- This topic has 27 ответов, 4 участника, and was last updated 14 years, 6 months назад by
.
-
Сообщения
-
Запустите HijackThis, для этого кликните Пуск, Выполнить, введите
E:Program Filestrend microДом.exeи нажмите Enter.
Откроется главное меню программы HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, rundll32.exe hspe.uvo bnjpid
F2 - REG:system.ini: UserInit=E:WINDOWSsystem32userinit.exe,E:WINDOWSsystem32b40732a3.exe,\?globalrootsystemrootsystem32M1XlVfJ.exe,
O2 - BHO: &UpdateCheck.dll - {CDA39262-AA16-461C-9CA0-E49F4EF8E43B} - E:WINDOWSsystem32UpdateExplorer.dllЗакройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Жду от вас свежий RSIT лог.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дом at 2010-04-24 16:03:42
Microsoft Windows XP Professional Service Pack 2
System drive E: has 1 GB (13%) free of 11 GB
Total RAM: 1023 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:49, on 24.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.EXE
E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSRTHDCPL.EXE
E:WINDOWSsystem32ctfmon.exe
E:Program Files2gisUpdateClientWin32UpdateClientService.exe
E:Program FilesBonjourmDNSResponder.exe
C:Program FilesAlcohol 120StarWindStarWindService.exe
E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesInternet Exploreriexplore.exe
E:WINDOWSsystem32wuauclt.exe
E:Program FilesInternet Exploreriexplore.exe
E:Program FilesInternet Exploreriexplore.exe
E:Documents and SettingsДомРабочий столRSIT.exe
E:Program Filestrend microДом.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.slizone.com/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=E:WINDOWSsystem32userinit.exe,E:WINDOWSsystem32b40732a3.exe,\?globalrootsystemrootsystem32M1XlVfJ.exe,
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: PROMT — {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} — D:Program FilesPRMT9PRMTIEprmtie.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — (no file)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program Filesbinjp2ssv.dll (file missing)
O3 — Toolbar: Переводчик PROMT — {C7DDDD27-F303-42A5-B979-51559F7DC0F0} — D:Program FilesPRMT9PRMTIEprmtie.dll
O4 — HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 — HKLM..Run: [ISUSPM Startup] «E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobRider9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [nwiz] E:Program FilesNVIDIA CorporationnViewnwiz.exe /install
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Настроить параметры перевода — D:Program FilesPRMT9PRMTIEoptions.htm
O8 — Extra context menu item: Перевести всю страницу — D:Program FilesPRMT9PRMTIEpage.htm
O8 — Extra context menu item: Перевести выделенный текст — D:Program FilesPRMT9PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести поисковый запрос — D:Program FilesPRMT9PRMTIEsearch.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — D:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{3BB837E6-771B-416C-8AE3-E491A7D08621}: NameServer = 85.113.62.227 85.113.63.252
O17 — HKLMSystemCS1ServicesTcpip..{3BB837E6-771B-416C-8AE3-E491A7D08621}: NameServer = 85.113.62.227 85.113.63.252
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — E:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: 2GIS UpdateClientService — ДубльГИС — E:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — E:WINDOWSSystem32appdrvrem01.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — E:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8272 bytes======Scheduled tasks folder======
E:WINDOWStasksUser_Feed_Synchronization-{69C096C9-3137-48E7-BD0D-6C3970780652}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1F13CE11-4FAC-49A9-8155-D4F3F0F91A33}]
Promt IE Helper — D:Program FilesPRMT9PRMTIEprmtie.dll [2010-01-12 1136008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program Filesbinjp2ssv.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{C7DDDD27-F303-42A5-B979-51559F7DC0F0} — Переводчик PROMT — D:Program FilesPRMT9PRMTIEprmtie.dll [2010-01-12 1136008][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«High Definition Audio Property Page Shortcut»=E:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«ISUSPM Startup»=E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]
«Adobe Reader Speed Launcher»=C:Program FilesAdobRider9.0ReaderReader_sl.exe [2009-02-27 35696]
«nwiz»=E:Program FilesNVIDIA CorporationnViewnwiz.exe [2009-07-09 1657376]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2009-07-14 13877248]
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2009-07-14 86016]
«RTHDCPL»=E:WINDOWSRTHDCPL.EXE [2005-09-22 14854144]
«Alcmtr»=E:WINDOWSALCMTR.EXE [2005-05-03 69632]
«UserFaultCheck»=E:WINDOWSsystem32dumprep 0 -u []
«KernelFaultCheck»=E:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]E:Documents and SettingsДомГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesuTorrentuTorrent.exe»=»E:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe»=»D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)»
«D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe»=»D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)»
«D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe»=»D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe:*:Enabled:S.T.A.L.K.E.R. — Зов Припяти (CLI)»
«D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe»=»D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe:*:Enabled:S.T.A.L.K.E.R. — Зов Припяти (SRV)»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«E:Program FilesSharemanShareman.exe»=»E:Program FilesSharemanShareman.exe:*:Enabled:Shareman»
«E:Program FilesBonjourmDNSResponder.exe»=»E:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«D:CyberSant-AKTIVATORSharemanShareman.exe»=»D:CyberSant-AKTIVATORSharemanShareman.exe:*:Enabled:Shareman»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c34c7d8a-e72a-11de-b09f-0013d3dad564}]
shellAutoRuncommand — ZolanderPolandabox.exe
shellopencommand — ZolanderPolandabox.exe======List of files/folders created in the last 1 months======
2010-04-24 15:11:04 —-A—- E:WINDOWSsystem32u8X3vO6.exe
2010-04-23 22:28:36 —-A—- E:WINDOWSsystem32mdimon.dll
2010-04-23 22:27:19 —-D—- E:WINDOWSSHELLNEW
2010-04-23 22:27:15 —-D—- E:Program FilesMicrosoft.NET
2010-04-23 18:22:00 —-A—- E:WINDOWSsystem32OurrWhh.exe
2010-04-23 12:53:26 —-A—- E:WINDOWSsystem3295pJVEH.exe
2010-04-22 17:44:06 —-A—- E:WINDOWSsystem32LG9GdWh.exe
2010-04-22 16:29:08 —-A—- E:WINDOWSsystem329XQEpI7.exe
2010-04-21 13:02:16 —-A—- E:WINDOWSsystem32S4stsQ0.exe
2010-04-20 13:48:10 —-A—- E:WINDOWSsystem32ZeuAKOX.exe
2010-04-19 12:54:49 —-A—- E:WINDOWSsystem32TKsrc89.exe
2010-04-18 13:04:50 —-A—- E:WINDOWSsystem32PEzyyzU.exe
2010-04-17 16:29:19 —-D—- E:Program Filestrend micro
2010-04-17 16:29:18 —-D—- E:rsit
2010-04-17 13:27:49 —-A—- E:WINDOWSsystem32dD4NXqa.exe
2010-04-16 16:50:54 —-A—- E:WINDOWSsystem32YsNnuVH.exe
2010-04-15 20:18:16 —-A—- E:WINDOWSsystem32kV1OCFY.exe
2010-04-15 01:47:23 —-A—- E:WINDOWSsystem32U0BsGN5.exe
2010-04-14 18:21:08 —-A—- E:WINDOWSsystem32meZskJN.exe
2010-04-14 01:14:15 —-HDC—- E:WINDOWS$NtUninstallKB979683$
2010-04-14 01:14:08 —-HDC—- E:WINDOWS$NtUninstallKB980232$
2010-04-14 01:12:45 —-HDC—- E:WINDOWS$NtUninstallKB978338$
2010-04-14 01:12:41 —-HDC—- E:WINDOWS$NtUninstallKB977816$
2010-04-14 01:12:36 —-HDC—- E:WINDOWS$NtUninstallKB978601$
2010-04-14 01:12:16 —-HDC—- E:WINDOWS$NtUninstallKB979309$
2010-04-14 01:11:52 —-HDC—- E:WINDOWS$NtUninstallKB979402_WM9L$
2010-04-13 19:06:36 —-A—- E:WINDOWSsystem324z04JN7.exe
2010-04-12 20:22:15 —-A—- E:WINDOWSsystem32VHQp1MC.exe
2010-04-11 13:00:40 —-A—- E:WINDOWSsystem32mmJw3QK.exe
2010-04-11 12:52:41 —-A—- E:WINDOWSntbtlog.txt
2010-04-11 12:32:04 —-A—- E:WINDOWSsystem3218CEyDB.exe
2010-04-11 00:08:44 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-04-10 14:37:00 —-D—- E:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2010-04-10 14:31:32 —-A—- E:WINDOWSsystem32LfvP0JS.exe
2010-04-10 14:09:25 —-A—- E:WINDOWSsystem32sno86J5.exe
2010-04-10 13:13:59 —-A—- E:WINDOWSsystem32kbKqqsd.exe
2010-04-10 00:49:28 —-A—- E:WINDOWSsystem32zjgH0Vu.exe
2010-04-09 21:50:35 —-A—- E:WINDOWSsystem32uUk3b0d.exe
2010-04-09 20:49:13 —-A—- E:WINDOWSsystem32ljA0nWG.exe
2010-04-09 17:58:47 —-A—- E:WINDOWSsystem32ar6E7t0.exe
2010-04-09 13:12:50 —-A—- E:WINDOWSsystem32DwByPiM.exe
2010-04-08 16:16:31 —-A—- E:WINDOWSsystem32grMShvP.exe
2010-04-08 16:11:46 —-D—- E:Documents and SettingsДомApplication DataPRMT
2010-04-08 16:04:42 —-D—- E:Documents and SettingsДомApplication DataPROMT
2010-04-08 16:02:11 —-D—- E:WINDOWSspeech
2010-04-08 16:00:27 —-D—- E:Program FilesCommon FilesSkype
2010-04-08 16:00:01 —-D—- E:WINDOWSLhsp
2010-04-08 16:00:01 —-D—- E:Documents and SettingsAll UsersApplication DataPROMT
2010-04-08 13:05:13 —-A—- E:WINDOWSsystem32vEG1eM7.exe
2010-04-07 22:00:49 —-A—- E:WINDOWSsystem32jq06pwP.exe
2010-04-07 18:57:30 —-A—- E:WINDOWSsystem32P1NSreD.exe
2010-04-07 17:16:52 —-A—- E:WINDOWSsystem32TXGcTM8.exe
2010-04-07 11:56:39 —-A—- E:WINDOWSsystem32tZweXVl.exe
2010-04-07 03:18:07 —-A—- E:WINDOWSsystem32bi4H3WG.exe
2010-04-06 14:50:53 —-A—- E:WINDOWSsystem323vJFcZX.exe
2010-04-05 12:46:36 —-A—- E:WINDOWSsystem32hBYHpPi.exe
2010-04-04 14:47:44 —-A—- E:WINDOWSsystem32YG4krqT.exe
2010-04-04 03:23:14 —-A—- E:WINDOWSsystem32xERYsGw.exe
2010-04-04 03:22:49 —-A—- E:WINDOWSsystem32M1XlVfJ.exe
2010-04-03 21:55:17 —-A—- E:WINDOWSsystem32b40732a3.exe
2010-03-25 17:11:10 —-D—- E:Program FilesCommon FilesCorel======List of files/folders modified in the last 1 months======
2010-04-24 15:15:40 —-AC—- E:Program FilesCommon Fileskeylog.txt
2010-04-24 15:11:04 —-D—- E:WINDOWSsystem32
2010-04-24 15:10:13 —-D—- E:WINDOWSTemp
2010-04-24 14:02:46 —-D—- E:WINDOWSPrefetch
2010-04-24 01:36:19 —-A—- E:WINDOWSSchedLgU.Txt
2010-04-23 22:28:42 —-SHD—- E:WINDOWSInstaller
2010-04-23 22:28:41 —-SHD—- E:Config.Msi
2010-04-23 22:28:40 —-AC—- E:WINDOWSODBC.INI
2010-04-23 22:28:31 —-RSD—- E:WINDOWSassembly
2010-04-23 22:28:24 —-A—- E:WINDOWSwin.ini
2010-04-23 22:28:12 —-D—- E:Program FilesCommon FilesMicrosoft Shared
2010-04-23 22:28:10 —-RSD—- E:WINDOWSFonts
2010-04-23 22:27:35 —-HD—- E:WINDOWSinf
2010-04-23 22:27:20 —-D—- E:Program FilesCommon FilesSystem
2010-04-23 22:27:19 —-D—- E:WINDOWS
2010-04-23 22:27:15 —-RD—- E:Program Files
2010-04-23 22:19:35 —-D—- E:WINDOWSsystem
2010-04-23 18:05:58 —-D—- E:WINDOWSsystem32Lang
2010-04-23 18:00:18 —-D—- E:Program FilesCommon FilesDesigner
2010-04-22 20:20:46 —-D—- E:WINDOWSsystem32CatRoot2
2010-04-21 02:27:30 —-D—- E:Documents and SettingsДомApplication DatauTorrent
2010-04-20 11:01:40 —-D—- E:Program FilesuTorrent
2010-04-14 01:14:19 —-RSHDC—- E:WINDOWSsystem32dllcache
2010-04-14 01:14:12 —-HD—- E:WINDOWS$hf_mig$
2010-04-14 01:14:10 —-D—- E:WINDOWSsystem32drivers
2010-04-14 01:14:10 —-A—- E:WINDOWSimsins.BAK
2010-04-11 12:30:18 —-SD—- E:WINDOWSTasks
2010-04-10 00:38:19 —-D—- E:WINDOWSsystem32CatRoot
2010-04-10 00:38:03 —-D—- E:WINDOWSsystem32CatRoot_bak
2010-04-08 16:02:04 —-D—- E:WINDOWSmsagent
2010-04-08 16:02:04 —-D—- E:WINDOWSHelp
2010-04-08 16:00:27 —-D—- E:Program FilesCommon Files
2010-04-06 21:52:54 —-A—- E:WINDOWSsystem32MRT.exe
2010-04-04 12:10:18 —-SHD—- E:System Volume Information
2010-04-04 12:10:18 —-D—- E:WINDOWSsystem32Restore
2010-03-31 02:15:52 —-D—- E:Program FilesInternet Explorer
2010-03-28 12:33:01 —-AC—- E:WINDOWSsystem32PerfStringBackup.INI
2010-03-26 19:28:37 —-D—- E:Program FilesWindows Media Player
2010-03-25 17:12:55 —-D—- E:WINDOWSWinSxS======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 AmdK8;Драйвер AMD процессора; E:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 appdrv01;Application Driver (01); E:WINDOWSSystem32Driversappdrv01.sys [2009-10-25 3069040]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:WINDOWSsystem32driversRtkHDAud.sys [2005-09-23 3966976]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-07-14 7741664]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-18 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; E:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-18 17024]
R3 vaxscsi;vaxscsi; E:WINDOWSSystem32Driversvaxscsi.sys [2009-12-03 223128]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; E:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; E:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 nvsvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2009-07-14 168004]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
R3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 appdrvrem01;Application Driver Auto Removal Service (01); E:WINDOWSSystem32appdrvrem01.exe [2009-10-25 316816]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-08-09 72704]
S3 aspnet_state;Служба состояний ASP.NET; E:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2010-01-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; E:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; E:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Я решила такую же проблему с прогой. Зайдите сюда viewtopic.php?f=3&t=4517, может поможет)
Запустите HijackThis снова и удалите эту строчку
F2 - REG:system.ini: UserInit=E:WINDOWSsystem32userinit.exe,E:WINDOWSsystem32b40732a3.exe,\?globalrootsystemrootsystem32M1XlVfJ.exe,Вставьте в ваше следующее сообщение свежий RSIT лог.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дом at 2010-04-30 14:18:25
Microsoft Windows XP Professional Service Pack 2
System drive E: has 706 MB (6%) free of 11 GB
Total RAM: 1023 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:32, on 30.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32spoolsv.exe
E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSRTHDCPL.EXE
E:WINDOWSsystem32ctfmon.exe
E:Program Files2gisUpdateClientWin32UpdateClientService.exe
E:Program FilesBonjourmDNSResponder.exe
C:Program FilesAlcohol 120StarWindStarWindService.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSsystem32wuauclt.exe
E:Program FilesInternet Exploreriexplore.exe
E:Program FilesInternet Exploreriexplore.exe
E:WINDOWSsystem32msiexec.exe
E:Program FilesOperaopera.exe
E:Documents and SettingsДомРабочий столRSIT.exe
E:Program Filestrend microДом.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.slizone.com/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=E:WINDOWSsystem32userinit.exe,E:WINDOWSsystem32b40732a3.exe,\?globalrootsystemrootsystem32M1XlVfJ.exe,
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: PROMT — {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} — D:Program FilesPRMT9PRMTIEprmtie.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — (no file)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program Filesbinjp2ssv.dll (file missing)
O3 — Toolbar: Переводчик PROMT — {C7DDDD27-F303-42A5-B979-51559F7DC0F0} — D:Program FilesPRMT9PRMTIEprmtie.dll
O4 — HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 — HKLM..Run: [ISUSPM Startup] «E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobRider9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [nwiz] E:Program FilesNVIDIA CorporationnViewnwiz.exe /install
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Настроить параметры перевода — D:Program FilesPRMT9PRMTIEoptions.htm
O8 — Extra context menu item: Перевести всю страницу — D:Program FilesPRMT9PRMTIEpage.htm
O8 — Extra context menu item: Перевести выделенный текст — D:Program FilesPRMT9PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести поисковый запрос — D:Program FilesPRMT9PRMTIEsearch.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — D:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{3BB837E6-771B-416C-8AE3-E491A7D08621}: NameServer = 85.113.62.227 85.113.63.252
O17 — HKLMSystemCS1ServicesTcpip..{3BB837E6-771B-416C-8AE3-E491A7D08621}: NameServer = 85.113.62.227 85.113.63.252
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — E:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: 2GIS UpdateClientService — ДубльГИС — E:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — E:WINDOWSSystem32appdrvrem01.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — E:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8083 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1F13CE11-4FAC-49A9-8155-D4F3F0F91A33}]
Promt IE Helper — D:Program FilesPRMT9PRMTIEprmtie.dll [2010-01-12 1136008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program Filesbinjp2ssv.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{C7DDDD27-F303-42A5-B979-51559F7DC0F0} — Переводчик PROMT — D:Program FilesPRMT9PRMTIEprmtie.dll [2010-01-12 1136008][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«High Definition Audio Property Page Shortcut»=E:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«ISUSPM Startup»=E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]
«Adobe Reader Speed Launcher»=C:Program FilesAdobRider9.0ReaderReader_sl.exe [2009-02-27 35696]
«nwiz»=E:Program FilesNVIDIA CorporationnViewnwiz.exe [2009-07-09 1657376]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2009-07-14 13877248]
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2009-07-14 86016]
«RTHDCPL»=E:WINDOWSRTHDCPL.EXE [2005-09-22 14854144]
«Alcmtr»=E:WINDOWSALCMTR.EXE [2005-05-03 69632]E:Documents and SettingsДомГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesuTorrentuTorrent.exe»=»E:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe»=»D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)»
«D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe»=»D:Program FilesGSC World PublishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)»
«D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe»=»D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe:*:Enabled:S.T.A.L.K.E.R. — Зов Припяти (CLI)»
«D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe»=»D:Program FilesGSC World PublishingS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe:*:Enabled:S.T.A.L.K.E.R. — Зов Припяти (SRV)»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«E:Program FilesSharemanShareman.exe»=»E:Program FilesSharemanShareman.exe:*:Enabled:Shareman»
«E:Program FilesBonjourmDNSResponder.exe»=»E:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«D:CyberSant-AKTIVATORSharemanShareman.exe»=»D:CyberSant-AKTIVATORSharemanShareman.exe:*:Enabled:Shareman»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2010-04-30 14:10:49 —-D—- E:Program FilesOpera
2010-04-30 12:25:38 —-A—- E:WINDOWSsystem32y9Kmycr.exe
2010-04-29 21:20:16 —-A—- E:WINDOWSsystem32w2xVaKZ.exe
2010-04-29 15:39:30 —-A—- E:WINDOWSsystem32N3oDwEM.exe
2010-04-29 07:58:43 —-A—- E:WINDOWSsystem32xjpSFVS.exe
2010-04-28 23:43:18 —-A—- E:WINDOWSsystem32dVuIOtF.exe
2010-04-28 23:32:26 —-HDC—- E:WINDOWSie8
2010-04-28 20:57:28 —-A—- E:WINDOWSsystem32qrb2ms2.exe
2010-04-27 20:01:48 —-A—- E:WINDOWSsystem3251GAOz8.exe
2010-04-25 20:27:25 —-A—- E:WINDOWSsystem32FfaeR4u.exe
2010-04-25 13:25:49 —-A—- E:WINDOWSsystem32ZmAkny4.exe
2010-04-24 15:11:04 —-A—- E:WINDOWSsystem32u8X3vO6.exe
2010-04-23 22:28:36 —-A—- E:WINDOWSsystem32mdimon.dll
2010-04-23 22:27:19 —-D—- E:WINDOWSSHELLNEW
2010-04-23 22:27:15 —-D—- E:Program FilesMicrosoft.NET
2010-04-23 18:22:00 —-A—- E:WINDOWSsystem32OurrWhh.exe
2010-04-23 12:53:26 —-A—- E:WINDOWSsystem3295pJVEH.exe
2010-04-22 17:44:06 —-A—- E:WINDOWSsystem32LG9GdWh.exe
2010-04-22 16:29:08 —-A—- E:WINDOWSsystem329XQEpI7.exe
2010-04-21 13:02:16 —-A—- E:WINDOWSsystem32S4stsQ0.exe
2010-04-20 13:48:10 —-A—- E:WINDOWSsystem32ZeuAKOX.exe
2010-04-19 12:54:49 —-A—- E:WINDOWSsystem32TKsrc89.exe
2010-04-18 13:04:50 —-A—- E:WINDOWSsystem32PEzyyzU.exe
2010-04-17 16:29:19 —-D—- E:Program Filestrend micro
2010-04-17 16:29:18 —-D—- E:rsit
2010-04-17 13:27:49 —-A—- E:WINDOWSsystem32dD4NXqa.exe
2010-04-16 16:50:54 —-A—- E:WINDOWSsystem32YsNnuVH.exe
2010-04-15 20:18:16 —-A—- E:WINDOWSsystem32kV1OCFY.exe
2010-04-15 01:47:23 —-A—- E:WINDOWSsystem32U0BsGN5.exe
2010-04-14 18:21:08 —-A—- E:WINDOWSsystem32meZskJN.exe
2010-04-14 01:14:15 —-HDC—- E:WINDOWS$NtUninstallKB979683$
2010-04-14 01:14:08 —-HDC—- E:WINDOWS$NtUninstallKB980232$
2010-04-14 01:12:45 —-HDC—- E:WINDOWS$NtUninstallKB978338$
2010-04-14 01:12:41 —-HDC—- E:WINDOWS$NtUninstallKB977816$
2010-04-14 01:12:36 —-HDC—- E:WINDOWS$NtUninstallKB978601$
2010-04-14 01:12:16 —-HDC—- E:WINDOWS$NtUninstallKB979309$
2010-04-14 01:11:52 —-HDC—- E:WINDOWS$NtUninstallKB979402_WM9L$
2010-04-13 19:06:36 —-A—- E:WINDOWSsystem324z04JN7.exe
2010-04-12 20:22:15 —-A—- E:WINDOWSsystem32VHQp1MC.exe
2010-04-11 13:00:40 —-A—- E:WINDOWSsystem32mmJw3QK.exe
2010-04-11 12:52:41 —-A—- E:WINDOWSntbtlog.txt
2010-04-11 12:32:04 —-A—- E:WINDOWSsystem3218CEyDB.exe
2010-04-11 00:08:44 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-04-10 14:37:00 —-D—- E:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2010-04-10 14:31:32 —-A—- E:WINDOWSsystem32LfvP0JS.exe
2010-04-10 14:09:25 —-A—- E:WINDOWSsystem32sno86J5.exe
2010-04-10 13:13:59 —-A—- E:WINDOWSsystem32kbKqqsd.exe
2010-04-10 00:49:28 —-A—- E:WINDOWSsystem32zjgH0Vu.exe
2010-04-09 21:50:35 —-A—- E:WINDOWSsystem32uUk3b0d.exe
2010-04-09 20:49:13 —-A—- E:WINDOWSsystem32ljA0nWG.exe
2010-04-09 17:58:47 —-A—- E:WINDOWSsystem32ar6E7t0.exe
2010-04-09 13:12:50 —-A—- E:WINDOWSsystem32DwByPiM.exe
2010-04-08 16:16:31 —-A—- E:WINDOWSsystem32grMShvP.exe
2010-04-08 16:11:46 —-D—- E:Documents and SettingsДомApplication DataPRMT
2010-04-08 16:04:42 —-D—- E:Documents and SettingsДомApplication DataPROMT
2010-04-08 16:02:11 —-D—- E:WINDOWSspeech
2010-04-08 16:00:27 —-D—- E:Program FilesCommon FilesSkype
2010-04-08 16:00:01 —-D—- E:WINDOWSLhsp
2010-04-08 16:00:01 —-D—- E:Documents and SettingsAll UsersApplication DataPROMT
2010-04-08 13:05:13 —-A—- E:WINDOWSsystem32vEG1eM7.exe
2010-04-07 22:00:49 —-A—- E:WINDOWSsystem32jq06pwP.exe
2010-04-07 18:57:30 —-A—- E:WINDOWSsystem32P1NSreD.exe
2010-04-07 17:16:52 —-A—- E:WINDOWSsystem32TXGcTM8.exe
2010-04-07 11:56:39 —-A—- E:WINDOWSsystem32tZweXVl.exe
2010-04-07 03:18:07 —-A—- E:WINDOWSsystem32bi4H3WG.exe
2010-04-06 14:50:53 —-A—- E:WINDOWSsystem323vJFcZX.exe
2010-04-05 12:46:36 —-A—- E:WINDOWSsystem32hBYHpPi.exe
2010-04-04 14:47:44 —-A—- E:WINDOWSsystem32YG4krqT.exe
2010-04-04 03:23:14 —-A—- E:WINDOWSsystem32xERYsGw.exe
2010-04-04 03:22:49 —-A—- E:WINDOWSsystem32M1XlVfJ.exe
2010-04-03 21:55:17 —-A—- E:WINDOWSsystem32b40732a3.exe======List of files/folders modified in the last 1 months======
2010-04-30 14:15:55 —-AC—- E:Program FilesCommon Fileskeylog.txt
2010-04-30 14:12:17 —-D—- E:WINDOWSPrefetch
2010-04-30 14:12:03 —-D—- E:Documents and SettingsДомApplication DataOpera
2010-04-30 14:11:06 —-SHD—- E:Config.Msi
2010-04-30 14:11:05 —-SHD—- E:WINDOWSInstaller
2010-04-30 14:10:49 —-RD—- E:Program Files
2010-04-30 13:25:54 —-D—- E:WINDOWSTemp
2010-04-30 12:25:38 —-D—- E:WINDOWSsystem32
2010-04-30 01:01:34 —-A—- E:WINDOWSSchedLgU.Txt
2010-04-29 21:15:56 —-D—- E:WINDOWSsystem32Lang
2010-04-29 07:52:00 —-D—- E:WINDOWS
2010-04-29 00:36:04 —-HD—- E:WINDOWSinf
2010-04-29 00:36:03 —-RSHDC—- E:WINDOWSsystem32dllcache
2010-04-29 00:36:03 —-D—- E:WINDOWSsystem32CatRoot
2010-04-29 00:36:00 —-D—- E:WINDOWSsystem32CatRoot2
2010-04-29 00:35:57 —-A—- E:WINDOWSimsins.BAK
2010-04-29 00:35:49 —-D—- E:Program FilesInternet Explorer
2010-04-28 23:35:34 —-D—- E:WINDOWSHelp
2010-04-28 23:33:30 —-D—- E:WINDOWSWBEM
2010-04-28 23:33:30 —-D—- E:WINDOWSsystem32ru-RU
2010-04-28 23:33:20 —-D—- E:WINDOWSMedia
2010-04-28 23:23:47 —-D—- E:WINDOWSie8updates
2010-04-27 22:53:44 —-SD—- E:WINDOWSTasks
2010-04-26 01:42:41 —-A—- E:WINDOWSwin.ini
2010-04-25 02:25:11 —-RSD—- E:WINDOWSassembly
2010-04-25 02:23:50 —-RSD—- E:WINDOWSFonts
2010-04-25 02:23:26 —-D—- E:Program FilesCommon FilesMicrosoft Shared
2010-04-23 22:28:40 —-AC—- E:WINDOWSODBC.INI
2010-04-23 22:27:38 —-D—- E:Program FilesCommon FilesDesigner
2010-04-23 22:27:20 —-D—- E:Program FilesCommon FilesSystem
2010-04-23 22:19:35 —-D—- E:WINDOWSsystem
2010-04-21 02:27:30 —-D—- E:Documents and SettingsДомApplication DatauTorrent
2010-04-20 11:01:40 —-D—- E:Program FilesuTorrent
2010-04-14 01:14:12 —-HD—- E:WINDOWS$hf_mig$
2010-04-14 01:14:10 —-D—- E:WINDOWSsystem32drivers
2010-04-10 00:38:03 —-D—- E:WINDOWSsystem32CatRoot_bak
2010-04-08 16:02:04 —-D—- E:WINDOWSmsagent
2010-04-08 16:00:27 —-D—- E:Program FilesCommon Files
2010-04-06 21:52:54 —-A—- E:WINDOWSsystem32MRT.exe
2010-04-04 12:10:18 —-SHD—- E:System Volume Information
2010-04-04 12:10:18 —-D—- E:WINDOWSsystem32Restore======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 AmdK8;Драйвер AMD процессора; E:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 appdrv01;Application Driver (01); E:WINDOWSSystem32Driversappdrv01.sys [2009-10-25 3069040]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:WINDOWSsystem32driversRtkHDAud.sys [2005-09-23 3966976]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-07-14 7741664]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-18 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; E:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-18 17024]
R3 vaxscsi;vaxscsi; E:WINDOWSSystem32Driversvaxscsi.sys [2009-12-03 223128]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; E:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; E:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 nvsvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2009-07-14 168004]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
R3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 appdrvrem01;Application Driver Auto Removal Service (01); E:WINDOWSSystem32appdrvrem01.exe [2009-10-25 316816]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-08-09 72704]
S3 aspnet_state;Служба состояний ASP.NET; E:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2010-01-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; E:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; E:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Сейчас моя проблема: мой антивирус avast! Home не обавляеться, его главный экран не открываеться, все сайты включая форум этой программы не отрываються.
Извиняюсь за задержку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Зачем при запуске компьютера нужно запустить Recovery console в режиме восстановления? Что это за режим?
ComboFix 10-05-16.06 — Дом 18.05.2010 21:35:50.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.616 [GMT 4:00]
Running from: e:documents and settingsДомРабочий столComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100127-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:pr-лит~1КАКСос~1.exe
e:docume~1F184~1LOCALS~1Temptmp2.tmp
e:program filesCommon Fileskeylog.txt
e:program filesInternet ExplorerSET3.tmp
e:program filesInternet ExplorerSET4.tmp
e:windowsa3kebook.ini
e:windowsakebook.ini
e:windowsANS2000.INI
e:windowssystem32104y4gq.exe
e:windowssystem321g5EaW6.exe
e:windowssystem321tl9rsM.exe
e:windowssystem322jNCVW1.exe
e:windowssystem323vJFcZX.exe
e:windowssystem3244h0zuO.exe
e:windowssystem3267LibFQ.exe
e:windowssystem328gEVdwd.exe
e:windowssystem328lYnHVt.exe
e:windowssystem32cJ8UoEL.exe
e:windowssystem32eNiOTt5.exe
e:windowssystem32MzKotej.exe
e:windowssystem32PDE3MrM.exe
e:windowssystem32qopZmRF.exe
e:windowssystem32qppVMIN.exe
e:windowssystem32qrb2ms2.exe
e:windowssystem32tmgIShy.exe
e:windowssystem32wumT1Wg.exe
e:windowssystem32x95AkVl.exe
e:windowssystem32y9Kmycr.exe
e:windowssystem32YeQ317a.exe
e:windowssystem32YPlAajp.exe
e:windowssystem32YZbHkni.exe
e:windowssystem32ZIGoa5f.exe
e:windowssystem32zkDiASA.exe.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.2010-05-10 07:47 . 2010-05-10 07:47 97792 —-a-w- e:windowssystem32OgwcSxy.exe
2010-05-05 08:39 . 2010-05-05 08:39 117248 —-a-w- e:windowssystem32cqstEuD.exe
2010-05-04 20:53 . 2010-05-04 20:53 117248 —-a-w- e:windowssystem32FNJEScG.exe
2010-05-02 10:22 . 2010-05-13 10:58
d
w- e:documents and settingsAll UsersApplication DataFLEXnet
2010-05-01 09:18 . 2010-05-01 09:18
d-sh—w- e:windowssystem32configsystemprofileIETldCache
2010-04-30 10:12 . 2010-04-30 10:12
d
w- e:documents and settingsДомLocal SettingsApplication DataOpera
2010-04-30 10:10 . 2010-04-30 10:11
d
w- e:program filesOpera
2010-04-29 17:20 . 2010-04-29 17:20 96256 —-a-w- e:windowssystem32w2xVaKZ.exe
2010-04-29 11:39 . 2010-04-29 11:39 103936 —-a-w- e:windowssystem32N3oDwEM.exe
2010-04-29 03:58 . 2010-04-29 03:58 103936 —-a-w- e:windowssystem32xjpSFVS.exe
2010-04-28 19:43 . 2010-04-28 19:43 103936 —-a-w- e:windowssystem32dVuIOtF.exe
2010-04-28 19:32 . 2010-04-28 19:33
dc-h—w- e:windowsie8
2010-04-27 16:01 . 2010-04-27 16:01 115200 —-a-w- e:windowssystem3251GAOz8.exe
2010-04-25 16:27 . 2010-04-25 16:27 106496 —-a-w- e:windowssystem32FfaeR4u.exe
2010-04-25 09:25 . 2010-04-25 09:25 106496 —-a-w- e:windowssystem32ZmAkny4.exe
2010-04-24 11:11 . 2010-04-24 11:11 94208 —-a-w- e:windowssystem32u8X3vO6.exe
2010-04-23 18:28 . 2007-04-09 09:23 28552 —-a-w- e:windowssystem32Spoolprtprocsw32x86mdippr.dll
2010-04-23 18:28 . 2007-04-09 09:23 28040 —-a-w- e:windowssystem32mdimon.dll
2010-04-23 18:27 . 2010-04-23 18:28
d
w- e:windowsSHELLNEW
2010-04-23 18:27 . 2010-04-23 18:27
d
w- e:program filesMicrosoft.NET
2010-04-23 14:22 . 2010-04-23 14:22 98304 —-a-w- e:windowssystem32OurrWhh.exe
2010-04-23 08:53 . 2010-04-23 08:53 98304 —-a-w- e:windowssystem3295pJVEH.exe
2010-04-22 13:44 . 2010-04-22 13:44 109568 —-a-w- e:windowssystem32LG9GdWh.exe
2010-04-22 12:29 . 2010-04-22 12:29 109568 —-a-w- e:windowssystem329XQEpI7.exe
2010-04-21 09:02 . 2010-04-21 09:02 102400 —-a-w- e:windowssystem32S4stsQ0.exe
2010-04-20 09:48 . 2010-04-20 09:48 102400 —-a-w- e:windowssystem32ZeuAKOX.exe
2010-04-19 08:54 . 2010-04-19 08:54 97280 —-a-w- e:windowssystem32TKsrc89.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 22:32 . 2010-03-01 22:33 739632 —-a-w- e:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-05-10 19:24 . 2009-08-05 14:21 848 —sha-w- e:windowssystem32KGyGaAvL.sys
2010-05-02 12:09 . 2009-08-07 10:16
d
w- e:program filesCommon FilesAdobe
2010-05-02 10:22 . 2009-08-05 14:21 44192 —-a-w- e:documents and settingsДомLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-04-30 10:18 . 2010-04-17 12:29
d
w- e:program filestrend micro
2010-04-20 22:27 . 2009-08-23 21:29
d
w- e:documents and settingsДомApplication DatauTorrent
2010-04-20 07:01 . 2009-08-23 21:31
d
w- e:program filesuTorrent
2010-04-18 09:04 . 2010-04-18 09:04 102400 —-a-w- e:windowssystem32PEzyyzU.exe
2010-04-17 09:27 . 2010-04-17 09:27 95232 —-a-w- e:windowssystem32dD4NXqa.exe
2010-04-16 12:50 . 2010-04-16 12:50 97280 —-a-w- e:windowssystem32YsNnuVH.exe
2010-04-15 16:18 . 2010-04-15 16:18 97280 —-a-w- e:windowssystem32kV1OCFY.exe
2010-04-14 21:47 . 2010-04-14 21:47 100352 —-a-w- e:windowssystem32U0BsGN5.exe
2010-04-14 14:21 . 2010-04-14 14:21 93696 —-a-w- e:windowssystem32meZskJN.exe
2010-04-13 15:06 . 2010-04-13 15:06 94720 —-a-w- e:windowssystem324z04JN7.exe
2010-04-12 16:22 . 2010-04-12 16:22 87040 —-a-w- e:windowssystem32VHQp1MC.exe
2010-04-11 09:00 . 2010-04-11 09:00 94208 —-a-w- e:windowssystem32mmJw3QK.exe
2010-04-11 08:32 . 2010-04-11 08:32 94208 —-a-w- e:windowssystem3218CEyDB.exe
2010-04-10 20:08 . 2010-04-10 20:08
d
w- e:documents and settingsAll UsersApplication DataMalwarebytes
2010-04-10 10:37 . 2010-04-10 10:37
d
w- e:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-04-10 10:31 . 2010-04-10 10:31 94208 —-a-w- e:windowssystem32LfvP0JS.exe
2010-04-10 10:09 . 2010-04-10 10:09 94208 —-a-w- e:windowssystem32sno86J5.exe
2010-04-10 09:13 . 2010-04-10 09:13 94208 —-a-w- e:windowssystem32kbKqqsd.exe
2010-04-09 20:49 . 2010-04-09 20:49 86528 —-a-w- e:windowssystem32zjgH0Vu.exe
2010-04-09 17:50 . 2010-04-09 17:50 86528 —-a-w- e:windowssystem32uUk3b0d.exe
2010-04-09 16:49 . 2010-04-09 16:49 93184 —-a-w- e:windowssystem32ljA0nWG.exe
2010-04-09 13:58 . 2010-04-09 13:58 93184 —-a-w- e:windowssystem32ar6E7t0.exe
2010-04-09 09:12 . 2010-04-09 09:12 93184 —-a-w- e:windowssystem32DwByPiM.exe
2010-04-08 12:16 . 2010-04-08 12:16 92672 —-a-w- e:windowssystem32grMShvP.exe
2010-04-08 12:11 . 2010-04-08 12:11
d
w- e:documents and settingsДомApplication DataPRMT
2010-04-08 12:04 . 2010-04-08 12:04
d
w- e:documents and settingsДомApplication DataPROMT
2010-04-08 12:00 . 2010-04-08 12:00
d
w- e:program filesCommon FilesSkype
2010-04-08 12:00 . 2010-04-08 12:00
d
w- e:documents and settingsAll UsersApplication DataPROMT
2010-04-08 09:05 . 2010-04-08 09:05 92672 —-a-w- e:windowssystem32vEG1eM7.exe
2010-04-07 18:00 . 2010-04-07 18:00 87040 —-a-w- e:windowssystem32jq06pwP.exe
2010-04-07 14:57 . 2010-04-07 14:57 87040 —-a-w- e:windowssystem32P1NSreD.exe
2010-04-07 13:16 . 2010-04-07 13:16 87040 —-a-w- e:windowssystem32TXGcTM8.exe
2010-04-07 07:56 . 2010-04-07 07:56 86528 —-a-w- e:windowssystem32tZweXVl.exe
2010-04-06 23:18 . 2010-04-06 23:18 86528 —-a-w- e:windowssystem32bi4H3WG.exe
2010-04-05 08:46 . 2010-04-05 08:46 82944 —-a-w- e:windowssystem32hBYHpPi.exe
2010-04-04 10:47 . 2010-04-04 10:47 91136 —-a-w- e:windowssystem32YG4krqT.exe
2010-04-03 23:23 . 2010-04-03 23:23 89600 —-a-w- e:windowssystem32xERYsGw.exe
2010-04-03 23:22 . 2010-04-03 23:22 84992 —-a-w- e:windowssystem32M1XlVfJ.exe
2010-04-03 17:55 . 2010-04-03 17:55 32256 —-a-w- e:windowssystem32b40732a3.exe
2010-03-29 20:46 . 2010-04-10 20:08 38224 —-a-w- e:windowssystem32driversmbamswissarmy.sys
2010-03-29 20:45 . 2010-04-10 20:08 20824 —-a-w- e:windowssystem32driversmbam.sys
2010-03-28 08:33 . 2004-08-18 12:00 79748 —-a-w- e:windowssystem32perfc019.dat
2010-03-28 08:33 . 2004-08-18 12:00 474826 —-a-w- e:windowssystem32perfh019.dat
2010-03-25 13:14 . 2009-08-05 14:19 65536 —-a-r- e:documents and settingsДомApplication DataMicrosoftInstaller{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-03-25 13:14 . 2009-08-05 14:19 10134 —-a-r- e:documents and settingsДомApplication DataMicrosoftInstaller{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}ARPPRODUCTICON.exe
2010-03-25 13:11 . 2010-03-25 13:11
d
w- e:program filesCommon FilesCorel
2010-03-10 06:17 . 2004-08-18 12:00 420352 —-a-w- e:windowssystem32vbscript.dll
2010-02-25 06:19 . 2004-08-18 12:00 916480 —-a-w- e:windowssystem32wininet.dll
2010-02-24 12:31 . 2004-08-18 12:00 454016 —-a-w- e:windowssystem32driversmrxsmb.sys
.
Sigcheck
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3datapi.sys
[-] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . e:windowssystem32driversatapi.sys[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dasyncmac.sys
[-] 2004-08-18 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . e:windowssystem32dllcacheasyncmac.sys
[-] 2004-08-18 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . e:windowssystem32driversasyncmac.sys[-] 2004-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . e:windowssystem32dllcachebeep.sys
[-] 2004-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . e:windowssystem32driversbeep.sys[7] 2008-04-14 . 2B0018DE01BFB628D0A49A301F34B46F . 24832 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dkbdclass.sys
[-] 2004-08-18 . 84C85813DDB595F97A9F95DA3EDBF81B . 24832 . . [5.1.2600.2180] . . e:windowssystem32driverskbdclass.sys[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dndis.sys
[-] 2004-08-18 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . e:windowssystem32dllcachendis.sys
[-] 2004-08-18 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . e:windowssystem32driversndis.sys[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dntfs.sys
[-] 2004-08-18 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . e:windowssystem32dllcachentfs.sys
[-] 2004-08-18 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . e:windowssystem32driversntfs.sys[-] 2004-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . e:windowssystem32dllcachenull.sys
[-] 2004-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . e:windowssystem32driversnull.sys[7] 2008-04-14 . 598E378A5CB821A0E2968449B73A791B . 77824 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dbrowser.dll
[-] 2004-08-18 . ADD45CCFF46267D6B561FAEF2AAB2D10 . 77312 . . [5.1.2600.2180] . . e:windowssystem32browser.dll
[-] 2004-08-18 . ADD45CCFF46267D6B561FAEF2AAB2D10 . 77312 . . [5.1.2600.2180] . . e:windowssystem32dllcachebrowser.dll[7] 2008-04-14 . 17C1AC326238EFADF17A0612AFD822AD . 13312 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dlsass.exe
[-] 2004-08-18 . 1952DDC36E60C313CD6ACBD07D4548D6 . 13312 . . [5.1.2600.2180] . . e:windowssystem32lsass.exe
[-] 2004-08-18 . 1952DDC36E60C313CD6ACBD07D4548D6 . 13312 . . [5.1.2600.2180] . . e:windowssystem32dllcachelsass.exe[7] 2008-04-14 . E6FD229CFE63179917C7E4FAB088CFE5 . 198144 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dnetman.dll
[-] 2004-08-18 . D1DEFD8C17BEE185650F26653C9B003A . 198144 . . [5.1.2600.2180] . . e:windowssystem32netman.dll
[-] 2004-08-18 . D1DEFD8C17BEE185650F26653C9B003A . 198144 . . [5.1.2600.2180] . . e:windowssystem32dllcachenetman.dll[7] 2008-04-14 . 2110EC6988CEDFEB9B520AF9BEB3AF7F . 409088 . . [6.7.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dqmgr.dll
[-] 2004-08-18 . AF6E1507075F3026C6C346CF9A3FA0B0 . 382464 . . [6.6.2600.2180] . . e:windowssystem32qmgr.dll
[-] 2004-08-18 . AF6E1507075F3026C6C346CF9A3FA0B0 . 382464 . . [6.6.2600.2180] . . e:windowssystem32dllcacheqmgr.dll[7] 2008-04-14 . 0139187CDD1B598B6CBB235517117832 . 57856 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dspoolsv.exe
[-] 2004-08-18 . 2CAB6A02942AEFC1990ABCF5F1EAF53C . 57856 . . [5.1.2600.2180] . . e:windowssystem32spoolsv.exe
[-] 2004-08-18 . 2CAB6A02942AEFC1990ABCF5F1EAF53C . 57856 . . [5.1.2600.2180] . . e:windowssystem32dllcachespoolsv.exe[7] 2008-04-14 . B3B5D5855127E240C88451030AAEE76E . 509440 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dwinlogon.exe
[-] 2004-08-18 . BA9DF5930B2582C31C0C8E52C94DDA48 . 503808 . . [5.1.2600.2180] . . e:windowssystem32winlogon.exe
[-] 2004-08-18 . BA9DF5930B2582C31C0C8E52C94DDA48 . 503808 . . [5.1.2600.2180] . . e:windowssystem32dllcachewinlogon.exe[7] 2008-04-14 . E464083934A22C7E0EDE8A8FFA90D26C . 617472 . . [5.82] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dcomctl32.dll
[7] 2008-04-14 . FF63BB56C05EA817124D4E18162FCE46 . 1054208 . . [6.0] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dasms60msftwindowscommoncontrolscomctl32.dll
[-] 2004-08-18 . 25F44B4C9CF3A7E254BEF0A3327A3AC9 . 611328 . . [5.82] . . e:windowssystem32comctl32.dll
[-] 2004-08-18 . 25F44B4C9CF3A7E254BEF0A3327A3AC9 . 611328 . . [5.82] . . e:windowssystem32dllcachecomctl32.dll[7] 2008-04-14 . 31C42002B8560E7767B4A99B5EF8D4CB . 62464 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dcryptsvc.dll
[-] 2004-08-18 . 1C9398FEF160FB0C40290ECFC2B67F33 . 60416 . . [5.1.2600.2180] . . e:windowssystem32cryptsvc.dll
[-] 2004-08-18 . 1C9398FEF160FB0C40290ECFC2B67F33 . 60416 . . [5.1.2600.2180] . . e:windowssystem32dllcachecryptsvc.dll[7] 2008-04-14 . A9690FD601E9F5102F0D3388DF6081BD . 110080 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dimm32.dll
[-] 2004-08-18 . 318492C9327EDBBD7FAD35FB3DF65CC3 . 110080 . . [5.1.2600.2180] . . e:windowssystem32imm32.dll
[-] 2004-08-18 . 318492C9327EDBBD7FAD35FB3DF65CC3 . 110080 . . [5.1.2600.2180] . . e:windowssystem32dllcacheimm32.dll[7] 2008-04-14 . BF743F0EB14586C2735CBFC0F0E42582 . 19968 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dlinkinfo.dll
[-] 2004-08-18 . ECEBDC5E7120CBEA594728D47F39F1F5 . 18944 . . [5.1.2600.2180] . . e:windowssystem32linkinfo.dll
[-] 2004-08-18 . ECEBDC5E7120CBEA594728D47F39F1F5 . 18944 . . [5.1.2600.2180] . . e:windowssystem32dllcachelinkinfo.dll[7] 2008-04-14 . C50FAD9307F12333FFBE0B80066AB045 . 22016 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dlpk.dll
[-] 2004-08-18 . 37A519EA77EA438BA4B7A996F92D6B7E . 22016 . . [5.1.2600.2180] . . e:windowssystem32lpk.dll
[-] 2004-08-18 . 37A519EA77EA438BA4B7A996F92D6B7E . 22016 . . [5.1.2600.2180] . . e:windowssystem32dllcachelpk.dll[7] 2008-04-14 . 0346F897C701A58711F2C5844558962E . 343040 . . [7.0.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dmsvcrt.dll
[7] 2008-04-14 . A878132D3F1BA26BB43824AEB7A7E4AC . 343040 . . [7.0.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dasms70msftwindowsmswincrtmsvcrt.dll
[-] 2004-08-18 . 27B732C011B32A4D8BE4E7A74FAF2147 . 343040 . . [7.0.2600.2180] . . e:windowssystem32msvcrt.dll
[-] 2004-08-18 . 27B732C011B32A4D8BE4E7A74FAF2147 . 343040 . . [7.0.2600.2180] . . e:windowssystem32dllcachemsvcrt.dll[7] 2009-02-06 . A679BC8B7D745AD73DB64CF9FFDD6CE2 . 408064 . . [5.1.2600.3520] . . e:windows$hf_mig$KB968389SP2QFEnetlogon.dll
[7] 2009-02-06 . A679BC8B7D745AD73DB64CF9FFDD6CE2 . 408064 . . [5.1.2600.3520] . . e:windows$hf_mig$KB975467SP2QFEnetlogon.dll
[7] 2008-04-14 . BE915B967E7CA7AE746387D2E5CDCE3B . 407040 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dnetlogon.dll
[-] 2004-08-18 . 4922B0C854A0B4A2CD2061BBFE29B251 . 407040 . . [5.1.2600.2180] . . e:windowssystem32netlogon.dll
[-] 2004-08-18 . 4922B0C854A0B4A2CD2061BBFE29B251 . 407040 . . [5.1.2600.2180] . . e:windowssystem32dllcachenetlogon.dll[7] 2008-04-14 . DDDB63DB4C327CA3996AD326C1A8B8D4 . 17408 . . [6.00.2900.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dpowrprof.dll
[-] 2004-08-18 . 604F22705C12080012968D72D97C6D64 . 17408 . . [6.00.2900.2180] . . e:windowssystem32powrprof.dll
[-] 2004-08-18 . 604F22705C12080012968D72D97C6D64 . 17408 . . [6.00.2900.2180] . . e:windowssystem32dllcachepowrprof.dll[7] 2008-04-14 . 04423B01963ECF4BEEC4BD26A740D809 . 184832 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dscecli.dll
[-] 2004-08-18 . 5D5A37C65A5E86ED3811A4128B3A84E4 . 183808 . . [5.1.2600.2180] . . e:windowssystem32scecli.dll
[-] 2004-08-18 . 5D5A37C65A5E86ED3811A4128B3A84E4 . 183808 . . [5.1.2600.2180] . . e:windowssystem32dllcachescecli.dll[7] 2008-04-14 . 86E2562942CE84CBC59FCE8011245D7A . 5120 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dsfc.dll
[-] 2004-08-18 . F5F629B5CE930A832A7404A91121DB7C . 5120 . . [5.1.2600.2180] . . e:windowssystem32sfc.dll
[-] 2004-08-18 . F5F629B5CE930A832A7404A91121DB7C . 5120 . . [5.1.2600.2180] . . e:windowssystem32dllcachesfc.dll[7] 2008-04-14 . E948A9079D0E6350BE92D4D3E0077F81 . 14336 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dsvchost.exe
[-] 2004-08-18 . 5DB0AE95BF08D5A63C167648F1314C07 . 14336 . . [5.1.2600.2180] . . e:windowssystem32svchost.exe
[-] 2004-08-18 . 5DB0AE95BF08D5A63C167648F1314C07 . 14336 . . [5.1.2600.2180] . . e:windowssystem32dllcachesvchost.exe[7] 2008-04-14 . B2918C85EFDEBE5CBC5FC930A4E4635C . 249856 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dtapisrv.dll
[-] 2004-08-18 . DDB40B8DB77CFD3132E1402CB5030819 . 246272 . . [5.1.2600.2180] . . e:windowssystem32tapisrv.dll
[-] 2004-08-18 . DDB40B8DB77CFD3132E1402CB5030819 . 246272 . . [5.1.2600.2180] . . e:windowssystem32dllcachetapisrv.dll[7] 2008-04-14 . A9CDF92EA1CFFB67448EF26F5DF21A6F . 579072 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3duser32.dll
[-] 2004-08-18 . 0460DD9CF365FBD0171F669E9A796B1A . 577536 . . [5.1.2600.2180] . . e:windowssystem32user32.dll
[-] 2004-08-18 . 0460DD9CF365FBD0171F669E9A796B1A . 577536 . . [5.1.2600.2180] . . e:windowssystem32dllcacheuser32.dll[7] 2008-04-14 . 4F88778DD0CD6B99FCDA408E16B36AE7 . 26624 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3duserinit.exe
[-] 2004-08-18 . B5F1A73EDAB83FA2DB9662E10E027587 . 25088 . . [5.1.2600.2180] . . e:windowssystem32userinit.exe
[-] 2004-08-18 . B5F1A73EDAB83FA2DB9662E10E027587 . 25088 . . [5.1.2600.2180] . . e:windowssystem32dllcacheuserinit.exe[7] 2008-04-14 . 5E2915645A0D139519A99F0F95437D96 . 82432 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dws2_32.dll
[-] 2004-08-18 . 0B6185E58290D4E5944F6FB9BF6562A1 . 82944 . . [5.1.2600.2180] . . e:windowssystem32ws2_32.dll
[-] 2004-08-18 . 0B6185E58290D4E5944F6FB9BF6562A1 . 82944 . . [5.1.2600.2180] . . e:windowssystem32dllcachews2_32.dll[7] 2008-04-14 . 847C01CA71883702CC7445364DD9D097 . 1034240 . . [6.00.2900.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dexplorer.exe
[-] 2004-08-18 . 7637F34CBB1FD9076BDFB13F4EB72A1C . 1032704 . . [6.00.2900.2180] . . e:windowsexplorer.exe
[-] 2004-08-18 . 7637F34CBB1FD9076BDFB13F4EB72A1C . 1032704 . . [6.00.2900.2180] . . e:windowssystem32dllcacheexplorer.exe[7] 2008-04-14 . 1C2B181DCDBFAD31417C4C0196175D87 . 13824 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dwscntfy.exe
[-] 2004-08-18 . 5BB8BBC718775D48E8776E61B47DDF59 . 13824 . . [5.1.2600.2180] . . e:windowssystem32wscntfy.exe
[-] 2004-08-18 . 5BB8BBC718775D48E8776E61B47DDF59 . 13824 . . [5.1.2600.2180] . . e:windowssystem32dllcachewscntfy.exe[7] 2008-04-14 . D490B2F1C26D4D038012EA7F3E22B314 . 129024 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dxmlprov.dll
[-] 2004-08-18 . 7F22DC518995F251560A5F1080052946 . 129536 . . [5.1.2600.2180] . . e:windowssystem32xmlprov.dll
[-] 2004-08-18 . 7F22DC518995F251560A5F1080052946 . 129536 . . [5.1.2600.2180] . . e:windowssystem32dllcachexmlprov.dll[7] 2008-04-14 . 239622CC309B9650B345893D54C4D74E . 56320 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3deventlog.dll
[-] 2004-08-18 . 6CD35BE0991DF15A07BC60B894E6482B . 55808 . . [5.1.2600.2180] . . e:windowssystem32eventlog.dll
[-] 2004-08-18 . 6CD35BE0991DF15A07BC60B894E6482B . 55808 . . [5.1.2600.2180] . . e:windowssystem32dllcacheeventlog.dll[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dsfcfiles.dll
[-] 2004-08-18 . 01C8786B1DDB91D5D40044DED8864EDC . 1548288 . . [5.1.2600.2180] . . e:windowssystem32sfcfiles.dll
[-] 2004-08-18 . 01C8786B1DDB91D5D40044DED8864EDC . 1548288 . . [5.1.2600.2180] . . e:windowssystem32dllcachesfcfiles.dll[7] 2008-04-14 . B5DC70BB43A14093E00C5A735CC5DFD4 . 15360 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dctfmon.exe
[-] 2004-08-18 . CDC69C55CF6C39162451685020CF6F06 . 15360 . . [5.1.2600.2180] . . e:windowssystem32ctfmon.exe
[-] 2004-08-18 . CDC69C55CF6C39162451685020CF6F06 . 15360 . . [5.1.2600.2180] . . e:windowssystem32dllcachectfmon.exe[7] 2008-04-14 . E267EC270EBE3BF18F23E4BE97C3C766 . 135680 . . [6.00.2900.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dshsvcs.dll
[-] 2004-08-18 . BCF2E074A03283FF299DBEB93CE134C4 . 135168 . . [6.00.2900.2180] . . e:windowssystem32shsvcs.dll
[-] 2004-08-18 . BCF2E074A03283FF299DBEB93CE134C4 . 135168 . . [6.00.2900.2180] . . e:windowssystem32dllcacheshsvcs.dll[7] 2008-04-14 . 7AE94A5CEDB2916F20A2811E14DDFD7E . 59904 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dregsvc.dll
[-] 2004-08-18 . 461FD36D40DECE5F63C0ACF7B66899D2 . 59904 . . [5.1.2600.2180] . . e:windowssystem32regsvc.dll
[-] 2004-08-18 . 461FD36D40DECE5F63C0ACF7B66899D2 . 59904 . . [5.1.2600.2180] . . e:windowssystem32dllcacheregsvc.dll[7] 2008-04-14 . 962E76142BFE6AA160855326A488E778 . 193024 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dschedsvc.dll
[-] 2004-08-18 . 37791D0744756F6C860E04094B393159 . 191488 . . [5.1.2600.2180] . . e:windowssystem32schedsvc.dll
[-] 2004-08-18 . 37791D0744756F6C860E04094B393159 . 191488 . . [5.1.2600.2180] . . e:windowssystem32dllcacheschedsvc.dll[7] 2008-04-14 . 804A741E1806E8C33C8C642781896C0D . 295936 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dtermsrv.dll
[-] 2004-08-18 . FBE10ED076D1E87782778A6CD2AB7085 . 295936 . . [5.1.2600.2180] . . e:windowssystem32termsrv.dll
[-] 2004-08-18 . FBE10ED076D1E87782778A6CD2AB7085 . 295936 . . [5.1.2600.2180] . . e:windowssystem32dllcachetermsrv.dll[-] 2004-08-18 . CEA8D1DA7696ACBFC69A3823BCF1C738 . 11776 . . [5.1.2600.0] . . e:windowssystem32driversacpiec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3daec.sys
[-] 2004-08-03 18:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . e:windowssystem32dllcacheaec.sys
[-] 2004-08-03 18:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . e:windowssystem32driversaec.sys[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dip6fw.sys
[-] 2004-08-18 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . e:windowssystem32dllcacheip6fw.sys
[-] 2004-08-18 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . e:windowssystem32driversip6fw.sys[7] 2008-04-14 16:10 . 21B8BD18B4FF64AB41B858F282C5BC81 . 927504 . . [4.1.0.61] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dmfc40u.dll
[-] 2004-08-18 12:00 . A41D0455BF3873B0A09D311C138EF749 . 924432 . . [4.1.6140] . . e:windowssystem32mfc40u.dll
[-] 2004-08-18 12:00 . A41D0455BF3873B0A09D311C138EF749 . 924432 . . [4.1.6140] . . e:windowssystem32dllcachemfc40u.dll[7] 2008-04-14 . 1CEA42E9B7DC30FC313C8277EBDC8FCF . 33792 . . [5.1.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dmsgsvc.dll
[-] 2004-08-18 . A69AA08A453B9BAF7782A98EF57AF3D1 . 33792 . . [5.1.2600.2180] . . e:windowssystem32msgsvc.dll
[-] 2004-08-18 . A69AA08A453B9BAF7782A98EF57AF3D1 . 33792 . . [5.1.2600.2180] . . e:windowssystem32dllcachemsgsvc.dll[7] 2008-04-14 16:10 . 7FAC509F7F817CF0912F81302435EBC0 . 52736 . . [9.0.1.56] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dmspmsnsv.dll
[-] 2004-08-18 12:00 . FB1A5361CDF55D94008A6EE5EC36D168 . 52736 . . [9.0.1.56] . . e:windowssystem32mspmsnsv.dll
[-] 2004-08-18 12:00 . FB1A5361CDF55D94008A6EE5EC36D168 . 52736 . . [9.0.1.56] . . e:windowssystem32dllcachemspmsnsv.dll[7] 2008-04-14 16:10 . 8E6A3AAC5A889AD59479A05A990E8ED3 . 436736 . . [5.1.2400.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3dntmssvc.dll
[-] 2004-08-18 12:00 . 2105738264B4DDAEB24C2B3851D6427B . 436736 . . [5.1.2400.2180] . . e:windowssystem32ntmssvc.dll
[-] 2004-08-18 12:00 . 2105738264B4DDAEB24C2B3851D6427B . 436736 . . [5.1.2400.2180] . . e:windowssystem32dllcachentmssvc.dll[7] 2008-04-14 . 5EFAD772A147D5382D34157E2712DC6C . 367616 . . [5.3.2600.5512] . . e:windowsSoftwareDistributionDownloade6ee13bab691afad01f3e7fa891e3f3ddsound.dll
[-] 2004-08-18 . 8B4C47DF3F10153E8F20DD1C0CF3341B . 367616 . . [5.3.2600.2180] . . e:windowssystem32dsound.dll
[-] 2004-08-18 . 8B4C47DF3F10153E8F20DD1C0CF3341B . 367616 . . [5.3.2600.2180] . . e:windowssystem32dllcachedsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{1F13CE11-4FAC-49A9-8155-D4F3F0F91A33}]
2010-01-12 08:58 1136008 —-a-w- d:program filesPRMT9PRMTIEprmtie.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{C7DDDD27-F303-42A5-B979-51559F7DC0F0}»= «d:program filesPRMT9PRMTIEprmtie.dll» [2010-01-12 1136008][HKEY_CLASSES_ROOTclsid{c7dddd27-f303-42a5-b979-51559f7dc0f0}]
[HKEY_CLASSES_ROOTPromtIE.IEIntegration.2]
[HKEY_CLASSES_ROOTPromtIE.IEIntegration][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{C7DDDD27-F303-42A5-B979-51559F7DC0F0}»= «d:program filesPRMT9PRMTIEprmtie.dll» [2010-01-12 1136008][HKEY_CLASSES_ROOTclsid{c7dddd27-f303-42a5-b979-51559f7dc0f0}]
[HKEY_CLASSES_ROOTPromtIE.IEIntegration.2]
[HKEY_CLASSES_ROOTPromtIE.IEIntegration][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«High Definition Audio Property Page Shortcut»=»HDAShCut.exe» [2005-01-07 61952]
«ISUSPM Startup»=»e:program filesCommon FilesInstallShieldUpdateServiceisuspm.exe» [2005-08-11 249856]
«ISUSScheduler»=»e:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«Adobe Reader Speed Launcher»=»c:program filesAdobRider9.0ReaderReader_sl.exe» [2009-02-27 35696]
«nwiz»=»e:program filesNVIDIA CorporationnViewnwiz.exe» [2009-07-08 1657376]
«NvCplDaemon»=»e:windowssystem32NvCpl.dll» [2009-07-14 13877248]
«NvMediaCenter»=»e:windowssystem32NvMcTray.dll» [2009-07-14 86016]
«RTHDCPL»=»RTHDCPL.EXE» [2005-09-22 14854144]
«AdobeCS4ServiceManager»=»e:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»e:windowssystem32CTFMON.EXE» [2004-08-18 15360]e:documents and settings„®¬ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — e:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»e:windowssystem32userinit.exe,e:windowssystem32b40732a3.exe,\?globalrootsystemrootsystem32M1XlVfJ.exe,»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«e:\Program Files\uTorrent\uTorrent.exe»=
«d:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\xrEngine.exe»=
«d:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\dedicated\xrEngine.exe»=
«d:\Program Files\GSC World Publishing\S.T.A.L.K.E.R. — Зов Припяти\bin\xrEngine.exe»=
«d:\Program Files\GSC World Publishing\S.T.A.L.K.E.R. — Зов Припяти\bin\dedicated\xrEngine.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«e:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«d:\CyberSant-AKTIVATOR\Shareman\Shareman.exe»=
«e:\Program Files\Opera\opera.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«55973:TCP»= 55973:TCP
«22565:TCP»= 22565:TCP
«5353:TCP»= 5353:TCP:Adobe CSI CS4R1 appdrv01;Application Driver (01);e:windowssystem32driversappdrv01.sys [25.10.2009 22:38 3069040]
R1 aswSP;avast! Self Protection;e:windowssystem32driversaswSP.sys [05.08.2009 20:46 114768]
R2 2GIS UpdateClientService;2GIS UpdateClientService;e:program files2gisUpdateClientWin32UpdateClientService.exe [17.09.2008 12:03 1134592]
R2 aswFsBlk;aswFsBlk;e:windowssystem32driversaswFsBlk.sys [05.08.2009 20:46 20560]
S2 appdrvrem01;Application Driver Auto Removal Service (01);e:windowsSystem32appdrvrem01.exe svc —> e:windowsSystem32appdrvrem01.exe svc [?]
S3 vaxscsi;vaxscsi;e:windowssystem32driversvaxscsi.sys [03.12.2009 13:32 223128]
S4 sptd;sptd;e:windowssystem32driverssptd.sys [03.12.2009 12:53 646392]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/
IE: &Экспорт в Microsoft Excel — d:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Настроить параметры перевода — d:program filesPRMT9PRMTIEoptions.htm
IE: Перевести всю страницу — d:program filesPRMT9PRMTIEpage.htm
IE: Перевести выделенный текст — d:program filesPRMT9PRMTIEtranslat.htm
IE: Перевести поисковый запрос — d:program filesPRMT9PRMTIEsearch.htm
TCP: {3BB837E6-771B-416C-8AE3-E491A7D08621} = 85.113.62.227 85.113.63.252
.
— — — — ORPHANS REMOVED — — — —AddRemove-avast! — e:program filesAlwil SoftwareAvast4aswRunDll.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:38
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2010-05-18 21:40:20
ComboFix-quarantined-files.txt 2010-05-18 17:40Pre-Run: 1 373 200 384 байт свободно
Post-Run: 2 135 941 120 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect /usepmtimer— — End Of File — — 51E0A3CF0C25297C20D42A913B3E4DFA
- Для ответа в этой теме необходимо авторизоваться.
