windowssystem32dllcachekernel32.dll
2009-04-15 05:31 . 2009-02-03 19:58 56832 -c—-w c:windowssystem32dllcachesecur32.dll
2009-04-15 05:31 . 2008-06-12 14:23 956928 -c—-w c:windowssystem32dllcachemsdtctm.dll
2009-04-15 05:31 . 2008-06-12 14:23 66560 -c—-w c:windowssystem32dllcachemtxclu.dll
2009-04-15 05:31 . 2008-06-12 14:23 161792 -c—-w c:windowssystem32dllcachemsdtcuiu.dll
2009-04-15 05:31 . 2008-06-12 14:23 91648 -c—-w c:windowssystem32dllcachemtxoci.dll
2009-04-15 05:31 . 2008-06-12 14:23 58880 -c—-w c:windowssystem32dllcachemsdtclog.dll
2009-04-15 05:31 . 2008-12-16 12:32 354304 -c—-w c:windowssystem32dllcachewinhttp.dll
2009-04-15 05:29 . 2009-03-06 13:51 284672 -c—-w c:windowssystem32dllcachepdh.dll
2009-04-15 05:29 . 2009-02-09 11:18 111104 -c—-w c:windowssystem32dllcacheservices.exe
2009-04-15 05:29 . 2009-02-09 10:57 731136 -c—-w c:windowssystem32dllcachelsasrv.dll
2009-04-15 05:29 . 2009-02-09 10:57 401408 -c—-w c:windowssystem32dllcacherpcss.dll
2009-04-15 05:29 . 2009-02-09 10:57 473600 -c—-w c:windowssystem32dllcachefastprox.dll
2009-04-15 05:29 . 2009-02-09 10:57 719360 -c—-w c:windowssystem32dllcachentdll.dll
2009-04-15 05:29 . 2009-02-09 10:57 453120 -c—-w c:windowssystem32dllcachewmiprvsd.dll
2009-04-15 05:29 . 2009-02-06 10:36 35328 -c—-w c:windowssystem32dllcachesc.exe
2009-04-15 05:29 . 2009-02-06 10:15 227840 -c—-w c:windowssystem32dllcachewmiprvse.exe
2009-04-15 05:21 . 2009-03-27 06:58 1203922 -c—-w c:windowssystem32dllcachesysmain.sdb
2009-04-15 05:21 . 2008-04-21 21:15 218624 -c—-w c:windowssystem32dllcachewordpad.exe
2009-04-05 18:09 . 2008-06-24 16:44 74240 -c—-w c:windowssystem32dllcachemscms.dll
2009-04-05 18:06 . 2008-07-07 20:29 253952 -c—-w c:windowssystem32dllcachees.dll
2009-04-05 18:04 . 2008-06-17 19:02 8478720 -c—-w c:windowssystem32dllcacheshell32.dll
2009-04-05 18:02 . 2009-02-09 14:01 1847680 -c—-w c:windowssystem32dllcachewin32k.sys
2009-04-05 18:02 . 2008-09-10 01:15 1307648 -c—-w c:windowssystem32dllcachemsxml6.dll
2009-04-05 18:01 . 2008-08-14 10:04 138496 -c—-w c:windowssystem32dllcacheafd.sys
2009-04-05 18:01 . 2008-06-20 17:48 247296 -c—-w c:windowssystem32dllcachemswsock.dll
2009-04-05 18:01 . 2008-06-20 17:48 147968 -c—-w c:windowssystem32dllcachednsapi.dll
2009-04-05 18:01 . 2008-06-20 11:51 361600 -c—-w c:windowssystem32dllcachetcpip.sys
2009-04-05 18:01 . 2008-06-20 11:08 225856 -c—-w c:windowssystem32dllcachetcpip6.sys
2009-04-05 17:57 . 2008-10-23 12:42 286720 -c—-w c:windowssystem32dllcachegdi32.dll
2009-04-05 17:57 . 2008-06-14 17:35 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-04-05 17:57 . 2008-06-14 17:35 272512
w c:windowssystem32driversbthport.sys
2009-04-05 17:32 . 2008-12-05 06:57 144896 -c—-w c:windowssystem32dllcacheschannel.dll
2009-04-05 17:25 . 2008-05-27 17:26 765952 -c—-w c:windowssystem32dllcachevgx.dll
2009-04-05 17:16 . 2009-02-09 11:18 2025984 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-04-05 17:16 . 2009-02-09 11:18 2067968 -c—-w c:windowssystem32dllcachentkrnlpa.exe
2009-04-05 17:16 . 2009-02-09 11:18 2147328 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-04-05 17:16 . 2009-02-10 15:18 2190976 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-04-05 17:02 . 2008-10-24 11:41 455936 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-05 17:02 . 2008-12-11 10:57 333952 -c—-w c:windowssystem32dllcachesrv.sys
2009-04-05 17:01 . 2008-04-11 19:06 691712 -c—-w c:windowssystem32dllcacheinetcomm.dll
2009-04-05 17:00 . 2009-04-15 11:53
d—h—w c:windows$hf_mig$
2009-04-05 17:00 . 2009-04-05 17:00
d
w c:program filesMSXML 4.0
2009-04-05 16:47 . 2008-10-03 10:04 247326 -c—-w c:windowssystem32dllcachestrmdll.dll
2009-04-05 16:47 . 2008-10-15 16:37 337408 -c—-w c:windowssystem32dllcachenetapi32.dll
2009-04-05 16:46 . 2008-09-04 17:17 1106944 -c—-w c:windowssystem32dllcachemsxml3.dll
2009-04-05 16:33 . 2008-10-16 10:06 268648 —-a-w c:windowssystem32mucltui.dll
2009-04-05 16:33 . 2008-10-16 10:06 27496 —-a-w c:windowssystem32mucltui.dll.mui
2009-04-02 17:35 . 2009-04-02 17:43
d
w c:program filesAnti Trojan Elite
2009-03-31 20:18 . 2009-03-31 20:18 207 —-a-w c:windowsUpdateClientUI.INI
2009-03-30 12:35 . 2009-04-01 17:21
d
w c:program filesFIBO Group
2009-03-30 07:59 . 2009-03-30 08:09
d
w c:program filestrend micro
2009-03-30 07:59 . 2009-03-30 08:09
d
w C:rsit
2009-03-27 10:52 . 2009-03-27 10:52
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-27 10:33 . 2009-03-27 10:33 121 —-a-w c:windowswininit.ini
2009-03-27 10:21 . 2009-03-27 10:30 506180 —-a-w c:windowsATMREG.ATM
2009-03-27 09:43 . 2009-03-27 10:30
d
w C:temp
2009-03-25 13:40 . 2009-03-25 13:40
d
w c:documents and settingsAll UsersApplication DataXemiComputers
2009-03-25 13:40 . 2009-03-25 13:40
d
w c:documents and settingsВладимирLocal SettingsApplication DataXemiComputers
2009-03-25 13:39 . 2009-03-25 13:39
d
w c:program filesXemiComputers
2009-03-25 12:54 . 1994-03-23 11:12 62400 —-a-r c:windowsvlist.dll
2009-03-25 12:54 . 2009-03-25 12:54
d
w C:RBIBLE
2009-03-25 12:54 . 1993-10-14 10:57 21648 —-a-w c:windowsctl3dv2.dll
2009-03-24 21:23 . 2009-03-24 21:23
d
w c:program filesRecover My Files.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:16 . 2009-03-16 19:41
d
w c:documents and settingsВладимирApplication DataSkype
2009-04-23 13:48 . 2009-03-16 19:44
d
w c:documents and settingsВладимирApplication DataskypePM
2009-04-21 19:24 . 2008-04-15 12:00 83508 —-a-w c:windowssystem32perfc019.dat
2009-04-21 19:24 . 2008-04-15 12:00 482266 —-a-w c:windowssystem32perfh019.dat
2009-04-19 08:14 . 2009-03-23 23:11
d
w c:program filesClipMate7
2009-04-15 08:03 . 2009-03-16 22:05
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-04-12 03:27 . 2009-03-24 04:30
d
w c:documents and settingsВладимирApplication DataThornsoft Development
2009-03-31 20:09 . 2009-03-17 11:36
d
w c:program files2gis
2009-03-30 08:45 . 2009-03-18 14:48 604640 —-a-w c:documents and settingsВладимирLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-24 14:41 . 2009-03-24 14:41
d
w c:program filesFontLab
2009-03-24 11:01 . 2009-03-24 11:01
d
w c:program filesAdobe Type Manager
2009-03-24 05:00 . 2009-03-24 05:00
d
w c:documents and settingsВладимирApplication DataMedia Player Classic
2009-03-22 17:48 . 2009-03-16 15:49
d—h—w c:program filesInstallShield Installation Information
2009-03-22 16:40 . 2009-03-22 16:40
d
w c:program filesICQ6Toolbar
2009-03-22 16:40 . 2009-03-22 16:40
d
w c:documents and settingsAll UsersApplication DataICQ
2009-03-22 05:27 . 2009-03-22 05:27
d
w c:documents and settingsAll UsersApplication DataFLEXnet
2009-03-19 20:29 . 2009-03-19 20:29
d
w c:documents and settingsВладимирApplication DataScooter Software
2009-03-19 12:02 . 2009-03-19 12:01
d
w c:program filesBeyond Compare 2
2009-03-19 11:45 . 2009-03-19 11:45
d
w c:program filesCommon FilesControl Panels
2009-03-19 11:45 . 2009-03-16 18:20
d
w c:program filesCommon FilesAdobe
2009-03-19 11:44 . 2009-03-19 11:44
d
w c:program filesBonjour
2009-03-19 11:29 . 2009-03-16 21:52
d
w c:program filesMicrosoft ActiveSync
2009-03-19 11:28 . 2009-03-19 11:28
d
w c:documents and settingsВладимирApplication DataYandex
2009-03-19 11:28 . 2009-03-19 11:28
d
w c:program filesPunto Switcher
2009-03-19 10:51 . 2009-03-17 09:19
d
w c:program filesStrongDC
2009-03-18 22:33 . 2009-03-17 11:36
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-03-18 21:38 . 2009-03-18 21:26
d
w c:program filesHyperSnap-DX 5
2009-03-18 21:28 . 2009-03-18 21:28
d
w c:documents and settingsВладимирApplication DataGrym
2009-03-18 11:21 . 2009-03-18 11:21
d
w c:program filesCommon FilesMacrovision Shared
2009-03-17 23:22 . 2009-03-17 07:07
d
w c:documents and settingsAll UsersApplication DataAcronis
2009-03-17 21:28 . 2009-03-17 13:24 1396400 —-a-w c:windowssystem32AutoPartNt.exe
2009-03-17 16:25 . 2009-03-16 16:47 251152 —s—r C:ntldr
2009-03-17 16:25 . 2009-03-16 16:38 4952 —sha-r C:bootfont.bin
2009-03-17 13:40 . 2009-03-16 15:29 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-03-16 22:21 . 2009-03-16 22:21 395744 —-a-w c:windowssystem32driverstimntr.sys
2009-03-16 22:21 . 2009-03-16 22:21 39264 —-a-w c:windowssystem32driverstifsfilt.sys
2009-03-16 22:21 . 2009-03-16 21:14 114048 —-a-w c:windowssystem32driverssnapman.sys
2009-03-16 22:20 . 2009-03-16 21:14
d
w c:program filesCommon FilesAcronis
2009-03-16 22:20 . 2009-03-16 21:14
d
w c:program filesAcronis
2009-03-16 22:18 . 2009-03-16 22:18
d
w c:documents and settingsВладимирApplication DataCorel
2009-03-16 22:07 . 2009-03-16 22:07
d
w c:program filesMicrosoft Works
2009-03-16 22:07 . 2009-03-16 22:07
d
w c:program filesMicrosoft.NET
2009-03-16 22:06 . 2009-03-16 22:06
d
w c:program filesMicrosoft Visual Studio 8
2009-03-16 21:47 . 2009-03-16 21:46
d
w c:program filesCommon FilesMacromedia
2009-03-16 21:46 . 2009-03-16 21:46
d
w c:program filesMacromedia
2009-03-16 21:43 . 2009-03-16 21:43
d
w c:documents and settingsAll UsersApplication DataRoboForm
2009-03-16 21:41 . 2009-03-16 21:41
d
w c:program filesSiber Systems
2009-03-16 21:19 . 2009-03-16 21:19
d
w c:program filesCoffeeCup Software
2009-03-16 21:10 . 2009-03-16 21:10
d
w c:program filesLizardTech
2009-03-16 21:02 . 2009-03-16 21:02
d
w c:program filesSSC Service Utility
2009-03-16 20:30 . 2009-03-16 20:30
d
w c:documents and settingsВладимирApplication DataPROject MT
2009-03-16 20:29 . 2009-03-16 20:29
d
w c:documents and settingsВладимирApplication DataPRMT
2009-03-16 20:16 . 2009-03-16 20:16 131 —-a-w c:documents and settingsВладимирLocal SettingsApplication Datafusioncache.dat
2009-03-16 20:16 . 2009-03-16 20:15
d
w c:program filesPRMT8
2009-03-16 20:15 . 2009-03-16 20:15
d
w c:documents and settingsAll UsersApplication DataPRMT
2009-03-16 20:10 . 2009-03-16 20:10
d
w c:program filesMSBuild
2009-03-16 20:10 . 2009-03-16 20:10 68144 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-03-16 20:09 . 2009-03-16 20:09
d
w c:program filesReference Assemblies
2009-03-16 19:51 . 2009-03-16 19:51
d
w c:program filesDigalo
2009-03-16 19:49 . 2009-03-16 19:49
d
w c:program filesK-Lite Codec Pack
2009-03-16 19:44 . 2009-03-16 19:44 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
2009-03-16 19:41 . 2009-03-16 19:41
d
w c:program filesSkype
2009-03-16 19:41 . 2009-03-16 19:41
d
w c:program filesCommon FilesSkype
2009-03-16 19:41 . 2009-03-16 19:41
d
w c:documents and settingsAll UsersApplication DataSkype
2009-03-16 19:38 . 2009-03-16 19:38
d
w c:program filesA4Tech
2009-03-16 19:28 . 2009-03-16 19:28
d
w c:program filesCommon FilesCorel
2009-03-16 19:28 . 2009-03-16 15:49
d
w c:program filesCommon FilesInstallShield
2009-03-16 19:28 . 2009-03-16 19:28
d
w c:program filesCorel
2009-03-16 19:21 . 2009-03-16 19:21
d
w c:documents and settingsAll UsersApplication DataAdobe Systems
2009-03-16 19:21 . 2009-03-16 19:21
d
w c:program filesCommon FilesAdobe Systems Shared
2009-03-16 19:13 . 2009-03-16 19:10
d
w c:program filesEPSON
2009-03-16 19:13 . 2009-03-16 19:13
d
w c:documents and settingsAll UsersApplication DataUDL
2009-03-16 19:13 . 2009-03-16 19:12
d
w c:program filesEPSON Print CD
2009-03-16 19:06 . 2009-03-16 19:06
d
w c:program filesCommon FilesAhead
2009-03-16 19:06 . 2009-03-16 19:06
d
w c:program filesAhead
2009-03-16 19:05 . 2009-03-16 19:05
d
w c:program filesTotal Commander XP
2009-03-16 17:07 . 2009-03-16 17:07
d
w c:program filesAlwil Software
2009-03-16 16:58 . 2009-03-16 16:58
d
w c:program filesVistaDriveIcon
2009-03-16 16:58 . 2009-03-16 16:58 717296 —-a-w c:windowssystem32driverssptd.sys
2009-03-16 16:58 . 2009-03-16 16:58
d
w c:program filesJava
2009-03-16 16:58 . 2009-03-16 16:58
d
w c:program filesCommon FilesJava
2009-03-16 16:56 . 2009-03-16 16:56
d
w c:program filesWindows Media Connect 2
2009-03-16 16:54 . 2009-03-16 15:27 23804 —-a-w c:windowssystem32emptyregdb.dat
2009-03-16 16:54 . 2009-03-16 16:54 879 —-a-w c:windowsInfCOM350.tmp
2009-03-16 15:58 . 2009-03-16 15:58 21035 —-a-w c:windowssystem32driversAegisP.sys
2009-03-16 15:58 . 2009-03-16 15:58
d
w c:program filesASUS WiFi-AP Solo
2009-03-16 15:53 . 2009-03-16 15:53
d
w c:documents and settingsВладимирApplication DataTMP
2009-03-16 15:53 . 2009-03-16 15:53
d
w c:program filesMarvell
2009-03-16 15:49 . 2009-03-16 15:49
d
w c:program filesAnalog Devices
2009-03-16 15:37 . 2009-03-16 15:37
d
w c:program filesIntel
2009-03-16 15:30 . 2009-03-16 15:30
d
w c:program filesmicrosoft frontpage
2009-03-06 13:51 . 2009-03-16 16:38 284672 —-a-w c:windowssystem32pdh.dll
2009-03-03 00:16 . 2009-03-16 16:38 828416 —-a-w c:windowssystem32wininet.dll
2009-02-20 17:19 . 2009-03-16 16:38 78336 —-a-w c:windowssystem32ieencode.dll
2009-02-10 15:27 . 2009-03-16 16:38 687616 —-a-w c:windowssystem32advapi32.dll
2009-02-09 14:01 . 2009-03-16 16:38 1847680 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:18 . 2008-04-15 16:00 2025984 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 11:18 . 2008-04-15 16:00 2147328 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 11:18 . 2009-03-16 16:38 111104 —-a-w c:windowssystem32services.exe
2009-02-09 10:57 . 2009-03-16 16:38 731136 —-a-w c:windowssystem32lsasrv.dll
.
Sigcheck
[-] 2008-06-25 22:08 584192 371C41F777924F3EA3BFAD18C6A04502 c:windowssystem32user32.dll[-] 2008-06-25 22:07 1597952 DC2B803BB81968B75128541B96D44744 c:windowsexplorer.exe
[-] 2008-06-25 22:07 17408 DCB049EF4D6AA184601D9CA5B128BF56 c:windowssystem32ctfmon.exe
[-] 2008-06-25 22:05 1571840 54DDF4FB948B5410D3BEDB47ED832964 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-06-25 17408]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-02-01 21898024]
«EDLauncher»=»c:program filesPRMT8PRMTEDEDLauncher.exe» [2007-03-14 118784]
«RoboForm»=»c:program filesSiber SystemsAI RoboFormRoboTaskBarIcon.exe» [2009-03-16 118784]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncWcescomm.exe» [2006-11-13 1289000]
«ClipMate7″=»c:program filesClipMate7clipmate.exe» [2007-01-08 6135808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-06-28 8466432]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-06-28 81920]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«EPSON Stylus Photo R200 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_S4I0H2.EXE» [2003-09-11 99840]
«WheelMouse»=»c:progra~1A4TechMouseAmoumain.exe» [2005-09-29 172032]
«SSC Service Utility»=»c:program filesSSC Service Utilityssc_serv.exe» [2006-10-16 487936]
«OSSelectorReinstall»=»c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe» [2007-03-26 2227256]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 33648]
«TrueImageMonitor.exe»=»c:program filesAcronisTrueImageHomeTrueImageMonitor.exe» [2006-10-16 1184024]
«AcronisTimounterMonitor»=»c:program filesAcronisTrueImageHomeTimounterMonitor.exe» [2006-10-16 1959904]
«Acronis Scheduler2 Service»=»c:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2006-10-16 87584]
«Adobe Acrobat Speed Launcher»=»c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe» [2008-06-11 37232]
«Acrobat Assistant 8.0″=»c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe» [2008-06-11 640376]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«Anti Trojan Elite»=»c:program filesAnti Trojan EliteTJEnder.exe» [2005-02-05 2853888]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-06-28 1626112][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-25 17408]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-03-23 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ1_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-02-20 124928][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableNotifications»= 1 (0x1)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187.sys [2006-06-16 176128]
R3 SjyPkt;SjyPkt;c:windowsSystem32DriversSjyPkt.sys [2006-03-31 13532]
S1 aswSP;avast! Self Protection; [x]
S2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
S2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2009-02-05 20560]
S3 ATE_PROCMON;ATE_PROCMON;c:program filesAnti Trojan EliteATEPMon.sys [2004-09-10 5969].
— — — — ORPHANS REMOVED — — — —HKCU-Run-ICQ — c:program filesICQ6.5ICQ.exe
.
Supplementary Scan
.
uStart Page = hxxp://xtreme.ws/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Append Link Target to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
IE: Заполнить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComFillForms.html
IE: Настроить Меню — file://c:program filesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
IE: Сохранить формы — file://c:program filesSiber SystemsAI RoboFormRoboFormComSavePass.html
IE: Тулбар RoboForm — file://c:program filesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
FF — ProfilePath — c:documents and settingsВладимирApplication DataMozillaFirefoxProfilespm36pbs0.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/
FF — component: c:documents and settingsВладимирApplication DataMozillaFirefoxProfilespm36pbs0.defaultextensions{22119944-ED35-4ab1-910B-E619EA06A115}componentsrfproxy_27.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 20:16
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(916)
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(980)
c:windowssystem32relog_ap.dll— — — — — — — > ‘explorer.exe'(3580)
c:program filesPRMT8PRMTEDEDSel.dll
c:windowssystem32COMRes.dll
c:windowsSystem32cscui.dll
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:windowssystem32credui.dll
c:windowssystem32MSVCP60.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesCommon FilesAcronisSchedule2schedul2.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:progra~1MICROS~2rapimgr.exe
c:program filesPRMT8PRMTEDprmedsvr.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-23 20:18 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 16:18
ComboFix2.txt 2009-04-06 17:50
ComboFix3.txt 2009-04-06 17:41
ComboFix4.txt 2009-04-06 16:01Pre-Run: 23 668 051 968 байт свободно
Post-Run: 23 731 204 096 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
;timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute /noexecute=optin /fastdetect355 — E O F — 2009-04-15 11:53
