накопитель

[G-Gurda]

Не хочет открываться накопитель, без него всё работает отлично. Запускал комбофикс и подключенным накопителем, комбо выявил вирусню где-то какую-то , всё вылечил, но накопитель всё еще не открывается. Что делать?

[Helper]

Здравствуйте, добро пожаловать на форум.
Давайте проверим ваш ПК на вирусы.

[G-Gurda]

Да их у меня нет я почти уверен вот только что комбофиксом всё вынес + дрвеб подтвердил.

[Helper]

Вот именно вы «почти» уверены, но не на 100%.Не поленитесь, пожалуйста, и сделайте логи.Это совсем несложно и недолго.

[G-Gurda]

Ладно, какой прогой и при подключенном накопителе я так думаю?

[Helper]

viewtopic.php?f=3&t=2
Да,можно при вставленном накопителе.

[G-Gurda]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by user at 2010-06-30 00:37:25
Microsoft Windows XP Professional Service Pack 3
System drive H: has 285 MB (0%) free of 101 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:26, on 30.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:WINDOWSSystem32smss.exe
H:WINDOWSsystem32winlogon.exe
H:WINDOWSsystem32services.exe
H:WINDOWSsystem32lsass.exe
H:WINDOWSsystem32Ati2evxx.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSSystem32svchost.exe
H:WINDOWSsystem32Ati2evxx.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32spoolsv.exe
H:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
H:Program FilesCommon FilesAcronisSchedule2schedul2.exe
H:WINDOWSsystem32bgsvcgen.exe
H:Program FilesDrWeb AV-DeskDWENGINE.EXE
H:Program FilesJavajre6binjqs.exe
H:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
H:Program FilesDrWeb AV-DeskSPIDERNT.EXE
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32CNAB4RPK.EXE
H:Program FilesDrWeb AV-Deskdrwagntd.exe
H:WINDOWSsystem32wscntfy.exe
H:WINDOWSexplorer.exe
H:Program FilesuTorrentuTorrent.exe
H:Documents and SettingsuserМои документыЗагрузкиRSIT.exe
H:Program Filestrend microuser.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=H:WINDOWSsystem32userinit.exe,H:WINDOWSsystem32d542de00.exe,\?globalrootsystemrootsystem321h43Z8O.exe,
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — H:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — H:Program FilesRealRealPlayerrpbrowserrecordplugin.dll (file missing)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — H:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — H:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — H:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [GEST] H:Program FilesGIGABYTEGESTRUN.exe
O4 — HKLM..Run: [JMB36X IDE Setup] H:WINDOWSRaidToolxInsIDE.exe
O4 — HKLM..Run: [36X Raid Configurer] H:WINDOWSsystem32xRaidSetup.exe boot
O4 — HKLM..Run: [Acronis True Image Monitor] «H:Program FilesAcronisTrueImageTrueImageMonitor.exe»
O4 — HKLM..Run: [Acronis Scheduler2 Service] «H:Program FilesCommon FilesAcronisSchedule2schedhlp.exe»
O4 — HKLM..Run: [NeroFilterCheck] H:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «H:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [NokiaMServer] H:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles
O4 — HKLM..Run: [Nokia FastStart] «H:Program FilesNokiaNokia MusicNokiaMusic.exe» /command:faststart
O4 — HKLM..Run: [SunJavaUpdateSched] «H:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [StartCCC] «H:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [DrWebAgentUI] «H:Program FilesDrWeb AV-Deskdrwagnui.exe»
O4 — HKLM..Run: [SpIDerMail] «H:Program FilesDrWeb AV-DeskSPIDERML.EXE»
O4 — HKLM..Run: [SpIDerNT] «H:Program FilesDrWeb AV-DeskSPIDERUI.EXE» /agent
O4 — HKLM..Run: [QuickTime Task] «H:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKCU..Run: [AlcoholAutomount] «H:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [AlSrvN] H:Program FilesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: FIFA 10 Registration.lnk = D:Program FilesEA SportsFIFA 10SupportEAregister.exe
O4 — Startup: Need for Speed™ Undercover — регистрация.lnk = D:Need for Speed UndercoverSupportEAregister.exe
O4 — Global Startup: Nokia Ovi Suite.lnk = H:Program FilesNokiaOviSuiteRunLauncher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://H:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — H:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} — (no file)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — H:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — H:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 — HKLMSystemCCSServicesTcpip..{641DB3C5-8660-49BE-A22B-9D95FE173AA3}: NameServer = 91.123.16.120 91.189.240.28
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — H:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — H:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — H:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — H:WINDOWSsystem32ati2sgag.exe
O23 — Service: B’s Recorder GOLD Library General Service (bgsvcgen) — B.H.A Corporation — H:WINDOWSsystem32bgsvcgen.exe
O23 — Service: Dr.Web(R) AV-Desk Agent (drwagntd) — Doctor Web, Ltd. — H:Program FilesDrWeb AV-Deskdrwagntd.exe
O23 — Service: Dr.Web (R) Scanning Engine (DrWebEngine) — Doctor Web, Ltd. — H:Program FilesDrWeb AV-DeskDWENGINE.EXE
O23 — Service: Dr.Web(R) AV-Desk Upgrade Service (drwupgrade) — Doctor Web, Ltd. — H:Program FilesDrWeb AV-Deskdrwupgrade.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: GEST Service for program management. (GEST Service) — Unknown owner — H:Program FilesGIGABYTEGESTGSvr.exe
O23 — Service: Служба Google Update (gupdate1ca1104ee4fa4be) (gupdate1ca1104ee4fa4be) — Google Inc. — H:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — H:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — H:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — H:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — H:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — H:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — H:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — H:Program FilesNokiaPC Connectivity SolutionServiceLayer.exe
O23 — Service: SpIDer Guard (R) for Windows (spidernt) — Doctor Web, Ltd. — H:Program FilesDrWeb AV-DeskSPIDERNT.EXE
O23 — Service: StarWind AE Service (StarWindServiceAE) — Unknown owner — H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — H:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — H:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — H:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — H:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 9105 bytes

======Scheduled tasks folder======

H:WINDOWStasksAppleSoftwareUpdate.job
H:WINDOWStasksGoogleUpdateTaskMachineCore.job
H:WINDOWStasksGoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — H:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — H:Program FilesRealRealPlayerrpbrowserrecordplugin.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — H:Program FilesJavajre6binssv.dll [2009-06-09 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — H:Program FilesJavajre6binjp2ssv.dll [2009-06-09 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — H:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-06-09 73728]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«GEST»=H:Program FilesGIGABYTEGESTRUN.exe [2007-12-14 236040]
«JMB36X IDE Setup»=H:WINDOWSRaidToolxInsIDE.exe [2007-03-20 36864]
«36X Raid Configurer»=H:WINDOWSsystem32xRaidSetup.exe [2007-08-29 1966080]
«Acronis True Image Monitor»=H:Program FilesAcronisTrueImageTrueImageMonitor.exe [2008-08-26 417536]
«Acronis Scheduler2 Service»=H:Program FilesCommon FilesAcronisSchedule2schedhlp.exe [2008-08-26 61440]
«NeroFilterCheck»=H:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Adobe Reader Speed Launcher»=H:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«NokiaMServer»=H:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles []
«Nokia FastStart»=H:Program FilesNokiaNokia MusicNokiaMusic.exe [2008-12-03 2372840]
«SunJavaUpdateSched»=H:Program FilesJavajre6binjusched.exe [2009-06-09 136600]
«StartCCC»=H:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2009-04-28 61440]
«RTHDCPL»=H:WINDOWSRTHDCPL.EXE [2007-09-19 16844800]
«DrWebAgentUI»=H:Program FilesDrWeb AV-Deskdrwagnui.exe [2010-06-22 1692976]
«SpIDerMail»=H:Program FilesDrWeb AV-DeskSPIDERML.EXE [2010-06-22 644336]
«SpIDerNT»=H:Program FilesDrWeb AV-DeskSPIDERUI.EXE [2010-06-22 231816]
«QuickTime Task»=H:Program FilesQuickTimeQTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AlcoholAutomount»=H:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2009-04-24 203928]
«AlSrvN»=H:Program FilesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe [2009-04-17 53248]

H:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Nokia Ovi Suite.lnk — H:Program FilesNokiaOviSuiteRunLauncher.exe

H:Documents and SettingsuserГлавное менюПрограммыАвтозагрузка
FIFA 10 Registration.lnk — D:Program FilesEA SportsFIFA 10SupportEAregister.exe
Need for Speed™ Undercover — регистрация.lnk — D:Need for Speed UndercoverSupportEAregister.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
H:WINDOWSsystem32Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — H:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«H:Program FilesGIGABYTEGESTrun.exe»=»H:Program FilesGIGABYTEGESTrun.exe:*:Enabled:update»
«H:Program FilesQIPqip.exe»=»H:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«H:WINDOWSsystem32PnkBstrA.exe»=»H:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«H:WINDOWSsystem32PnkBstrB.exe»=»H:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«H:WINDOWSsystem32CNAB4RPK.EXE»=»H:WINDOWSsystem32CNAB4RPK.EXE:*:Disabled:Canon LBP2900 RPC Server Process»
«H:WINDOWSsystem32dplaysvr.exe»=»H:WINDOWSsystem32dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«H:Program FilesuTorrentutorrent.exe»=»H:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«H:Program FilesICQ6.5ICQ.exe»=»H:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«H:Program FilesUbisoftUbisoft Game LauncherUbisoftGameLauncher.exe»=»H:Program FilesUbisoftUbisoft Game LauncherUbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======List of files/folders created in the last 1 months======

2010-06-29 13:03:31 —-A—- H:Program FilesCommon Fileskeylog.txt
2010-06-28 13:22:42 —-SHD—- H:RECYCLER
2010-06-28 13:20:11 —-D—- H:Program FilesLight Alloy
2010-06-28 13:16:26 —-A—- H:WINDOWSsystem32nj0NAdI.exe
2010-06-28 13:13:56 —-A—- H:ComboFix.txt
2010-06-28 01:06:57 —-D—- H:Documents and SettingsuserApplication DataFileZilla
2010-06-23 20:23:38 —-D—- H:WINDOWStemp
2010-06-16 12:59:54 —-D—- H:Program FilesMetaTrader — Alpari
2010-06-08 15:38:29 —-D—- H:Program FilesQuickTime
2010-06-08 15:38:28 —-D—- H:Documents and SettingsAll UsersApplication DataApple Computer
2010-06-04 15:35:29 —-D—- H:Documents and SettingsuserApplication DataFriday’s games

======List of files/folders modified in the last 1 months======

2010-06-30 00:37:26 —-D—- H:Program Filestrend micro
2010-06-30 00:37:23 —-D—- H:Documents and SettingsuserApplication DatauTorrent
2010-06-30 00:34:53 —-D—- H:WINDOWSPrefetch
2010-06-30 00:27:32 —-D—- H:Новая папка
2010-06-29 23:43:17 —-D—- H:Program FilesDrWeb AV-Desk
2010-06-29 14:13:15 —-D—- H:WINDOWSsystem32CatRoot2
2010-06-29 13:03:31 —-D—- H:Program FilesCommon Files
2010-06-28 23:34:57 —-A—- H:WINDOWSNeroDigital.ini
2010-06-28 17:17:30 —-D—- H:Program FilesICQ6.5
2010-06-28 13:20:11 —-RD—- H:Program Files
2010-06-28 13:20:04 —-D—- H:Program FilesFishki.net
2010-06-28 13:18:42 —-D—- H:Program FilesAutochartist
2010-06-28 13:18:31 —-HD—- H:Program FilesInstallShield Installation Information
2010-06-28 13:16:26 —-D—- H:WINDOWSsystem32
2010-06-28 13:13:59 —-AD—- H:Qoobox
2010-06-28 13:12:53 —-D—- H:WINDOWS
2010-06-28 13:12:53 —-A—- H:WINDOWSsystem.ini
2010-06-28 13:02:51 —-D—- H:WINDOWSsystem32drivers
2010-06-28 13:02:51 —-D—- H:WINDOWSAppPatch
2010-06-28 12:54:15 —-A—- H:WINDOWSSchedLgU.Txt
2010-06-28 11:05:20 —-SHD—- H:WINDOWSInstaller
2010-06-28 11:05:02 —-D—- H:Program FilesMozilla Firefox
2010-06-28 00:18:30 —-SHD—- H:System Volume Information
2010-06-24 17:35:39 —-D—- H:Program FilesFLV Player
2010-06-23 20:31:17 —-SD—- H:WINDOWSTasks
2010-06-23 20:24:26 —-D—- H:WINDOWSsystem32config
2010-06-23 20:24:05 —-A—- H:WINDOWSntbtlog.txt
2010-06-23 20:23:43 —-D—- H:WINDOWSERDNT
2010-06-23 20:23:06 —-D—- H:Program FilesWinRAR
2010-06-23 18:57:49 —-D—- H:Documents and Settings
2010-06-22 14:20:55 —-D—- H:Documents and SettingsuserApplication Datadvdcss
2010-06-08 15:38:56 —-D—- H:Config.Msi
2010-06-04 15:34:31 —-D—- H:Program FilesAlawar
2010-06-01 15:23:14 —-A—- H:WINDOWSBurnout(TM) Paradise The Ultimate Box Patch Log.txt
2010-06-01 01:49:34 —-D—- H:Program FilesCommon FilesWise Installation Wizard
2010-06-01 01:49:32 —-D—- H:WINDOWSsystem32DirectX
2010-06-01 01:49:30 —-HD—- H:WINDOWSinf
2010-06-01 01:48:28 —-RSD—- H:WINDOWSassembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; H:WINDOWSsystem32driverscdrbsdrv.sys [2006-02-20 33408]
R1 intelppm;Драйвер Intel процессора; H:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; H:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 spider;SpIDer Guard (R) File System Monitor; ??H:Program FilesDrWeb AV-DeskSPIDER.SYS []
R2 tifsfilter;Acronis TrueImage FS Filter; H:WINDOWSsystem32DRIVERStifsfilt.sys [2008-08-26 28096]
R3 ati2mtag;ati2mtag; H:WINDOWSsystem32DRIVERSati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; H:WINDOWSsystem32driversAtiHdmi.sys [2009-04-01 93184]
R3 catchme;catchme; ??H:DOCUME~1userLOCALS~1Tempcatchme.sys []
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; H:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; H:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 mouhid;Драйвер мыши HID; H:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-12-05 104064]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); H:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; H:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; H:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; H:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; H:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 ET5Drv;ET5Drv; ??H:WINDOWSsystem32DriversET5Drv.sys []
S3 gdrv;gdrv; ??H:WINDOWSgdrv.sys []
S3 mbr;mbr; ??H:DOCUME~1userLOCALS~1Tempmbr.sys []
S3 nmwcd;Nokia USB Phone Parent; H:WINDOWSsystem32driversccdcmb.sys [2008-05-07 17536]
S3 pccsmcfd;PCCS Mode Change Filter Driver; H:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Класс принтеров Microsoft USB; H:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; H:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; H:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; H:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; H:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; H:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-06 660768]
R2 AcrSch2Svc;Acronis Scheduler2 Service; H:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2008-08-26 122880]
R2 Ati HotKey Poller;Ati HotKey Poller; H:WINDOWSsystem32Ati2evxx.exe [2009-04-29 602112]
R2 bgsvcgen;B’s Recorder GOLD Library General Service; H:WINDOWSsystem32bgsvcgen.exe [2007-06-15 145504]
R2 DrWebEngine;Dr.Web (R) Scanning Engine; H:Program FilesDrWeb AV-DeskDWENGINE.EXE [2010-06-22 1094048]
R2 JavaQuickStarterService;Java Quick Starter; H:Program FilesJavajre6binjqs.exe [2009-06-09 152984]
R2 MDM;Machine Debug Manager; H:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 spidernt;SpIDer Guard (R) for Windows; H:Program FilesDrWeb AV-DeskSPIDERNT.EXE [2010-06-22 231816]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; H:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 drwagntd;Dr.Web(R) AV-Desk Agent; H:Program FilesDrWeb AV-Deskdrwagntd.exe [2010-06-22 2340144]
S2 ATI Smart;ATI Smart; H:WINDOWSsystem32ati2sgag.exe [2009-04-28 593920]
S2 drwupgrade;Dr.Web(R) AV-Desk Upgrade Service; H:Program FilesDrWeb AV-Deskdrwupgrade.exe [2010-06-22 828720]
S2 gupdate1ca1104ee4fa4be;Служба Google Update (gupdate1ca1104ee4fa4be); H:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-30 133104]
S2 StarWindServiceAE;StarWind AE Service; H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 GEST Service;GEST Service for program management.; H:Program FilesGIGABYTEGESTGSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; H:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; H:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; H:Program FilesNokiaPC Connectivity SolutionServiceLayer.exe [2008-09-08 575488]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[G-Gurda]

Мне казалось что раньше он выдавал 2 разных отчета сейчас- только один.

[G-Gurda]

Ну как вам мой лог господа?

[Admin]

но накопитель всё еще не открывается

Вы кликаете по имени диска в папке Мой компьютер и ничего не происходит ?
Пробовали кликнуть правой клавишей и в открывшемся меню выбрать Открыть ?

Кроме этого запустите Combofix ещё раз и получившийся лог приложите к вашему ответу.

[G-Gurda]

Да, ничего не происходит. Просто белое окно мой компьютер зависает иногда просто — мой комп.( не отвечает) , когда вынимаешь провод usb предлагает произвести форматирование этого накопителя.

ComboFix 10-07-01.02 — user 03.07.2010 17:09:02.7.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1675 [GMT 4:00]
Running from: h:documents and settingsuserМои документыЗагрузкиComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:program filesCommon Fileskeylog.txt
h:program filesLight AlloyLA.exe
h:windowssystem32aZuK2iP.exe
h:windowssystem32nj0NAdI.exe
h:windowssystem32oYKFhsQ.exe

h:windowssystem32grpconv.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-02 21:22 . 2010-07-02 21:22 114176 —-a-w- h:windowssystem32IflW0Xf.exe
2010-07-02 21:22 . 2010-07-02 21:22 48128 —-a-w- h:windowssystem3271139df6.exe
2010-06-29 23:12 . 2010-06-29 23:12

---

d

---

w- h:program filesCommon FilesJava
2010-06-29 23:12 . 2010-06-29 23:12 503808 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-nmsvcp71.dll
2010-06-29 23:12 . 2010-06-29 23:12 499712 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-njmc.dll
2010-06-29 23:12 . 2010-06-29 23:12 348160 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-nmsvcr71.dll
2010-06-29 23:12 . 2010-06-29 23:12 61440 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-20182f63-ndecora-sse.dll
2010-06-29 23:12 . 2010-06-29 23:12 12800 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-20182f63-ndecora-d3d.dll
2010-06-29 23:12 . 2010-04-12 13:29 411368 —-a-w- h:windowssystem32deployJava1.dll
2010-06-28 09:20 . 2010-07-03 13:20

---

d

---

w- h:program filesLight Alloy
2010-06-27 21:06 . 2010-06-27 21:10

---

d

---

w- h:documents and settingsuserApplication DataFileZilla
2010-06-23 16:36 . 2010-06-23 16:36 2944904 —-a-w- h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-06-23 14:57 . 2010-06-23 15:54

---

d

---

w- h:documents and settingsАдминистратор
2010-06-16 08:59 . 2010-06-16 09:00

---

d

---

w- h:program filesMetaTrader — Alpari
2010-06-15 16:40 . 2010-06-09 11:58 14336 —-a-w- h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsradiobar@toolbarcomponentstoolbarhomewmp.dll
2010-06-08 11:38 . 2010-06-08 11:38

---

d

---

w- h:program filesQuickTime
2010-06-08 11:38 . 2010-06-08 11:38

---

d

---

w- h:documents and settingsAll UsersApplication DataApple Computer
2010-06-04 11:35 . 2010-06-04 11:35

---

d

---

w- h:documents and settingsuserApplication DataFriday’s games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 13:04 . 2008-08-26 10:43 16608 —-a-w- h:windowsgdrv.sys
2010-07-03 12:53 . 2010-05-28 09:14

---

d

---

w- h:program filesFishki.net
2010-07-03 12:50 . 2008-08-27 14:31

---

d

---

w- h:documents and settingsuserApplication DatauTorrent
2010-06-29 23:12 . 2009-06-09 19:22

---

d

---

w- h:program filesJava
2010-06-29 20:37 . 2010-02-19 18:15

---

d

---

w- h:program filestrend micro
2010-06-28 13:17 . 2009-06-02 02:21

---

d

---

w- h:program filesICQ6.5
2010-06-28 09:18 . 2009-02-28 13:26

---

d

---

w- h:program filesAutochartist
2010-06-28 09:18 . 2008-08-26 10:44

---

d—h—w- h:program filesInstallShield Installation Information
2010-06-24 13:35 . 2009-07-30 09:04

---

d

---

w- h:program filesFLV Player
2010-06-22 10:20 . 2009-03-03 20:28

---

d

---

w- h:documents and settingsuserApplication Datadvdcss
2010-06-04 11:34 . 2009-12-21 23:21

---

d

---

w- h:program filesAlawar
2010-05-31 21:49 . 2010-04-26 21:39

---

d

---

w- h:program filesCommon FilesWise Installation Wizard
2010-05-28 09:22 . 2010-05-28 09:19

---

d

---

w- h:documents and settingsuserApplication Dataтанчики
2010-05-27 12:27 . 2010-05-27 12:27

---

d

---

w- h:documents and settingsAll UsersApplication Data3-D HUNTING 2010
2010-05-12 19:57 . 2008-08-26 10:40 73336 —-a-w- h:documents and settingsuserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-10 16:16 . 2010-05-10 16:16

---

d

---

w- h:program filesMSECache
2010-05-08 09:17 . 2010-05-08 09:17 12 —-a-w- h:documents and settingsuserApplication Dataypgovd.dat
2010-04-19 20:37 . 2008-08-26 16:20 444952 —-a-w- h:windowssystem32wrap_oal.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 —-a-w- h:program filesmozilla firefoxpluginslibdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 —-a-w- h:program filesmozilla firefoxpluginsssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-06-23_16.28.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-03 13:06 . 2010-07-03 13:06 16384 h:windowstempPerflib_Perfdata_7a8.dat
+ 2010-06-26 14:46 . 2010-07-03 13:06 32768 h:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2008-08-26 10:38 . 2010-07-03 13:06 32768 h:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2008-08-26 10:38 . 2010-02-22 13:42 32768 h:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2010-07-02 21:22 . 2010-07-03 13:06 16384 h:windowssystem32configsystemprofileCookiesindex.dat
+ 2010-06-29 23:12 . 2010-04-12 13:29 153376 h:windowssystem32javaws.exe
+ 2010-06-29 23:12 . 2010-04-12 13:29 145184 h:windowssystem32javaw.exe
+ 2010-06-29 23:12 . 2010-04-12 13:29 145184 h:windowssystem32java.exe
+ 2010-06-29 23:12 . 2010-06-29 23:12 180224 h:windowsInstaller15dc20.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AlcoholAutomount»=»h:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-04-24 203928]
«AlSrvN»=»h:program filesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe» [2009-04-17 53248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»h:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«GEST»=»h:program filesGIGABYTEGESTRUN.exe» [2007-12-14 236040]
«JMB36X IDE Setup»=»h:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»h:windowssystem32xRaidSetup.exe» [2007-08-29 1966080]
«Acronis True Image Monitor»=»h:program filesAcronisTrueImageTrueImageMonitor.exe» [2008-08-26 417536]
«Acronis Scheduler2 Service»=»h:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2008-08-26 61440]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Adobe Reader Speed Launcher»=»h:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«Nokia FastStart»=»h:program filesNokiaNokia MusicNokiaMusic.exe» [2008-12-03 2372840]
«SunJavaUpdateSched»=»h:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«StartCCC»=»h:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2009-04-28 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2007-09-19 16844800]
«QuickTime Task»=»h:program filesQuickTimeQTTask.exe» [2010-03-17 421888]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2008-04-15 15360]

h:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Nokia Ovi Suite.lnk — h:program filesNokiaOviSuiteRunLauncher.exe [2008-11-28 946176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»h:windowssystem32userinit.exe,h:windowssystem32d542de00.exe,\?globalrootsystemrootsystem321h43Z8O.exe,h:windowssystem3271139df6.exe,\?globalrootsystemrootsystem32IflW0Xf.exe,»

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«h:\Program Files\GIGABYTE\GEST\run.exe»=
«h:\Program Files\QIP\qip.exe»=
«h:\WINDOWS\system32\PnkBstrA.exe»=
«h:\WINDOWS\system32\PnkBstrB.exe»=
«h:\WINDOWS\system32\CNAB4RPK.EXE»=
«h:\WINDOWS\system32\dplaysvr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\utorrent.exe»=
«h:\Program Files\ICQ6.5\ICQ.exe»=
«h:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«19553:TCP»= 19553:TCP

R0 sptd;sptd;h:windowsSystem32Driverssptd.sys [2009-11-12 721904]
R2 gupdate1ca1104ee4fa4be;Служба Google Update (gupdate1ca1104ee4fa4be);h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 133104]
R3 GEST Service;GEST Service for program management.;h:program filesGIGABYTEGESTGSvr.exe [2007-12-14 47624]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);h:windowsSystem32driverssfdrv01a.sys [2006-07-05 63352]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;h:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-06 660768]

— Other Services/Drivers In Memory —

*Deregistered* — spider

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
DcomLaunch REG_MULTI_SZ DcomLaunch TermService Netprotocol
.
Contents of the ‘Scheduled Tasks’ folder

2010-06-28 h:windowsTasksAppleSoftwareUpdate.job
— h:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]

2010-07-03 h:windowsTasksGoogleUpdateTaskMachineCore.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]

2010-07-03 h:windowsTasksGoogleUpdateTaskMachineUA.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://yandex.ru/
IE: &Экспорт в Microsoft Excel — h:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://ru.ask.com?o=15003&l=dis
FF — prefs.js: keyword.URL — hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=ru_RU&q=
FF — component: h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsradiobar@toolbarcomponentstoolbarhomewmp.dll
FF — plugin: h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF — plugin: h:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: h:program filesMozilla FirefoxpluginsnpdeployJava1.dll

—- FIREFOX POLICIES —-
h:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
h:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
h:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA0D4B0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xba0fcf28
DriverACPI -> ACPI.sys @ 0xb9f7fcb8
Driveratapi -> 0x8aa0d4b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9cdebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9ceba21
SendHandler -> NDIS.sys @ 0xb9cc987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(760)
h:windowssystem32Ati2evxx.dll
.
Completion time: 2010-07-03 17:25:49
ComboFix-quarantined-files.txt 2010-07-03 13:25
ComboFix2.txt 2010-06-28 09:13
ComboFix3.txt 2010-06-23 16:32
ComboFix4.txt 2010-04-24 18:05
ComboFix5.txt 2010-07-03 13:00

Pre-Run: 3 747 381 248 байт свободно
Post-Run: 4 611 076 096 байт свободно

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
— — End Of File — — 109A12AD5CFD4728A3DB63151147D33A

[G-Gurda]

что дальше делать?

[Admin]

Подключите этот накопить к компьютеру.

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

Registry::

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]

"Userinit"="h:windowssystem32userinit.exe,"



File::

h:windowssystem32d542de00.exe

h:windowssystem321h43Z8O.exe

h:windowssystem3271139df6.exe

h:windowssystem32IflW0Xf.exe

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.

[G-Gurda]

ComboFix 10-07-07.02 — user 09.07.2010 17:51:05.9.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1466 [GMT 4:00]
Running from: h:documents and settingsuserРабочий столComboFix.exe
Command switches used :: h:documents and settingsuserРабочий столCFScript.txt
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
* Resident AV is active

FILE ::
«h:windowssystem321h43Z8O.exe»
«h:windowssystem3271139df6.exe»
«h:windowssystem32d542de00.exe»
«h:windowssystem32IflW0Xf.exe»
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:program filesLight AlloyLA.exe

h:windowssystem32grpconv.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 14:58 . 2008-04-15 12:00 361344 -c—a-w- h:windowssystem32dllcachetcpip.sys
2010-07-08 14:58 . 2008-04-15 12:00 361344 —-a-w- h:windowssystem32driverstcpip.sys
2010-07-03 19:17 . 2010-07-03 19:17 65536 —-a-w- h:windowssystem32dfhclfhd.dll
2010-07-03 18:19 . 2010-07-03 18:18 107384 —-a-w- h:windowssystem32driversdwprot.sys
2010-07-03 13:35 . 2010-07-09 13:51

---

d

---

w- h:program filesDrWeb AV-Desk
2010-06-29 23:12 . 2010-06-29 23:12

---

d

---

w- h:program filesCommon FilesJava
2010-06-29 23:12 . 2010-06-29 23:12 503808 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-nmsvcp71.dll
2010-06-29 23:12 . 2010-06-29 23:12 499712 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-njmc.dll
2010-06-29 23:12 . 2010-06-29 23:12 348160 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-4c27dc25-nmsvcr71.dll
2010-06-29 23:12 . 2010-06-29 23:12 61440 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-20182f63-ndecora-sse.dll
2010-06-29 23:12 . 2010-06-29 23:12 12800 —-a-w- h:documents and settingsuserApplication DataSunJavaDeploymentSystemCache6.0505535ab32-20182f63-ndecora-d3d.dll
2010-06-29 23:12 . 2010-04-12 13:29 411368 —-a-w- h:windowssystem32deployJava1.dll
2010-06-28 09:20 . 2010-07-09 14:06

---

d

---

w- h:program filesLight Alloy
2010-06-27 21:06 . 2010-06-27 21:10

---

d

---

w- h:documents and settingsuserApplication DataFileZilla
2010-06-23 16:36 . 2010-06-23 16:36 2944904 —-a-w- h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-06-23 14:57 . 2010-06-23 15:54

---

d

---

w- h:documents and settingsАдминистратор
2010-06-16 08:59 . 2010-06-16 09:00

---

d

---

w- h:program filesMetaTrader — Alpari
2010-06-15 16:40 . 2010-06-09 11:58 14336 —-a-w- h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsradiobar@toolbarcomponentstoolbarhomewmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 13:46 . 2008-08-26 10:43 16608 —-a-w- h:windowsgdrv.sys
2010-07-09 13:46 . 2008-08-27 14:31

---

d

---

w- h:documents and settingsuserApplication DatauTorrent
2010-07-03 12:53 . 2010-05-28 09:14

---

d

---

w- h:program filesFishki.net
2010-06-29 23:12 . 2009-06-09 19:22

---

d

---

w- h:program filesJava
2010-06-29 20:37 . 2010-02-19 18:15

---

d

---

w- h:program filestrend micro
2010-06-28 13:17 . 2009-06-02 02:21

---

d

---

w- h:program filesICQ6.5
2010-06-28 09:18 . 2009-02-28 13:26

---

d

---

w- h:program filesAutochartist
2010-06-28 09:18 . 2008-08-26 10:44

---

d—h—w- h:program filesInstallShield Installation Information
2010-06-24 13:35 . 2009-07-30 09:04

---

d

---

w- h:program filesFLV Player
2010-06-22 10:20 . 2009-03-03 20:28

---

d

---

w- h:documents and settingsuserApplication Datadvdcss
2010-06-08 11:38 . 2010-06-08 11:38

---

d

---

w- h:program filesQuickTime
2010-06-08 11:38 . 2010-06-08 11:38

---

d

---

w- h:documents and settingsAll UsersApplication DataApple Computer
2010-06-04 11:35 . 2010-06-04 11:35

---

d

---

w- h:documents and settingsuserApplication DataFriday’s games
2010-06-04 11:34 . 2009-12-21 23:21

---

d

---

w- h:program filesAlawar
2010-05-31 21:49 . 2010-04-26 21:39

---

d

---

w- h:program filesCommon FilesWise Installation Wizard
2010-05-28 09:22 . 2010-05-28 09:19

---

d

---

w- h:documents and settingsuserApplication Dataтанчики
2010-05-27 12:27 . 2010-05-27 12:27

---

d

---

w- h:documents and settingsAll UsersApplication Data3-D HUNTING 2010
2010-05-12 19:57 . 2008-08-26 10:40 73336 —-a-w- h:documents and settingsuserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-10 16:16 . 2010-05-10 16:16

---

d

---

w- h:program filesMSECache
2010-05-08 09:17 . 2010-05-08 09:17 12 —-a-w- h:documents and settingsuserApplication Dataypgovd.dat
2010-04-19 20:37 . 2008-08-26 16:20 444952 —-a-w- h:windowssystem32wrap_oal.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 —-a-w- h:program filesmozilla firefoxpluginslibdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 —-a-w- h:program filesmozilla firefoxpluginsssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-06-23_16.28.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-09 13:48 . 2010-07-09 13:48 16384 h:windowstempPerflib_Perfdata_d4.dat
+ 2010-07-06 14:07 . 2010-07-06 14:07 42436 h:windowssystem32DirectXsvchost.exe
+ 2008-08-26 10:38 . 2010-07-09 13:13 32768 h:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2008-08-26 10:38 . 2010-02-22 13:42 32768 h:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2010-07-08 22:12 . 2010-07-09 13:13 16384 h:windowssystem32configsystemprofileCookiesindex.dat
+ 2010-06-29 23:12 . 2010-04-12 13:29 153376 h:windowssystem32javaws.exe
+ 2010-06-29 23:12 . 2010-04-12 13:29 145184 h:windowssystem32javaw.exe
+ 2010-06-29 23:12 . 2010-04-12 13:29 145184 h:windowssystem32java.exe
+ 2010-06-29 23:12 . 2010-06-29 23:12 180224 h:windowsInstaller15dc20.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AlcoholAutomount»=»h:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-04-24 203928]
«AlSrvN»=»h:program filesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe» [2009-04-17 53248]
«uTorrent»=»h:program filesuTorrentuTorrent.exe» [2010-07-04 306480]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»h:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«GEST»=»h:program filesGIGABYTEGESTRUN.exe» [2007-12-14 236040]
«JMB36X IDE Setup»=»h:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»h:windowssystem32xRaidSetup.exe» [2007-08-29 1966080]
«Acronis True Image Monitor»=»h:program filesAcronisTrueImageTrueImageMonitor.exe» [2008-08-26 417536]
«Acronis Scheduler2 Service»=»h:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2008-08-26 61440]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Adobe Reader Speed Launcher»=»h:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«Nokia FastStart»=»h:program filesNokiaNokia MusicNokiaMusic.exe» [2008-12-03 2372840]
«SunJavaUpdateSched»=»h:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«StartCCC»=»h:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2009-04-28 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2007-09-19 16844800]
«QuickTime Task»=»h:program filesQuickTimeQTTask.exe» [2010-03-17 421888]
«DrWebAgentUI»=»h:program filesDrWeb AV-Deskdrwagnui.exe» [2010-07-03 1692976]
«SpIDerMail»=»h:program filesDrWeb AV-DeskSPIDERML.EXE» [2010-07-03 644336]
«SpIDerNT»=»h:program filesDrWeb AV-DeskSPIDERUI.EXE» [2010-07-03 231816]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2008-04-15 15360]

h:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Nokia Ovi Suite.lnk — h:program filesNokiaOviSuiteRunLauncher.exe [2008-11-28 946176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=h:windowssystem32dfhclfhd.dll

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«h:\Program Files\GIGABYTE\GEST\run.exe»=
«h:\Program Files\QIP\qip.exe»=
«h:\WINDOWS\system32\PnkBstrA.exe»=
«h:\WINDOWS\system32\PnkBstrB.exe»=
«h:\WINDOWS\system32\CNAB4RPK.EXE»=
«h:\WINDOWS\system32\dplaysvr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\utorrent.exe»=
«h:\Program Files\ICQ6.5\ICQ.exe»=
«h:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«h:\Program Files\DrWeb AV-Desk\drwagntd.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«19553:TCP»= 19553:TCP

R0 DwProt;DrWeb Protection;h:windowssystem32driversdwprot.sys [03.07.2010 22:19 107384]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);h:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;h:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [06.12.2007 22:03 660768]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);h:program filesDrWeb AV-DeskDWENGINE.EXE [03.07.2010 17:35 1094048]
R2 SpIDer;SpIDer Guard (R) File System Monitor;h:program filesDrWeb AV-DeskSPIDER.SYS [03.07.2010 22:18 312504]
R2 spidernt;SpIDer Guard (R) for Windows;h:program filesDrWeb AV-DeskSPIDERNT.EXE [03.07.2010 22:18 231816]
R3 drwagntd;Dr.Web AV-Desk Agent;h:program filesDrWeb AV-DeskDRWAGNTD.EXE [03.07.2010 22:18 2340144]
S0 sptd;sptd;h:windowssystem32driverssptd.sys [31.01.2009 19:22 721904]
S2 drwupgrade;Dr.Web AV-Desk Upgrade Service;h:program filesDrWeb AV-Desk1drwupgrade.exe [03.07.2010 22:18 828720]
S2 gupdate1ca1104ee4fa4be;Служба Google Update (gupdate1ca1104ee4fa4be);h:program filesGoogleUpdateGoogleUpdate.exe [30.07.2009 15:00 133104]
S3 GEST Service;GEST Service for program management.;h:program filesGIGABYTEGESTGSvr.exe [26.08.2008 14:44 47624]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
DcomLaunch REG_MULTI_SZ DcomLaunch TermService Netprotocol
.
Contents of the ‘Scheduled Tasks’ folder

2010-07-05 h:windowsTasksAppleSoftwareUpdate.job
— h:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]

2010-07-09 h:windowsTasksGoogleUpdateTaskMachineCore.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]

2010-07-08 h:windowsTasksGoogleUpdateTaskMachineUA.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://yandex.ru/
IE: &Экспорт в Microsoft Excel — h:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
LSP: h:program filesDrWeb AV-DeskDRWEBSP.DLL
FF — ProfilePath — h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://ru.ask.com?o=15003&l=dis
FF — prefs.js: keyword.URL — hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=ru_RU&q=
FF — component: h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsradiobar@toolbarcomponentstoolbarhomewmp.dll
FF — plugin: h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF — plugin: h:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: h:program filesMozilla FirefoxpluginsnpdeployJava1.dll

—- FIREFOX POLICIES —-
h:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
h:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
h:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
h:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA472F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xba0fcf28
DriverACPI -> ACPI.sys @ 0xb9f7fcb8
Driveratapi -> 0x8aa472f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.SYS @ 0xb9d7cbb0
PacketIndicateHandler -> NDIS.SYS @ 0xb9d89a21
SendHandler -> NDIS.SYS @ 0xb9d6787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(760)
h:windowssystem32Ati2evxx.dll

— — — — — — — > ‘lsass.exe'(828)
h:program filesDrWeb AV-DeskDRWEBSP.DLL
.
Completion time: 2010-07-09 18:08:35
ComboFix-quarantined-files.txt 2010-07-09 14:08
ComboFix2.txt 2010-07-08 15:25
ComboFix3.txt 2010-07-03 13:25
ComboFix4.txt 2010-06-28 09:13
ComboFix5.txt 2010-07-09 13:41

Pre-Run: 4 184 109 056 байт свободно
Post-Run: 4 170 547 200 байт свободно

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
— — End Of File — — 863A552D8E0B5E231451FD88FC14B8B4

[G-Gurda]

Как видно из лога файл grpconv.exe отсутствует, о чем выскакивает ошибка при запуске комбы. И еще маленький вопрос — почему комба всегда light alloy выносит?

[Автор]

Сообщения