Помогите убрать последствия порнобаннера!

[slaffko]

появился на рабочем столе порнобаннер, который блочил все запускаемые программы, я удалил папку C:programm filescommon filesopera, после чего баннер исчез, затем я перезагрузил комп. Но перестал подключаться к интернету googlechrome и opera и partypoker, однако mozila firefox работает нормально… Потом через msconfig убрал подозрительные файлы из автозагрузки, из папки пускавтозагрузка убрал подозрительный exe-файл…. Но это не помогло… проверил avast’ом на вирусы C: и D: он нашел еще пару троянов и удалил их… googlechrome и opera и partypoker не подключаются к интернету.

log.txt :

Logfile of random’s system information tool 1.07 (written by random/random)
Run by Администратор at 2010-06-08 17:59:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (21%) free of 14 GB
Total RAM: 767 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:59:13, on 08.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:WINDOWSSOUNDMAN.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSystem32svchost.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:D&SАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:41653;
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll (file missing)
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (file missing)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [ISUSPM] «C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe» -scheduler
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» -automount
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [Nokia.PCSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: PartyCasino — {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} — C:Program FilesPartyGamingPartyCasinoRunApp.exe
O9 — Extra ‘Tools’ menuitem: PartyCasino — {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} — C:Program FilesPartyGamingPartyCasinoRunApp.exe
O9 — Extra button: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra ‘Tools’ menuitem: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O16 — DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) —
O18 — Protocol: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — C:PROGRA~1Solo9SoloRes.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: CiSvc — Unknown owner — C:WINDOWSsystem32cisvc.exe (file missing)
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Unknown owner — C:Program FilesJavajre6binjqs.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — StarWind Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8399 bytes

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«nwiz»=nwiz.exe /install []
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-05-16 13529088]
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«ISUSPM»=C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [2006-03-20 213936]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
C:D&SАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-06-04 136176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregManualRun]
E:AUTORUNAutoRun []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSamsung Common SM]
C:WINDOWSSamsungComSMMgrssmmgr.exe [2005-07-03 372736]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^D&S^All Users^Главное меню^Программы^Автозагрузка^Matrix.lnk]
C:PROGRA~1MatrixMatrix.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^D&S^Администратор^Главное меню^Программы^Автозагрузка^healm_voje.lnk]
C:D&SАдминистраторApplication Dataqtejcwqw.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^D&S^Администратор^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2006-09-01 851664]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSMConfigurePrograms»=1
«NoLogoff»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSharemanShareman.exe»=»C:Program FilesSharemanShareman.exe:*:Enabled:Shareman»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2010-06-08 17:59:02 —-D—- C:rsit
2010-06-08 17:59:02 —-D—- C:Program Filestrend micro
2010-06-08 17:50:39 —-D—- C:Program Filesxerox
2010-06-08 17:50:38 —-D—- C:Program Filesmovie maker
2010-06-08 17:50:32 —-D—- C:WINDOWSsystem32xircom
2010-06-08 17:50:30 —-D—- C:Program Filesnetmeeting
2010-06-08 17:50:30 —-D—- C:Program Filesmsn gaming zone
2010-06-08 17:50:30 —-D—- C:Program Filesmicrosoft frontpage
2010-06-08 17:48:48 —-D—- C:WINDOWStemp
2010-06-08 17:48:47 —-A—- C:ComboFix.txt
2010-06-08 17:41:38 —-A—- C:Boot.bak
2010-06-08 17:41:36 —-RASHD—- C:cmdcons
2010-06-08 17:40:52 —-A—- C:WINDOWSzip.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSSWXCACLS.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSSWSC.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSSWREG.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSsed.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSPEV.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSNIRCMD.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSMBR.exe
2010-06-08 17:40:52 —-A—- C:WINDOWSgrep.exe
2010-06-08 17:39:09 —-D—- C:WINDOWSERDNT
2010-06-08 17:39:02 —-SHD—- C:System Volume Information
2010-06-08 17:35:41 —-D—- C:Qoobox
2010-06-07 11:20:24 —-HD—- C:WINDOWSsystem32GroupPolicy
2010-06-04 21:05:21 —-D—- C:D&SАдминистраторApplication DataOpera
2010-06-04 21:03:30 —-D—- C:Program FilesOpera
2010-06-04 18:57:10 —-D—- C:FOUND.009
2010-06-04 18:29:44 —-A—- C:WINDOWSntbtlog.txt
2010-06-04 17:23:16 —-D—- C:FOUND.008
2010-05-27 06:48:28 —-D—- C:FOUND.007
2010-05-21 14:56:30 —-D—- C:Program FilesSoft Gold
2010-05-21 14:56:30 —-D—- C:D&SАдминистраторApplication DataSoft Gold
2010-05-21 14:48:25 —-D—- C:Program FilesDipTrace

======List of files/folders modified in the last 1 months======

2010-06-08 17:49:42 —-A—- C:WINDOWSSchedLgU.Txt
2010-06-08 17:47:46 —-A—- C:WINDOWSsystem.ini
2010-06-08 17:41:40 —-RASH—- C:boot.ini
2010-06-07 11:30:44 —-A—- C:WINDOWSwin.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2005-03-14 41984]
R2 hl_mull;hl_mull; C:WINDOWSSystem32drivershl_mull.SYS [2007-06-22 67712]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-24 4127488]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-05-16 6557408]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler; C:WINDOWSsystem32driverspsxpad.sys [2003-02-09 14592]
R3 PsxPortEnumerator;Psx Port Enumerator; C:WINDOWSSystem32Driverspsxenum.sys [2003-01-31 19840]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-05-31 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-31 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-05-31 17152]
R3 xnacc;Microsoft Common Controller For Windows Driver Service; C:WINDOWSsystem32DRIVERSxnacc.sys [2006-06-01 509440]
S3 ac92c8o8;ac92c8o8; C:WINDOWSsystem32driversac92c8o8.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys []
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-15 71552]
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-04-14 273408]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys []
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2004-11-29 30125]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys []
S3 catchme;catchme; ??C:TEMPcatchme.sys []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-05-31 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 atapi;atapi; C:WINDOWSsystem32driversatapi.sys [2008-04-15 96512]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 IviRegMgr;IviRegMgr; C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe [2006-12-05 112152]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-05-16 159812]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2009-12-24 370688]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe -service -config C:Program FilesJavajre6libdeployjqsjqs.conf []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]

---

EOF

---

info.txt:

info.txt logfile of random’s system information tool 1.06 2010-06-08 17:59:16

======Uninstall list======

—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4F6DFDC8-7EAA-4B9B-AC3A-AE04F77D81CF}Setup.exe» -l0x19
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABViewer 7—>»C:Program FilesSoft GoldABViewer 7unins000.exe»
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Apple Software Update—>MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
AXIS Media Control—>rundll32 «C:Program FilesAxis CommunicationsAXIS Media ControlAxisMediaControl.dll»,UninstallMe
CDBurnerXP—>»C:Program FilesCDBurnerXPunins000.exe»
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{13B792AA-C078-43A4-8A3A-8B12D629940D}Setup.exe» -l0x19
CuneiForm v12 Master—>MsiExec.exe /I{FFBAAF1F-307D-4973-B1D2-079CC469EDE2}
DeepBurner v1.9.0.228—>»C:Program FilesDeepBurnerUninstall.exe» «C:Program FilesDeepBurnerinstall.log» -u
DipTrace Language Suite—>C:Program FilesDipTraceUnInstall_12345.exe
Flash Movie Player 1.5—>C:Program FilesFlash Movie Playeruninst.exe
GTA San Andreas Fargus Rusifikator v1.3—>»D:GamesGTA San AndreasUninstall_Fargus_Rusifikatorunins000.exe»
GTA San Andreas—>»D:GamesGTA San Andreasunins000.exe»
Guitar Pro 5.2—>»C:Program FilesGuitar Pro 5unins000.exe»
Java(TM) 6 Update 17—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 4.7.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Macromedia Flash Player 8—>MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916}
MediaCoder 0.6.1—>C:Program FilesMediaCoderuninst.exe
Microsoft .NET Framework 2.0—>MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)—>MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MOBILedit! 3.0—>RunDll32 C:PROGRA~1MOBILE~1SetupSetup.dll,RemoveOnly
Mozilla Firefox (3.5.9)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser—>MsiExec.exe /I{8E719AE4-286B-4F01-8DA1-6270B0BF819D}
MuzLand Tuner—>C:Program FilesMuzLand TunerUninstal.exe
Nokia Connectivity Cable Driver—>MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite—>C:D&SAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Novarm DipTrace—>»C:Program FilesDipTraceun_dipfree_en.exe_15033.exe»
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
OJOsoft Total Video Converter—>»C:Program FilesOJOsoftOJOsoft Total Video Converterunins000.exe»
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
OpenOffice.org 2.4—>MsiExec.exe /I{706D05AD-CB73-4AC5-ACFE-B61D67DFCF6C}
PartyCasino—>»C:Program FilesPartyGamingPartyCasinoUninstall.exe» «C:Program FilesPartyGamingPartyCasinoinstall.log»
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PES5—>»D:GamesPES5unins000.exe»
Power Tab Editor 1.7—>MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QUAKE4—>D:GamesQUAKE4UNWISE.EXE D:GamesQUAKE4INSTALL.LOG
QuickTime—>MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» -l0x19 -removeonly
Samsung ML-2010 Series—>C:WINDOWSSamsungML-2010SETUP.EXE
Security Update для Microsoft .NET Framework 2.0 (КБ928365)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Serious Sam 2—>D:GamesSERIOU~2UNWISE.EXE D:GamesSERIOU~2INSTALL.LOG
Serious Sam: The Second Encounter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}Setup.exe» -l0x19
SimplexWin 3.1—>C:Program FilesSimplexWinuninst.exe
SmartMovie Converter—>»C:Program FilesLonely Cat GamesSmartMovie ConverterIIUninst.exe» C:Program FilesLonely Cat GamesSmartMovie Converterinstall.log
Sniper Elite—>»D:GamesSniper Eliteunins000.exe»
Sony Noise Reduction Plug-In 2.0h—>MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0—>MsiExec.exe /X{4AEA9A23-D627-4699-8A0F-FC474308C2E6}
TmNationsForever—>»D:GamesTmNationsForeverunins000.exe»
Total Commander 6.55 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Tune Your Guitar! 1.8—>C:Program FilesTune Your Guitar!Uninstall.exe
Unreal Tournament—>C:WINDOWSIsUn0419.exe -f»d:gamesUnreal TournamentSystemUninst.isu»
VideoFab Converter 1.0.1.5 Beta—>»C:Program FilesVideoFabunins000.exe»
Warcraft 3 — Frozen Throne 1.20—>»D:GamesWarcraft 3 — Frozen Throneunins000.exe»
Winamp—>»C:Program FilesWinAmpUninstWA.exe»
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Xbox 360 Controller for Windows—>»C:WINDOWS$NtUninstall_Xbox_360_CC_Driver$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Пермь 01.03.2010—>MsiExec.exe /X{1FBE28FB-8477-4808-9859-4F4A41202EE7}
ДубльГИС 3.0.6.4—>MsiExec.exe /X{751DAFAF-980F-4745-AF49-547623DD1CB7}
КОМПАС-3D V10 — Машиностроительная конфигурация—>MsiExec.exe /I{F7D1599D-F990-453C-9038-DFEFC9A6F817}
КОМПАС-3D V10—>MsiExec.exe /I{B3724E1F-F02F-49D3-94DB-C81539A27D9F}
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Соло на Клавиатуре 9—>C:Program FilesSolo9Uninstall.exe
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100608-0]
FW: COMODO Firewall Pro (disabled)

======System event log======

Computer Name: B4949CDEEF7B475
Event Code: 1002
Message: Аренда IP-адреса 192.168.0.101 для сетевого адаптера с сетевым адресом 00E04C76E4BD отклонена
DHCP-сервером 192.168.0.1 (DHCP-сервер отправил сообщение DHCPNACK).

Record Number: 49069
Source Name: Dhcp
Time Written: 20100522180845.000000+360
Event Type: ошибка
User:

Computer Name: B4949CDEEF7B475
Event Code: 6005
Message: Запущена служба журнала событий.

Record Number: 49068
Source Name: EventLog
Time Written: 20100522180840.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 49067
Source Name: EventLog
Time Written: 20100522180840.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 6006
Message: Служба журнала событий остановлена.

Record Number: 49066
Source Name: EventLog
Time Written: 20100522083839.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 7036
Message: Служба «Протокол HTTP SSL» перешла в состояние Работает.

Record Number: 49065
Source Name: Service Control Manager
Time Written: 20100522070455.000000+360
Event Type: информация
User:

=====Application event log=====

Computer Name: B4949CDEEF7B475
Event Code: 1001
Message: Checking file system on C:
The type of the file system is FAT32.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is 7050-B03D
The size of the D&SАдминистраторntuser.dat.LOG entry is not valid.
D&SАдминистраторLocal SettingsApplication DataGoogleChromeUser DataLocal State first allocation unit is not valid. The entry will be truncated.
Convert lost chains to files (Y/N)? Yes
8 KB in 1 recovered files.
Windows has made corrections to the file system.
14709152 KB total disk space.
1217432 KB in 525 hidden files.
50960 KB in 6070 folders.
11984440 KB in 117015 files.
1456312 KB are available.

8192 bytes in each allocation unit.
1838644 total allocation units on disk.
182039 allocation units available on disk.

Record Number: 1196
Source Name: Winlogon
Time Written: 20100406112612.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 0
Message:
Record Number: 1195
Source Name: IviRegMgr
Time Written: 20100406081215.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 0
Message:
Record Number: 1194
Source Name: 2GIS UpdateClientService
Time Written: 20100406081211.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 0
Message:
Record Number: 1193
Source Name: IviRegMgr
Time Written: 20100406080437.000000+360
Event Type: информация
User:

Computer Name: B4949CDEEF7B475
Event Code: 0
Message:
Record Number: 1192
Source Name: 2GIS UpdateClientService
Time Written: 20100406080423.000000+360
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Program FilesPC Connectivity Solution;C:Vc;C:Arc;C:Program FilesQuickTimeQTSystem;
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=2f02
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=C:Temp
«TMP»=C:Temp
«CLASSPATH»=.;C:Program FilesJavajre1.6.0_05libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0_05libextQTJava.zip

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите HijackThis, для этого кликните Пуск, Выполнить, введите

C:Program Filestrend microАдминистратор.exe

и нажмите Enter.
Откроется главное меню программы HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:41653;

R3 - URLSearchHook: (no name) - - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.

Вижу вы запускали Combofix, запустите эту программу снова и получившийся лог вставьте в ваше следующее сообщение.

[slaffko]

Все сделал как было написанно выше…

вот лог combofix’а:

ComboFix 10-06-09.02 — Администратор 10.06.2010 15:56:45.2.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.767.441 [GMT 6:00]
Running from: c:d&sАдминистраторРабочий столComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100610-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 09:54 . 2010-06-10 09:54

---

d

---

w- c:tempWPDNSE
2010-06-10 09:53 . 2010-06-10 09:53 16384 —-a-w- c:tempPerflib_Perfdata_52c.dat
2010-06-10 05:24 . 2009-08-06 13:23 274288 —-a-w- c:windowssystem32mucltui.dll
2010-06-08 11:59 . 2010-06-08 11:59

---

d

---

w- C:rsit
2010-06-08 11:59 . 2010-06-08 11:59

---

d

---

w- c:program filestrend micro
2010-06-08 11:50 . 2010-06-08 11:50

---

d

---

w- c:windowssystem32wbemsnmp
2010-06-08 11:50 . 2010-06-08 11:50

---

d

---

w- c:windowssystem32xircom
2010-06-08 11:50 . 2010-06-08 11:50

---

d

---

w- c:program filesmicrosoft frontpage
2010-06-07 05:20 . 2010-06-07 05:20

---

d—h—w- c:windowssystem32GroupPolicy
2010-06-06 08:47 . 2010-06-06 08:47

---

d

---

w- c:temp4S52IEM
2010-06-04 15:05 . 2010-06-04 15:05

---

d

---

w- c:d&sАдминистраторLocal SettingsApplication DataOpera
2010-06-04 15:03 . 2010-06-04 15:03

---

d

---

w- c:program filesOpera
2010-06-04 15:02 . 2010-06-04 15:02

---

d

---

w- c:d&sАдминистраторLocal SettingsApplication DataTemp
2010-06-04 12:57 . 2010-06-04 12:57

---

d

---

w- C:FOUND.009
2010-06-04 11:23 . 2010-06-04 11:23

---

d

---

w- C:FOUND.008
2010-06-03 00:47 . 2010-06-03 00:48

---

d

---

w- c:tempCR_5.tmp
2010-05-27 00:48 . 2010-05-27 00:48

---

d

---

w- C:FOUND.007
2010-05-21 08:56 . 2010-05-21 08:56

---

d

---

w- c:program filesSoft Gold
2010-05-21 08:56 . 2010-05-21 08:56

---

d

---

w- c:d&sАдминистраторApplication DataSoft Gold
2010-05-21 08:48 . 2010-05-21 08:48

---

d

---

w- c:program filesDipTrace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 09:52 . 2010-02-24 11:01 12 —-a-w- c:windowsbthservsdp.dat
2010-06-08 12:40 . 2008-07-29 17:32 1 —-a-w- c:d&sАдминистраторApplication DataOpenOffice.org2useruno_packagescachestamp.sys
2010-05-21 08:56 . 2008-07-24 16:06 75568 —-a-w- c:d&sАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-03 10:19 . 2010-05-03 10:19

---

d

---

w- c:d&sАдминистраторApplication DataMathWorks
2010-05-03 10:06 . 2010-05-03 10:06 2678 —-a-w- c:windowsjavaPackagesDataW0K57RFZ.DAT
2010-05-03 10:06 . 2010-05-03 10:06 2678 —-a-w- c:windowsjavaPackagesDataPFZZ9FFL.DAT
2010-05-03 10:06 . 2010-05-03 10:06 2678 —-a-w- c:windowsjavaPackagesDataP7LBXJBP.DAT
2010-05-03 10:06 . 2010-05-03 10:06 2678 —-a-w- c:windowsjavaPackagesDataLNLF3LRB.DAT
2010-05-03 10:06 . 2010-05-03 10:06 2678 —-a-w- c:windowsjavaPackagesDataETV9NTJ7.DAT
2010-04-12 13:29 . 2010-04-12 13:29

---

d

---

w- c:program filesQIP 2010
2010-03-18 03:17 . 2010-03-18 03:17 152576 —-a-w- c:d&sАдминистраторApplication DataSunJavajre1.6.0_17lzma.dll
2010-03-18 03:17 . 2010-03-18 03:16 79488 —-a-w- c:d&sАдминистраторApplication DataSunJavajre1.6.0_17gtapi.dll
.

---

Sigcheck

---

[-] 2009-04-26 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys

[-] 2008-05-30 . 99899FB9138987708CD47BA7BF1EB308 . 2188800 . . [5.1.2600.5512] . . c:windowssystem32ntoskrnl.exe

[-] 2008-05-30 . A7FDF871519A3D737D917B04D2542BE8 . 584192 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[7] 2008-04-14 . A9CDF92EA1CFFB67448EF26F5DF21A6F . 579072 . . [5.1.2600.5512] . . c:windowsResPatchBackupuser32.dll

[-] 2008-05-30 . 7220FD31EB02BAEE72EDD516939D637C . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll

[-] 2008-05-30 . A0F981D28A6A7811ABC18F7053F27667 . 2065664 . . [5.1.2600.5512] . . c:windowssystem32ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-06-08_11.47.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-27 03:16 . 2009-08-06 13:24 44768 c:windowssystem32wups2.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 35552 c:windowssystem32wups.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 53472 c:windowssystem32wuauclt.exe
+ 2010-06-10 05:24 . 2009-08-06 13:24 44768 c:windowssystem32SoftwareDistributionSetupServiceStartupwups2.dll7.4.7600.226wups2.dll
+ 2010-06-10 05:24 . 2009-08-06 13:24 35552 c:windowssystem32SoftwareDistributionSetupServiceStartupwups.dll7.4.7600.226wups.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 35552 c:windowssystem32dllcachewups.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 53472 c:windowssystem32dllcachewuauclt.exe
+ 2008-05-30 22:19 . 2009-08-06 13:24 96480 c:windowssystem32dllcachecdm.dll
+ 2008-05-30 22:19 . 2009-08-06 13:24 96480 c:windowssystem32cdm.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 209632 c:windowssystem32wuweb.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 327896 c:windowssystem32wucltui.dll
+ 2008-07-24 15:33 . 2009-08-06 13:23 575704 c:windowssystem32wuapi.dll
+ 2008-07-24 15:31 . 2009-08-06 13:23 215920 c:windowssystem32muweb.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 209632 c:windowssystem32dllcachewuweb.dll
+ 2008-07-24 15:33 . 2009-08-06 13:24 327896 c:windowssystem32dllcachewucltui.dll
+ 2008-07-24 15:33 . 2009-08-06 13:23 575704 c:windowssystem32dllcachewuapi.dll
+ 2008-07-24 15:33 . 2009-08-06 13:23 1929952 c:windowssystem32wuaueng.dll
+ 2008-07-24 15:33 . 2009-08-06 13:23 1929952 c:windowssystem32dllcachewuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2009-11-15 33120]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«nwiz»=»nwiz.exe» [2008-05-16 1630208]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-15 110592]
«ISUSPM»=»c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe» [2006-03-20 213936]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 577536]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-11-24 81000]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«nltide_3″=»advpack.dll» [2008-05-30 124928]
«IE7_012″=»advpack.dll» [2008-05-30 124928]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«NoLogoff»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKLM~startupfolderC:^D&S^All Users^Главное меню^Программы^Автозагрузка^Matrix.lnk]
path=c:d&sAll UsersГлавное менюПрограммыАвтозагрузкаMatrix.lnk
backup=c:windowspssMatrix.lnkCommon Startup

[HKLM~startupfolderC:^D&S^Администратор^Главное меню^Программы^Автозагрузка^healm_voje.lnk]
path=c:d&sАдминистраторГлавное менюПрограммыАвтозагрузкаhealm_voje.lnk
backup=c:windowspsshealm_voje.lnkStartup

[HKLM~startupfolderC:^D&S^Администратор^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=c:d&sАдминистраторГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=c:windowspssTotal Commander.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregManualRun]
e:autorunAutoRun [X]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
2010-06-04 15:02 136176 —-a-w- c:d&sАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2008-05-16 08:01 13529088 —-a-w- c:windowssystem32nvcpl.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2008-05-16 08:01 86016 —-a-w- c:windowssystem32nvmctray.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
2007-03-23 07:20 227328 —-a-w- c:program filesNokiaNokia PC Suite 6LaunchApplication.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2006-09-01 09:57 282624 —-a-w- c:program filesQuickTimeqttask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSamsung Common SM]
2005-07-03 07:20 372736

---

w- c:windowsSamsungComSMMgrSSMMgr.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2007-04-16 09:28 577536 —-a-w- c:windowssoundman.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Shareman\Shareman.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«67:UDP»= 67:UDP:DHCP Discovery Service

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:windowssystem32driversnvcchflt.sys [24.07.2008 21:26 16640]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [31.07.2009 18:37 114768]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [17.09.2008 12:03 1134592]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [31.07.2009 18:37 20560]
R2 hl_mull;hl_mull;c:windowssystem32drivershl_mull.sys [22.06.2009 22:20 67712]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:windowssystem32driverspsxpad.sys [28.07.2008 21:32 14592]
R3 PsxPortEnumerator;Psx Port Enumerator;c:windowssystem32driverspsxenum.sys [28.07.2008 21:32 19840]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [25.07.2008 17:59 691696]
.
Contents of the ‘Scheduled Tasks’ folder

2010-06-10 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2006-08-29 08:21]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.apeha.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} — c:program filesPartyGamingPartyCasinoRunApp.exe
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:d&sАдминистраторApplication DataMozillaFirefoxProfilesb8y8cysi.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 16:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-515967899-1343024091-1801674531-500SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERSS-1-5-21-515967899-1343024091-1801674531-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*e0x*e0]
@Class=»Shell»

[HKEY_USERSS-1-5-21-515967899-1343024091-1801674531-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*e0x*e0OpenWithList]
@Class=»Shell»
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(1996)
c:windowssystem32wpdshserviceobj.dll
c:program filesNokiaNokia PC Suite 6PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 6PCSCM.dll
c:program filesNokiaNokia PC Suite 6LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 6ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.
Completion time: 2010-06-10 16:02:10
ComboFix-quarantined-files.txt 2010-06-10 10:02
ComboFix2.txt 2010-06-08 11:48

Pre-Run: 2 888 654 848 байт свободно
Post-Run: 2 870 239 232 байт свободно

— — End Of File — — 3C7E0CD828DBED213A230FAE6ABB7A78

[Автор]

Сообщения