Логи СomboFix — разобраться бы..

[selen]

были заморочки с компом -думает туго, хотя проц вроде 2ГГц и так конфиг нормальный — для ХР хватало всегда .. сканирнул ComboF-шкой .. и чего теперь понять по эти млогам,, вроде явных угроз 😈 не обнаружил (что были ли), может чего не понимаю — знающих просьба глянуть и растолковать :ugeek:

ComboFix 08-10-06.08 — selen 2008-10-07 13:56:30.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.716 [GMT -3:00]
Running from: C:Documents and SettingsselenРабочий столComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:WINDOWStempperflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-01 19:04 . 2008-10-01 19:04

d

---

C:Documents and SettingsselenApplication DataCyberLink
2008-10-01 19:03 . 2008-10-06 15:14 69 —a

---

C:WINDOWSNeroDigital.ini
2008-09-30 20:31 . 2008-09-30 20:31 d

---

C:Program FilesWindows Media Connect 2
2008-09-30 20:30 . 2008-10-01 20:50 d

---

C:WINDOWSsystem32LogFiles
2008-09-30 20:30 . 2008-09-30 20:30 d

---

C:WINDOWSsystem32driversUMDF
2008-09-30 18:42 . 2008-09-30 18:42 d

---

C:Documents and SettingsAll UsersApplication DataDeskSoft
2008-09-30 18:41 . 2008-09-30 18:43 d

---

C:Program FilesBWMeter
2008-09-30 18:41 . 2008-09-30 18:41 d

---

C:Documents and SettingsselenApplication DataDeskSoft
2008-09-30 18:41 . 2008-09-30 18:41 26,920 —a

---

C:WINDOWSsystem32driversdsnpfd.sys
2008-09-30 18:04 . 2008-09-30 18:09 d

---

C:Documents and SettingsselenApplication DataWebMoney
2008-09-30 18:02 . 2008-09-30 18:02 d

---

C:Documents and SettingsselenApplication DataICQ Toolbar
2008-09-30 18:01 . 2008-09-30 18:01 d

---

C:Program FilesWebMoney Advisor
2008-09-30 18:01 . 2008-09-30 18:24 d-a

---

C:Documents and SettingsAll UsersApplication DataTEMP
2008-09-30 18:00 . 2008-09-30 18:01 d

---

C:Program FilesWebMoney
2008-09-30 14:28 . 2008-09-30 14:32 d

---

C:Program FilesFX Euroclub RUS 4.3.1
2008-09-30 13:46 . 2008-09-30 13:46 d

---

C:Documents and SettingsselenApplication DataNero
2008-09-30 13:43 . 1999-06-25 10:55 149,504 —a

---

C:Program FilesUNWISE.EXE
2008-09-30 13:41 . 2008-09-30 13:41 d

---

C:Program Files+ VirtualDub для работы
2008-09-30 13:38 . 2000-08-25 06:58 264,441 —a

---

C:WINDOWSsystem32PGP.hlp
2008-09-30 13:37 . 2008-09-30 13:37 d

---

C:Program FilesNetwork Associates
2008-09-30 13:37 . 2008-09-30 13:37 d

---

C:Documents and SettingsselenApplication DataPGP
2008-09-30 13:37 . 2000-08-25 06:58 1,142,784 —a

---

C:WINDOWSsystem32PGPcl.dll
2008-09-30 13:37 . 2000-08-25 06:58 851,968 —a

---

C:WINDOWSsystem32PGPsc.dll
2008-09-30 13:37 . 2000-08-25 06:58 815,104 —a

---

C:WINDOWSsystem32PGP_SDK.dll
2008-09-30 13:37 . 1998-10-02 19:00 327,168 —a

---

C:WINDOWSIsUninst.exe
2008-09-30 13:37 . 2000-08-25 06:58 241,664 —a

---

C:WINDOWSsystem32PGPsdkNL.dll
2008-09-30 13:37 . 2000-08-25 06:58 188,416 —a

---

C:WINDOWSsystem32PGPsdkUI.dll
2008-09-30 13:37 . 2000-08-25 06:58 53,248 —a

---

C:WINDOWSsystem32PGPmn.dll
2008-09-30 13:37 . 2000-08-25 06:58 28,672 —a

---

C:WINDOWSsystem32PGPhk.dll
2008-09-30 13:37 . 2000-08-25 06:58 6,656 —a

---

C:WINDOWSsystem32driversPGPmemlock.sys
2008-09-30 13:37 . 2008-09-30 13:38 512 —a

---

C:WINDOWSrandseed.rnd
2008-09-30 13:35 . 2008-09-30 13:35 d

---

C:Program FilesBIRTHDAY
2008-09-30 13:35 . 2002-05-27 00:18 18,432 —a

---

C:WINDOWSbmuninst.exe
2008-09-30 13:30 . 2008-09-30 18:02 d

---

C:Program FilesICQToolbar
2008-09-30 13:25 . 2008-09-30 14:50 d

---

C:Documents and SettingsselenApplication DataICQ
2008-09-30 13:24 . 2008-09-30 14:50 d

---

C:Program FilesICQ6
2008-09-29 23:39 . 2008-09-29 23:39 d

---

C:Program FilesCCleaner
2008-09-29 23:36 . 2008-09-29 23:36 d

---

C:Program FilesJetico
2008-09-29 23:04 . 2008-09-29 23:04 d

---

C:Program FilesVirtualDub-MPEG2
2008-09-29 23:04 . 2008-09-29 23:04 d

---

C:Program FilesNeroInstall.bak
2008-09-29 23:01 . 2008-09-29 23:01 d

---

C:Program FilesNero
2008-09-29 23:01 . 2008-09-29 23:02 d

---

C:Program FilesCommon FilesNero
2008-09-29 23:01 . 2008-09-29 23:01 d

---

C:Documents and SettingsAll UsersApplication DataNero
2008-09-29 22:51 . 2008-09-29 22:51 d

---

C:Documents and SettingsselenApplication DataMedia Player Classic
2008-09-29 22:51 . 2007-01-07 00:00 4,113,408 —a

---

C:Program Filesmplayerc.exe
2008-09-29 22:46 . 2008-09-29 22:46 d

---

C:Documents and SettingsselenApplication DataUlead Systems
2008-09-29 22:44 . 2008-09-29 22:44 d

---

C:Program FilesWindows Media Components
2008-09-29 22:44 . 2008-09-29 22:44 d

---

C:Program FilesCommon FilesInterVideo
2008-09-29 22:44 . 2008-09-29 22:44 d

---

C:Documents and SettingsAll UsersApplication DataInterVideo
2008-09-29 22:44 . 2007-03-27 19:56 210,456 —a

---

C:WINDOWSsystem32IVIresizeW7.dll
2008-09-29 22:44 . 2007-03-27 19:56 206,360 —a

---

C:WINDOWSsystem32IVIresizeA6.dll
2008-09-29 22:44 . 2007-03-27 19:56 198,168 —a

---

C:WINDOWSsystem32IVIresizeP6.dll
2008-09-29 22:44 . 2007-03-27 19:56 198,168 —a

---

C:WINDOWSsystem32IVIresizeM6.dll
2008-09-29 22:44 . 2007-03-27 19:56 194,072 —a

---

C:WINDOWSsystem32IVIresizePX.dll
2008-09-29 22:44 . 2007-03-27 19:56 26,136 —a

---

C:WINDOWSsystem32IVIresize.dll
2008-09-29 22:43 . 2008-09-29 22:43 d

---

C:Program FilesUlead Systems
2008-09-29 22:43 . 2008-09-29 22:44 d

---

C:Program FilesCommon FilesUlead Systems
2008-09-29 22:43 . 2008-09-29 22:46 d

---

C:Documents and SettingsAll UsersApplication DataUlead Systems
2008-09-29 22:35 . 2008-09-29 22:40 d

---

C:Documents and SettingsAll UsersApplication DataCyberLink
2008-09-29 22:34 . 2008-09-29 22:35 d

---

C:Program FilesCyberLink
2008-09-29 21:59 . 2008-09-29 21:59 d

---

C:Program FilesWomble Multimedia
2008-09-29 20:54 . 2008-09-29 21:00 d

---

C:Program FilesWinamp
2008-09-29 20:54 . 2008-09-29 21:05 d

---

C:Documents and SettingsselenApplication DataWinamp
2008-09-29 20:53 . 2008-10-06 19:07 d

---

C:Documents and SettingsselenApplication DataSkype
2008-09-29 20:52 . 2008-10-06 15:55 d

---

C:Program FilesSippoint
2008-09-29 20:52 . 2008-09-29 20:52 d

---

C:Program FilesCommon FilesSkype
2008-09-29 20:52 . 2008-09-29 20:56 d

---

C:Documents and SettingsselenApplication DataSippoint
2008-09-29 20:52 . 2008-09-29 20:52 d

---

C:Documents and SettingsAll UsersApplication DataSkype
2008-09-29 20:52 . 2006-01-11 13:35 221,184 —a

---

C:WINDOWSsystem32stun.dll
2008-09-29 20:50 . 2008-09-29 20:52 d

---

C:Program FilesSkype
2008-09-29 20:38 . 2008-09-29 20:38 0 —a

---

C:WINDOWSnsreg.dat
2008-09-29 19:51 . 2008-09-29 19:51 d

---

C:Program FilesPRMT8
2008-09-29 18:42 . 2008-09-29 18:48 d

---

C:Program FilesThe Bat!
2008-09-29 16:11 . 2004-08-03 23:08 26,496 —a—c— C:WINDOWSsystem32dllcacheusbstor.sys
2008-09-29 15:46 . 2008-09-29 15:46 d

---

C:Documents and SettingsselenApplication DataPRMT
2008-09-29 15:40 . 2008-09-29 19:53 d

---

C:WINDOWSspeech
2008-09-29 15:38 . 2008-10-04 22:57 d

---

C:WINDOWSLhsp
2008-09-29 15:38 . 2008-09-29 15:38 d

---

C:Documents and SettingsAll UsersApplication DataPRMT
2008-09-29 14:13 . 2008-09-30 13:44 d

---

C:Program FilesCommon FilesAdobe
2008-09-29 00:01 . 2008-09-29 00:11 d

---

C:Program FilesMetaTrader — Alpari
2008-09-28 15:37 . 2008-09-28 15:37 d

---

C:Program FilesOpera
2008-09-28 15:35 . 2008-09-28 15:35 d

---

C:Program FilesMSBuild
2008-09-28 15:31 . 2008-09-28 15:31 d

---

C:WINDOWSsystem32XPSViewer
2008-09-28 15:31 . 2008-09-28 15:31 d

---

C:Program FilesReference Assemblies
2008-09-28 15:31 . 2006-06-29 13:07 14,048

---

C:WINDOWSsystem32spmsg2.dll
2008-09-28 15:28 . 2006-10-16 16:10 23,856 —a

---

C:WINDOWSsystem32spupdsvc.exe
2008-09-28 15:09 . 2008-09-28 15:09 394 —a

---

C:WINDOWSODBC.INI
2008-09-28 15:08 . 2008-09-28 15:08 d

---

C:WINDOWSShellNew
2008-09-28 15:03 . 2008-09-28 15:03 d

---

C:Program FilesPatchWise.bak
2008-09-28 15:02 . 2008-09-28 15:02 d

---

C:Documents and SettingsAll UsersApplication DataACD Systems
2008-09-28 14:56 . 2008-09-28 14:56 d

---

C:Documents and SettingsselenApplication DataACD Systems
2008-09-28 14:55 . 2008-09-28 15:03 d

---

C:Program FilesCommon FilesACD Systems
2008-09-28 14:55 . 2008-09-28 14:55 d

---

C:Program FilesACD Systems
2008-09-28 14:41 . 2008-09-28 14:41 d

---

C:Program FilesZone Labs
2008-09-28 12:49 . 2008-09-28 12:49 d

---

C:Program FilesAlwil Software
2008-09-28 12:44 . 2008-10-07 14:00 d

---

C:WINDOWSInternet Logs
2008-09-28 12:24 . 2008-10-01 20:54 d

---

C:Documents and SettingsAll UsersApplication DataAcronis
2008-09-28 12:16 . 2008-09-28 12:16 d

---

C:Program FilesCommon FilesAcronis
2008-09-28 12:16 . 2008-09-28 12:16 d

---

C:Program FilesAcronis
2008-09-28 12:16 . 2008-09-28 12:16 395,744 —a

---

C:WINDOWSsystem32driverstimntr.sys
2008-09-28 12:16 . 2008-09-28 12:16 114,048 —a

---

C:WINDOWSsystem32driverssnapman.sys
2008-09-28 12:16 . 2008-09-28 12:16 39,264 —a

---

C:WINDOWSsystem32driverstifsfilt.sys
2008-09-28 12:13 . 2008-09-28 12:13 d

---

C:Program FilesK-Lite Codec Pack
2008-09-28 12:12 . 2008-09-28 12:12 d

---

C:Program FilesSAM CoDeC Pack
2008-09-28 12:05 . 2004-08-03 23:10 85,376 —a

---

C:WINDOWSsystem32driversNABTSFEC.sys
2008-09-28 12:04 . 2004-08-17 16:05 91,136 —a

---

C:WINDOWSsystem32kswdmcap.ax
2008-09-28 12:04 . 2004-08-17 16:05 91,136 —a—c— C:WINDOWSsystem32dllcachekswdmcap.ax
2008-09-28 12:04 . 2004-08-17 16:05 61,952 —a

---

C:WINDOWSsystem32kstvtune.ax
2008-09-28 12:04 . 2004-08-17 16:05 61,952 —a—c— C:WINDOWSsystem32dllcachekstvtune.ax
2008-09-28 12:04 . 2004-08-17 16:04 54,272 —a

---

C:WINDOWSsystem32vfwwdm32.dll
2008-09-28 12:04 . 2004-08-17 16:04 54,272 —a—c— C:WINDOWSsystem32dllcachevfwwdm32.dll
2008-09-28 12:04 . 2004-08-17 16:05 43,008 —a

---

C:WINDOWSsystem32ksxbar.ax
2008-09-28 12:04 . 2004-08-17 16:05 43,008 —a—c— C:WINDOWSsystem32dllcacheksxbar.ax
2008-09-28 12:04 . 2004-08-17 16:05 28,672 —a

---

C:WINDOWSsystem32vidcap.ax
2008-09-28 12:04 . 2004-08-17 16:05 28,672 —a—c— C:WINDOWSsystem32dllcachevidcap.ax
2008-09-28 12:03 . 2008-09-28 12:03 d

---

C:WINDOWSPixArt
2008-09-28 12:03 . 2008-09-28 12:03 d

---

C:WINDOWSAlbum
2008-09-28 12:03 . 2008-09-28 12:03 d

---

C:Program FilesVideoCAM GF112
2008-09-28 12:03 . 2008-09-28 12:03 d

---

C:Program FilesCommon FilesPCCamera
2008-09-28 12:02 . 2008-09-28 14:54 d

---

C:WINDOWSDownloaded Installations
2008-09-28 11:57 . 2008-09-28 11:57 d

---

C:Program FilesMarvell
2008-09-28 11:50 . 2008-10-03 11:19 302 —a

---

C:WINDOWSsystemcmicnfg.ini
2008-09-28 11:49 . 2008-09-28 11:49 1,176 —a

---

C:WINDOWSImpTableL.bin
2008-09-28 11:46 . 2004-10-21 14:54 4,001,792 -ra

---

C:WINDOWSsystemcmicnfg.cpl
2008-09-28 11:46 . 2004-10-21 15:56 1,275,584 -ra

---

C:WINDOWSsystem32driverscmudax.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 16:44 185,299 —-a-w C:Program FilesINSTALL.LOG
2008-09-28 18:03 5,276 —-a-w C:Program FilesPatchWise.log
2008-09-28 02:47

---

d

---

w C:Program Filesmicrosoft frontpage
2008-07-09 12:05 1,086,952 —-a-w C:WINDOWSsystem32zpeng24.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-03-20 09:28 2469888 —a

---

C:Program FilesWebMoney Advisorwmadvisor.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «C:Program FilesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «C:Program FilesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888]

[HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Acronis Scheduler2 Service»=»C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe» [2006-10-16 87584]
«ZoneAlarm Client»=»C:Program FilesZone LabsZoneAlarmzlclient.exe» [2008-07-09 919016]
«MSConfig»=»C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe» [2003-08-17 159232]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2004-12-15 5513216]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2003-08-17 15360]

C:Documents and Settingsselenѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є
BIRTHDAY! millennium.lnk — C:Program FilesBIRTHDAYbirthmil.exe [2008-09-30 158720]
BWMeter.lnk — C:Program FilesBWMeterBWMeter.exe [2008-09-30 607744]

C:Documents and SettingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є
PGPtray.lnk — C:Program FilesNetwork AssociatesPGPNTPGPTray.exe [2008-09-30 57344]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.yv12″= yv12vfw.dll
«msacm.dvacm»= C:PROGRA~1COMMON~1ULEADS~1VioDvacm.acm
«msacm.MPEGacm»= C:PROGRA~1COMMON~1ULEADS~1MPEGMPEGacm.acm
«msacm.ulmp3acm»= C:PROGRA~1COMMON~1ULEADS~1MPEGulmp3acm.acm

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Synchronizer.lnk]
path=C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Reader Synchronizer.lnk
backup=C:WINDOWSpssAdobe Reader Synchronizer.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Sippoint.lnk]
path=C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаSippoint.lnk
backup=C:WINDOWSpssSippoint.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronisTimounterMonitor]
—a

---

2006-10-16 22:07 1959904 C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBCWipeTM Startup]
—a

---

2004-07-16 06:37 303104 C:Program FilesJeticoBCWipeBCWipeTM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
—a

---

2003-08-17 21:00 15360 C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
—a

---

2008-02-28 17:07 1828136 C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
—a

---

2007-01-08 22:17 52256 C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a

---

2008-02-28 09:59 570664 C:Program FilesCommon FilesNeroLibNeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
—a

---

2004-12-15 01:01 5513216 C:WINDOWSsystem32nvcpl.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
—a

---

2004-12-15 01:01 86016 C:WINDOWSsystem32nvmctray.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

---

2007-01-08 22:26 68640 C:Program FilesCyberLinkPowerDVDPDVDServ.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
—a

---

2007-02-22 23:31 25388584 C:Program FilesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrueImageMonitor.exe]
—a

---

2006-10-16 22:03 1184024 C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUVS11 Preload]
—a

---

2007-09-12 12:17 340136 C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
—a

---

2004-12-15 01:01 1490944 C:WINDOWSsystem32nwiz.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregЯрлык для страницы свойств High Definition Audio]

---

2004-03-17 16:10 61952 C:WINDOWSsystem32Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2 (0x2)
«wscsvc»=2 (0x2)
«UPS»=3 (0x3)
«Themes»=2 (0x2)
«srservice»=2 (0x2)
«Spooler»=2 (0x2)
«SharedAccess»=2 (0x2)
«RemoteRegistry»=2 (0x2)
«RDSessMgr»=3 (0x3)
«RasMan»=3 (0x3)
«RasAuto»=3 (0x3)
«Eventlog»=2 (0x2)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=

R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 PGPmemlock;PGPmemlock;C:WINDOWSsystem32driversPGPmemlock.sys [2000-08-25 6656]
R3 cmudax;C-Media High Definition Audio Interface;C:WINDOWSsystem32driverscmudax.sys [2004-10-21 1275584]
R3 dsnpfd;DeskSoft Service;C:WINDOWSsystem32DRIVERSdsnpfd.sys [2008-09-30 26920]
R3 PAC207;VideoCAM GF112;C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
S4 BCSWAP;BCSWAP;C:WINDOWSsystem32driversBCSWAP.sys [2002-09-11 83456]
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-Cmaudio — cmicnfg.cpl
MSConfigStartUp-Cmaudio — cmicnfg.cpl

.

---

Supplementary Scan

---

.
FireFox -: Profile — C:Documents and SettingsselenApplication DataMozillaFirefoxProfilesioxj1fjf.default
FireFox -: prefs.js — STARTUP.HOMEPAGE — hxxp://start.icq.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 14:01:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

Other Running Processes

---

.
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:WINDOWSATKKBService.exe
C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32PAStiSvc.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
.
**************************************************************************
.
Completion time: 2008-10-07 14:03:14 — machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 17:03:11

Pre-Run: 18 296 270 848 байт свободно
Post-Run: 18,244,243,456 байт свободно

286

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Combofix лог выглядит нормально.
Давно возникли описанные вами проблемы ?

И ещё, пожалуйста прочитайте эти инструкции. Выполните сканирование компьютера используя HijackThis.

Вставьте HijackThis лог в ваш ответ.

[Автор]

Сообщения