please…help!!! antiSpyware XP2009

[Milla]

Здравствуйте!!! помогите, никак не получается справиться с этим вирусом.
Сперва загрузила Malwarebytes’ Anti-Malware. С его помощью удалось только частично справиться с проблемой.
Все еще выскакивает предупреждение о заражении spyware .

— просканировала Trend Micro онлайн сканером — скопировала то, что появилось в результатах и вставила ниже.
а вот с третьим пунктиком проблема — просканировать компьютер используя программу HijackThis у меня не получилось — программа не загружается .
при запуске появляется на долю секунды значок загрузки и тишина. Спасибо…

— сканирование Trend Micro онлайн сканером:

Detected malware

Note: Complete removal of the malware listed below failed! If you require general hints and tips to solve the problem, please click here. Malware specific information is available from the relevant malware section.

WORM_SDBOT.DO
1 Infections

This worm arrives through network shares. It copies itself to the shared folder, C$WINNTSystem32, as the file MSMONK32.EXE. It also drops copies of itsel…
Aliasnames: W32.Randex.gen, Backdoor/SdBot.Server
Platform: Windows NT, 2000, XP
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.
This worm arrives through network shares. It copies itself to the shared folder, C$WINNTSystem32, as the file MSMONK32.EXE. It also drops copies of itself, then modifies the Windows registry so that it runs at every system startup.

It is able to perform Denial of Service (DoS) attacks against locations specified by the remote attacker. This malware also has backdoor capabilities, enabling it to perform several malicious (and also non-malicious) actions on the affected system.

It runs on Windows NT, 2000 and XP.

TSPY_GAMPASS.BN
2 Infections

CRYP_YODAP
1 Infections
This is the Trend Micro heuristic detection for suspicious files packed by YodaA?s Protector.

TROJ_FAKEREAN.K
4 Infections

TROJ_FAKEAV.QG
3 Infections

TROJ_FAKEAV.VS
5 Infections

TROJ_FAKEREAN.L
2 Infections

TROJ_DLOADER.LI
2 Infections

TROJ_VIRANTIX.BF
4 Infections

TROJ_GENERIC.A
1 Infections

This is the Trend Micro generic detection for low-threat Trojans.

It may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a…
Aliasnames: no more aliase names known
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.

This is the Trend Micro generic detection for low-threat Trojans.

It may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

TITLE_OF_MALWARE
0 Infections

Detected signatures
EICAR signature
0 Signatures
The detected signature is not a security risk; it is designed to test antivirus scanners. The listed files are not infected. They only contain the EICAR signature.
Take no action on signatures on the machineDelete signatures. Warning! Deleting this column will remove all associated signature files.EICAR filesThis will display all file paths of the above signatureReasonno accessnot supported
Detected grayware/spyware

Note: Complete removal of the grayware listed below failed! If you require general hints and tips to solve the problem, please click here. Grayware specific information is available from the relevant grayware section.

CRCK_DVDECODE.A
1 Infections

CRCK_CIDICI.A
1 Infections

CRCK_FALLEN.A
1 Infections

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

HKTL_HIDEWIN
1 Infections

TITLE_OF_GRAYWARE
0 Infections

HTTP cookies
5 Detected
Cookies are generally used to save user-specific data from Internet transactions with a Web server via a browser. The cookies listed below are «profiling cookies» that are only used to monitor your Internet usage.
Cleanup options Remove all detected cookies
Select individual action for each detected cookie
Keep this cookieRemove this cookieCookiesThe cookies displayed here are classified as potentially malicious.ReasonThis column indicates the reason why cleanup failed.The system denied access to the cookieThe current pattern does not support removal
Detected vulnerabilities

Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

Vulnerability in ASP.NET Could Allow Information Disclosur

Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)

Cumulative Security Update for Internet Explorer (937143)

Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

Security Update for Outlook Express and Windows Mail (941202)

Cumulative Security Update for Internet Explorer (939653)

Vulnerability in RPC Could Allow Denial of Service (933729)

Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)

Cumulative Security Update for Internet Explorer (942615)

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

Malware exploiting this vulnerability: unknown

Cumulative Security Update for Internet Explorer (944533)

Vulnerability in DNS Client Could Allow Spoofing (945553)

Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)

MS08-031

MS08-033

MS08-046

MS08-049

MS08-067

TITLE_OF_VULNERABILITY

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Попробуйте перезагрузить ваш компьютер в безопасном режиме(Safe Mode).

1. Перезагрузите свой компьютер.
2. После того как ваш компьютер подаст короткий звуковой сигнал, нажмите клавишу F8.
3. Перед вами покажется меню загрузки Windows.
4. Выберите Безопасный режим(Safe Mode) — вторую строчку и нажмите Enter.

Windows загрузиться в безопасном режиме. Теперь попробуйте запустить HijackThis и выполнить сканирование вашего компьютера.

[Milla]

загрузилась в безопасном режиме — результат тот же 😥 — не загружается HijackThis !!! 😯 …

[Admin]

Попробуйте скачать сканер RSIT кликнув по этой ссылке .

Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Пожалуйста вставьте оба лога в ваше следующее сообщение.

[Milla]

все получилось! вот файлы:

Logfile of random’s system information tool 1.04 (written by random/random)
Run by User at 2008-11-08 13:48:53
Microsoft Windows XP Professional Service Pack 2
System drive H: has 31 GB (76%) free of 41 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:59, on 08.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:WINDOWSSystem32smss.exe
H:WINDOWSsystem32csrss.exe
H:WINDOWSsystem32winlogon.exe
H:WINDOWSsystem32services.exe
H:WINDOWSsystem32lsass.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSSystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32spoolsv.exe
H:WINDOWSExplorer.EXE
H:WINDOWSsystem32TaskSwitch.exe
H:Program FilesAnalog DevicesCoresmax4pnp.exe
H:WINDOWSsystem32RUNDLL32.EXE
H:PROGRA~1DrWebspidernt.exe
H:Program FilesJavajre6binjqs.exe
H:Program FilesDrWebDRWEBSCD.EXE
H:Program FilesJavajre6binjusched.exe
H:Program FilesCyberLinkPowerDVDPDVDServ.exe
H:WINDOWSsystem32nvsvc32.exe
H:Program FilesCommon FilesACD SystemsENDevDetect.exe
H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
H:WINDOWSsystem32ctfmon.exe
H:Program FilesSuperCopier2SuperCopier2.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32wbemwmiapsrv.exe
H:WINDOWSSystem32alg.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:WINDOWSSystem32svchost.exe
H:Program FilesMozilla Firefoxfirefox.exe
H:Documents and SettingsUserРабочий столRSIT.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:Program Filestrend microUser.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O4 — HKLM..Run: [IMJPMIG8.1] «H:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [PHIME2002ASync] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [CoolSwitch] H:WINDOWSsystem32TaskSwitch.exe
O4 — HKLM..Run: [SoundMAXPnP] H:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «H:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [TBPanel] H:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE H:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE H:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpIDerNT] H:PROGRA~1DrWebspidernt.exe /agent
O4 — HKLM..Run: [SpIDerMail] «H:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [DrWebScheduler] «H:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [NeroFilterCheck] H:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «H:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RemoteControl] «H:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [Lingvo Launcher] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [H:Program FileshijackHijackThis.exe] H:Program FileshijackHijackThis.exe
O4 — HKLM..Run: [brastk] brastk.exe
O4 — HKCU..Run: [CTFMON.EXE] H:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [AlcoholAutomount] «H:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = H:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Microsoft Office.lnk = H:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://H:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O14 — IERESET.INF: START_PAGE_URL=www.google.com
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — H:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: karna.dat
O20 — Winlogon Notify: !SASWinLogon — H:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 — Winlogon Notify: WinCtrl32 — H:WINDOWSSYSTEM32WinCtrl32.dll
O23 — Service: Оповещатель AlerterLmHosts (AlerterLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: ASP.NET State Service aspnet_stateVSS (aspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service — Unknown owner — H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe (file missing)
O23 — Service: Autodesk Licensing Service AutodeskImapiService (AutodeskImapiService) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch (AutodeskImapiServiceDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost (AutodeskImapiServiceHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров BrowserAppMgmt (BrowserAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Служба индексирования CiSvcaspnet_stateVSS (CiSvcaspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr (ClipSrvRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv (ClipSrvRDSessMgrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv (clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC (clr_optimization_v2.0.50727_32SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN (COMSysAppPlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер логических дисков dmserverAudioSrv (dmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Журнал событий EventlogEventlog (EventlogEventlog) — Unknown owner — H:WINDOWS
O23 — Service: Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS (FastUserSwitchingCompatibilityUPS) — Unknown owner — H:WINDOWS
O23 — Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes (FontCache3.0.0.0Themes) — Unknown owner — H:WINDOWS
O23 — Service: Доступ к HID-устройствам HidServCiSvc (HidServCiSvc) — Unknown owner — H:WINDOWS
O23 — Service: Протокол HTTP SSL HTTPFilterupnphost (HTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — H:WINDOWSsystem32imapi.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc (ImapiServiceNetmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — H:Program FilesJavajre6binjqs.exe
O23 — Service: Служба сообщений MessengerThemes (MessengerThemes) — Unknown owner — H:WINDOWS
O23 — Service: Служба сообщений MessengerTlntSvr (MessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc (Netmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc (NetmanwscsvcNVSvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv (NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc (NetmanwscsvcSwPrvmnmsrvc) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts (NetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE (NetTcpPortSharingNetDDE) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto (NtLmSspRasAuto) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr (NtLmSspRasAutoRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv (NtLmSspRasAutoRDSessMgrdmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — H:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Plug and Play PlugPlayhelpsvc (PlugPlayhelpsvc) — Unknown owner — H:WINDOWS
O23 — Service: Plug and Play PlugPlayWmdmPmSN (PlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsc) (pr2ajtsc) — 1C: Multimedia — H:WINDOWSsystem32pr2ajtsc.exe
O23 — Service: Защищенное хранилище ProtectedStorageSENS (ProtectedStorageSENS) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog (RasAutoSysmonLog) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE (RemoteAccessStarWindServiceAE) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler (RemoteAccessStarWindServiceAESpooler) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch (RemoteAccessStarWindServiceAESpoolerDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr (RSVPMessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache (RSVPMessengerTlntSvrDnscache) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv (RSVPMessengerTlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsMSDTC (SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts (SamSsNetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — H:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий Schedulesrservice (Schedulesrservice) — Unknown owner — H:WINDOWS
O23 — Service: Уведомление о системных событиях SENSSchedule (SENSSchedule) — Unknown owner — H:WINDOWS
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web Ltd — H:Program FilesDrWebSpiderNT.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: StarWind AE Service StarWindServiceAEMSIServer (StarWindServiceAEMSIServer) — Unknown owner — H:WINDOWS
O23 — Service: MS Software Shadow Copy Provider SwPrvRSVP (SwPrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — H:WINDOWSsystem32smlogsvc.exe
O23 — Service: Журналы и оповещения производительности SysmonLogBITS (SysmonLogBITS) — Unknown owner — H:WINDOWS
O23 — Service: Телефония TapiSrvMessenger (TapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesAppMgmt (ThemesAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesFastUserSwitchingCompatibility (ThemesFastUserSwitchingCompatibility) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesRSVP (ThemesRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Telnet TlntSvrSwPrv (TlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — H:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — H:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP (WmiApSrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger (WmiApSrvRSVPTapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Центр обеспечения безопасности wscsvcAppMgmt (wscsvcAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVClanmanserver (WZCSVClanmanserver) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVCNetTcpPortSharing (WZCSVCNetTcpPortSharing) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovAudioSrv (xmlprovAudioSrv) — Unknown owner — H:WINDOWS

—
End of file — 14656 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — H:Program Filesfree-downloads.nettbfre1.dll [2008-07-08 1569304]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=H:WINDOWSIMEimjp8_1IMJPMIG.EXE [2004-08-18 208952]
«PHIME2002ASync»=H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-18 455168]
«PHIME2002A»=H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-18 455168]
«CoolSwitch»=H:WINDOWSsystem32TaskSwitch.exe [2005-12-22 45632]
«SoundMAXPnP»=H:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«SoundMAX»=H:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
«TBPanel»=H:Program FilesVDOToolTBPanel.exe [2008-01-29 2157096]
«NvCplDaemon»=H:WINDOWSsystem32NvCpl.dll [2008-01-03 13508608]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=H:WINDOWSsystem32NvMcTray.dll [2008-01-03 86016]
«SpIDerNT»=H:PROGRA~1DrWebspidernt.exe [2004-11-01 83968]
«SpIDerMail»=H:Program FilesDrWebspiderml.exe []
«DrWebScheduler»=H:Program FilesDrWebDRWEBSCD.EXE [2004-11-01 114688]
«NeroFilterCheck»=H:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«SunJavaUpdateSched»=H:Program FilesJavajre6binjusched.exe [2008-11-06 136600]
«RemoteControl»=H:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]
«Device Detector»=DevDetect.exe -autorun []
«»= []
«Lingvo Launcher»=H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe /ND /NW /AS []
«H:Program FileshijackHijackThis.exe»=H:Program FileshijackHijackThis.exe [2008-11-07 396288]
«brastk»=H:WINDOWSsystem32brastk.exe [2008-11-08 9728]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=H:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«SuperCopier2.exe»=H:Program FilesSuperCopier2SuperCopier2.exe [2007-05-08 1052672]
«AlcoholAutomount»=H:Program FilesAlcohol SoftAlcohol 120axcmd.exe /automount []

H:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — H:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
Microsoft Office.lnk — H:Program FilesMicrosoft OfficeOffice10OSA.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»karna.dat»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
H:Program FilesSUPERAntiSpywareSASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32]
H:WINDOWSsystem32WinCtrl32.dll [2008-11-08 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=H:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinad00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinea88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfm77.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfr00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinke11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinla33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnq11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpj77.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsq88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintg66.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintm00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintp33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxb44.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxk00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinad00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinea88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfm77.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfr00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinke11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinla33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinnq11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpj77.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrw88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsq88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintg66.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintm00.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintp33.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwc88.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxb44.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd11.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxk00.sys]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«InstallVisualStyle»=H:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=H:WINDOWSResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»=0
«SynchronousUserGroupPolicy»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«ForceClassicControlPanel»=1
«NoSMConfigurePrograms»=1
«NoSMHelp»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«H:Program FilesuTorrentuTorrent.exe»=»H:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«H:Program FilesOperaopera.exe»=»H:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«H:Program FilesQIPqip.exe»=»H:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«G:Program FilesuTorrentuTorrent.exe»=»G:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«H:Program FilesSoulseekNSslsk.exe»=»H:Program FilesSoulseekNSslsk.exe:*:Enabled:SoulSeek»
«J:Program FilesGSC World PublishingS.T.A.L.K.E.RbinXR_3DA.exe»=»J:Program FilesGSC World PublishingS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
«J:Program FilesGSC World PublishingS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»J:Program FilesGSC World PublishingS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
«H:Program FilesSkypePhoneSkype.exe»=»H:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
shellAutoRuncommand — M:
shellExplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellFindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellOpencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music

======File associations======

.scr — open — H:WINDOWSsystem32notepad.exe «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2008-11-08 13:48:53 —-D—- H:rsit
2008-11-07 22:10:01 —-A—- H:HijackThis.exe
2008-11-07 22:06:06 —-A—- H:WINDOWSntbtlog.txt
2008-11-07 00:12:16 —-D—- H:Program Fileshijack
2008-11-07 00:03:44 —-D—- H:Program FilesTrend Micro
2008-11-06 22:34:30 —-A—- H:WINDOWSsystem32deploytk.dll
2008-11-06 21:13:26 —-D—- H:Program FilesCommon FilesDesigner
2008-11-06 21:13:20 —-D—- H:WINDOWSShellNew
2008-11-06 21:13:18 —-D—- H:Program FilesMicrosoft Office
2008-11-06 21:13:18 —-D—- H:Program FilesCommon FilesODBC
2008-11-01 03:03:53 —-HD—- H:Program FilesUninstall Information
2008-11-01 03:01:34 —-D—- H:Program FilesAutodesk
2008-11-01 00:46:35 —-D—- H:Program FilesGoogle
2008-11-01 00:25:20 —-D—- H:Program FilesuTorrent
2008-10-31 02:37:51 —-A—- H:WINDOWSsystem32wini10541.exe
2008-10-31 02:37:25 —-A—- H:WINDOWSbrastk.exe
2008-10-31 02:36:32 —-A—- H:WINDOWSsystem32delself.bat
2008-10-31 02:36:32 —-A—- H:WINDOWSsystem32brastk.exe
2008-10-31 02:34:36 —-A—- H:WINDOWSsystem32WinCtrl32.dll
2008-10-31 01:35:45 —-D—- H:Program FilesSUPERAntiSpyware
2008-10-31 01:35:45 —-D—- H:Documents and SettingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:35:32 —-D—- H:Program FilesCommon FilesWise Installation Wizard
2008-10-31 01:06:23 —-D—- H:Documents and SettingsUserApplication DataMalwarebytes
2008-10-31 01:06:19 —-D—- H:Program FilesMalwarebytes’ Anti-Malware
2008-10-31 01:06:19 —-D—- H:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-31 00:14:59 —-D—- H:Documents and SettingsUserApplication DataMozilla
2008-10-31 00:14:55 —-D—- H:Program FilesMozilla Firefox
2008-10-29 23:57:42 —-ASH—- H:WINDOWSsystem32adptifj.dll
2008-10-29 23:33:30 —-HD—- H:Program FilesInstallShield Installation Information
2008-10-29 23:33:23 —-D—- H:Program FilesCommon FilesInstallShield
2008-10-29 23:10:22 —-D—- H:Program FilesQIP
2008-10-29 22:57:34 —-D—- H:Program FilesCommon FilesSkype
2008-10-29 22:56:06 —-A—- H:WINDOWSWINCMD.INI
2008-10-29 21:52:41 —-HD—- H:WINDOWSsystem32GroupPolicy
2008-10-27 19:24:15 —-A—- H:WINDOWSicaz.dll
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Dataxacag.com
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Datagomijofe.com
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Datafugym.bat
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Dataadimypi.com
2008-10-22 21:01:08 —-D—- H:Program FilesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53:12 —-D—- H:Documents and SettingsUserApplication DataDivX
2008-10-18 13:30:09 —-D—- H:Documents and SettingsAll UsersApplication DataACD Systems
2008-10-18 13:30:08 —-D—- H:Program FilesCommon FilesACD Systems
2008-10-18 13:30:08 —-D—- H:Program FilesACD Systems
2008-10-12 18:03:57 —-D—- H:Documents and SettingsAll UsersApplication DataAdobe
2008-10-10 18:03:18 —-A—- H:WINDOWSpoolemup.ini
2008-10-10 14:03:22 —-D—- H:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files

======List of files/folders modified in the last 1 months======

2008-11-08 13:48:34 —-D—- H:Temp
2008-11-08 13:45:56 —-D—- H:WINDOWSsystem32
2008-11-08 01:29:17 —-A—- H:WINDOWSSchedLgU.Txt
2008-11-08 01:29:15 —-D—- H:Documents and SettingsUserApplication DatauTorrent
2008-11-07 22:06:06 —-D—- H:WINDOWS
2008-11-07 21:44:58 —-D—- H:Documents and SettingsUserApplication DataSkype
2008-11-07 21:15:12 —-D—- H:WINDOWSPrefetch
2008-11-07 20:58:30 —-D—- H:WINDOWSsystem32CatRoot2
2008-11-07 01:44:05 —-SD—- H:Documents and SettingsUserApplication DataMicrosoft
2008-11-07 01:43:59 —-SHD—- H:WINDOWSInstaller
2008-11-07 00:48:06 —-D—- H:WINDOWSTemp
2008-11-07 00:12:27 —-RD—- H:Program Files
2008-11-06 23:06:29 —-HD—- H:WINDOWSinf
2008-11-06 22:39:05 —-D—- H:WINDOWSsystem32drivers
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32javaws.exe
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32javaw.exe
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32java.exe
2008-11-06 22:34:22 —-D—- H:Program FilesJava
2008-11-06 21:14:07 —-RSD—- H:WINDOWSFonts
2008-11-06 21:13:41 —-A—- H:WINDOWSODBC.INI
2008-11-06 21:13:29 —-D—- H:Program FilesCommon FilesMicrosoft Shared
2008-11-06 21:13:26 —-D—- H:Program FilesCommon Files
2008-11-06 21:13:18 —-SD—- H:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-06 21:11:17 —-D—- H:WINDOWSsystem
2008-11-01 03:05:21 —-D—- H:Program FilesCommon FilesAutodesk Shared
2008-11-01 03:05:21 —-D—- H:Documents and SettingsUserApplication DataAutodesk
2008-11-01 03:05:21 —-D—- H:Documents and SettingsAll UsersApplication DataAutodesk
2008-11-01 03:04:41 —-D—- H:WINDOWSWinSxS
2008-11-01 03:01:11 —-RSD—- H:WINDOWSassembly
2008-11-01 03:01:11 —-D—- H:WINDOWSsystem32DirectX
2008-10-31 02:37:27 —-RSHDC—- H:WINDOWSsystem32dllcache
2008-10-31 01:00:27 —-A—- H:WINDOWSsystem32PerfStringBackup.INI
2008-10-30 23:44:02 —-D—- H:Program FilesCommon FilesAdobe
2008-10-29 22:57:34 —-D—- H:Program FilesSkype
2008-10-29 22:57:00 —-D—- H:Program FilesOpera
2008-10-29 22:14:46 —-D—- H:Program FilesTotal Commander
2008-10-29 22:13:36 —-A—- H:WINDOWSDFC.INI
2008-10-29 21:54:56 —-D—- H:Program FilesWindows NT
2008-10-29 21:54:56 —-D—- H:Program FilesWindows Media Player
2008-10-29 21:54:55 —-D—- H:Program FilesOutlook Express
2008-10-29 21:54:55 —-D—- H:Program FilesNetMeeting
2008-10-29 21:54:54 —-D—- H:Program FilesMovie Maker
2008-10-29 21:54:53 —-D—- H:Program FilesInternet Explorer
2008-10-29 21:54:48 —-D—- H:Program FilesCommon FilesSystem
2008-10-29 21:54:45 —-D—- H:Program FilesVDOTool
2008-10-29 21:54:45 —-D—- H:Program FilesSuperCopier2
2008-10-29 21:54:42 —-D—- H:Program Filesfree-downloads.net
2008-10-29 21:54:40 —-D—- H:Program FilesAutoCAD 2009
2008-10-29 21:52:56 —-D—- H:WINDOWSRegistration
2008-10-19 17:37:46 —-A—- H:WINDOWSNeroDigital.ini
2008-10-18 16:25:23 —-D—- H:Documents and SettingsUserApplication DataAdobe
2008-10-12 18:03:48 —-D—- H:Program FilesAdobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 drwebnet;SpIDer Guard boot hook driver for Windows NT; H:WINDOWSsystem32driversdrwebnet.sys [2004-11-01 7872]
R1 intelppm;Драйвер Intel процессора; H:WINDOWSsystem32DRIVERSintelppm.sys [2007-09-24 36096]
R2 rspndr;Ответчик обнаружения топологии уровня связи; H:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; H:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R2 tmcomm;tmcomm; ??H:WINDOWSsystem32driverstmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; H:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; H:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 Arp1394;Протокол клиента 1394 ARP; H:WINDOWSsystem32DRIVERSarp1394.sys [2007-09-24 60800]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; H:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 hidusb;Драйвер класса HID Microsoft; H:WINDOWSsystem32DRIVERShidusb.sys [2007-09-24 10368]
R3 mouhid;Драйвер мыши HID; H:WINDOWSsystem32DRIVERSmouhid.sys [2007-09-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; H:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NIC1394;Сетевой драйвер 1394; H:WINDOWSsystem32DRIVERSnic1394.sys [2007-09-24 61824]
R3 nv;nv; H:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-01-03 7077344]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; H:WINDOWSsystem32DRIVERSRtnicxp.sys [2007-07-12 96384]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; H:WINDOWSsystem32DRIVERSRTL8187.sys [2007-01-11 194304]
R3 SenFiltService;SenFilt Service; H:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; H:WINDOWSsystem32DRIVERSusbehci.sys [2007-07-19 30208]
R3 usbhub;USB2 концентратор; H:WINDOWSsystem32DRIVERSusbhub.sys [2007-07-19 59392]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; H:WINDOWSsystem32DRIVERSusbuhci.sys [2007-09-24 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:WINDOWSsystem32DRIVERSyk51x86.sys [2007-08-15 265856]
S2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne); ??H:Program FilesQuintessential Media Playercdrpdacc.sys []
S2 SPIDER;SpIDer FS Monitor for Windows NT; ??H:Program FilesDrWebspider.sys []
S3 ae1xt454;ae1xt454; H:WINDOWSsystem32driversae1xt454.sys []
S3 Cardex;Cardex; ??H:WINDOWSsystem32driversTBPANEL.SYS []
S3 usbscan;Драйвер USB-сканера; H:WINDOWSsystem32DRIVERSusbscan.sys [2007-07-18 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; H:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368]
S4 IntelIde;IntelIde; H:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??H:Tempmc21.tmp []
S4 sr;Драйвер фильтра восстановления системы; H:WINDOWSsystem32DRIVERSsr.sys [2007-09-24 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; H:Program FilesJavajre6binjqs.exe [2008-11-06 152984]
R2 NVSvc;NVIDIA Display Driver Service; H:WINDOWSsystem32nvsvc32.exe [2008-01-03 155716]
S2 AlerterLmHosts;Оповещатель AlerterLmHosts; р%Ђ|x srv []
S2 aspnet_stateVSS;ASP.NET State Service aspnet_stateVSS; р%Ђ|x srv []
S2 AutodeskImapiService;Autodesk Licensing Service AutodeskImapiService; р%Ђ|x srv []
S2 AutodeskImapiServiceDcomLaunch;Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch; р%Ђ|x srv []
S2 AutodeskImapiServiceHTTPFilterupnphost;Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost; р%Ђ|x srv []
S2 BrowserAppMgmt;Обозреватель компьютеров BrowserAppMgmt; р%Ђ|x srv []
S2 CiSvcaspnet_stateVSS;Служба индексирования CiSvcaspnet_stateVSS; р%Ђ|x srv []
S2 ClipSrvRDSessMgr;Сервер папки обмена ClipSrvRDSessMgr; р%Ђ|x srv []
S2 ClipSrvRDSessMgrSwPrv;Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv; р%Ђ|x srv []
S2 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv; р%Ђ|x srv []
S2 clr_optimization_v2.0.50727_32SamSsMSDTC;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC; р%Ђ|x srv []
S2 COMSysAppPlugPlayWmdmPmSN;Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN; р%Ђ|x srv []
S2 dmserverAudioSrv;Диспетчер логических дисков dmserverAudioSrv; р%Ђ|x srv []
S2 EventlogEventlog;Журнал событий EventlogEventlog; р%Ђ|x srv []
S2 FastUserSwitchingCompatibilityUPS;Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS; р%Ђ|x srv []
S2 FontCache3.0.0.0Themes;Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes; р%Ђ|x srv []
S2 HidServCiSvc;Доступ к HID-устройствам HidServCiSvc; р%Ђ|x srv []
S2 HTTPFilterupnphost;Протокол HTTP SSL HTTPFilterupnphost; р%Ђ|x srv []
S2 ImapiServiceNetmanwscsvc;Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc; р%Ђ|x srv []
S2 MessengerThemes;Служба сообщений MessengerThemes; р%Ђ|x srv []
S2 MessengerTlntSvr;Служба сообщений MessengerTlntSvr; р%Ђ|x srv []
S2 Netmanwscsvc;Сетевые подключения Netmanwscsvc; р%Ђ|x srv []
S2 NetmanwscsvcNVSvc;Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc; р%Ђ|x srv []
S2 NetmanwscsvcSwPrv;Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv; р%Ђ|x srv []
S2 NetmanwscsvcSwPrvmnmsrvc;Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc; р%Ђ|x srv []
S2 NetTcpPortSharingLmHosts;Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts; р%Ђ|x srv []
S2 NetTcpPortSharingNetDDE;Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE; р%Ђ|x srv []
S2 NtLmSspRasAuto;Поставщик поддержки безопасности NT LM NtLmSspRasAuto; р%Ђ|x srv []
S2 NtLmSspRasAutoRDSessMgr;Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr; р%Ђ|x srv []
S2 NtLmSspRasAutoRDSessMgrdmserverAudioSrv;Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv; р%Ђ|x srv []
S2 PlugPlayhelpsvc;Plug and Play PlugPlayhelpsvc; р%Ђ|x srv []
S2 PlugPlayWmdmPmSN;Plug and Play PlugPlayWmdmPmSN; р%Ђ|x srv []
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc); H:WINDOWSsystem32pr2ajtsc.exe [2007-03-23 407168]
S2 ProtectedStorageSENS;Защищенное хранилище ProtectedStorageSENS; р%Ђ|x srv []
S2 RasAutoSysmonLog;Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAE;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAESpooler;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAESpoolerDcomLaunch;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch; р%Ђ|x srv []
S2 RSVPMessengerTlntSvr;QoS RSVP RSVPMessengerTlntSvr; р%Ђ|x srv []
S2 RSVPMessengerTlntSvrDnscache;QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache; р%Ђ|x srv []
S2 RSVPMessengerTlntSvrSwPrv;QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv; р%Ђ|x srv []
S2 SamSsMSDTC;Диспетчер учетных записей безопасности SamSsMSDTC; р%Ђ|x srv []
S2 SamSsNetTcpPortSharingLmHosts;Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts; р%Ђ|x srv []
S2 Schedulesrservice;Планировщик заданий Schedulesrservice; р%Ђ|x srv []
S2 SENSSchedule;Уведомление о системных событиях SENSSchedule; р%Ђ|x srv []
S2 spidernt;SpIDer Guard for Windows NT; H:Program FilesDrWebSpiderNT.exe [2004-11-01 83968]
S2 StarWindServiceAE;StarWind AE Service; H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
S2 StarWindServiceAEMSIServer;StarWind AE Service StarWindServiceAEMSIServer; р%Ђ|x srv []
S2 SwPrvRSVP;MS Software Shadow Copy Provider SwPrvRSVP; р%Ђ|x srv []
S2 SysmonLogBITS;Журналы и оповещения производительности SysmonLogBITS; р%Ђ|x srv []
S2 TapiSrvMessenger;Телефония TapiSrvMessenger; р%Ђ|x srv []
S2 ThemesAppMgmt;Темы ThemesAppMgmt; р%Ђ|x srv []
S2 ThemesFastUserSwitchingCompatibility;Темы ThemesFastUserSwitchingCompatibility; р%Ђ|x srv []
S2 ThemesRSVP;Темы ThemesRSVP; р%Ђ|x srv []
S2 TlntSvrSwPrv;Telnet TlntSvrSwPrv; р%Ђ|x srv []
S2 WmiApSrvRSVP;Адаптер производительности WMI WmiApSrvRSVP; р%Ђ|x srv []
S2 WmiApSrvRSVPTapiSrvMessenger;Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger; р%Ђ|x srv []
S2 wscsvcAppMgmt;Центр обеспечения безопасности wscsvcAppMgmt; р%Ђ|x srv []
S2 WZCSVClanmanserver;Беспроводная настройка WZCSVClanmanserver; р%Ђ|x srv []
S2 WZCSVCNetTcpPortSharing;Беспроводная настройка WZCSVCNetTcpPortSharing; р%Ђ|x srv []
S2 xmlprovAudioSrv;Служба обеспечения сети xmlprovAudioSrv; р%Ђ|x srv []
S3 aspnet_state;ASP.NET State Service; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S4 avast!WZCSVC;avast! Mail Scanner avast!WZCSVC; р%Ђ|x srv []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

info.txt logfile of random’s system information tool 1.04 2008-11-08 13:49:00

======Uninstall list======

—>H:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:WINDOWSINFPCHealth.inf
ABBYY Lingvo 10 Multilingual Dictionary—>MsiExec.exe /I{AA10000A-C75E-487C-88FC-37AA1AACFB60}
ACDSee Pro 2—>MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Flash Player 9 ActiveX—>H:WINDOWSsystem32MacromedFlashFlashUtil9d.exe -uninstallDelete
Adobe Flash Player 9 ActiveX—>MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player Plugin—>H:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Alcohol 120%—>MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AutoCAD 2009 — English—>H:Program FilesAutoCAD 2009SetupSetup.exe /P {5783F2D7-7001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
CCleaner (remove only)—>»H:Program FilesCCleaneruninst.exe»
DivX Codec—>H:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>H:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>H:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>H:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Dr.Web—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}setup.exe» -l0x19 -removeonly
Dream Aquarium—>»H:Program FilesDream AquariumUnInstall.exe»
free-downloads.net Toolbar—>H:PROGRA~1FREE-D~1.NETUNWISE.EXE H:PROGRA~1FREE-D~1.NETINSTALL.LOG
Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Планета Земля—>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2—>»H:Program Filestrend microHijackThis.exe» /uninstall
Java(TM) 6 Update 10—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.1.0—>»H:Program FilesK-Lite Codec Packunins000.exe»
Light Alloy 4.1—>H:Program FilesLight Alloyuninst.exe
Malwarebytes’ Anti-Malware—>»H:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 2.0—>H:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>H:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)—>H:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
Nero 6 Ultra Edition—>H:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
nnCron—>H:Program FilesnnCronUninstall.exe
NVIDIA Drivers—>H:WINDOWSsystem32nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0—>MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.26—>MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Opera 9.50—>MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
pMetro 1.26—>»H:Program FilespMetrounins000.exe»
PowerDVD—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
QIP 2005 Uninstall—>»H:Program FilesQIPunqip.exe»
Quintessential Media Player—>»H:Program FilesQuintessential Media Playeruninst.exe»
S.T.A.L.K.E.R.—>»J:Program FilesGSC World PublishingS.T.A.L.K.E.Runins000.exe»
Skype 3.0—>»H:Program FilesSkypePhoneunins000.exe»
Skype Plugin Manager—>MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoulSeek 157 NS 13c—>»H:Program FilesSoulseekNSuninstall.exe»
SoundMAX—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
SUPERAntiSpyware Free Edition—>MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Commander 7.03 PowerPack—>»H:Program FilesTotal Commanderuninstall.exe»
VDOTool 6.1—>»H:Program FilesVDOToolunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»H:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xvid 1.1.3 final uninstall—>»H:Program FilesXvidunins000.exe»
Архиватор WinRAR (только удаление)—>H:Program FilesWinRARuninstall.exe
Пакет обновления 2 для клиента управления правами Windows с поддержкой прежних версий—>MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Пакет обновления 2 для клиента управления правами Windows—>MsiExec.exe /X{9350CD11-D3F0-4B6D-B18F-74E968D5770A}

======Environment variables======

«DEVMGR_SHOW_DETAILS»=1
«ComSpec»=%SystemRoot%system32cmd.exe
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=4
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
«PROCESSOR_LEVEL»=6
«PROCESSOR_REVISION»=0f0b
«TEMP»=H:Temp
«TMP»=H:Temp
«windir»=%SystemRoot%

---

EOF

---

[Admin]

Ваш компьютер заражён опасным трояном.
Загрузите свой компьютер в режиме Безопасный режим с загрузкой сетевых драйверов (Safe Mode with networking).

1. Перезагрузите свой компьютер.
2. После того как ваш компьютер подаст короткий звуковой сигнал, нажмите клавишу F8.
3. Перед вами покажется меню загрузки Windows.
4. Выберите Безопасный режим с загрузкой сетевых драйверов(Safe Mode with networking) — вторую строчку и нажмите Enter.

Запустите Malwarebytes Anti-malware и обновите её.
Выполните сканирование вашего компьютера и удалите все найденные вредоносные программы.

По результатам работы MalwareBytes Anti-malware будет сформирован лог файл, вставьте его в ваш ответ.

[Milla]

добрый вечер, Valeri !!
загрузила Malwarebytes’ Anti-Malware, после сканирования удалила найденное.
при загрузке в обычный режим проснулся HijackThis, сразу же появившись на экране с предложением просканироваться , что я и сделала…
высылаю на всякий случай и его лог… спасибо!

Malwarebytes’ Anti-Malware 1.30
Database version: 1375
Windows 5.1.2600 Service Pack 2

09.11.2008 2:03:53
mbam-log-2008-11-09 (02-03-53).txt

Scan type: Full Scan (C:|D:|E:|G:|H:|I:|J:|K:|)
Objects scanned: 200117
Time elapsed: 34 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
H:WINDOWSsystem32WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswinpu33 (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet002Serviceswinpu33 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswinpu33 (Rootkit.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
H:WINDOWSkarna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
H:WINDOWSsystem32WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
H:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
H:WINDOWSsystem32driversbeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
H:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
H:WINDOWSbrastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32wini10541.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32driversWinpu33.sys (Rootkit.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:23, on 09.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:WINDOWSSystem32smss.exe
H:WINDOWSsystem32csrss.exe
H:WINDOWSsystem32winlogon.exe
H:WINDOWSsystem32services.exe
H:WINDOWSsystem32lsass.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSSystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32spoolsv.exe
H:WINDOWSExplorer.EXE
H:WINDOWSsystem32TaskSwitch.exe
H:Program FilesAnalog DevicesCoresmax4pnp.exe
H:WINDOWSsystem32RUNDLL32.EXE
H:PROGRA~1DrWebspidernt.exe
H:Program FilesDrWebDRWEBSCD.EXE
H:Program FilesJavajre6binjusched.exe
H:Program FilesCyberLinkPowerDVDPDVDServ.exe
H:Program FilesCommon FilesACD SystemsENDevDetect.exe
H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
H:Program FileshijackHijackThis.exe
H:WINDOWSsystem32ctfmon.exe
H:Program FilesSuperCopier2SuperCopier2.exe
H:Program FilesJavajre6binjqs.exe
H:WINDOWSsystem32nvsvc32.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32wbemwmiapsrv.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:WINDOWSSystem32alg.exe
H:WINDOWSsystem32wbemwmiprvse.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O4 — HKLM..Run: [IMJPMIG8.1] «H:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [PHIME2002ASync] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [CoolSwitch] H:WINDOWSsystem32TaskSwitch.exe
O4 — HKLM..Run: [SoundMAXPnP] H:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «H:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [TBPanel] H:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE H:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE H:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpIDerNT] H:PROGRA~1DrWebspidernt.exe /agent
O4 — HKLM..Run: [SpIDerMail] «H:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [DrWebScheduler] «H:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [NeroFilterCheck] H:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «H:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RemoteControl] «H:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [Lingvo Launcher] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [H:Program FileshijackHijackThis.exe] H:Program FileshijackHijackThis.exe
O4 — HKCU..Run: [CTFMON.EXE] H:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [AlcoholAutomount] «H:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = H:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Microsoft Office.lnk = H:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://H:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O14 — IERESET.INF: START_PAGE_URL=www.google.com
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — H:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: karna.dat
O20 — Winlogon Notify: !SASWinLogon — H:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 — Winlogon Notify: WinCtrl32 — H:WINDOWSSYSTEM32WinCtrl32.dll
O23 — Service: Оповещатель AlerterLmHosts (AlerterLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: ASP.NET State Service aspnet_stateVSS (aspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service — Unknown owner — H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe (file missing)
O23 — Service: Autodesk Licensing Service AutodeskImapiService (AutodeskImapiService) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch (AutodeskImapiServiceDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost (AutodeskImapiServiceHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров BrowserAppMgmt (BrowserAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров Browserclr_optimization_v2.0.50727_32 (Browserclr_optimization_v2.0.50727_32) — Unknown owner — H:WINDOWS
O23 — Service: Служба индексирования CiSvcaspnet_stateVSS (CiSvcaspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr (ClipSrvRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv (ClipSrvRDSessMgrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv (clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC (clr_optimization_v2.0.50727_32SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN (COMSysAppPlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер логических дисков dmserverAudioSrv (dmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Журнал событий EventlogEventlog (EventlogEventlog) — Unknown owner — H:WINDOWS
O23 — Service: Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS (FastUserSwitchingCompatibilityUPS) — Unknown owner — H:WINDOWS
O23 — Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes (FontCache3.0.0.0Themes) — Unknown owner — H:WINDOWS
O23 — Service: Доступ к HID-устройствам HidServCiSvc (HidServCiSvc) — Unknown owner — H:WINDOWS
O23 — Service: Протокол HTTP SSL HTTPFilterupnphost (HTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — H:WINDOWSsystem32imapi.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc (ImapiServiceNetmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — H:Program FilesJavajre6binjqs.exe
O23 — Service: Служба сообщений MessengerThemes (MessengerThemes) — Unknown owner — H:WINDOWS
O23 — Service: Служба сообщений MessengerTlntSvr (MessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc (Netmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc (NetmanwscsvcNVSvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv (NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc (NetmanwscsvcSwPrvmnmsrvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc NetmanwscsvcSwPrvmnmsrvcdmadmin (NetmanwscsvcSwPrvmnmsrvcdmadmin) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts (NetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE (NetTcpPortSharingNetDDE) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto (NtLmSspRasAuto) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr (NtLmSspRasAutoRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv (NtLmSspRasAutoRDSessMgrdmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — H:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Plug and Play PlugPlayhelpsvc (PlugPlayhelpsvc) — Unknown owner — H:WINDOWS
O23 — Service: Plug and Play PlugPlayWmdmPmSN (PlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsc) (pr2ajtsc) — 1C: Multimedia — H:WINDOWSsystem32pr2ajtsc.exe
O23 — Service: Защищенное хранилище ProtectedStorageSENS (ProtectedStorageSENS) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog (RasAutoSysmonLog) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE (RemoteAccessStarWindServiceAE) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAEHTTPFilterupnphost (RemoteAccessStarWindServiceAEHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler (RemoteAccessStarWindServiceAESpooler) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch (RemoteAccessStarWindServiceAESpoolerDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr (RSVPMessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache (RSVPMessengerTlntSvrDnscache) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv (RSVPMessengerTlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsMSDTC (SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts (SamSsNetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — H:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий Schedulesrservice (Schedulesrservice) — Unknown owner — H:WINDOWS
O23 — Service: Уведомление о системных событиях SENSSchedule (SENSSchedule) — Unknown owner — H:WINDOWS
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web Ltd — H:Program FilesDrWebSpiderNT.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: StarWind AE Service StarWindServiceAEMSIServer (StarWindServiceAEMSIServer) — Unknown owner — H:WINDOWS
O23 — Service: MS Software Shadow Copy Provider SwPrvRSVP (SwPrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — H:WINDOWSsystem32smlogsvc.exe
O23 — Service: Журналы и оповещения производительности SysmonLogBITS (SysmonLogBITS) — Unknown owner — H:WINDOWS
O23 — Service: Телефония TapiSrvMessenger (TapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesAppMgmt (ThemesAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesFastUserSwitchingCompatibility (ThemesFastUserSwitchingCompatibility) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesRSVP (ThemesRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Telnet TlntSvrSwPrv (TlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — H:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — H:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP (WmiApSrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger (WmiApSrvRSVPTapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Центр обеспечения безопасности wscsvcAppMgmt (wscsvcAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVClanmanserver (WZCSVClanmanserver) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVCNetTcpPortSharing (WZCSVCNetTcpPortSharing) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovAudioSrv (xmlprovAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovCryptSvc (xmlprovCryptSvc) — Unknown owner — H:WINDOWS

—
End of file — 15132 bytes

[Admin]

Да, стало получше.
Теперь пришло время использовать Combofix

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

[Milla]

Вот результат сканирования ComboFix:

ComboFix 08-11-07.01 — User 2008-11-09 19:52:10.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1679 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008Antivirus XP 2008.lnk
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008How to Register Antivirus XP 2008.lnk
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008Uninstall.lnk
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009AntiSpywareXP2009.lnk
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009Uninstall.lnk
h:documents and settingsUserCookiesatazydy.ban
h:documents and settingsUserCookiesivecahipev.ban
h:documents and settingsUserLocal SettingsTemporary Internet Filessewyl.com
h:documents and settingsUserLocal SettingsTemporary Internet Filestakezihiz.sys
h:documents and settingsUserLocal SettingsTemporary Internet Filesysakapefek.sys
h:windowssystem32DriversWinpu33.sys
h:windowssystem32UnlockerHook.dll
h:windowssystem32WinCtrl32.dl_
h:windowssystem32WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_VFILT

---

Legacy_WINPU33

---

Service_Winpu33

((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 19:54 . 2008-11-09 19:54 53,248 —a

---

h:tempcatchme.dll
2008-11-09 19:54 . 2008-11-09 19:54 16,384 —a—-t- h:tempPerflib_Perfdata_d8.dat
2008-11-09 01:26 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23 d

---

h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49 d

---

H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a

---

H:HijackThis.exe
2008-11-07 00:12 . 2008-11-09 19:55 d

---

h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58 d

---

h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a

---

h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01 d

---

h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01 d

---

h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a

---

h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13 d

---

h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54 d

---

h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01 d

---

h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46 d

---

h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08 d

---

h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25 d

---

h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a

---

h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a

---

h:windowssystem32driversmbam.sys
2008-10-29 23:57 . 2008-10-29 23:57 20,992 —ahs—- h:windowssystem32adptifj.dll
2008-10-29 23:33 . 2008-10-29 23:33 d

---

h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46 d—h

---

h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01 d

---

h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10 d

---

h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57 d

---

h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a

---

h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52 d—h

---

h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54 d—s—- h:tempCookies
2008-10-28 20:44 . 2008-11-09 18:38 0 —a

---

h:windowssystem32AcSignExtResw.sys
2008-10-27 19:24 . 2008-10-27 19:24 19,298 —a

---

h:windowssystem32bitigol.ban
2008-10-27 19:24 . 2008-10-27 19:24 16,583 —a

---

h:documents and settingsUserApplication Datafugym.bat
2008-10-27 19:24 . 2008-10-27 19:24 16,170 —a

---

h:windowssystem32ocafodylit.ban
2008-10-27 19:24 . 2008-10-27 19:24 15,069 —a

---

h:windowssiwebu.bin
2008-10-27 19:24 . 2008-10-27 19:24 15,009 —a

---

h:documents and settingsUserApplication Dataxacag.com
2008-10-27 19:24 . 2008-10-27 19:24 14,988 —a

---

h:documents and settingsUserApplication Datagomijofe.com
2008-10-27 19:24 . 2008-10-27 19:24 14,782 —a

---

h:windowsicaz.dll
2008-10-27 19:24 . 2008-10-27 19:24 14,351 —a

---

h:windowsguhepiloj.reg
2008-10-27 19:24 . 2008-10-27 19:24 14,261 —a

---

h:documents and settingsUserApplication Dataadimypi.com
2008-10-27 19:24 . 2008-10-27 19:24 10,752 —a

---

h:windowsxyjafepoh.dat
2008-10-27 12:00 . 2008-10-30 23:54 339 —a-s—- h:windowssystem323191862102.dat
2008-10-22 21:01 . 2008-10-29 21:54 d

---

h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53 d

---

h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25 d

---

h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55 d

---

h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a

---

h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03 d

---

h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 16:53

---

d

---

w h:documents and settingsUserApplication DatauTorrent
2008-11-09 11:02

---

d

---

w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34

---

d

---

w h:program filesJava
2008-11-01 00:05

---

d

---

w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05

---

d

---

w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05

---

d

---

w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44

---

d

---

w h:program filesCommon FilesAdobe
2008-10-29 19:57

---

d

---

w h:program filesSkype
2008-10-29 19:57

---

d

---

w h:program filesOpera
2008-10-29 19:14

---

d

---

w h:program filesTotal Commander
2008-10-29 18:54

---

d

---

w h:program filesVDOTool
2008-10-29 18:54

---

d

---

w h:program filesSuperCopier2
2008-10-29 18:54

---

d

---

w h:program filesfree-downloads.net
2008-10-29 18:54

---

d

---

w h:program filesAutoCAD 2009
2008-10-08 08:51

---

d

---

w h:documents and settingsUserApplication DataACD Systems
.

---

Sigcheck

---

2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys

2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe

2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinad00.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinea88.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfm77.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfr00.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinke11.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinla33.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnq11.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns33.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpj77.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn33.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw88.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsq88.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintg66.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintm00.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintp33.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc88.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxb44.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd11.sys]
@=»Driver»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxk00.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=

R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R2 JavaQuickStarterService;Java Quick Starter;h:program filesJavajre6binjqs.exe [2008-11-06 152984]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S0 Winad00;Winad00;h:windowssystem32DriversWinad00.sys [ ]
S0 Winea88;Winea88;h:windowssystem32DriversWinea88.sys [ ]
S0 Winfm77;Winfm77;h:windowssystem32DriversWinfm77.sys [ ]
S0 Winfr00;Winfr00;h:windowssystem32DriversWinfr00.sys [ ]
S0 Winke11;Winke11;h:windowssystem32DriversWinke11.sys [ ]
S0 Winla33;Winla33;h:windowssystem32DriversWinla33.sys [ ]
S0 Winnq11;Winnq11;h:windowssystem32DriversWinnq11.sys [ ]
S0 Winns33;Winns33;h:windowssystem32DriversWinns33.sys [ ]
S0 Winpj77;Winpj77;h:windowssystem32DriversWinpj77.sys [ ]
S0 Winpn33;Winpn33;h:windowssystem32DriversWinpn33.sys [ ]
S0 Winrw88;Winrw88;h:windowssystem32DriversWinrw88.sys [ ]
S0 Winsq88;Winsq88;h:windowssystem32DriversWinsq88.sys [ ]
S0 Wintg66;Wintg66;h:windowssystem32DriversWintg66.sys [ ]
S0 Wintm00;Wintm00;h:windowssystem32DriversWintm00.sys [ ]
S0 Wintp33;Wintp33;h:windowssystem32DriversWintp33.sys [ ]
S0 Winwc88;Winwc88;h:windowssystem32DriversWinwc88.sys [ ]
S0 Winxb44;Winxb44;h:windowssystem32DriversWinxb44.sys [ ]
S0 Winxd11;Winxd11;h:windowssystem32DriversWinxd11.sys [ ]
S0 Winxk00;Winxk00;h:windowssystem32DriversWinxk00.sys [ ]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music

*Newly Created Service* — IMAPISERVICEIDSVC
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-AlcoholAutomount — h:program filesAlcohol SoftAlcohol 120axcmd.exe
HKLM-Run-SpIDerMail — h:program filesDrWebspiderml.exe
HKLM-Run-LingvoTraining — h:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe
HKLM-Run-Device Detector — DevDetect.exe
SafeBoot-Winpu33.sys

.

---

Supplementary Scan

---

.
FireFox -: Profile — h:documents and settingsUserApplication DataMozillaFirefoxProfilesua4i8nu5.default
FF -: plugin — h:program filesJavajre6binnew_pluginnpdeploytk.dll
FF -: plugin — h:program filesJavajre6binnew_pluginnpjp2.dll
FF -: plugin — h:program filesMozilla Firefoxpluginsnpdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:54:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.

---

Other Running Processes

---

.
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:program filesCommon FilesACD SystemsENDevDetect.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-09 19:55:51 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 16:55:48

Pre-Run: 32 420 290 560 байт свободно
Post-Run: 32,726,953,984 байт свободно

447

[Admin]

Откройте блокнот и вставьте в него следующий текст:

Registry::

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinad00.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinea88.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfm77.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfr00.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinke11.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinla33.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnq11.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns33.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpj77.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn33.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw88.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsq88.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintg66.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintm00.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintp33.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc88.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxb44.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd11.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxk00.sys]



Driver::

Winea88

Winfm77

Winfr00

Winke11

Winla33

Winnq11

Winns33

Winpj77

Winpn33

Winrw88

Winsq88

Wintg66

Wintm00

Wintp33

Winwc88

Winxb44

Winxd11

Winxk00



File::

h:windowssystem32adptifj.dll

h:temppft158.tmp

h:windowssystem32AcSignExtResw.sys

h:windowssystem32bitigol.ban

h:documents and settingsUserApplication Datafugym.bat

h:windowssystem32ocafodylit.ban

h:windowssiwebu.bin

h:documents and settingsUserApplication Dataxacag.com

h:documents and settingsUserApplication Datagomijofe.com

h:windowsicaz.dll

h:windowsguhepiloj.reg

h:documents and settingsUserApplication Dataadimypi.com

h:windowsxyjafepoh.dat

h:windowssystem323191862102.dat

h:windowssystem32DriversWinea88.sys

h:windowssystem32DriversWinfm77.sys

h:windowssystem32DriversWinfr00.sys

h:windowssystem32DriversWinke11.sys

h:windowssystem32DriversWinla33.sys

h:windowssystem32DriversWinnq11.sys

h:windowssystem32DriversWinns33.sys

h:windowssystem32DriversWinpj77.sys

h:windowssystem32DriversWinpn33.sys

h:windowssystem32DriversWinrw88.sys

h:windowssystem32DriversWinsq88.sys

h:windowssystem32DriversWintg66.sys

h:windowssystem32DriversWintp33.sys

h:windowssystem32DriversWintm00.sys

h:windowssystem32DriversWinwc88.sys

h:windowssystem32DriversWinxb44.sys

h:windowssystem32DriversWinxd11.sys

h:windowssystem32DriversWinxk00.sys

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Жду от вас свежий Combofix лог.

[Milla]

Доброе утро ))) вот новый лог:

ComboFix 08-11-09.01 — User 2008-11-10 9:58:44.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1704 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
Command switches used :: h:documents and settingsUserРабочий столCFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
h:documents and settingsUserApplication Dataadimypi.com
h:documents and settingsUserApplication Datafugym.bat
h:documents and settingsUserApplication Datagomijofe.com
h:documents and settingsUserApplication Dataxacag.com
h:temppft158.tmp
h:windowsguhepiloj.reg
h:windowsicaz.dll
h:windowssiwebu.bin
h:windowssystem323191862102.dat
h:windowssystem32AcSignExtResw.sys
h:windowssystem32adptifj.dll
h:windowssystem32bitigol.ban
h:windowssystem32DriversWinea88.sys
h:windowssystem32DriversWinfm77.sys
h:windowssystem32DriversWinfr00.sys
h:windowssystem32DriversWinke11.sys
h:windowssystem32DriversWinla33.sys
h:windowssystem32DriversWinnq11.sys
h:windowssystem32DriversWinns33.sys
h:windowssystem32DriversWinpj77.sys
h:windowssystem32DriversWinpn33.sys
h:windowssystem32DriversWinrw88.sys
h:windowssystem32DriversWinsq88.sys
h:windowssystem32DriversWintg66.sys
h:windowssystem32DriversWintm00.sys
h:windowssystem32DriversWintp33.sys
h:windowssystem32DriversWinwc88.sys
h:windowssystem32DriversWinxb44.sys
h:windowssystem32DriversWinxd11.sys
h:windowssystem32DriversWinxk00.sys
h:windowssystem32ocafodylit.ban
h:windowsxyjafepoh.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:documents and settingsUserApplication Dataadimypi.com
h:documents and settingsUserApplication Datafugym.bat
h:documents and settingsUserApplication Datagomijofe.com
h:documents and settingsUserApplication Dataxacag.com
h:windowsguhepiloj.reg
h:windowsicaz.dll
h:windowssiwebu.bin
h:windowssystem323191862102.dat
h:windowssystem32AcSignExtResw.sys
h:windowssystem32adptifj.dll
h:windowssystem32bitigol.ban
h:windowssystem32ocafodylit.ban
h:windowsxyjafepoh.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_WINWC88

---

Service_Winea88

---

Service_Winfm77

---

Service_Winfr00

---

Service_Winke11

---

Service_Winla33

---

Service_Winnq11

---

Service_Winns33

---

Service_Winpj77

---

Service_Winpn33

---

Service_Winrw88

---

Service_Winsq88

---

Service_Wintg66

---

Service_Wintm00

---

Service_Wintp33

---

Service_Winwc88

---

Service_Winxb44

---

Service_Winxd11

---

Service_Winxk00

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 10:01 . 2008-11-10 10:01 53,248 —a

---

h:tempcatchme.dll
2008-11-10 10:01 . 2008-11-10 10:01 0 —a—-t- h:tempPerflib_Perfdata_614.dat
2008-11-09 01:26 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23 d

---

h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49 d

---

H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a

---

H:HijackThis.exe
2008-11-07 00:12 . 2008-11-10 09:47 d

---

h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58 d

---

h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a

---

h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01 d

---

h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01 d

---

h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a

---

h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13 d

---

h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54 d

---

h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01 d

---

h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46 d

---

h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08 d

---

h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25 d

---

h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a

---

h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a

---

h:windowssystem32driversmbam.sys
2008-10-29 23:33 . 2008-10-29 23:33 d

---

h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46 d—h

---

h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01 d

---

h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10 d

---

h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57 d

---

h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a

---

h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52 d—h

---

h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54 d—s—- h:tempCookies
2008-10-22 21:01 . 2008-10-29 21:54 d

---

h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53 d

---

h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25 d

---

h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55 d

---

h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a

---

h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03 d

---

h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:38

---

d

---

w h:documents and settingsUserApplication DatauTorrent
2008-11-09 22:32

---

d

---

w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34

---

d

---

w h:program filesJava
2008-11-01 00:05

---

d

---

w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05

---

d

---

w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05

---

d

---

w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44

---

d

---

w h:program filesCommon FilesAdobe
2008-10-29 19:57

---

d

---

w h:program filesSkype
2008-10-29 19:57

---

d

---

w h:program filesOpera
2008-10-29 19:14

---

d

---

w h:program filesTotal Commander
2008-10-29 18:54

---

d

---

w h:program filesVDOTool
2008-10-29 18:54

---

d

---

w h:program filesSuperCopier2
2008-10-29 18:54

---

d

---

w h:program filesfree-downloads.net
2008-10-29 18:54

---

d

---

w h:program filesAutoCAD 2009
2008-10-08 08:51

---

d

---

w h:documents and settingsUserApplication DataACD Systems
.

---

Sigcheck

---

2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys

2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe

2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=

R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S0 Winad00;Winad00;h:windowssystem32DriversWinad00.sys [ ]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 10:01:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.

---

Other Running Processes

---

.
h:program filesJavajre6binjqs.exe
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-10 10:02:00 — machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-11-10 07:01:58
ComboFix2.txt 2008-11-09 16:55:51

Pre-Run: 32,703,283,200 байт свободно
Post-Run: 32,694,398,976 байт свободно

410

[Admin]

Удалите раннее созданный нами файл CFScript.
Откройте блокнот и вставьте в него следующий текст:

Driver::

Winad00



File::

h:windowssystem32DriversWinad00.sys

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix.

После того как программа отработает, будет показан новый лог. Вставьте его в ваше следующее сообщение.

[Milla]

ComboFix 08-11-09.04 — User 2008-11-10 23:14:59.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1653 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
Command switches used :: h:documents and settingsUserРабочий столCFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
h:windowssystem32DriversWinad00.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Service_Winad00

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 23:17 . 2008-11-10 23:17 16,384 —a—-t- h:tempPerflib_Perfdata_5d8.dat
2008-11-10 10:01 . 2008-11-10 23:17 53,248 —a

---

h:tempcatchme.dll
2008-11-09 01:26 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39 d—h

---

h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05 d

---

h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26 d

---

h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 dr

---

h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35 d

---

h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42 d

---

h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23 d

---

h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49 d

---

H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a

---

H:HijackThis.exe
2008-11-07 00:12 . 2008-11-10 22:44 d

---

h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58 d

---

h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a

---

h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01 d

---

h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01 d

---

h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a

---

h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13 d

---

h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54 d

---

h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01 d

---

h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46 d

---

h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08 d

---

h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25 d

---

h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35 d

---

h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06 d

---

h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a

---

h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a

---

h:windowssystem32driversmbam.sys
2008-10-29 23:33 . 2008-10-29 23:33 d

---

h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46 d—h

---

h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01 d

---

h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10 d

---

h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57 d

---

h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a

---

h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52 d—h

---

h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19 d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54 d—s—- h:tempCookies
2008-10-22 21:01 . 2008-10-29 21:54 d

---

h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53 d

---

h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25 d

---

h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55 d

---

h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30 d

---

h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a

---

h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03 d

---

h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 20:16

---

d

---

w h:program filesSuperCopier2
2008-11-10 19:54

---

d

---

w h:documents and settingsUserApplication DatauTorrent
2008-11-09 22:32

---

d

---

w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34

---

d

---

w h:program filesJava
2008-11-01 00:05

---

d

---

w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05

---

d

---

w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05

---

d

---

w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44

---

d

---

w h:program filesCommon FilesAdobe
2008-10-29 19:57

---

d

---

w h:program filesSkype
2008-10-29 19:57

---

d

---

w h:program filesOpera
2008-10-29 19:14

---

d

---

w h:program filesTotal Commander
2008-10-29 18:54

---

d

---

w h:program filesVDOTool
2008-10-29 18:54

---

d

---

w h:program filesfree-downloads.net
2008-10-29 18:54

---

d

---

w h:program filesAutoCAD 2009
2008-10-08 08:51

---

d

---

w h:documents and settingsUserApplication DataACD Systems
.

---

Sigcheck

---

2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys

2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe

2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304]

[HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=

R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 23:17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»

[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.

---

Other Running Processes

---

.
h:program filesJavajre6binjqs.exe
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-10 23:18:05 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 20:18:03
ComboFix2.txt 2008-11-10 07:02:01
ComboFix3.txt 2008-11-09 16:55:51

Pre-Run: 32 677 212 160 байт свободно
Post-Run: 32,667,152,384 байт свободно

348

[Admin]

Combofix лог чистенький. Как поживает ваш компьютер ?

[Milla]

Такая чудесная новость с утра!!! спасибоооо!!!!
Все надоедливые выскакивающие окна пропали. комп ведется себя в обычном режиме.
Только после загрузки выскакивает окно — VDO Tool — file error. please reinstall this program. Чего ему не хватает?
Можно ли теперь устанавливать заново нужные программы?.
У меня есть еще один винчестер, который подключается редко, по мере необходимости. нужно ли его просканировать? спаааасибо!

[Автор]

Сообщения