- This topic has 6 ответов, 2 участника, and was last updated 15 years, 1 month назад by
.
-
Сообщения
-
Windows XP Pro SP3
Проблемма появилась давно, когда не вспомню
Суть: программы не запущенны просто в процессе лазанья по папкам вдруг загрузка процессора под 100 % и висяк полный,раньше глушил explorer.exe, а это его проказы стал с этим разбираться AnVir Task Manager указывает в потоках на Default IME убиваю его теперь.
Тоже самое при просмотре страниц в сети .На английском сайте писали ,что это как бы связано с повреждёнными видеофайлами avi. и предлагали один из способов ,удалить ключ реестра HKEY LOCAL MACHINESOFTWARE|Classes|CLSID{87D62D94-71B3-4b9a-9489-5FE6850DC73E}InProcServer32-удалил -без изменений. Антивирусники проблему не решили нашёл ваш сайт -установил ComboFix прошёлся им ,выкладываю лог может там что можно увидить и прокоментировать.Очень надеюсь на помощь.Ведь это было и до последней переустановки ОСи,и у знакомых таже беда.Может это вирус какой-то.В сети часто встречается эта проблемма ,а вот ответа для себя я не нашёл.ComboFix 09-12-22.09 — Костя 28.12.2009 23:58:28.2.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1594 [GMT 3:00]
Running from: c:documents and settingsКостяРабочий столComboFix.exe
Command switches used :: c:documents and settingsКостяРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.G:Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.2009-12-26 21:14 . 2009-12-26 21:14
d
w- C:rsit
2009-12-26 21:14 . 2009-12-26 21:14
d
w- c:program filestrend micro
2009-12-25 19:24 . 2009-12-25 19:24
d
w- c:program filesUnknown Device Identifier
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_EE1A6919D738C6145A01593879C807DC.dll
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_8A3FB05B382A902479E181EDB4B6CBE0.dll
2009-12-22 15:50 . 2009-12-22 15:50 60 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_75E6EA9FF87E00C4F9B6C20D1170D696.dll
2009-12-22 15:50 . 2009-12-22 15:50 566 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_191704F246D6C6344803469ABD6CE5A6.dll
2009-12-22 15:49 . 2009-12-22 16:07
d
w- c:program filesSecurity Task Manager
2009-12-19 17:09 . 2009-12-19 17:14
d
w- c:program filesVirtualDJ
2009-12-18 18:30 . 2009-12-18 18:30
d
w- c:documents and settingsКостяApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:30
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:29
d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-18 14:53 . 2009-12-18 14:53
d
w- c:program files1C
2009-12-18 13:29 . 2008-04-25 11:54 36384 —-a-w- c:windowssystem32driversnpusbio.sys
2009-12-18 13:29 . 2009-12-18 13:29
d
w- c:program filesNaturalPoint
2009-12-18 13:12 . 2008-11-22 01:45 5120 —-a-w- c:windowssystem32driverschdrvr02.sys
2009-12-18 13:12 . 2008-11-22 01:42 8704 —-a-w- c:windowssystem32driverschdrvr03.sys
2009-12-18 13:12 . 2008-11-20 21:09 219072 —-a-w- c:windowssystem32driverschdrvr01.sys
2009-12-18 13:12 . 2008-11-24 19:28 86776 —-a-w- c:windowssystem32CMCalBlk.dll
2009-12-18 13:12 . 2009-12-18 13:12
d
w- c:program filesCH Products
2009-12-18 09:27 . 2009-12-18 09:27
d
w- c:documents and settingsКостяLocal SettingsApplication DataAdobe
2009-12-18 07:03 . 2009-12-18 16:02
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceApplication DataApple Computer
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataApple Computer
2009-12-17 15:39 . 2009-12-18 08:33
d
w- c:program filesHypersight
2009-12-17 14:46 . 2009-12-17 14:46
d
w- c:documents and settingsКостяApplication DataAVG8
2009-12-17 14:30 . 2009-12-17 14:30
d
w- c:documents and settingsLocalServiceГлавное меню
2009-12-17 14:16 . 2009-12-17 14:16
d
w- c:program filesMKVtoolnix
2009-12-16 15:03 . 2009-11-12 07:03 59664 —s—w- c:windowssystem32driversTfSysMon.sys
2009-12-16 15:03 . 2009-11-12 07:03 51984 —s—w- c:windowssystem32driversTfFsMon.sys
2009-12-16 15:03 . 2009-11-12 07:03 33552 —s—w- c:windowssystem32driversTfNetMon.sys
2009-12-16 14:50 . 2009-12-16 14:50
d
w- c:documents and settingsКостяLocal SettingsApplication DataThreat Expert
2009-12-16 14:45 . 2009-12-16 14:45
d
w- c:documents and settingsКостяApplication DataPC Tools.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 20:56 . 2009-11-12 13:54
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-28 19:21 . 2009-11-27 16:48
d
w- c:program filesPowerArchiver
2009-12-27 04:25 . 2009-11-16 10:16
d
w- c:program filesBurn4Free
2009-12-26 18:24 . 2009-12-16 14:45
d
w- c:program filesSpyware Doctor
2009-12-25 21:57 . 2009-11-14 17:34
d
w- c:documents and settingsКостяApplication DataAIMP
2009-12-24 16:42 . 2009-12-06 15:54
d
w- c:program filesSteam
2009-12-22 17:23 . 2009-11-16 12:14
d
w- c:program filesAVS4YOU
2009-12-22 17:05 . 2009-12-15 04:39
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2009-12-22 12:53 . 2009-11-15 18:19
d
w- c:documents and settingsКостяApplication DatauTorrent
2009-12-21 16:26 . 2009-11-15 18:20
d
w- c:program filesuTorrent
2009-12-20 08:01 . 2009-11-12 13:57 31752 —-a-w- c:documents and settingsКостяLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-19 17:30 . 2009-11-23 12:49 22168 —ha-w- c:windowssystem32mlfcache.dat
2009-12-18 16:01 . 2009-12-02 07:36
d
w- c:program filesSmith Micro
2009-12-18 16:01 . 2009-11-12 12:56
d—h—w- c:program filesInstallShield Installation Information
2009-12-18 14:52 . 2009-11-12 12:56
d
w- c:program filesCommon FilesInstallShield
2009-12-17 15:27 . 2009-12-10 09:34
d
w- c:program filesCommon FilesWise Installation Wizard
2009-12-16 17:55 . 2009-11-23 15:22
d
w- c:program filesCommon FilesElecard
2009-12-16 15:03 . 2009-12-16 14:45
d
w- c:documents and settingsAll UsersApplication DataPC Tools
2009-12-16 14:49 . 2009-12-16 14:45
d
w- c:program filesCommon FilesPC Tools
2009-12-14 09:33 . 2009-11-12 15:02 53248 —-a-w- c:windowssystem32CSVer.dll
2009-12-10 10:10 . 2009-12-02 08:17 56816 —-a-w- c:windowssystem32driversavgntflt.sys
2009-12-10 09:34 . 2009-12-10 09:34
d
w- c:program filesZoner
2009-12-09 18:17 . 2008-04-15 12:00 79546 —-a-w- c:windowssystem32perfc019.dat
2009-12-09 18:17 . 2008-04-15 12:00 474518 —-a-w- c:windowssystem32perfh019.dat
2009-12-09 18:03 . 2009-11-12 18:36
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-09 11:33 . 2009-12-09 10:43
d
w- c:program filesAnVir Task Manager
2009-12-09 10:43 . 2009-12-09 10:43
d
w- c:documents and settingsКостяApplication DataChemTable Software
2009-12-09 10:43 . 2009-12-09 10:43
d
w- c:program filesReg Organizer
2009-12-02 08:26 . 2009-12-02 08:26
d
w- c:documents and settingsКостяApplication DataAvira
2009-12-02 08:17 . 2009-12-02 08:17
d
w- c:documents and settingsAll UsersApplication DataAvira
2009-12-02 08:17 . 2009-12-02 08:17
d
w- c:program filesAvira
2009-12-02 07:37 . 2009-12-02 07:37
d
w- c:documents and settingsAll UsersApplication DataSmith Micro
2009-11-27 20:00 . 2009-11-27 20:00
d
w- c:program filesRADVideo
2009-11-27 13:47 . 2009-11-06 12:24 867664 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionGUIcommon.dll
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:documents and settingsКостяApplication DataBurn Pro
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:program filesBurnPro
2009-11-27 11:21 . 2009-11-27 11:21 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipRadioRip.dll
2009-11-27 11:21 . 2009-11-27 11:21 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgSoundclick.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgPandora.dll
2009-11-27 11:21 . 2009-11-27 11:21 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgImeem.dll
2009-11-27 11:21 . 2009-11-27 11:21 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgMyspace.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgLastfm.dll
2009-11-27 11:21 . 2009-11-27 11:21 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgIJigg.dll
2009-11-27 11:21 . 2009-11-27 11:21 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgHypemachine.dll
2009-11-27 11:21 . 2009-11-27 11:21 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgGeneral.dll
2009-11-27 11:21 . 2009-11-27 11:21 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDefault.dll
2009-11-27 11:21 . 2009-11-27 11:21 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDeezer.dll
2009-11-27 11:21 . 2009-11-27 11:21 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009EncodingBackendlame_enc.dll
2009-11-27 11:20 . 2009-11-23 20:32
d
w- c:program filesRapidSolution
2009-11-27 11:18 . 2009-11-23 20:32
d
w- c:documents and settingsAll UsersApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 386328 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker5CommonDllsWebRip.dll
2009-11-27 10:35 . 2009-11-27 10:35
d
w- c:documents and settingsКостяApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionEncodingBackendlame_enc.dll
2009-11-24 12:05 . 2009-11-24 12:05
d
w- c:documents and settingsAll UsersApplication DataWondershare
2009-11-24 12:04 . 2009-11-24 12:04
d
w- c:program filesWondershare
2009-11-23 21:05 . 2009-11-23 21:05 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipRadioRip.dll
2009-11-23 21:05 . 2009-11-23 21:05 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgSoundclick.dll
2009-11-23 21:05 . 2009-11-23 21:05 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgMyspace.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgPandora.dll
2009-11-23 21:05 . 2009-11-23 21:05 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgImeem.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgLastfm.dll
2009-11-23 21:05 . 2009-11-23 21:05 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgIJigg.dll
2009-11-23 21:05 . 2009-11-23 21:05 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgHypemachine.dll
2009-11-23 21:05 . 2009-11-23 21:05 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgGeneral.dll
2009-11-23 21:05 . 2009-11-23 21:05 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDefault.dll
2009-11-23 21:05 . 2009-11-23 21:05 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDeezer.dll
2009-11-23 21:04 . 2009-11-23 21:04 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009EncodingBackendlame_enc.dll
2009-11-23 21:01 . 2009-11-23 21:01 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipRadioRip.dll
2009-11-23 21:01 . 2009-11-23 21:01 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgSoundclick.dll
2009-11-23 21:01 . 2009-11-23 21:01 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgMyspace.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgPandora.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgLastfm.dll
2009-11-23 21:01 . 2009-11-23 21:01 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgImeem.dll
2009-11-23 21:01 . 2009-11-23 21:01 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgIJigg.dll
2009-11-23 21:01 . 2009-11-23 21:01 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgHypemachine.dll
2009-11-23 21:01 . 2009-11-23 21:01 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDefault.dll
2009-11-23 21:01 . 2009-11-23 21:01 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgGeneral.dll
2009-11-23 21:01 . 2009-11-23 21:01 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDeezer.dll
2009-11-23 21:01 . 2009-11-23 21:01 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009EncodingBackendlame_enc.dll
2009-11-23 21:00 . 2009-11-23 21:00
d
w- c:program filesPixiePack Codec Pack
2009-11-23 15:22 . 2009-11-23 15:22
d
w- c:program filesElecard
2009-11-23 13:09 . 2009-11-12 17:54
d
w- c:program filesFinal Codecs
2009-11-23 13:08 . 2009-11-23 13:08 0 —-a-w- c:windowsnsreg.dat
2009-11-23 13:06 . 2009-11-23 12:49
d
w- c:program filesSafari
2009-11-23 13:06 . 2009-11-23 13:06
d
w- c:program filesCommon FilesApple
2009-11-23 13:04 . 2009-11-23 13:04 79144 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.21.10SetupAdmin.exe
2009-11-23 13:00 . 2009-11-23 12:56
d
w- c:documents and settingsКостяApplication DataYandex
2009-11-23 12:49 . 2009-11-23 12:49
d
w- c:documents and settingsКостяApplication DataApple Computer
2009-11-23 12:49 . 2009-11-12 17:55
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:program filesBonjour
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:program filesApple Software Update
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:documents and settingsAll UsersApplication DataApple
2009-11-22 18:15 . 2009-11-16 15:18
d
w- c:program filesDScaler5
2009-11-22 17:38 . 2009-11-16 12:17
d
w- c:documents and settingsКостяApplication DataAVS4YOU
2009-11-21 16:03 . 2008-04-15 12:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-11-20 15:57 . 2009-11-20 15:54
d
w- c:program filesWIN2KXP
2009-11-20 15:50 . 2009-11-20 15:44
d
w- c:program filesDivX H.264 decoder
2009-11-20 15:45 . 2009-11-20 15:45
d
w- c:documents and settingsКостяApplication DataMedia Player Classic
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:documents and settingsКостяApplication DataDeviceDoctorSoftware
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:program filesDevice Doctor
.
Sigcheck
[7] 2008-04-15 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowssystem32dllcachesfcfiles.dllc:windowsSystem32sfcfiles.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
2009-11-16 12:00 815104 —-a-w- c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{B29002A0-87A1-4DC4-AC55-5982034EB61E}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-16 10:16 815104 —-a-w- c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2009-11-16 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2009-11-16 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AnVir Task Manager»=»c:program filesAnVir Task ManagerAnVir.exe» [2009-12-04 3163872][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«DeviceDiscovery»=»c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe» [2003-05-21 229437]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2007-02-16 344064]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«QuickTime Task»=»c:program filesFinal Codecsqttask.exe» [2009-11-10 417792][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE8_01″=»shell32» [X]
«IE8_02″=»advpack.dll» [2009-07-18 128512][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Steam\Steam.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe»=R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [16.12.2009 17:46 207792]
R0 TfFsMon;TfFsMon;c:windowssystem32driversTfFsMon.sys [16.12.2009 18:03 51984]
R0 TfSysMon;TfSysMon;c:windowssystem32driversTfSysMon.sys [16.12.2009 18:03 59664]
R1 avfwot;avfwot;c:windowssystem32driversavfwot.sys [02.12.2009 11:17 97608]
R1 StarPortLite;StarPort Storage Controller (Lite);c:windowssystem32driversStarPortLite.sys [14.11.2009 20:52 95592]
R2 AntiVirFirewallService;Avira Firewall;c:program filesAviraAntiVir Desktopavfwsvc.exe [02.12.2009 11:17 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:program filesAviraAntiVir Desktopavmailc.exe [02.12.2009 11:17 194817]
R2 AntiVirSchedulerService;Планировщик Avira Premium Security Suite;c:program filesAviraAntiVir Desktopsched.exe [02.12.2009 11:17 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:program filesAviraAntiVir Desktopavwebgrd.exe [02.12.2009 11:17 434945]
R2 Browser Defender Update Service;Browser Defender Update Service;c:program filesSpyware DoctorBDTBDTUpdateService.exe [16.12.2009 17:49 112592]
R3 avfwim;AvFw Packet Filter Miniport;c:windowssystem32driversavfwim.sys [02.12.2009 11:17 69632]
R3 chdrvr01;CH Control Manager Driver 1;c:windowssystem32driverschdrvr01.sys [18.12.2009 16:12 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:windowssystem32driverschdrvr02.sys [18.12.2009 16:12 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:windowssystem32driverschdrvr03.sys [18.12.2009 16:12 8704]
R3 npusbio;npusbio;c:windowssystem32driversnpusbio.sys [18.12.2009 16:29 36384]
R3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windowssystem32driversNtApm.sys [11.12.2009 18:33 9472]
R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [14.11.2009 20:52 691696]
S3 Cap713x;Philips Cap713x Video Capture;c:windowssystem32driversCap713x.sys [15.11.2009 18:54 686080]
S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S3 SAA713x;Behold TV WDM Capture (SAA713x);c:windowssystem32driverssaa713x.sys [15.11.2009 19:01 421896]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [16.12.2009 17:45 359624]
S3 TfNetMon;TfNetMon;c:windowssystem32driversTfNetMon.sys [16.12.2009 18:03 33552]
S3 ZKQYA;ZKQYA; [x]
S4 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [16.12.2009 17:46 233136]
S4 pctplsg;pctplsg;c:windowssystem32driverspctplsg.sys [16.12.2009 17:46 70408][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 13:32 8192 —-a-w- c:program filesPixiePack Codec PackInstallerHelper.exe
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: c:program filesAviraAntiVir Desktopavsda.dll
TCP: {15FC4F96-FABF-4116-A73F-0C96D60443F2} = 212.188.4.10,195.34.32.116
FF — ProfilePath — c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.default
FF — prefs.js: browser.startup.homepage — hxxp://start.drp.su/
FF — plugin: c:program filesFinal CodecsMozillaPluginsnppl3260.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprjplug.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprpjplug.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —Toolbar-ITBar7Position — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 00:04
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1412)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1472)
c:program filesAviraAntiVir Desktopavsda.dll
.
Completion time: 2009-12-29 00:05:56
ComboFix-quarantined-files.txt 2009-12-28 21:05
ComboFix2.txt 2009-12-26 18:56Pre-Run: 46 968 320 000 байт свободно
Post-Run: 46 983 237 632 байт свободно— — End Of File — — D7CD671669A737291D2C27F16F1440F6
Здравствуйте, добро пожаловать на Spyware-ru форум.
Есть один неизвестный драйвер. Удалим его.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:Driver::
ZKQYAЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И сообщите есть ли изменения в работе компьютера.Спасибо за оперативность Valeru.
С Наступающим Новым Годом.
После выполнения необходимой операции ,полазил по папкам -нормально ,зашёл в сеть, наблюдались подскоки explorera.exe до 90% но сами успокаивались и один раз подвис опять ,прешлось процесс убить AnVir Task Manager пишет состояние-Ready
причина ожидания-UserRequest
заголовок окна-Default IME
После работы ComboFix включил Spuware Doctor -он обнаружил в ветке реестра HKEY USERS Trojan Generic ,пока работаю вроде нормально если не считать этого одного подвисания.Высылаю логComboFix 09-12-22.09 — Костя 30.12.2009 22:02:45.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1630 [GMT 3:00]
Running from: c:documents and settingsКостяРабочий столComboFix.exe
Command switches used :: c:documents and settingsКостяРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ZKQYA
Service_ZKQYA((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.2009-12-30 16:17 . 2009-12-30 16:17
d
w- c:program filesTeachShop
2009-12-30 08:32 . 2009-12-30 08:32
d
w- c:program filesSeagate
2009-12-29 18:32 . 2009-12-29 18:32
d
w- c:program filesRecuva
2009-12-26 21:14 . 2009-12-29 19:48
d
w- c:program filestrend micro
2009-12-26 21:14 . 2009-12-26 21:14
d
w- C:rsit
2009-12-25 19:24 . 2009-12-25 19:24
d
w- c:program filesUnknown Device Identifier
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_EE1A6919D738C6145A01593879C807DC.dll
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_8A3FB05B382A902479E181EDB4B6CBE0.dll
2009-12-22 15:50 . 2009-12-22 15:50 60 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_75E6EA9FF87E00C4F9B6C20D1170D696.dll
2009-12-22 15:50 . 2009-12-22 15:50 566 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_191704F246D6C6344803469ABD6CE5A6.dll
2009-12-22 15:49 . 2009-12-22 16:07
d
w- c:program filesSecurity Task Manager
2009-12-19 17:09 . 2009-12-19 17:14
d
w- c:program filesVirtualDJ
2009-12-18 18:30 . 2009-12-18 18:30
d
w- c:documents and settingsКостяApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:30
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:29
d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-18 14:53 . 2009-12-18 14:53
d
w- c:program files1C
2009-12-18 13:29 . 2008-04-25 11:54 36384 —-a-w- c:windowssystem32driversnpusbio.sys
2009-12-18 13:29 . 2009-12-18 13:29
d
w- c:program filesNaturalPoint
2009-12-18 13:12 . 2008-11-22 01:45 5120 —-a-w- c:windowssystem32driverschdrvr02.sys
2009-12-18 13:12 . 2008-11-22 01:42 8704 —-a-w- c:windowssystem32driverschdrvr03.sys
2009-12-18 13:12 . 2008-11-20 21:09 219072 —-a-w- c:windowssystem32driverschdrvr01.sys
2009-12-18 13:12 . 2008-11-24 19:28 86776 —-a-w- c:windowssystem32CMCalBlk.dll
2009-12-18 13:12 . 2009-12-18 13:12
d
w- c:program filesCH Products
2009-12-18 09:27 . 2009-12-18 09:27
d
w- c:documents and settingsКостяLocal SettingsApplication DataAdobe
2009-12-18 07:03 . 2009-12-18 16:02
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceApplication DataApple Computer
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataApple Computer
2009-12-17 15:39 . 2009-12-18 08:33
d
w- c:program filesHypersight
2009-12-17 14:46 . 2009-12-17 14:46
d
w- c:documents and settingsКостяApplication DataAVG8
2009-12-17 14:30 . 2009-12-17 14:30
d
w- c:documents and settingsLocalServiceГлавное меню
2009-12-17 14:16 . 2009-12-17 14:16
d
w- c:program filesMKVtoolnix
2009-12-16 15:03 . 2009-11-12 07:03 59664 —s—w- c:windowssystem32driversTfSysMon.sys
2009-12-16 15:03 . 2009-11-12 07:03 51984 —s—w- c:windowssystem32driversTfFsMon.sys
2009-12-16 15:03 . 2009-11-12 07:03 33552 —s—w- c:windowssystem32driversTfNetMon.sys
2009-12-16 14:50 . 2009-12-16 14:50
d
w- c:documents and settingsКостяLocal SettingsApplication DataThreat Expert
2009-12-16 14:45 . 2009-12-16 14:45
d
w- c:documents and settingsКостяApplication DataPC Tools.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 19:11 . 2009-11-12 13:54
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-30 18:58 . 2009-12-16 14:45
d
w- c:program filesSpyware Doctor
2009-12-30 16:48 . 2009-11-27 16:48
d
w- c:program filesPowerArchiver
2009-12-30 08:55 . 2009-12-10 09:34
d
w- c:program filesCommon FilesWise Installation Wizard
2009-12-29 17:53 . 2009-11-15 18:19
d
w- c:documents and settingsКостяApplication DatauTorrent
2009-12-29 05:25 . 2009-11-15 18:20
d
w- c:program filesuTorrent
2009-12-27 04:25 . 2009-11-16 10:16
d
w- c:program filesBurn4Free
2009-12-25 21:57 . 2009-11-14 17:34
d
w- c:documents and settingsКостяApplication DataAIMP
2009-12-24 16:42 . 2009-12-06 15:54
d
w- c:program filesSteam
2009-12-22 17:23 . 2009-11-16 12:14
d
w- c:program filesAVS4YOU
2009-12-22 17:05 . 2009-12-15 04:39
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2009-12-20 08:01 . 2009-11-12 13:57 31752 —-a-w- c:documents and settingsКостяLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-12-19 17:30 . 2009-11-23 12:49 22168 —ha-w- c:windowssystem32mlfcache.dat
2009-12-18 16:01 . 2009-12-02 07:36
d
w- c:program filesSmith Micro
2009-12-18 16:01 . 2009-11-12 12:56
d—h—w- c:program filesInstallShield Installation Information
2009-12-18 14:52 . 2009-11-12 12:56
d
w- c:program filesCommon FilesInstallShield
2009-12-16 17:55 . 2009-11-23 15:22
d
w- c:program filesCommon FilesElecard
2009-12-16 15:03 . 2009-12-16 14:45
d
w- c:documents and settingsAll UsersApplication DataPC Tools
2009-12-16 14:49 . 2009-12-16 14:45
d
w- c:program filesCommon FilesPC Tools
2009-12-14 09:33 . 2009-11-12 15:02 53248 —-a-w- c:windowssystem32CSVer.dll
2009-12-10 10:10 . 2009-12-02 08:17 56816 —-a-w- c:windowssystem32driversavgntflt.sys
2009-12-10 09:34 . 2009-12-10 09:34
d
w- c:program filesZoner
2009-12-09 18:17 . 2008-04-15 12:00 79546 —-a-w- c:windowssystem32perfc019.dat
2009-12-09 18:17 . 2008-04-15 12:00 474518 —-a-w- c:windowssystem32perfh019.dat
2009-12-09 18:03 . 2009-11-12 18:36
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-09 11:33 . 2009-12-09 10:43
d
w- c:program filesAnVir Task Manager
2009-12-09 10:43 . 2009-12-09 10:43
d
w- c:documents and settingsКостяApplication DataChemTable Software
2009-12-09 10:43 . 2009-12-09 10:43
d
w- c:program filesReg Organizer
2009-12-02 08:26 . 2009-12-02 08:26
d
w- c:documents and settingsКостяApplication DataAvira
2009-12-02 08:17 . 2009-12-02 08:17
d
w- c:documents and settingsAll UsersApplication DataAvira
2009-12-02 08:17 . 2009-12-02 08:17
d
w- c:program filesAvira
2009-12-02 07:37 . 2009-12-02 07:37
d
w- c:documents and settingsAll UsersApplication DataSmith Micro
2009-11-27 20:00 . 2009-11-27 20:00
d
w- c:program filesRADVideo
2009-11-27 13:47 . 2009-11-06 12:24 867664 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionGUIcommon.dll
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:documents and settingsКостяApplication DataBurn Pro
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:program filesBurnPro
2009-11-27 11:21 . 2009-11-27 11:21 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipRadioRip.dll
2009-11-27 11:21 . 2009-11-27 11:21 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgSoundclick.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgPandora.dll
2009-11-27 11:21 . 2009-11-27 11:21 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgImeem.dll
2009-11-27 11:21 . 2009-11-27 11:21 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgMyspace.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgLastfm.dll
2009-11-27 11:21 . 2009-11-27 11:21 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgIJigg.dll
2009-11-27 11:21 . 2009-11-27 11:21 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgHypemachine.dll
2009-11-27 11:21 . 2009-11-27 11:21 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgGeneral.dll
2009-11-27 11:21 . 2009-11-27 11:21 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDefault.dll
2009-11-27 11:21 . 2009-11-27 11:21 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDeezer.dll
2009-11-27 11:21 . 2009-11-27 11:21 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009EncodingBackendlame_enc.dll
2009-11-27 11:20 . 2009-11-23 20:32
d
w- c:program filesRapidSolution
2009-11-27 11:18 . 2009-11-23 20:32
d
w- c:documents and settingsAll UsersApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 386328 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker5CommonDllsWebRip.dll
2009-11-27 10:35 . 2009-11-27 10:35
d
w- c:documents and settingsКостяApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionEncodingBackendlame_enc.dll
2009-11-24 12:05 . 2009-11-24 12:05
d
w- c:documents and settingsAll UsersApplication DataWondershare
2009-11-24 12:04 . 2009-11-24 12:04
d
w- c:program filesWondershare
2009-11-23 21:05 . 2009-11-23 21:05 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipRadioRip.dll
2009-11-23 21:05 . 2009-11-23 21:05 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgSoundclick.dll
2009-11-23 21:05 . 2009-11-23 21:05 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgMyspace.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgPandora.dll
2009-11-23 21:05 . 2009-11-23 21:05 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgImeem.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgLastfm.dll
2009-11-23 21:05 . 2009-11-23 21:05 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgIJigg.dll
2009-11-23 21:05 . 2009-11-23 21:05 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgHypemachine.dll
2009-11-23 21:05 . 2009-11-23 21:05 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgGeneral.dll
2009-11-23 21:05 . 2009-11-23 21:05 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDefault.dll
2009-11-23 21:05 . 2009-11-23 21:05 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDeezer.dll
2009-11-23 21:04 . 2009-11-23 21:04 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009EncodingBackendlame_enc.dll
2009-11-23 21:01 . 2009-11-23 21:01 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipRadioRip.dll
2009-11-23 21:01 . 2009-11-23 21:01 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgSoundclick.dll
2009-11-23 21:01 . 2009-11-23 21:01 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgMyspace.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgPandora.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgLastfm.dll
2009-11-23 21:01 . 2009-11-23 21:01 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgImeem.dll
2009-11-23 21:01 . 2009-11-23 21:01 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgIJigg.dll
2009-11-23 21:01 . 2009-11-23 21:01 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgHypemachine.dll
2009-11-23 21:01 . 2009-11-23 21:01 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDefault.dll
2009-11-23 21:01 . 2009-11-23 21:01 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgGeneral.dll
2009-11-23 21:01 . 2009-11-23 21:01 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDeezer.dll
2009-11-23 21:01 . 2009-11-23 21:01 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009EncodingBackendlame_enc.dll
2009-11-23 21:00 . 2009-11-23 21:00
d
w- c:program filesPixiePack Codec Pack
2009-11-23 15:22 . 2009-11-23 15:22
d
w- c:program filesElecard
2009-11-23 13:09 . 2009-11-12 17:54
d
w- c:program filesFinal Codecs
2009-11-23 13:08 . 2009-11-23 13:08 0 —-a-w- c:windowsnsreg.dat
2009-11-23 13:06 . 2009-11-23 12:49
d
w- c:program filesSafari
2009-11-23 13:06 . 2009-11-23 13:06
d
w- c:program filesCommon FilesApple
2009-11-23 13:04 . 2009-11-23 13:04 79144 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.21.10SetupAdmin.exe
2009-11-23 13:00 . 2009-11-23 12:56
d
w- c:documents and settingsКостяApplication DataYandex
2009-11-23 12:49 . 2009-11-23 12:49
d
w- c:documents and settingsКостяApplication DataApple Computer
2009-11-23 12:49 . 2009-11-12 17:55
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:program filesBonjour
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:program filesApple Software Update
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:documents and settingsAll UsersApplication DataApple
2009-11-22 18:15 . 2009-11-16 15:18
d
w- c:program filesDScaler5
2009-11-22 17:38 . 2009-11-16 12:17
d
w- c:documents and settingsКостяApplication DataAVS4YOU
2009-11-21 16:03 . 2008-04-15 12:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-11-20 15:57 . 2009-11-20 15:54
d
w- c:program filesWIN2KXP
2009-11-20 15:50 . 2009-11-20 15:44
d
w- c:program filesDivX H.264 decoder
2009-11-20 15:45 . 2009-11-20 15:45
d
w- c:documents and settingsКостяApplication DataMedia Player Classic
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:documents and settingsКостяApplication DataDeviceDoctorSoftware
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:program filesDevice Doctor
.
Sigcheck
[7] 2008-04-15 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowssystem32dllcachesfcfiles.dllc:windowsSystem32sfcfiles.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
2009-11-16 12:00 815104 —-a-w- c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{B29002A0-87A1-4DC4-AC55-5982034EB61E}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-16 10:16 815104 —-a-w- c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2009-11-16 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2009-11-16 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AnVir Task Manager»=»c:program filesAnVir Task ManagerAnVir.exe» [2009-12-04 3163872][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«DeviceDiscovery»=»c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe» [2003-05-21 229437]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2007-02-16 344064]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«QuickTime Task»=»c:program filesFinal Codecsqttask.exe» [2009-11-10 417792][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE8_01″=»shell32» [X]
«IE8_02″=»advpack.dll» [2009-07-18 128512][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Steam\Steam.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe»=R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [16.12.2009 17:46 207792]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [14.11.2009 20:52 691696]
R0 TfFsMon;TfFsMon;c:windowssystem32driversTfFsMon.sys [16.12.2009 18:03 51984]
R0 TfSysMon;TfSysMon;c:windowssystem32driversTfSysMon.sys [16.12.2009 18:03 59664]
R1 avfwot;avfwot;c:windowssystem32driversavfwot.sys [02.12.2009 11:17 97608]
R1 StarPortLite;StarPort Storage Controller (Lite);c:windowssystem32driversStarPortLite.sys [14.11.2009 20:52 95592]
R2 AntiVirFirewallService;Avira Firewall;c:program filesAviraAntiVir Desktopavfwsvc.exe [02.12.2009 11:17 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:program filesAviraAntiVir Desktopavmailc.exe [02.12.2009 11:17 194817]
R2 AntiVirSchedulerService;Планировщик Avira Premium Security Suite;c:program filesAviraAntiVir Desktopsched.exe [02.12.2009 11:17 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:program filesAviraAntiVir Desktopavwebgrd.exe [02.12.2009 11:17 434945]
R2 Browser Defender Update Service;Browser Defender Update Service;c:program filesSpyware DoctorBDTBDTUpdateService.exe [16.12.2009 17:49 112592]
R3 avfwim;AvFw Packet Filter Miniport;c:windowssystem32driversavfwim.sys [02.12.2009 11:17 69632]
R3 chdrvr01;CH Control Manager Driver 1;c:windowssystem32driverschdrvr01.sys [18.12.2009 16:12 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:windowssystem32driverschdrvr02.sys [18.12.2009 16:12 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:windowssystem32driverschdrvr03.sys [18.12.2009 16:12 8704]
R3 npusbio;npusbio;c:windowssystem32driversnpusbio.sys [18.12.2009 16:29 36384]
R3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windowssystem32driversNtApm.sys [11.12.2009 18:33 9472]
R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S3 Cap713x;Philips Cap713x Video Capture;c:windowssystem32driversCap713x.sys [15.11.2009 18:54 686080]
S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S3 SAA713x;Behold TV WDM Capture (SAA713x);c:windowssystem32driverssaa713x.sys [15.11.2009 19:01 421896]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [16.12.2009 17:45 359624]
S3 TfNetMon;TfNetMon;c:windowssystem32driversTfNetMon.sys [16.12.2009 18:03 33552]
S4 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [16.12.2009 17:46 233136]
S4 pctplsg;pctplsg;c:windowssystem32driverspctplsg.sys [16.12.2009 17:46 70408][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 13:32 8192 —-a-w- c:program filesPixiePack Codec PackInstallerHelper.exe
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: c:program filesAviraAntiVir Desktopavsda.dll
TCP: {15FC4F96-FABF-4116-A73F-0C96D60443F2} = 212.188.4.10,195.34.32.116
FF — ProfilePath — c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.default
FF — prefs.js: browser.startup.homepage — hxxp://start.drp.su/
FF — plugin: c:program filesFinal CodecsMozillaPluginsnppl3260.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprjplug.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprpjplug.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —Toolbar-ITBar7Position — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 22:11
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys prosync1.sys hal.dll atapi.sys spyo.sys >>UNKNOWN [0x89BBE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf765bf28
Driveratapi -> prosync1.sys @ 0xf798f61d
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: 3Com 3C940 Gigabit LOM Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7b23bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b30a21
SendHandler -> NDIS.sys @ 0xf7b0e87b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1432)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1492)
c:program filesAviraAntiVir Desktopavsda.dll— — — — — — — > ‘explorer.exe'(212)
c:windowssystem32WININET.dll
c:program filesAnVir Task ManagerAnvirHook62.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-30 22:14:31 — machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 19:14
ComboFix2.txt 2009-12-28 21:05
ComboFix3.txt 2009-12-26 18:56Pre-Run: 46 772 195 328 байт свободно
Post-Run: 46 757 195 776 байт свободно— — End Of File — — 0560935D004AC18986E607D952CA0CC8
Деинсталлируйте все антивирусы и антиспайварные программы. Перезагрузите компьютер и установите один антивирус и одну антиспайварную программу.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
FCopy::
c:windowssystem32dllcachesfcfiles.dll | c:windowsSystem32sfcfiles.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Параличь продолжается, видимо придётся переставлять ОСь
Проблема остаётся и в интернете на форумах встречается часто но решения нет.ComboFix 10-01-14.06 — Костя 15.01.2010 19:00:32.3.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1568 [GMT 3:00]
Running from: c:documents and settingsКостяРабочий столComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.2010-01-15 15:20 . 2008-04-15 12:00 1571840
w- c:windowssystem32sfcfiles.dll
2010-01-15 15:10 . 2009-05-08 10:13 97608 —-a-w- c:windowssystem32driversavfwot.sys
2010-01-15 15:10 . 2009-03-30 06:33 96104 —-a-w- c:windowssystem32driversavipbb.sys
2010-01-15 15:10 . 2009-02-24 09:06 69632 —-a-w- c:windowssystem32driversavfwim.sys
2010-01-15 15:10 . 2009-02-13 08:29 22360 —-a-w- c:windowssystem32driversavgntmgr.sys
2010-01-15 15:10 . 2009-02-13 08:17 45416 —-a-w- c:windowssystem32driversavgntdd.sys
2010-01-15 15:10 . 2010-01-15 15:10
d
w- c:program filesAvira
2010-01-15 15:06 . 2009-12-30 11:55 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-15 15:06 . 2010-01-15 15:06
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-01-15 15:06 . 2009-12-30 11:54 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-01-15 13:57 . 2010-01-15 13:57 104 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_EF3B7401BE1E30E479ED5C30C7C29EFC.dll
2010-01-15 13:45 . 2010-01-15 13:45 7030 —-a-r- c:documents and settingsКостяApplication DataMicrosoftInstaller{9D9C7104-97CC-4BA4-81CF-6DBB55992F0D}_378a248f.exe
2010-01-13 21:05 . 2010-01-13 21:05 90126 —-a-r- c:documents and settingsКостяApplication DataMicrosoftInstaller{1047B3FE-E1EB-4E03-97DE-C5037C2CE9CF}NewShortcut11_68DB536614814277B3A9DA63A279DB29.exe
2010-01-13 21:05 . 2010-01-13 21:05 90126 —-a-r- c:documents and settingsКостяApplication DataMicrosoftInstaller{1047B3FE-E1EB-4E03-97DE-C5037C2CE9CF}NewShortcut1_68DB536614814277B3A9DA63A279DB29.exe
2010-01-13 21:05 . 2010-01-13 21:05 90126 —-a-r- c:documents and settingsКостяApplication DataMicrosoftInstaller{1047B3FE-E1EB-4E03-97DE-C5037C2CE9CF}ARPPRODUCTICON.exe
2010-01-13 21:05 . 2010-01-13 21:05
d
w- c:program filesNeoretix
2010-01-13 21:04 . 2010-01-13 21:05
d
w- c:windowsDownloaded Installations
2010-01-13 17:48 . 2010-01-13 17:48
d
w- c:program filesFLVCodec
2010-01-13 17:47 . 2010-01-13 17:48
d
w- c:program filesWinPcap
2010-01-13 17:27 . 2010-01-13 17:27 294009 —-a-w- c:windowsVideo_Download_Toolbar_Uninstaller_9074.exe
2010-01-13 17:27 . 2010-01-13 17:27
d
w- c:program filesVideo Download Toolbar
2010-01-13 16:31 . 2010-01-13 17:38
d
w- c:documents and settingsКостяApplication DataGetRightToGo
2010-01-13 16:05 . 2010-01-13 17:08
d
w- c:documents and settingsКостяApplication DataFireShot
2010-01-13 15:46 . 2009-10-08 07:31 3204096 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}librarySSS-0.80.dll
2010-01-13 15:46 . 2009-10-07 15:06 106496 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}libraryFSAddin-0.80.dll
2010-01-13 15:31 . 2009-10-08 07:31 3204096 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}librarySSS.dll
2010-01-13 15:31 . 2009-10-07 15:06 106496 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}libraryFSAddin.dll
2010-01-13 15:31 . 2009-09-23 18:29 28672 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}platformWINNT_x86-msvccomponentsSSSLauncher.dll
2010-01-13 15:31 . 2009-03-19 20:57 40960 —-a-w- c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}libraryfireshot-install.exe
2010-01-13 15:03 . 2010-01-13 15:03
d
w- c:documents and settingsLocalServiceРабочий стол
2010-01-13 10:32 . 2010-01-13 11:13
d
w- c:documents and settingsКостяDoctorWeb
2010-01-13 07:15 . 2010-01-13 07:15
d
w- c:program filesMarvell
2010-01-11 11:50 . 2010-01-11 11:50
d
w- c:documents and settingsКостяLocal SettingsApplication DataVS Revo Group
2010-01-11 11:49 . 2009-12-30 08:20 27064 —-a-w- c:windowssystem32driversrevoflt.sys
2010-01-11 11:49 . 2010-01-11 11:49
d
w- c:program filesVS Revo Group
2010-01-05 19:16 . 2010-01-05 19:16
d
w- c:program filesTriaxes
2010-01-04 08:39 . 2010-01-11 12:01
d
w- c:documents and settingsКостяLocal SettingsApplication DataAskToolbar
2010-01-04 08:37 . 2010-01-04 10:57
d
w- c:program filesCommon FilesDVDVideoSoft
2010-01-04 07:53 . 2010-01-04 07:53
d
w- c:program filesVirtualDub
2010-01-03 18:13 . 2010-01-03 18:13
d
w- c:program filesXara
2010-01-03 17:05 . 2010-01-03 18:16
d
w- c:documents and settingsКостяLocal SettingsApplication DataXara
2010-01-03 17:02 . 2010-01-03 18:13
d
w- c:program filesCommon FilesXara
2010-01-01 12:58 . 2010-01-01 12:58
d
w- c:documents and settingsКостяApplication DataMalwarebytes
2010-01-01 12:58 . 2010-01-01 12:58
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-12-30 20:31 . 2009-12-30 20:34
d
w- c:documents and settingsКостяLocal SettingsApplication DataYandex
2009-12-30 19:24 . 2009-12-30 19:24
d-sh—w- c:documents and settingsLocalServicePrivacIE
2009-12-30 19:24 . 2009-12-30 19:24
d-sh—w- c:documents and settingsLocalServiceIECompatCache
2009-12-30 19:24 . 2009-12-30 19:24
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataThreat Expert
2009-12-30 16:17 . 2009-12-30 16:17
d
w- c:program filesTeachShop
2009-12-30 08:32 . 2009-12-30 08:32
d
w- c:program filesSeagate
2009-12-29 18:32 . 2009-12-29 18:32
d
w- c:program filesRecuva
2009-12-26 21:14 . 2010-01-15 14:15
d
w- c:program filestrend micro
2009-12-26 21:14 . 2009-12-26 21:14
d
w- C:rsit
2009-12-25 19:24 . 2009-12-25 19:24
d
w- c:program filesUnknown Device Identifier
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_EE1A6919D738C6145A01593879C807DC.dll
2009-12-22 15:50 . 2009-12-22 15:50 10 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_8A3FB05B382A902479E181EDB4B6CBE0.dll
2009-12-22 15:50 . 2009-12-22 15:50 60 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_75E6EA9FF87E00C4F9B6C20D1170D696.dll
2009-12-22 15:50 . 2009-12-22 15:50 566 —-a-w- c:documents and settingsAll UsersApplication DataSecTaskManicn_191704F246D6C6344803469ABD6CE5A6.dll
2009-12-19 17:09 . 2009-12-19 17:14
d
w- c:program filesVirtualDJ
2009-12-18 18:30 . 2009-12-18 18:30
d
w- c:documents and settingsКостяApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:30
d
w- c:documents and settingsAll UsersApplication DataTuneUp Software
2009-12-18 18:29 . 2009-12-18 18:29
d-sh—w- c:documents and settingsAll UsersApplication Data{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-18 14:53 . 2010-01-11 10:22
d
w- c:program files1C
2009-12-18 13:29 . 2008-04-25 11:54 36384 —-a-w- c:windowssystem32driversnpusbio.sys
2009-12-18 13:29 . 2009-12-18 13:29
d
w- c:program filesNaturalPoint
2009-12-18 13:12 . 2008-11-22 01:45 5120 —-a-w- c:windowssystem32driverschdrvr02.sys
2009-12-18 13:12 . 2008-11-22 01:42 8704 —-a-w- c:windowssystem32driverschdrvr03.sys
2009-12-18 13:12 . 2008-11-20 21:09 219072 —-a-w- c:windowssystem32driverschdrvr01.sys
2009-12-18 13:12 . 2008-11-24 19:28 86776 —-a-w- c:windowssystem32CMCalBlk.dll
2009-12-18 13:12 . 2009-12-18 13:12
d
w- c:program filesCH Products
2009-12-18 09:27 . 2009-12-18 09:27
d
w- c:documents and settingsКостяLocal SettingsApplication DataAdobe
2009-12-18 07:03 . 2009-12-18 16:02
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceApplication DataApple Computer
2009-12-18 06:44 . 2009-12-18 06:44
d
w- c:documents and settingsLocalServiceLocal SettingsApplication DataApple Computer
2009-12-17 15:39 . 2009-12-18 08:33
d
w- c:program filesHypersight
2009-12-17 14:46 . 2009-12-17 14:46
d
w- c:documents and settingsКостяApplication DataAVG8
2009-12-17 14:30 . 2009-12-17 14:30
d
w- c:documents and settingsLocalServiceГлавное меню
2009-12-17 14:16 . 2009-12-17 14:16
d
w- c:program filesMKVtoolnix.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 15:17 . 2009-12-02 08:17 56816 —-a-w- c:windowssystem32driversavgntflt.sys
2010-01-15 15:10 . 2009-12-02 08:17
d
w- c:documents and settingsAll UsersApplication DataAvira
2010-01-15 14:04 . 2009-11-15 18:20
d
w- c:program filesuTorrent
2010-01-15 13:58 . 2009-12-15 04:39
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2010-01-15 13:56 . 2009-11-12 13:54
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-01-15 13:51 . 2009-12-16 14:45
d
w- c:documents and settingsAll UsersApplication DataPC Tools
2010-01-15 13:40 . 2009-11-15 18:19
d
w- c:documents and settingsКостяApplication DatauTorrent
2010-01-14 17:03 . 2009-11-27 16:48
d
w- c:program filesPowerArchiver
2010-01-13 17:48 . 2009-11-16 15:18
d
w- c:program filesDScaler5
2010-01-13 10:45 . 2009-11-12 18:36
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-01-13 10:31 . 2009-11-23 12:48
d
w- c:program filesBonjour
2010-01-13 09:37 . 2009-12-09 10:43
d
w- c:program filesReg Organizer
2010-01-13 07:15 . 2008-04-15 12:00 79546 —-a-w- c:windowssystem32perfc019.dat
2010-01-13 07:15 . 2008-04-15 12:00 474518 —-a-w- c:windowssystem32perfh019.dat
2010-01-12 16:34 . 2009-11-14 17:34
d
w- c:documents and settingsКостяApplication DataAIMP
2010-01-11 14:25 . 2009-11-16 10:16
d
w- c:program filesBurn4Free
2010-01-10 17:33 . 2009-12-06 15:54
d
w- c:program filesSteam
2010-01-04 09:00 . 2009-11-12 13:57 57264 —-a-w- c:documents and settingsКостяLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-03 20:48 . 2009-11-23 12:49 43316 —ha-w- c:windowssystem32mlfcache.dat
2010-01-03 17:03 . 2009-11-12 12:56
d—h—w- c:program filesInstallShield Installation Information
2009-12-30 20:34 . 2009-11-23 12:56
d
w- c:documents and settingsКостяApplication DataYandex
2009-12-30 20:26 . 2009-11-14 17:34
d
w- c:program filesAIMP2
2009-12-30 08:55 . 2009-12-10 09:34
d
w- c:program filesCommon FilesWise Installation Wizard
2009-12-22 17:23 . 2009-11-16 12:14
d
w- c:program filesAVS4YOU
2009-12-18 16:01 . 2009-12-02 07:36
d
w- c:program filesSmith Micro
2009-12-18 14:52 . 2009-11-12 12:56
d
w- c:program filesCommon FilesInstallShield
2009-12-16 17:55 . 2009-11-23 15:22
d
w- c:program filesCommon FilesElecard
2009-12-14 09:33 . 2009-11-12 15:02 53248 —-a-w- c:windowssystem32CSVer.dll
2009-12-11 10:23 . 2009-12-11 10:23 364544 —-a-w- c:windowssystem32yk51x86.dll
2009-12-11 10:23 . 2009-12-11 10:23 299008 —-a-w- c:windowssystem32driversyk51x86.sys
2009-12-10 09:34 . 2009-12-10 09:34
d
w- c:program filesZoner
2009-12-09 11:33 . 2009-12-09 10:43
d
w- c:program filesAnVir Task Manager
2009-12-09 10:43 . 2009-12-09 10:43
d
w- c:documents and settingsКостяApplication DataChemTable Software
2009-12-02 07:37 . 2009-12-02 07:37
d
w- c:documents and settingsAll UsersApplication DataSmith Micro
2009-11-27 20:00 . 2009-11-27 20:00
d
w- c:program filesRADVideo
2009-11-27 13:47 . 2009-11-06 12:24 867664 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionGUIcommon.dll
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:documents and settingsКостяApplication DataBurn Pro
2009-11-27 12:17 . 2009-11-27 12:17
d
w- c:program filesBurnPro
2009-11-27 11:21 . 2009-11-27 11:21 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipRadioRip.dll
2009-11-27 11:21 . 2009-11-27 11:21 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgSoundclick.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgPandora.dll
2009-11-27 11:21 . 2009-11-27 11:21 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgImeem.dll
2009-11-27 11:21 . 2009-11-27 11:21 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgMyspace.dll
2009-11-27 11:21 . 2009-11-27 11:21 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgLastfm.dll
2009-11-27 11:21 . 2009-11-27 11:21 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgIJigg.dll
2009-11-27 11:21 . 2009-11-27 11:21 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgHypemachine.dll
2009-11-27 11:21 . 2009-11-27 11:21 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgGeneral.dll
2009-11-27 11:21 . 2009-11-27 11:21 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDefault.dll
2009-11-27 11:21 . 2009-11-27 11:21 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009RadioRipPlgDeezer.dll
2009-11-27 11:21 . 2009-11-27 11:21 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionAudialsOne_2009EncodingBackendlame_enc.dll
2009-11-27 11:20 . 2009-11-23 20:32
d
w- c:program filesRapidSolution
2009-11-27 11:18 . 2009-11-23 20:32
d
w- c:documents and settingsAll UsersApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 386328 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker5CommonDllsWebRip.dll
2009-11-27 10:35 . 2009-11-27 10:35
d
w- c:documents and settingsКостяApplication DataRapidSolution
2009-11-27 10:35 . 2009-11-27 10:35 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionEncodingBackendlame_enc.dll
2009-11-24 12:05 . 2009-11-24 12:05
d
w- c:documents and settingsAll UsersApplication DataWondershare
2009-11-24 12:04 . 2009-11-24 12:04
d
w- c:program filesWondershare
2009-11-23 21:05 . 2009-11-23 21:05 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipRadioRip.dll
2009-11-23 21:05 . 2009-11-23 21:05 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgSoundclick.dll
2009-11-23 21:05 . 2009-11-23 21:05 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgMyspace.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgPandora.dll
2009-11-23 21:05 . 2009-11-23 21:05 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgImeem.dll
2009-11-23 21:05 . 2009-11-23 21:05 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgLastfm.dll
2009-11-23 21:05 . 2009-11-23 21:05 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgIJigg.dll
2009-11-23 21:05 . 2009-11-23 21:05 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgHypemachine.dll
2009-11-23 21:05 . 2009-11-23 21:05 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgGeneral.dll
2009-11-23 21:05 . 2009-11-23 21:05 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDefault.dll
2009-11-23 21:05 . 2009-11-23 21:05 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009RadioRipPlgDeezer.dll
2009-11-23 21:04 . 2009-11-23 21:04 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionRadiotracker_2009EncodingBackendlame_enc.dll
2009-11-23 21:01 . 2009-11-23 21:01 476512 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipRadioRip.dll
2009-11-23 21:01 . 2009-11-23 21:01 169312 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgSoundclick.dll
2009-11-23 21:01 . 2009-11-23 21:01 128352 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgMyspace.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgPandora.dll
2009-11-23 21:01 . 2009-11-23 21:01 111968 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgLastfm.dll
2009-11-23 21:01 . 2009-11-23 21:01 132448 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgImeem.dll
2009-11-23 21:01 . 2009-11-23 21:01 99680 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgIJigg.dll
2009-11-23 21:01 . 2009-11-23 21:01 230752 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgHypemachine.dll
2009-11-23 21:01 . 2009-11-23 21:01 87392 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDefault.dll
2009-11-23 21:01 . 2009-11-23 21:01 120160 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgGeneral.dll
2009-11-23 21:01 . 2009-11-23 21:01 140640 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009RadioRipPlgDeezer.dll
2009-11-23 21:01 . 2009-11-23 21:01 495616 —-a-w- c:documents and settingsAll UsersApplication DataRapidSolutionTunebite_2009EncodingBackendlame_enc.dll
2009-11-23 21:00 . 2009-11-23 21:00
d
w- c:program filesPixiePack Codec Pack
2009-11-23 15:22 . 2009-11-23 15:22
d
w- c:program filesElecard
2009-11-23 13:09 . 2009-11-12 17:54
d
w- c:program filesFinal Codecs
2009-11-23 13:08 . 2009-11-23 13:08 0 —-a-w- c:windowsnsreg.dat
2009-11-23 13:06 . 2009-11-23 12:49
d
w- c:program filesSafari
2009-11-23 13:06 . 2009-11-23 13:06
d
w- c:program filesCommon FilesApple
2009-11-23 13:04 . 2009-11-23 13:04 79144 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.21.10SetupAdmin.exe
2009-11-23 12:49 . 2009-11-23 12:49
d
w- c:documents and settingsКостяApplication DataApple Computer
2009-11-23 12:49 . 2009-11-12 17:55
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:program filesApple Software Update
2009-11-23 12:48 . 2009-11-23 12:48
d
w- c:documents and settingsAll UsersApplication DataApple
2009-11-22 17:38 . 2009-11-16 12:17
d
w- c:documents and settingsКостяApplication DataAVS4YOU
2009-11-21 16:03 . 2008-04-15 12:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-11-20 15:57 . 2009-11-20 15:54
d
w- c:program filesWIN2KXP
2009-11-20 15:50 . 2009-11-20 15:44
d
w- c:program filesDivX H.264 decoder
2009-11-20 15:45 . 2009-11-20 15:45
d
w- c:documents and settingsКостяApplication DataMedia Player Classic
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:documents and settingsКостяApplication DataDeviceDoctorSoftware
2009-11-20 14:22 . 2009-11-20 14:22
d
w- c:program filesDevice Doctor
2009-11-20 10:39 . 2009-11-20 10:39
d
w- c:program filesCombined Community Codec Pack
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
2010-01-13 17:27 815104 —-a-w- c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{B29002A0-87A1-4DC4-AC55-5982034EB61E}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-16 10:16 815104 —-a-w- c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2010-01-13 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}»= «c:program filesBurn4Free Toolbarv3.3.0.3Burn4Free_Toolbar.dll» [2009-11-16 815104]
«{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}»= «c:program filesVideo Download Toolbarv3.3.0.3Video_Download_Toolbar.dll» [2010-01-13 815104][HKEY_CLASSES_ROOTclsid{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CLASSES_ROOTclsid{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AnVir Task Manager»=»c:program filesAnVir Task ManagerAnVir.exe» [2009-12-04 3163872][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesSoundMAXSMax4PNP.exe» [2004-10-14 1388544]
«DeviceDiscovery»=»c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe» [2003-05-21 229437]
«QuickTime Task»=»c:program filesFinal Codecsqttask.exe» [2009-11-10 417792]
«Malwarebytes’ Anti-Malware»=»c:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2009-12-30 429392]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE8_01″=»shell32» [X]
«IE8_02″=»advpack.dll» [2009-07-18 128512][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Steam\Steam.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe»=
«c:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe»=R1 avfwot;avfwot;c:windowssystem32driversavfwot.sys [15.01.2010 18:10 97608]
R1 StarPortLite;StarPort Storage Controller (Lite);c:windowssystem32driversStarPortLite.sys [14.11.2009 20:52 95592]
R2 AntiVirFirewallService;Avira Firewall;c:program filesAviraAntiVir Desktopavfwsvc.exe [15.01.2010 18:10 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:program filesAviraAntiVir Desktopavmailc.exe [15.01.2010 18:10 194817]
R2 AntiVirSchedulerService;Планировщик Avira Premium Security Suite;c:program filesAviraAntiVir Desktopsched.exe [15.01.2010 18:10 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:program filesAviraAntiVir Desktopavwebgrd.exe [15.01.2010 18:10 434945]
R2 MBAMService;MBAMService;c:program filesMalwarebytes’ Anti-Malwarembamservice.exe [15.01.2010 18:06 235344]
R3 avfwim;AvFw Packet Filter Miniport;c:windowssystem32driversavfwim.sys [15.01.2010 18:10 69632]
R3 chdrvr01;CH Control Manager Driver 1;c:windowssystem32driverschdrvr01.sys [18.12.2009 16:12 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:windowssystem32driverschdrvr02.sys [18.12.2009 16:12 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:windowssystem32driverschdrvr03.sys [18.12.2009 16:12 8704]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [15.01.2010 18:06 19160]
R3 npusbio;npusbio;c:windowssystem32driversnpusbio.sys [18.12.2009 16:29 36384]
R3 NtApm;Драйвер интерфейса NT Apm/Legacy;c:windowssystem32driversNtApm.sys [11.12.2009 18:33 9472]
R3 RRNetCapMP;RRNetCapMP;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S0 TfFsMon;TfFsMon;c:windowssystem32driversTfFsMon.sys —> c:windowssystem32driversTfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:windowssystem32driversTfSysMon.sys —> c:windowssystem32driversTfSysMon.sys [?]
S3 Cap713x;Philips Cap713x Video Capture;c:windowssystem32driversCap713x.sys [15.11.2009 18:54 686080]
S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [06.11.2007 23:22 34064]
S3 Revoflt;Revoflt;c:windowssystem32driversrevoflt.sys [11.01.2010 14:49 27064]
S3 RRNetCap;RRNetCap Service;c:windowssystem32driversrrnetcap.sys [16.11.2009 14:45 27168]
S3 SAA713x;Behold TV WDM Capture (SAA713x);c:windowssystem32driverssaa713x.sys [15.11.2009 19:01 421896]
S3 TfNetMon;TfNetMon;??c:windowssystem32driversTfNetMon.sys —> c:windowssystem32driversTfNetMon.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [14.11.2009 20:52 691696][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 13:32 8192 —-a-w- c:program filesPixiePack Codec PackInstallerHelper.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-11-23 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]2010-01-15 c:windowsTasksMalwarebytes’ Scheduled Update for Костя.job
— c:program filesMalwarebytes’ Anti-Malwarembam.exe [2010-01-15 11:55]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: c:program filesAviraAntiVir Desktopavsda.dll
TCP: {15FC4F96-FABF-4116-A73F-0C96D60443F2} = 192.168.1.1
FF — ProfilePath — c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.default
FF — prefs.js: browser.startup.homepage — hxxp://www.ask.com/?o=0&l=dir
FF — prefs.js: keyword.URL — hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=ru_RU&q=
FF — component: c:documents and settingsКостяApplication DataMozillaFirefoxProfilestjfiq7u3.defaultextensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}platformWINNT_x86-msvccomponentsSSSLauncher.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnppl3260.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprjplug.dll
FF — plugin: c:program filesFinal CodecsMozillaPluginsnprpjplug.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —Toolbar-ITBar7Position — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 19:02
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-606747145-1580436667-842925246-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*€%.K*]
@Class=»Shell»[HKEY_USERSS-1-5-21-606747145-1580436667-842925246-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*€%.K*OpenWithList]
@Class=»Shell»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1540)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1600)
c:program filesAviraAntiVir Desktopavsda.dll— — — — — — — > ‘explorer.exe'(3856)
c:windowssystem32WININET.dll
c:program filesAnVir Task ManagerAnvirHook62.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Completion time: 2010-01-15 19:04:23
ComboFix-quarantined-files.txt 2010-01-15 16:04
ComboFix2.txt 2010-01-15 15:59
ComboFix3.txt 2010-01-15 15:26Pre-Run: 47 067 418 624 байт свободно
Post-Run: 47 061 368 832 байт свободно— — End Of File — — 5107738FA0C4A164EA0E97EF672DBBAE
- Для ответа в этой теме необходимо авторизоваться.
