просьба прокомментировать лог-файл

[doctordi]

ComboFix 11-03-21.02 — Дмитрий 22.03.2011 9:30.2.2 — x86
Microsoft Windows 7 Максимальная 6.1.7600.0.1251.7.1049.18.2038.966 [GMT 3:00]
Running from: c:usersДмитрийDownloadsComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 06:34 . 2011-03-22 06:34

---

d

---

w- c:usersDefaultAppDataLocaltemp
2011-03-18 14:21 . 2011-02-23 14:54 19544 —-a-w- c:windowssystem32driversaswFsBlk.sys
2011-03-18 14:21 . 2011-02-23 14:56 301528 —-a-w- c:windowssystem32driversaswSP.sys
2011-03-18 14:21 . 2011-02-23 14:55 25432 —-a-w- c:windowssystem32driversaswRdr.sys
2011-03-18 14:21 . 2011-02-23 14:56 371544 —-a-w- c:windowssystem32driversaswSnx.sys
2011-03-18 14:21 . 2011-02-23 14:55 49240 —-a-w- c:windowssystem32driversaswTdi.sys
2011-03-18 14:21 . 2011-02-23 14:55 53592 —-a-w- c:windowssystem32driversaswMonFlt.sys
2011-03-18 14:21 . 2011-02-23 15:04 40648 —-a-w- c:windowsavastSS.scr
2011-03-18 14:21 . 2011-02-23 15:04 190016 —-a-w- c:windowssystem32aswBoot.exe
2011-03-18 14:21 . 2011-03-18 14:21

---

d

---

w- c:programdataAVAST Software
2011-03-18 14:21 . 2011-03-18 14:21

---

d

---

w- c:program filesAVAST Software
2011-03-18 13:59 . 2011-03-18 14:02

---

d

---

w- c:program filesBSS Internet-Client
2011-03-16 17:17 . 2011-03-16 17:17 967 —-a-w- c:windowsScUnin.pif
2011-03-16 17:17 . 2011-03-16 17:17 94208 —-a-w- c:windowsScUnin.exe
2011-03-15 17:18 . 2011-03-15 17:19

---

d

---

w- c:windowsWindowsMobile
2011-03-10 08:59 . 2011-03-10 08:59

---

d

---

w- c:usersДмитрийAppDataRoamingNero
2011-03-07 20:03 . 2011-03-07 20:03

---

d

---

w- c:program filesCommon FilesJava
2011-03-07 20:02 . 2011-03-07 20:02

---

d

---

w- c:programdataMcAfee
2011-03-03 10:20 . 2011-03-03 10:20

---

d

---

w- c:program filesCommon FilesSkype
2011-03-02 07:58 . 2011-03-02 08:25

---

d

---

w- c:program filesVideoLAN
2011-02-24 07:21 . 2011-02-24 07:35

---

d

---

w- c:program filesPanda Security
2011-02-24 07:21 . 2011-02-24 07:35

---

d

---

w- c:programdataPanda Security
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 11:13 . 2011-02-14 11:13 729072 —-a-w- c:program filesCommon Filesunins000.exe
2011-02-02 18:40 . 2010-11-30 13:34 472808 —-a-w- c:windowssystem32deployJava1.dll
2011-01-30 11:15 . 2010-12-10 09:49 48648 —-a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupMarkup.dll
2011-01-28 08:00 . 2009-06-02 15:11 80896 —-a-w- c:windowssystem32ff_vfw.dll
2011-01-21 21:20 . 2011-01-21 21:20 48648 —-a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2Markup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 14:15 257384 —-a-w- c:program filesAlterGeoAlterGeo Magic Scanner2.8.8.615AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-10-07 10971976]
.
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
.
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-10-07 10971976]
.
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
@=»{472083B0-C522-11CF-8763-00608CC02F24}»
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 —-a-w- c:program filesAVAST SoftwareAvastashShell.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Infium»=»c:program filesQIP 2010qip.exe» [2011-03-09 5973888]
«QIP Internet Guardian»=»c:usersДмитрийAppDataRoamingQipGuardQipGuard.exe» [2011-02-01 187776]
«Praetorian»=»c:usersДмитрийAppDataLocalYandexUpdaterpraetorian.exe» [2010-10-21 798024]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-12-15 395640]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2011-01-26 15026056]
«Avi Player»=»c:program filesAvi PlayerAviPlayer.exe» [2007-09-05 629760]
«NokiaOviSuite2″=»c:program filesNokiaNokia Ovi SuiteNokiaOviSuite.exe» [2011-01-31 703360]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«RtHDVCpl»=»c:program filesRealtekAudioHDARtHDVCpl.exe» [2009-05-23 7514656]
«Samsung PanelMgr»=»c:windowsSamsungPanelMgrSSMMgr.exe» [2010-01-06 618496]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2009-09-23 141848]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2009-09-23 173592]
«Persistence»=»c:windowssystem32igfxpers.exe» [2009-09-23 150552]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2011-01-31 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-09-20 932288]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-10-29 249064]
«Windows Mobile Device Center»=»c:windowsWindowsMobilewmdc.exe» [2007-05-31 648072]
«avast»=»c:program filesAVAST SoftwareAvastavastUI.exe» [2011-02-23 3451496]
.
c:users„¬ЁваЁ©AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Num by string.lnk — c:numbystringNumstr.exe [2004-2-21 122880]
‚л१Є  нЄа ­  Ё Їа®Ја ¬¬  § ЇгбЄ  ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«ConsentPromptBehaviorAdmin»= 0 (0x0)
«ConsentPromptBehaviorUser»= 3 (0x3)
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)
«PromptOnSecureDesktop»= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux1″=wdmaud.drv
.
R2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-12-08 136176]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:windowssystem32DRIVERSRtTeam60.sys [2008-10-24 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:windowssystem32DRIVERSRtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:windowssystem32DRIVERSRtTeam60.sys [2008-10-24 35328]
R3 WatAdminSvc;Служба технологий активации Windows;c:windowssystem32WatWatAdminSvc.exe [2010-12-01 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2011-02-23 53592]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:windowssystem32DRIVERSRtNdPt60.sys [2007-12-11 27648]
S2 SSPORT;SSPORT;c:windowssystem32DriversSSPORT.sys [2009-07-29 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2009-05-24 167936]
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-03-22 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-12-08 12:40]
.
2011-03-22 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-12-08 12:40]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=155842
uSearchAssistant = hxxp://search.qip.ru/ie
IE: {{4034D172-4C52-49de-A6A1-E75F8F591FEC} — c:program filesPRMT8PRMTIEoptions.htm
IE: {{A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — c:program filesPRMT8PRMTIEprmtie5.htm
Trusted Zone: trust.ruibank
DPF: {113E52A8-A790-4B13-B5F8-B17BD5617707} — hxxps://ibank.trust.ru/CODE/3.17.6.840/cr_call.cab
DPF: {34E60EF0-8825-4AD8-ABED-ADC2F358F2C9} — hxxps://ibank.trust.ru/CODE/3.17.6.840/bsssl.cab
DPF: {3FD2F333-7E4B-43AC-BB2A-CC0410654160} — hxxps://ibank.trust.ru/CODE/3.17.6.840/cr_msp2.cab
FF — ProfilePath — c:usersДмитрийAppDataRoamingMozillaFirefoxProfileshul4zsn6.default
FF — prefs.js: browser.search.defaulturl — hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/
FF — prefs.js: keyword.URL — hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF — prefs.js: network.proxy.type — 0
FF — Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} — c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF — Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} — c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF — Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} — c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF — Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} — c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF — Ext: Яндекс.Бар: yasearch@yandex.ru — %profile%extensionsyasearch@yandex.ru
FF — Ext: Спутник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} — %profile%extensions{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF — Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} — %profile%extensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF — Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com — d:program filesNokiaNokia PC Suite 7bkmrksync
FF — Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} — c:program filesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtension
FF — Ext: avast! WebRep: wrc@avast.com — c:program filesAVAST SoftwareAvastWebRepFF
.
.

---

LOCKED REGISTRY KEYS

---

.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.

---

DLLs Loaded Under Running Processes

---

.
— — — — — — — > ‘Explorer.exe'(5096)
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
.
Completion time: 2011-03-22 09:35:51
ComboFix-quarantined-files.txt 2011-03-22 06:35
ComboFix2.txt 2011-03-22 06:10
.
Pre-Run: 75 763 941 376 байт свободно
Post-Run: 75 716 411 392 байт свободно
.
— — End Of File — — C7120D0C8B3D709ED380F2A41A1F8594

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Лог выглядит нормально. Есть только одна программа, c:numbystringNumstr.exe [2004-2-21 122880]. Вы её сами устанавливали ?
Какие есть проблемы с компьютером ?

[Автор]

Сообщения