Созданные ответы форума
-
Сообщения
-
[цитата = «Валери»] Combofix показывает что вы используете несколько антивирусов одновременно. Вам нужно отставить только один!
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить с компьютера ComboFix [/ URL].Валерий мне кажется что Combofix не удалился с компьютера получился такой лог. И еще вы говорите что нужно оставить только 1 антивирус, я остальные антивирусы удалила остался только 1 — нод32, а прграмме Combofix показывает что у меня 2 антивируса Доктор Веб и Нод, я посмотрела и удалила все файлы которые нашла на диске С ну и разумеется деинсталювала Антивирус Доктор Веб.
Как мнеудалить Combofix?, я все делала так как было указано
Отключите ваш антивирус.
Кликните по кнопке Пуск.
Выберите пункт Выполнить.
Введите ComboFix / U и нажмите «Ввод». (Обязательно должен быть пробел между ComboFix и / U)
Я все так же делала и у меня запустился Combofix но почему то не удалилсяComboFix 09-11-18.06 — Admin 18.11.2009 15:39.4.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.157 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: / U
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
* Resident AV is active.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.2009-11-18 12:39 . 2008-07-10 01:19 117248 —-a-w- c:windowssystem32driversviamraid.sys
2009-11-18 12:39 . 2008-04-15 12:00 96512 -c—a-w- c:windowssystem32dllcacheatapi.sys
2009-11-18 12:39 . 2008-04-15 12:00 96512 —-a-w- c:windowssystem32driversatapi.sys
2009-11-18 11:19 . 2009-11-18 11:19
d
w- c:windowsLastGood
2009-11-12 23:52 . 2009-11-12 23:52
d
w- c:documents and settingsAll UsersApplication DataSymantec
2009-11-12 18:37 . 2009-11-12 23:18
d
w- c:windowssystem32Adobe
2009-11-09 19:12 . 2009-11-09 19:12
d
w- c:documents and settingsAdminApplication DataMalwarebytes
2009-11-05 22:37 . 2009-11-05 22:45
d
w- C:rsit
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesWindows Sidebar
2009-11-03 23:08 . 2009-11-03 23:08
d
w- c:windowsie8updates
2009-11-03 23:06 . 2009-11-03 23:07
dc-h—w- c:windowsie8
2009-11-03 22:44 . 2009-10-02 04:44 92160 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-11-03 22:43 . 2009-08-29 07:58 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-11-03 22:43 . 2009-08-29 07:58 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-11-03 22:43 . 2009-08-29 07:58 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-11-03 22:43 . 2009-08-29 07:58 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-11-03 22:43 . 2009-08-29 07:58 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-11-03 22:43 . 2009-08-29 07:58 11069440 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-11-03 15:11 . 2009-11-05 16:05
d
w- c:documents and settingsAll UsersApplication DataAshampoo
2009-11-03 15:11 . 2009-11-03 15:11
d
w- c:documents and settingsAll UsersApplication Datapage.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 12:41 . 2009-05-18 11:25
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-11-18 12:34 . 2009-05-30 11:14
d
w- c:documents and settingsAll UsersApplication DataNero
2009-11-07 17:28 . 2009-06-01 18:15
d
w- c:program filesTuneUp Utilities 2007
2009-11-07 15:18 . 2009-05-18 08:09 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-11-07 13:42 . 2009-05-18 10:15
d
w- c:program filesGoogle
2009-11-05 13:15 . 2009-05-30 18:27
d
w- c:program filesThe KMPlayer
2009-11-04 10:31 . 2009-08-31 15:56 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-04 10:31 . 2009-08-31 15:56 103736 —-a-w- c:windowssystem32PnkBstrB.exe
2009-10-25 07:01 . 2008-04-15 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-10-25 07:01 . 2008-04-15 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-10-05 19:47 . 2009-09-06 20:23
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-09-28 13:44 . 2009-09-28 13:38
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Toolbar
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Lite
2009-09-28 13:38 . 2009-09-05 09:13 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-09-27 19:34 . 2009-05-18 08:45
d
w- c:program filesCommon FilesAdobe
2009-09-27 19:33 . 2009-09-16 07:06
d
w- c:program filesCommon FilesAhead
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:program filesNero
2009-09-27 19:33 . 2009-09-15 10:16
d
w- c:program filesTetatet
2009-09-27 19:33 . 2009-09-15 10:12
d
w- c:program filesOnline TV Player 4
2009-09-27 19:33 . 2009-09-15 09:56
d
w- c:program filesWebTV
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataROALDevelopment
2009-09-27 19:33 . 2009-09-15 10:20
d
w- c:program filesRadioClicker LITE
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:program filesCommon FilesXstream
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataInstallShield
2009-09-27 19:33 . 2009-09-15 09:27
d
w- c:program filesXviD
2009-09-27 19:32 . 2009-05-20 20:24
d
w- c:program filesDivX
2009-09-27 19:31 . 2009-05-18 08:47
d
w- c:program filesK-Lite Codec Pack
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_6FEFF9B68218417F98F549.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_421FE54573FB5C215E711E.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_16554A15DC1F44106A7456.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_136A3CF0786CC69E72229C.exe
2009-09-11 09:18 . 2009-09-11 09:16 19527 —-a-w- c:windowshpqins13.dat
2009-09-11 08:49 . 2009-09-06 17:53 112848 —-a-w- c:windowshpoins07.dat
2009-09-10 06:42 . 2005-01-24 06:30 139264 —-a-w- c:windowssystem32hpzjrd01.dll
2009-09-06 20:33 . 2009-05-30 12:11 46872 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-06 20:33 . 2009-09-06 20:33 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-09-06 20:33 . 2009-09-06 20:30 71647 —-a-w- c:windowshpqins09.dat
2009-09-05 11:31 . 2009-09-05 11:31 22980 —ha-w- c:windowssystem32mlfcache.dat
2009-09-01 20:09 . 2009-09-01 20:09 0 —-a-w- c:windowsnsreg.dat
2009-08-31 15:55 . 2009-08-31 15:55 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-08-29 07:58 . 2008-08-20 06:06 916480
w- c:windowssystem32wininet.dll
2009-06-10 10:47 . 2009-06-10 10:47 4643 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-10 10:47 . 2009-06-10 10:47 1214827 —-a-w- c:program filesCommon Filesunins000.exe
.
Sigcheck
[-] 2008-08-20 . 5FD0BC6E39FAF7E2A4CB9EDDE925CF33 . 952320 . . [6.00.2900.5512] . . c:windowsexplorer.exe[-] 2008-08-20 . FBC0451EE7C39EE98CF622AD1C6ACE96 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-18_12.09.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 12:43 . 2009-11-18 12:43 53248 c:windowsTempcatchme.dll
— 2009-11-18 12:09 . 2009-11-18 12:09 53248 c:windowsTempcatchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccleaner»=»c:program filesCCleanerccleaner.exe» [2009-05-07 1561840]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-10-25 289072]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-07-08 39408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-05-18 949376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-11-15 122880]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-03 782336][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«LinkDel»=»linkdel.cmd» — c:windowssystem32LINKDEL.CMD [2008-08-21 2324][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *BtDfSDK[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Image Zone.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Image Zone.lnk
backup=c:windowspssБыстрый запуск HP Image Zone.lnkCommon Startup[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» -autorun
«ctfmon.exe»=c:windowssystem32ctfmon.exe
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» /autorun
«Cmaudio»=RunDll32 cmicnfg.cpl,CMICtrlWnd[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [18.05.2009 11:50 15424]
S2 EraserSvc10920;Symantec Eraser Service;»c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe» /h ccCommon —> c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [?]
S2 gupdate1c9fff3b5626992;Служба Google Update (gupdate1c9fff3b5626992);c:program filesGoogleUpdateGoogleUpdate.exe [08.07.2009 20:44 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys —> e:NTGLM7X.sys [?]— Other Services/Drivers In Memory —
*NewlyCreated* — CLASSPNP_2
*Deregistered* — CLASSPNP_2
*Deregistered* — mbr
*Deregistered* — PROCEXP113HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-11-18 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-18 17:36]2009-11-18 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-18 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-18 c:windowsTasksUser_Feed_Synchronization-{86385FE9-C96D-47C7-89D3-7A5DE9D05FB1}.job
— c:windowssystem32msfeedssync.exe [2009-05-18 01:31]2009-10-30 c:windowsTasksОдним Щелчком.job
— c:program filesTuneUp Utilities 2007SystemOptimizer.exe [2007-08-14 19:15]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Експорт до Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:windowssystem32imon.dll
TCP: {8CF7EB27-1F95-4E58-A1F4-E28993ADAB5B} = 193.27.209.209 217.9.0.2
TCP: {FA95879A-1023-4EC3-9182-7CF3EB012527} = 172.27.0.1,193.27.209.1
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 15:43
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x823711F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf857af28
DriverACPI -> ACPI.sys @ 0xf83d4cb8
Driveratapi -> atapi.sys @ 0xf8369b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf8255bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8262a21
SendHandler -> NDIS.sys @ 0xf824087b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(664)
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(720)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2772)
c:windowssystem32WININET.dll
c:windowsSystem32cscui.dll
c:program filesGoogleQuick Search Boxbin1.2.1150.162qsb.dll
c:program filesVolumeControlwheel.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32webcheck.dll
c:windowssystem32PortableDeviceApi.dll
c:program filesMicrosoft OfficeOFFICE11msohev.dll
.
Completion time: 2009-11-18 15:45
ComboFix-quarantined-files.txt 2009-11-18 12:45
ComboFix2.txt 2009-11-18 12:11
ComboFix3.txt 2009-11-15 18:30Pre-Run: 3 514 769 408 байт свободно
Post-Run: 3 503 632 384 байт свободно— — End Of File — — 6B32B49A3B5EE84BD280E765D692ACEC
в последнее время всё нормально, компютер уже сам не выключается.
ComboFix 09-11-16.01 — Admin 15.11.2009 21:20.2.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.284 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Resident AV is active.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.2009-11-14 22:50 . 2009-08-29 09:00 177520 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVENG32.DLL
2009-11-14 22:50 . 2009-08-29 09:00 1647984 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVEX32A.DLL
2009-11-14 22:50 . 2009-08-29 09:00 1323568 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVEX15.SYS
2009-11-14 22:50 . 2009-08-29 09:00 84912 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004NAVENG.SYS
2009-11-14 22:50 . 2009-08-29 09:00 102448 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004ERASER.SYS
2009-11-14 22:50 . 2009-11-05 19:34 259440 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004ECMSVR32.DLL
2009-11-14 22:50 . 2009-11-05 19:34 2747952 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004CCERASER.DLL
2009-11-14 22:50 . 2009-08-29 09:00 371248 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091114.004EECTRL.SYS
2009-11-13 10:38 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001Scxpx86.dll
2009-11-13 10:38 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSvix86.sys
2009-11-13 10:38 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSXpx86.sys
2009-11-13 10:38 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSxpx86.dll
2009-11-13 10:38 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSviA64.sys
2009-11-12 23:52 . 2009-11-12 23:52
d
w- c:documents and settingsAll UsersApplication DataSymantec
2009-11-12 18:37 . 2009-11-12 23:18
d
w- c:windowssystem32Adobe
2009-11-12 18:01 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSvix86.sys
2009-11-12 18:01 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSXpx86.sys
2009-11-12 18:01 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001Scxpx86.dll
2009-11-12 18:01 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSxpx86.dll
2009-11-12 18:01 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091107.001IDSviA64.sys
2009-11-09 19:12 . 2009-11-09 19:12
d
w- c:documents and settingsAdminApplication DataMalwarebytes
2009-11-09 19:12 . 2009-09-10 11:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-11-09 19:12 . 2009-11-09 19:12
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-09 19:11 . 2009-09-10 11:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-11-05 22:37 . 2009-11-11 22:39
d
w- c:program filestrend micro
2009-11-05 22:37 . 2009-11-05 22:45
d
w- C:rsit
2009-11-05 18:21 . 2009-08-30 00:16 164216 —-a-r- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136IPSFFPlgncomponentsIPSFFPl.dll
2009-11-05 18:21 . 2009-11-05 18:21 60808 —-a-w- c:windowssystem32S32EVNT1.DLL
2009-11-05 18:21 . 2009-11-05 18:21 124976 —-a-w- c:windowssystem32driversSYMEVENT.SYS
2009-11-05 18:21 . 2009-11-05 18:30
d
w- c:program filesCommon FilesSymantec Shared
2009-11-05 18:21 . 2009-11-05 18:21
d
w- c:program filesSymantec
2009-11-05 18:20 . 2009-08-26 22:13 900464 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136OCShsplayer.dll
2009-11-05 18:20 . 2008-05-23 08:13 288104 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CPDOEMCPDOEM.dll
2009-11-05 18:20 . 2009-09-01 08:53 892784 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CLTcltLMSx.dll
2009-11-05 18:19 . 2009-11-13 19:27
d
w- c:windowssystem32driversNAV
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesWindows Sidebar
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesNorton AntiVirus
2009-11-05 18:19 . 2009-11-13 00:00
d
w- c:documents and settingsAll UsersApplication DataNorton
2009-11-05 18:19 . 2009-11-13 08:18
d
w- c:program filesNortonInstaller
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-11-04 19:45 . 2009-11-04 19:45
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-03 23:08 . 2009-11-03 23:08
d
w- c:windowsie8updates
2009-11-03 23:06 . 2009-11-03 23:07
dc-h—w- c:windowsie8
2009-11-03 22:44 . 2009-10-02 04:44 92160 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-11-03 22:43 . 2009-08-29 07:58 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-11-03 22:43 . 2009-08-29 07:58 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-11-03 22:43 . 2009-08-29 07:58 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-11-03 22:43 . 2009-08-29 07:58 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-11-03 22:43 . 2009-08-29 07:58 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-11-03 22:43 . 2009-08-29 07:58 11069440 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-11-03 18:04 . 2009-11-03 18:04
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-11-03 15:11 . 2009-11-05 16:05
d
w- c:documents and settingsAll UsersApplication DataAshampoo
2009-11-03 15:11 . 2009-11-03 15:11
d
w- c:documents and settingsAll UsersApplication Datapage
2009-10-28 22:37 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubScxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSviA64.sys
2009-10-20 16:46 . 2009-10-20 16:46 59992 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 2010 9.0.0.736Russiansetup.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 18:26 . 2009-05-18 11:25
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-11-07 17:28 . 2009-06-01 18:15
d
w- c:program filesTuneUp Utilities 2007
2009-11-07 15:18 . 2009-05-18 08:09 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-11-07 13:42 . 2009-05-18 10:15
d
w- c:program filesGoogle
2009-11-05 18:21 . 2009-11-05 18:21 805 —-a-w- c:windowssystem32driversSYMEVENT.INF
2009-11-05 18:21 . 2009-11-05 18:21 7443 —-a-w- c:windowssystem32driversSYMEVENT.CAT
2009-11-05 13:15 . 2009-05-30 18:27
d
w- c:program filesThe KMPlayer
2009-11-04 10:31 . 2009-08-31 15:56 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-04 10:31 . 2009-08-31 15:56 103736 —-a-w- c:windowssystem32PnkBstrB.exe
2009-10-25 07:01 . 2008-04-15 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-10-25 07:01 . 2008-04-15 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-10-09 21:38 . 2009-10-09 21:38 201616 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001bbRGen.dll
2009-10-05 19:47 . 2009-09-06 20:23
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-09-28 13:44 . 2009-09-28 13:38
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Toolbar
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Lite
2009-09-28 13:38 . 2009-09-05 09:13 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-09-27 19:34 . 2009-05-18 08:45
d
w- c:program filesCommon FilesAdobe
2009-09-27 19:33 . 2009-09-16 07:06
d
w- c:program filesCommon FilesAhead
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:program filesNero
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:documents and settingsAll UsersApplication DataNero
2009-09-27 19:33 . 2009-09-15 10:16
d
w- c:program filesTetatet
2009-09-27 19:33 . 2009-09-15 10:12
d
w- c:program filesOnline TV Player 4
2009-09-27 19:33 . 2009-09-15 09:56
d
w- c:program filesWebTV
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataROALDevelopment
2009-09-27 19:33 . 2009-09-15 10:20
d
w- c:program filesRadioClicker LITE
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:program filesCommon FilesXstream
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataInstallShield
2009-09-27 19:33 . 2009-09-15 09:27
d
w- c:program filesXviD
2009-09-27 19:32 . 2009-05-20 20:24
d
w- c:program filesDivX
2009-09-27 19:31 . 2009-05-18 08:47
d
w- c:program filesK-Lite Codec Pack
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_6FEFF9B68218417F98F549.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_421FE54573FB5C215E711E.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_16554A15DC1F44106A7456.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_136A3CF0786CC69E72229C.exe
2009-09-11 09:18 . 2009-09-11 09:16 19527 —-a-w- c:windowshpqins13.dat
2009-09-11 08:49 . 2009-09-06 17:53 112848 —-a-w- c:windowshpoins07.dat
2009-09-10 06:42 . 2005-01-24 06:30 139264 —-a-w- c:windowssystem32hpzjrd01.dll
2009-09-06 20:33 . 2009-05-30 12:11 46872 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-06 20:33 . 2009-09-06 20:33 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-09-06 20:33 . 2009-09-06 20:30 71647 —-a-w- c:windowshpqins09.dat
2009-09-05 11:31 . 2009-09-05 11:31 22980 —ha-w- c:windowssystem32mlfcache.dat
2009-09-01 20:09 . 2009-09-01 20:09 0 —-a-w- c:windowsnsreg.dat
2009-08-31 15:55 . 2009-08-31 15:55 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-08-29 07:58 . 2008-08-20 06:06 916480
w- c:windowssystem32wininet.dll
2009-06-10 10:47 . 2009-06-10 10:47 4643 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-10 10:47 . 2009-06-10 10:47 1214827 —-a-w- c:program filesCommon Filesunins000.exe
.
Sigcheck
[-] 2008-08-20 . 5FD0BC6E39FAF7E2A4CB9EDDE925CF33 . 952320 . . [6.00.2900.5512] . . c:windowsexplorer.exe[-] 2008-08-20 . FBC0451EE7C39EE98CF622AD1C6ACE96 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-07_14.27.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 16:28 . 2009-11-15 16:28 16384 c:windowsTempPerflib_Perfdata_620.dat
— 2009-11-07 14:26 . 2009-11-07 14:26 53248 c:windowsTempcatchme.dll
+ 2009-11-15 18:27 . 2009-11-15 18:27 53248 c:windowsTempcatchme.dll
+ 2009-08-23 13:44 . 2009-11-07 15:10 19972 c:windowssystem32Restorerstrlog.dat
+ 2009-10-23 03:32 . 2009-10-23 03:32 98304 c:windowssystem32MacromedShockwave 10SwOnce.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 86016 c:windowssystem32MacromedShockwave 10SwMenuX.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 77824 c:windowssystem32MacromedShockwave 10SwInit.exe
+ 2009-10-23 03:32 . 2009-10-23 03:32 24576 c:windowssystem32MacromedShockwave 10DynaPlayer.dll
+ 2009-11-13 10:37 . 2009-10-09 02:54 43696 c:windowssystem32driversNAV1101000.013srtspx.sys
+ 2009-11-12 18:39 . 2009-11-12 18:39 87618 c:windowssystem32AdobeShockwave 11uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:windowssystem32AdobeShockwave 11SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:windowssystem32AdobeShockwave 11gtapi.dll
+ 2009-10-29 05:45 . 2009-10-29 05:45 67000 c:windowssystem32AdobeDirectorSWDNLD.EXE
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:windowssystem32AdobeShockwave 11DynaPlayer.dll
+ 2009-05-18 08:09 . 2009-11-07 15:18 2426 c:windowspchealthhelpctrPackageStoreSkuStore.bin
+ 2009-05-18 08:09 . 2009-11-07 15:17 8972 c:windowspchealthhelpctrConfigCntstore.bin
+ 2009-05-18 08:07 . 2008-10-16 11:07 208744 c:windowssystem32muweb.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 180224 c:windowssystem32MacromedShockwave 10Proj.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 475136 c:windowssystem32MacromedShockwave 10PluginPing.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 339968 c:windowssystem32MacromedShockwave 10Plugin.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 606208 c:windowssystem32MacromedShockwave 10iml32X.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 471040 c:windowssystem32MacromedShockwave 10Control.dll
+ 2009-11-13 10:37 . 2009-10-15 01:50 339504 c:windowssystem32driversNAV1101000.013symtdiv.sys
+ 2009-11-13 10:37 . 2009-10-15 01:50 361520 c:windowssystem32driversNAV1101000.013symtdi.sys
+ 2009-11-13 10:37 . 2009-10-09 02:55 171056 c:windowssystem32driversNAV1101000.013SymEFA.sys
+ 2009-11-13 10:37 . 2009-11-05 22:06 328752 c:windowssystem32driversNAV1101000.013SymDS.sys
+ 2009-11-13 10:37 . 2009-10-09 02:54 325168 c:windowssystem32driversNAV1101000.013srtsp.sys
+ 2009-11-13 10:37 . 2009-10-09 02:54 114736 c:windowssystem32driversNAV1101000.013Ironx86.sys
+ 2009-11-13 10:37 . 2009-10-20 06:35 501888 c:windowssystem32driversNAV1101000.013cchpx86.sys
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:windowssystem32AdobeShockwave 11SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:windowssystem32AdobeShockwave 11SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:windowssystem32AdobeShockwave 11Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:windowssystem32AdobeShockwave 11Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:windowssystem32AdobeShockwave 11gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:windowssystem32AdobeShockwave 11Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:windowssystem32AdobeDirectorSwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:windowssystem32AdobeDirectornp32dsw.dll
+ 2009-10-23 03:32 . 2009-10-23 03:32 1490944 c:windowssystem32MacromedShockwave 10dirapiX.dll
+ 2007-03-09 19:51 . 2009-02-06 09:35 1486208 c:windowssystem32LegitCheckControl.DLL
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:windowssystem32AdobeShockwave 11iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:windowssystem32AdobeShockwave 11gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:windowssystem32AdobeShockwave 11dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccleaner»=»c:program filesCCleanerccleaner.exe» [2009-05-07 1561840]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-10-25 289072]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-07-08 39408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-05-18 949376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«Malwarebytes Anti-Malware (reboot)»=»d:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-11-15 122880]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-03 782336][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«LinkDel»=»linkdel.cmd» — c:windowssystem32LINKDEL.CMD [2008-08-21 2324][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *BtDfSDK[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Image Zone.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Image Zone.lnk
backup=c:windowspssБыстрый запуск HP Image Zone.lnkCommon Startup[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» -autorun
«ctfmon.exe»=c:windowssystem32ctfmon.exe
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» /autorun
«Cmaudio»=RunDll32 cmicnfg.cpl,CMICtrlWnd[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R0 SymDS;Symantec Data Store;c:windowssystem32driversNAV1101000.013SymDS.sys [13.11.2009 13:37 328752]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1101000.013SymEFA.sys [13.11.2009 13:37 171056]
R1 BHDrvx86;BHDrvx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys [10.10.2009 0:38 508976]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1101000.013cchpx86.sys [13.11.2009 13:37 501888]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [18.05.2009 11:50 15424]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNAV1101000.013Ironx86.sys [13.11.2009 13:37 114736]
R2 NAV;Norton AntiVirus;c:program filesNorton AntiVirusEngine17.1.0.19ccSvcHst.exe [13.11.2009 13:37 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [09.11.2009 2:20 102448]
R3 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091111.001IDSXpx86.sys [13.11.2009 13:38 329592]
S2 EraserSvc10920;Symantec Eraser Service;»c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe» /h ccCommon —> c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [?]
S2 gupdate1c9fff3b5626992;Служба Google Update (gupdate1c9fff3b5626992);c:program filesGoogleUpdateGoogleUpdate.exe [08.07.2009 20:44 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys —> e:NTGLM7X.sys [?]— Other Services/Drivers In Memory —
*Deregistered* — mbr
*Deregistered* — PROCEXP113HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-11-15 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-18 17:36]2009-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-15 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-15 c:windowsTasksUser_Feed_Synchronization-{86385FE9-C96D-47C7-89D3-7A5DE9D05FB1}.job
— c:windowssystem32msfeedssync.exe [2009-05-18 01:31]2009-10-30 c:windowsTasksОдним Щелчком.job
— c:program filesTuneUp Utilities 2007SystemOptimizer.exe [2007-08-14 19:15]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Експорт до Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:windowssystem32imon.dll
TCP: {8CF7EB27-1F95-4E58-A1F4-E28993ADAB5B} = 193.27.209.209 217.9.0.2
TCP: {FA95879A-1023-4EC3-9182-7CF3EB012527} = 172.27.0.1,193.27.209.1
.
— — — — ORPHANS REMOVED — — — —AddRemove-The KMPlayer — c:program filesThe KMPlayeruninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 21:27
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x823DC1F8]<<
kernel: MBR read successfully
user & kernel MBR OK**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesNAV]
«ImagePath»=»»c:program filesNorton AntiVirusEngine17.1.0.19ccSvcHst.exe» /s «NAV» /m «c:program filesNorton AntiVirusEngine17.1.0.19diMaster.dll» /prefetch:1″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(720)
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(776)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(928)
c:windowssystem32WININET.dll
c:windowsSystem32cscui.dll
c:program filesGoogleQuick Search Boxbin1.2.1150.158qsb.dll
c:program filesVolumeControlwheel.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32webcheck.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-11-15 21:29
ComboFix-quarantined-files.txt 2009-11-15 18:29
ComboFix2.txt 2009-11-07 14:30Pre-Run: 3 329 912 832 байт свободно
Post-Run: 3 303 907 328 байт свободно— — End Of File — — F7946DADC141035071947E3D62EAB42D
Нет сейчас баннера уже нету , я еще перед установкой програмы Combofix удалила все файлы которые заканчивались на lib. dll .и баннер сам удалился, а потом запустила програму Combofix. Но у меня еще есть одна проблема у меня пару раз компьютер сам выключался и на голубом экране был текст на английсьий языке и я не поняла что это такое или это некое предупреждение Windows.
А на счет системы безопасности у меня после программы Combofix отключилось автоматическое обновление и невозможно включить его, постоянно оповещает система безопасности Windows что нужно включить автоматическое обновление.
Я так поняла что программа Combofix удалила все существующие вирусы которые у меня были, а теперь мне нужно удалить прграму Combofix или нет.
Я ещо раз просканирувала свой компьютер используя программу RSIT,помотрите или все уже нормально или нужно чтото делать.Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-11-12 01:38:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (5%) free of 30 GB
Total RAM: 511 MB (26% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:26, on 12.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:Program FilesGoogleUpdate1.2.183.13GoogleCrashHandler.exe
C:program filesVolumeControlvolume.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesDrWebSpIDerAgent.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Program FilesDrWebspiderml.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesuTorrentuTorrent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32PnkBstrA.exe
C:PROGRA~1DrWebspidernt.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Symantec Intrusion Prevention — {6D53EC84-6AAE-4787-AEEE-F4628F01010C} — C:Program FilesNorton AntiVirusEngine17.0.0.136IPSBHO.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «D:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [ccleaner] «C:Program FilesCCleanerccleaner.exe» /AUTO
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKUSS-1-5-18..Run: [LinkDel] linkdel.cmd (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [LinkDel] linkdel.cmd (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: &Експорт до Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O9 — Extra button: Довідкові матеріали — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242857821734
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257611162859
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{8CF7EB27-1F95-4E58-A1F4-E28993ADAB5B}: NameServer = 193.27.209.209 217.9.0.2
O17 — HKLMSystemCCSServicesTcpip..{FA95879A-1023-4EC3-9182-7CF3EB012527}: NameServer = 10.25.8.1,193.27.209.209
O23 — Service: ArcSoft Connect Daemon (ACDaemon) — ArcSoft Inc. — C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
O23 — Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Symantec Eraser Service (EraserSvc10920) — Symantec Corporation — C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба Google Update (gupdate1c9fff3b5626992) (gupdate1c9fff3b5626992) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Norton AntiVirus (NAV) — Symantec Corporation — C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe—
End of file — 8340 bytes======Scheduled tasks folder======
C:WINDOWStasksDr.Web Daily scan.job
C:WINDOWStasksDr.Web Update.job
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksUser_Feed_Synchronization-{86385FE9-C96D-47C7-89D3-7A5DE9D05FB1}.job
C:WINDOWStasksОдним Щелчком.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention — C:Program FilesNorton AntiVirusEngine17.0.0.136IPSBHO.DLL [2009-08-30 79224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-11-07 263280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll [2009-11-07 764912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-25 3697952]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2009-04-23 937416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-11-07 263280][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-05-03 13529088]
«nwiz»=nwiz.exe /install []
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-05-18 949376]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-05-03 86016]
«SpIDerAgent»=C:Program FilesDrWebSpIDerAgent.exe [2009-06-01 447728]
«SpIDerMail»=C:Program FilesDrWebspiderml.exe [2009-06-30 644336]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2009-08-17 231840]
«Malwarebytes Anti-Malware (reboot)»=D:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ccleaner»=C:Program FilesCCleanerccleaner.exe [2009-05-07 1561840]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2009-10-25 289072]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-07-08 39408][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount]
C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2007-08-01 222592][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregArcSoft Connection Service]
C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe [2008-02-22 72192][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2005-05-11 49152][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpqSRMon]
C:Program FilesHPDigital ImagingbinhpqSRMon.exe [2008-08-20 150016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-09 153136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:program filespunto switcherps.exe [2008-05-30 722112][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2005-04-15 77824][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-07-08 39408][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTetatet]
C:Program FilesTetatettetatet.exe auto [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-10-18 204288][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
C:PROGRA~1HPDIGITA~1binhpqtra08.exe [2005-05-11 282624][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Image Zone.lnk]
C:PROGRA~1HPDIGITA~1binhpqthb08.exe [2005-05-11 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«InstallVisualStyle»=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=C:WINDOWSResourcesThemesRoyale.theme
«SynchronousMachineGroupPolicy»=0
«SynchronousUserGroupPolicy»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSMConfigurePrograms»=1
«NoDrives»=0
«NoDriveAutoRun»=67108863[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-11-09 22:12:56 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2009-11-09 22:12:00 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-11-07 17:30:19 —-A—- C:ComboFix.txt
2009-11-07 17:16:53 —-A—- C:Boot.bak
2009-11-07 17:16:43 —-RASHD—- C:cmdcons
2009-11-07 17:15:46 —-A—- C:WINDOWSNIRCMD.exe
2009-11-07 17:15:46 —-A—- C:WINDOWSMBR.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSzip.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSSWXCACLS.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSSWSC.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSSWREG.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSsed.exe
2009-11-07 17:15:45 —-A—- C:WINDOWSgrep.exe
2009-11-07 17:15:32 —-D—- C:WINDOWSERDNT
2009-11-07 17:09:41 —-D—- C:Qoobox
2009-11-07 16:41:27 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2009-11-06 01:37:45 —-D—- C:Program Filestrend micro
2009-11-06 01:37:42 —-D—- C:rsit
2009-11-05 21:21:10 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2009-11-05 21:21:08 —-D—- C:Program FilesSymantec
2009-11-05 21:21:08 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-11-05 21:19:45 —-D—- C:Program FilesWindows Sidebar
2009-11-05 21:19:30 —-D—- C:Program FilesNorton AntiVirus
2009-11-05 21:19:29 —-D—- C:Documents and SettingsAll UsersApplication DataNorton
2009-11-05 21:19:08 —-D—- C:Program FilesNortonInstaller
2009-11-05 21:19:08 —-D—- C:Documents and SettingsAll UsersApplication DataNortonInstaller
2009-11-04 22:45:24 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-04 02:08:52 —-D—- C:WINDOWSie8updates
2009-11-04 02:06:29 —-HDC—- C:WINDOWSie8
2009-11-04 02:03:11 —-A—- C:WINDOWSsystem32MRT.exe
2009-11-03 21:04:24 —-D—- C:Program FilesCommon FilesDoctor Web
2009-11-03 21:04:24 —-D—- C:Documents and SettingsAll UsersApplication DataDoctor Web
2009-11-03 18:11:16 —-D—- C:Documents and SettingsAll UsersApplication DataAshampoo
2009-11-03 18:11:06 —-D—- C:Documents and SettingsAll UsersApplication Datapage
2009-10-16 20:29:59 —-D—- C:Program FilesDrWeb======List of files/folders modified in the last 1 months======
2009-11-12 01:39:21 —-D—- C:WINDOWSTemp
2009-11-12 01:38:52 —-D—- C:WINDOWSPrefetch
2009-11-12 01:34:39 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2009-11-12 00:06:46 —-SD—- C:WINDOWSTasks
2009-11-12 00:04:43 —-AD—- C:WINDOWS
2009-11-12 00:03:43 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-12 00:02:20 —-SHD—- C:System Volume Information
2009-11-11 15:29:27 —-N—- C:WINDOWSSchedLgU.Txt
2009-11-11 12:25:16 —-D—- C:Program FilesMozilla Firefox
2009-11-10 15:10:42 —-D—- C:WINDOWSsystem32CatRoot
2009-11-10 02:32:57 —-A—- C:WINDOWSNeroDigital.ini
2009-11-09 22:12:17 —-D—- C:WINDOWSsystem32drivers
2009-11-09 15:23:52 —-A—- C:WINDOWSDisney.ini
2009-11-09 15:22:44 —-AD—- C:WINDOWSsystem32
2009-11-09 15:19:34 —-AD—- C:Program Files
2009-11-08 20:16:41 —-D—- C:WINDOWSMinidump
2009-11-07 20:28:07 —-D—- C:Program FilesTuneUp Utilities 2007
2009-11-07 19:37:18 —-SD—- C:WINDOWSDownloaded Program Files
2009-11-07 19:31:22 —-HD—- C:WINDOWSinf
2009-11-07 19:26:20 —-D—- C:WINDOWSSoftwareDistribution
2009-11-07 17:35:44 —-SHD—- C:WINDOWSInstaller
2009-11-07 17:27:02 —-A—- C:WINDOWSsystem.ini
2009-11-07 17:26:06 —-AD—- C:Program FilesCommon Files
2009-11-07 17:22:24 —-D—- C:WINDOWSAppPatch
2009-11-07 17:16:53 —-RASH—- C:boot.ini
2009-11-07 16:51:08 —-D—- C:Documents and SettingsAdminApplication DataGoogle
2009-11-07 16:42:07 —-D—- C:Program FilesGoogle
2009-11-07 16:42:03 —-D—- C:Config.Msi
2009-11-05 16:24:24 —-D—- C:WINDOWSrepair
2009-11-05 16:21:08 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-05 16:15:52 —-D—- C:Program FilesThe KMPlayer
2009-11-05 16:14:08 —-D—- C:Program FilesOutlook Express
2009-11-05 16:11:54 —-D—- C:totalcmd
2009-11-04 13:31:15 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-11-04 02:12:53 —-D—- C:WINDOWSDebug
2009-11-04 02:11:52 —-D—- C:WINDOWSsystem32ru-ru
2009-11-04 02:11:52 —-D—- C:WINDOWSMedia
2009-11-04 02:11:52 —-D—- C:WINDOWSHelp
2009-11-04 02:11:52 —-D—- C:Program FilesInternet Explorer
2009-11-04 02:09:46 —-HD—- C:WINDOWSmsdownld.tmp
2009-11-04 02:09:30 —-HD—- C:WINDOWS$hf_mig$
2009-11-03 18:01:46 —-A—- C:WINDOWSsystem32BASSMOD.dll
2009-10-25 10:01:08 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 BHDrvx86;BHDrvx86; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:WINDOWSsystem32driversNAV1100000.088ccHPx86.sys [2009-08-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2009-05-18 15424]
R1 SRTSP;Symantec Real Time Storage Protection; C:WINDOWSsystem32driversNAV1100000.088SRTSP.SYS [2009-08-30 325168]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:WINDOWSsystem32driversNAV1100000.088SRTSPX.SYS [2009-08-30 43696]
R1 SymIRON;Symantec Iron Driver; C:WINDOWSsystem32driversNAV1100000.088Ironx86.SYS [2009-08-30 114736]
R1 SYMTDI;Symantec Network Dispatch Driver; C:WINDOWSsystem32driversNAV1100000.088SYMTDI.SYS [2009-08-30 361392]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2009-05-18 512096]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-03-17 13059]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-04-19 2317504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5b.sys [2004-04-15 42496]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2005-08-23 1035008]
R3 HSFHWBS2;HSFHWBS2; C:WINDOWSsystem32DRIVERSHSFHWBS2.sys [2005-08-23 244480]
R3 IDSxpx86;IDSxpx86; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSxpx86.sys []
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091110.023NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091110.023NAVEX15.SYS []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2005-08-23 718464]
S3 ah4vcdj5;ah4vcdj5; C:WINDOWSsystem32driversah4vcdj5.sys []
S3 alcni0yo;alcni0yo; C:WINDOWSsystem32driversalcni0yo.sys []
S3 catchme;catchme; ??C:WINDOWSTEMPcatchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys [2004-04-23 818496]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2008-09-22 43520]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; ??E:INSTALLGMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-08 21744]
S3 HSF_DP;HSF_DP; C:WINDOWSsystem32DRIVERSHSFDPSP2.sys [2008-04-14 1041536]
S3 MSICPL;MSICPL; ??E:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??E:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??E:NTGLM7X.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe [2008-02-22 104960]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2009-09-22 869688]
R2 NAV;Norton AntiVirus; C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [2009-08-25 126392]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-05-18 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-05-03 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-08-31 66872]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2009-08-17 231328]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
S2 EraserSvc10920;Symantec Eraser Service; C:Program FilesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [2009-08-25 126392]
S2 gupdate1c9fff3b5626992;Служба Google Update (gupdate1c9fff3b5626992); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-08 133104]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-07-08 190448]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-09-06 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Здравствуйте, я скачала запустила программу Combofix, после выполнения создался лог файл, я его вставила в ответ.Скажите пожалусйста у менея не работает система безопасности Windows, автоматическое обновление включено и нехочет включатся, что делать или ето не опасно для компютера?
ComboFix 09-11-06.03 — Admin 07.11.2009 17:18.1.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.167 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersГлавное менюHP Image Zone .lnk
c:progra~1COMMON~1{7445F~1
c:progra~1COMMON~1{7445F~1chrome.manifest
c:progra~1COMMON~1{7445F~1chromecontentextensions.xul
c:progra~1COMMON~1{7445F~1chromecontentlogo.png
c:progra~1COMMON~1{7445F~1chromecontentmain.js
c:progra~1COMMON~1{7445F~1chromecontentmain.xul
c:progra~1COMMON~1{7445F~1chromecontentq.png
c:progra~1COMMON~1{7445F~1chromecontentq_gray.png
c:progra~1COMMON~1{7445F~1chromecontentx.png
c:progra~1COMMON~1{7445F~1chromecontentx_gray.png
c:progra~1COMMON~1{7445F~1defaultspreferencesmain.js
c:progra~1COMMON~1{7445F~1defaultspreferencesmain.js.old
c:progra~1COMMON~1{7445F~1extension.reg
c:progra~1COMMON~1{7445F~1install.rdf
c:windowssystem32_id.dat
c:windowssystem32d3d10core.dll
c:windowssystem32DESKTOP.REG
c:windowssystem32dxgi.dll.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.2009-11-06 23:52 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001Scxpx86.dll
2009-11-06 23:52 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSXpx86.sys
2009-11-06 23:52 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSxpx86.dll
2009-11-06 23:52 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSvix86.sys
2009-11-06 23:52 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSviA64.sys
2009-11-06 23:44 . 2009-08-29 09:00 1647984 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003NAVEX32A.DLL
2009-11-06 23:44 . 2009-08-29 09:00 1323568 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003NAVEX15.SYS
2009-11-06 23:44 . 2009-08-29 09:00 177520 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003NAVENG32.DLL
2009-11-06 23:44 . 2009-08-29 09:00 84912 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003NAVENG.SYS
2009-11-06 23:44 . 2009-08-29 09:00 102448 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003ERASER.SYS
2009-11-06 23:44 . 2009-08-29 09:00 371248 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003EECTRL.SYS
2009-11-06 23:44 . 2009-11-05 19:34 259440 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003ECMSVR32.DLL
2009-11-06 23:44 . 2009-11-05 19:34 2747952 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsVirusDefs20091106.003CCERASER.DLL
2009-11-05 22:37 . 2009-11-05 22:45
d
w- c:program filestrend micro
2009-11-05 22:37 . 2009-11-05 22:45
d
w- C:rsit
2009-11-05 18:21 . 2009-08-30 00:16 164216 —-a-r- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136IPSFFPlgncomponentsIPSFFPl.dll
2009-11-05 18:21 . 2009-11-05 18:21 60808 —-a-w- c:windowssystem32S32EVNT1.DLL
2009-11-05 18:21 . 2009-11-05 18:21 124976 —-a-w- c:windowssystem32driversSYMEVENT.SYS
2009-11-05 18:21 . 2009-11-05 18:30
d
w- c:program filesCommon FilesSymantec Shared
2009-11-05 18:21 . 2009-11-05 18:21
d
w- c:program filesSymantec
2009-11-05 18:20 . 2009-08-26 22:13 900464 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136OCShsplayer.dll
2009-11-05 18:20 . 2008-05-23 08:13 288104 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CPDOEMCPDOEM.dll
2009-11-05 18:20 . 2009-09-01 08:53 892784 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136CLTcltLMSx.dll
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:windowssystem32driversNAV
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesWindows Sidebar
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesNorton AntiVirus
2009-11-05 18:19 . 2009-11-05 18:21
d
w- c:documents and settingsAll UsersApplication DataNorton
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:program filesNortonInstaller
2009-11-05 18:19 . 2009-11-05 18:19
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-11-04 19:45 . 2009-11-04 19:45
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-03 23:08 . 2009-11-03 23:08
d
w- c:windowsie8updates
2009-11-03 23:06 . 2009-11-03 23:07
dc-h—w- c:windowsie8
2009-11-03 22:44 . 2009-10-02 04:44 92160 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-11-03 22:43 . 2009-08-29 07:58 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-11-03 22:43 . 2009-08-29 07:58 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-11-03 22:43 . 2009-08-29 07:58 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-11-03 22:43 . 2009-08-29 07:58 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-11-03 22:43 . 2009-08-29 07:58 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-11-03 22:43 . 2009-08-29 07:58 11069440 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-11-03 18:04 . 2009-11-02 12:55 105720 —-a-w- c:windowssystem32driversdwprot.sys
2009-11-03 18:04 . 2009-11-03 18:04
d
w- c:program filesCommon FilesDoctor Web
2009-11-03 18:04 . 2009-11-03 18:04
d
w- c:documents and settingsAll UsersApplication DataDoctor Web
2009-11-03 15:11 . 2009-11-05 16:05
d
w- c:documents and settingsAll UsersApplication DataAshampoo
2009-11-03 15:11 . 2009-11-03 15:11
d
w- c:documents and settingsAll UsersApplication Datapage
2009-10-28 22:37 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 343088 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091102.002IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091102.002IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubScxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 811896 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091102.002Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091102.002IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefsBinHubIDSviA64.sys
2009-10-28 22:37 . 2009-10-28 22:37 466992 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091102.002IDSviA64.sys
2009-10-20 16:46 . 2009-10-20 16:46 59992 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 2010 9.0.0.736Russiansetup.exe
2009-10-16 17:29 . 2009-11-07 14:14
d
w- c:program filesDrWeb
2009-10-09 21:38 . 2009-10-09 21:38 201616 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001bbRGen.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 14:25 . 2009-05-18 11:25
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-11-07 13:42 . 2009-05-18 10:15
d
w- c:program filesGoogle
2009-11-05 18:21 . 2009-11-05 18:21 805 —-a-w- c:windowssystem32driversSYMEVENT.INF
2009-11-05 18:21 . 2009-11-05 18:21 7443 —-a-w- c:windowssystem32driversSYMEVENT.CAT
2009-11-05 13:15 . 2009-05-30 18:27
d
w- c:program filesThe KMPlayer
2009-11-04 18:36 . 2009-06-01 18:15
d
w- c:program filesTuneUp Utilities 2007
2009-11-04 10:31 . 2009-08-31 15:56 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-04 10:31 . 2009-08-31 15:56 103736 —-a-w- c:windowssystem32PnkBstrB.exe
2009-10-25 07:01 . 2008-04-15 12:00 84082 —-a-w- c:windowssystem32perfc019.dat
2009-10-25 07:01 . 2008-04-15 12:00 484362 —-a-w- c:windowssystem32perfh019.dat
2009-10-05 19:47 . 2009-09-06 20:23
d
w- c:documents and settingsAdminApplication DataImage Zone Express
2009-09-28 13:44 . 2009-09-28 13:38
d
w- c:documents and settingsAdminApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Toolbar
2009-09-28 13:41 . 2009-09-28 13:41
d
w- c:program filesDAEMON Tools Lite
2009-09-28 13:38 . 2009-09-05 09:13 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-09-27 19:34 . 2009-05-18 08:45
d
w- c:program filesCommon FilesAdobe
2009-09-27 19:33 . 2009-09-16 07:06
d
w- c:program filesCommon FilesAhead
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:program filesNero
2009-09-27 19:33 . 2009-05-30 11:14
d
w- c:documents and settingsAll UsersApplication DataNero
2009-09-27 19:33 . 2009-09-15 10:16
d
w- c:program filesTetatet
2009-09-27 19:33 . 2009-09-15 10:12
d
w- c:program filesOnline TV Player 4
2009-09-27 19:33 . 2009-09-15 09:56
d
w- c:program filesWebTV
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataROALDevelopment
2009-09-27 19:33 . 2009-09-15 10:20
d
w- c:program filesRadioClicker LITE
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:program filesCommon FilesXstream
2009-09-27 19:33 . 2009-09-27 19:33
d
w- c:documents and settingsAdminApplication DataInstallShield
2009-09-27 19:33 . 2009-09-15 09:27
d
w- c:program filesXviD
2009-09-27 19:32 . 2009-05-20 20:24
d
w- c:program filesDivX
2009-09-27 19:31 . 2009-05-18 08:47
d
w- c:program filesK-Lite Codec Pack
2009-09-16 07:14 . 2009-09-15 07:35
d
w- c:documents and settingsAdminApplication DataAhead
2009-09-15 12:07 . 2009-05-20 17:31
d—h—w- c:program filesInstallShield Installation Information
2009-09-15 10:58 . 2009-09-15 10:58
d
w- c:documents and settingsAdminApplication DataThinstall
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_6FEFF9B68218417F98F549.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_421FE54573FB5C215E711E.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_16554A15DC1F44106A7456.exe
2009-09-15 10:52 . 2009-09-15 10:46 5430 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{31527399-096A-41EB-99A2-18A8F53A275A}_136A3CF0786CC69E72229C.exe
2009-09-15 10:46 . 2009-09-15 10:46
d
w- c:program filesReadon Technology
2009-09-15 09:45 . 2009-05-20 09:52
d
w- c:documents and settingsAdminApplication DataAIMP
2009-09-11 09:34 . 2009-09-11 09:34
d
w- c:documents and settingsAdminApplication DataArcsoft
2009-09-11 09:34 . 2009-09-11 09:34
d
w- c:documents and settingsAll UsersApplication DataArcSoft
2009-09-11 09:33 . 2009-09-11 09:33
d
w- c:program filesCommon FilesArcSoft
2009-09-11 09:33 . 2009-09-11 09:33
d
w- c:program filesArcSoft
2009-09-11 09:18 . 2009-09-11 09:16 19527 —-a-w- c:windowshpqins13.dat
2009-09-11 08:49 . 2009-09-06 17:53 112848 —-a-w- c:windowshpoins07.dat
2009-09-10 07:22 . 2009-09-10 07:22
d
w- c:documents and settingsAll UsersApplication DataHP Product Assistant
2009-09-10 06:42 . 2005-01-24 06:30 139264 —-a-w- c:windowssystem32hpzjrd01.dll
2009-09-09 17:21 . 2009-09-06 17:53
d
w- c:documents and settingsAdminApplication DataHP
2009-09-06 20:33 . 2009-05-30 12:11 46872 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-06 20:33 . 2009-09-06 20:33 128 —-a-w- c:documents and settingsAdminLocal SettingsApplication Datafusioncache.dat
2009-09-06 20:33 . 2009-09-06 20:30 71647 —-a-w- c:windowshpqins09.dat
2009-09-05 11:31 . 2009-09-05 11:31 22980 —ha-w- c:windowssystem32mlfcache.dat
2009-09-01 20:09 . 2009-09-01 20:09 0 —-a-w- c:windowsnsreg.dat
2009-08-31 15:55 . 2009-08-31 15:55 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-08-29 07:58 . 2008-08-20 06:06 916480 —-a-w- c:windowssystem32wininet.dll
2009-06-10 10:47 . 2009-06-10 10:47 4643 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-10 10:47 . 2009-06-10 10:47 1214827 —-a-w- c:program filesCommon Filesunins000.exe
.
Sigcheck
[-] 2008-08-20 . 5FD0BC6E39FAF7E2A4CB9EDDE925CF33 . 952320 . . [6.00.2900.5512] . . c:windowsexplorer.exe[-] 2008-08-20 . FBC0451EE7C39EE98CF622AD1C6ACE96 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccleaner»=»c:program filesCCleanerccleaner.exe» [2009-05-07 1561840]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-10-25 289072]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-07-08 39408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«KernelFaultCheck»=»c:windowssystem32dumprep 0 -k» [X]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2009-05-18 949376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«SpIDerAgent»=»c:program filesDrWebSpIDerAgent.exe» [2009-06-01 447728]
«SpIDerMail»=»c:program filesDrWebspiderml.exe» [2009-06-30 644336]
«SpIDerNT»=»c:progra~1DrWebspiderui.exe» [2009-08-17 231840]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-11-07 122880]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-03 782336]
«Cmaudio»=»cmicnfg.cpl» — c:windowsCMICNFG.CPL [2004-04-23 2494464][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«LinkDel»=»linkdel.cmd» — c:windowssystem32LINKDEL.CMD [2008-08-21 2324][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«LoadAppInit_DLLs»=1 (0x1)[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *BtDfSDK[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаHP Digital Imaging Monitor.lnk
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск HP Image Zone.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск HP Image Zone.lnk
backup=c:windowspssБыстрый запуск HP Image Zone.lnkCommon Startup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:totalcmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» -autorun
«UIWatcher»=d:program filesAshampoo UnInstaller 4UIWatcher.exe
«ctfmon.exe»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [03.11.2009 21:04 105720]
R0 SymDS;Symantec Data Store;c:windowssystem32driversNAV1100000.088SymDS.sys [05.11.2009 21:20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1100000.088SymEFA.sys [05.11.2009 21:20 169008]
R1 BHDrvx86;BHDrvx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsBASHDefs20091013.001BHDrvx86.sys [10.10.2009 0:38 508976]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1100000.088ccHPx86.sys [05.11.2009 21:20 501888]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [18.05.2009 11:50 15424]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNAV1100000.088Ironx86.sys [05.11.2009 21:20 114736]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [22.09.2009 18:09 869688]
R2 NAV;Norton AntiVirus;c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [05.11.2009 21:20 126392]
R2 SPIDER;SpIDer Guard File System Monitor;c:progra~1DrWebspider.sys [17.08.2009 17:47 306464]
R2 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [17.08.2009 17:47 231328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [05.11.2009 22:34 102448]
R3 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136DefinitionsIPSDefs20091105.001IDSXpx86.sys [07.11.2009 2:52 329592]
S2 EraserSvc10920;Symantec Eraser Service;c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe [05.11.2009 21:20 126392]
S2 gupdate1c9fff3b5626992;Служба Google Update (gupdate1c9fff3b5626992);c:program filesGoogleUpdateGoogleUpdate.exe [08.07.2009 20:44 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys —> e:NTGLM7X.sys [?]— Other Services/Drivers In Memory —
*NewlyCreated* — MBR
*NewlyCreated* — PROCEXP113
*Deregistered* — mbr
*Deregistered* — PROCEXP113HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-11-03 c:windowsTasksDr.Web Daily scan.job
— c:program filesDrWebDrWeb32w.exe [2009-09-21 15:02]2009-11-07 c:windowsTasksDr.Web Update.job
— c:program filesDrWebDrWebUpW.exe [2009-09-14 07:18]2009-11-07 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-18 17:36]2009-11-07 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-07 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-08 17:43]2009-11-07 c:windowsTasksUser_Feed_Synchronization-{86385FE9-C96D-47C7-89D3-7A5DE9D05FB1}.job
— c:windowssystem32msfeedssync.exe [2009-05-18 01:31]2009-10-30 c:windowsTasksОдним Щелчком.job
— c:program filesTuneUp Utilities 2007SystemOptimizer.exe [2007-08-14 19:15]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.yandex.ru/?clid=48105
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Експорт до Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:windowssystem32imon.dll
LSP: c:program filesDrWebdrwebsp.dll
TCP: {FA95879A-1023-4EC3-9182-7CF3EB012527} = 10.25.8.1,193.27.209.209
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfilesbs9px13b.default
FF — prefs.js: browser.search.selectedEngine — DAEMON Search
FF — component: c:documents and settingsAdminApplication DataMozillaFirefoxProfilesbs9px13b.defaultextensionsDTToolbar@toolbarnet.comcomponentsDTToolbarFF.dll
FF — component: c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_17.0.0.136IPSFFPlgncomponentsIPSFFPl.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1636.7222npCIDetect13.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 6
FF — user.js: network.http.max-persistent-connections-per-server — 3
FF — user.js: content.max.tokenizing.time — 2250000
FF — user.js: content.notify.interval — 750000
FF — user.js: nglayout.initialpaint.delay — 750
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-UIWatcher — d:program filesAshampoo UnInstaller 4UIWatcher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 17:26
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x823DC1F8]<<
kernel: MBR read successfully
user & kernel MBR OK**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesNAV]
«ImagePath»=»»c:program filesNorton AntiVirusEngine17.0.0.136ccSvcHst.exe» /s «NAV» /m «c:program filesNorton AntiVirusEngine17.0.0.136diMaster.dll» /prefetch:1″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(716)
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(784)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
c:program filesDrWebdrwebsp.dll
.
Completion time: 2009-11-07 17:30
ComboFix-quarantined-files.txt 2009-11-07 14:30Pre-Run: 1 290 153 984 байт свободно
Post-Run: 1 632 337 920 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=AlwaysOff /nopae /fastdetect— — End Of File — — C1FBC7F723ECE224C6CED29E3D757223
