- This topic has 28 ответов, 2 участника, and was last updated 15 years, 9 months назад by
.
-
Сообщения
-
Сильно тормозит компьютер, звук барахлит (эхо, корявость). Проверяла Flash Desinfector’ом, Dr.Web Cureit,Outpost Firewall 2009,MBAM’ом — ничего не находит. Помогите, пожалуйста. Выкладываю снова RSIT — лог
log.txt
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-17 18:17:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (78%) free of 40 GB
Total RAM: 2047 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:03, on 17.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program Files2gisUpdateClientWin32UpdateClientUI.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesAIMP2AIMP2.exe
C:Program FilesuTorrentutorrent.exe
C:Program FilesMozilla Firefoxfirefox.exe
E:RSIT.exe
C:WINDOWSsystem32wscntfy.exe
C:Program Filestrend microAdministrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tomtel.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [2gis update client UI] «C:Program Files2gisUpdateClientWin32UpdateClientUI.exe» -minimized
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Firewall Profeedback.exe» /dump:os_startup
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost Firewall Proie_bar.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O18 — Protocol: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — C:PROGRA~1Solo9SoloRes.dll
O20 — AppInit_DLLs: c:progra~1agnitumoutpos~1wl_hook.dll
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5684 bytes======Scheduled tasks folder======
C:WINDOWStasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-12-26 13680640]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-12-26 86016]
«2gis update client UI»=C:Program Files2gisUpdateClientWin32UpdateClientUI.exe [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2009-03-02 1225032]
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Firewall Profeedback.exe [2009-03-02 433480][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:progra~1agnitumoutpos~1wl_hook.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSNetwork Diagnosticxpnetdiag.exe»=»C:WINDOWSNetwork Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-03-15 22:05:26 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-15 22:05:24 —-D—- C:WINDOWSsystem32Kaspersky Lab
2009-03-14 15:05:00 —-D—- C:WINDOWSsystem32Filt
2009-03-14 15:05:00 —-D—- C:Program FilesAgnitum
2009-03-14 15:04:52 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
2009-03-14 14:53:10 —-D—- C:Program FilesYandex
2009-03-14 13:29:08 —-D—- C:Documents and SettingsAdministratorApplication DataMozilla
2009-03-12 23:28:25 —-RASHD—- C:autorun.inf
2009-03-12 23:02:21 —-SHD—- C:RECYCLER
2009-03-12 22:52:22 —-D—- C:WINDOWStemp
2009-03-12 22:52:20 —-A—- C:ComboFix.txt
2009-03-12 22:48:22 —-D—- C:WINDOWSERDNT
2009-03-11 21:04:03 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-11 21:03:58 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-11 21:03:45 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-11 20:27:36 —-D—- C:Program Filestrend micro
2009-03-11 20:27:34 —-D—- C:rsit
2009-03-11 18:28:09 —-D—- C:Documents and SettingsAdministratorApplication DataMalwarebytes
2009-03-11 18:28:05 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-11 18:28:05 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-09 19:42:22 —-D—- C:Program FilesDjvuReader
2009-03-09 18:21:05 —-D—- C:Documents and SettingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42:26 —-D—- C:Documents and SettingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42:26 —-D—- C:Documents and SettingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41:43 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40:53 —-D—- C:Documents and SettingsAdministratorApplication DataYandex
2009-03-09 16:39:48 —-D—- C:Program FilesDAEMON Tools Lite
2009-03-09 16:39:31 —-D—- C:Documents and SettingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15:37 —-D—- C:Documents and SettingsAll UsersApplication DataDoctor Web
2009-03-04 22:24:27 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2009-03-02 15:34:51 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-03-02 15:34:42 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2009-03-02 15:34:34 —-HDC—- C:WINDOWS$NtUninstallKB939683$
2009-03-02 15:34:22 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-03-02 15:34:15 —-HDC—- C:WINDOWS$NtUninstallKB936782_WMP11$
2009-03-01 22:47:02 —-N—- C:WINDOWSsystem32spmsg.dll
2009-03-01 22:47:01 —-HDC—- C:WINDOWS$NtUninstallMSCompPackV1$
2009-03-01 22:46:53 —-D—- C:Program FilesWindows Media Connect 2
2009-03-01 22:46:43 —-HDC—- C:WINDOWS$NtUninstallwmp11$
2009-03-01 22:46:17 —-HDC—- C:WINDOWS$NtUninstallWMFDist11$
2009-03-01 22:46:01 —-D—- C:WINDOWSsystem32LogFiles
2009-03-01 22:45:57 —-HDC—- C:WINDOWS$NtUninstallWudf01000$
2009-03-01 13:01:12 —-D—- C:Program FilesHelp
2009-03-01 13:01:11 —-D—- C:Program FilesPlugins
2009-03-01 13:01:11 —-D—- C:Program FilesLangs
2009-02-28 19:14:23 —-D—- C:Documents and SettingsAdministratorApplication DataHelp
2009-02-28 19:12:38 —-A—- C:WINDOWSUnSetup.exe
2009-02-28 19:12:38 —-A—- C:WINDOWSRusUinst.exe
2009-02-28 18:40:28 —-A—- C:WINDOWSsystem32LMRTREND.dll
2009-02-28 18:40:28 —-A—- C:WINDOWSsystem32dxtmsft3.dll
2009-02-28 18:40:27 —-A—- C:WINDOWSsystem32unam4ie.exe
2009-02-28 18:40:26 —-A—- C:WINDOWSsystem32vidx16.dll
2009-02-28 18:40:25 —-A—- C:WINDOWSsystem32qcut.dll
2009-02-28 18:40:24 —-A—- C:WINDOWSsystem32w95inf32.dll
2009-02-28 18:40:24 —-A—- C:WINDOWSsystem32w95inf16.dll
2009-02-28 18:38:17 —-RA—- C:WINDOWSisk3ro.exe
2009-02-28 18:38:01 —-A—- C:WINDOWSQTW.INI
2009-02-28 18:34:55 —-A—- C:WINDOWSMaris.ini
2009-02-28 18:33:19 —-A—- C:WINDOWSunin0419.exe
2009-02-28 18:19:53 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-02-28 18:19:43 —-D—- C:Program FilesCommon FilesAdobe
2009-02-28 18:19:43 —-D—- C:Program FilesAdobe
2009-02-28 18:00:00 —-A—- C:WINDOWSIsUninst.exe
2009-02-26 18:48:29 —-D—- C:Documents and SettingsAdministratorApplication DatamIRC
2009-02-25 23:11:15 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-02-21 18:01:36 —-AD—- C:Program FilesCoolReader 3.0.8
2009-02-21 17:56:59 —-D—- C:Documents and SettingsAdministratorApplication Datacr3======List of files/folders modified in the last 1 months======
2009-06-17 12:56:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-06-17 12:53:17 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-06-17 12:24:37 —-D—- C:WINDOWSsystem32
2009-06-17 12:24:36 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-06-17 12:23:03 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-17 18:08:26 —-D—- C:Documents and SettingsAdministratorApplication DatauTorrent
2009-03-17 18:07:51 —-D—- C:Program FilesMozilla Firefox
2009-03-17 18:03:27 —-D—- C:WINDOWSPrefetch
2009-03-17 16:18:16 —-D—- C:Documents and SettingsAdministratorApplication DataAIMP
2009-03-16 15:14:40 —-D—- C:WINDOWS
2009-03-15 22:05:26 —-SD—- C:WINDOWSDownloaded Program Files
2009-03-15 22:05:24 —-HD—- C:WINDOWSinf
2009-03-14 20:41:09 —-D—- C:WINDOWSsystem32config
2009-03-14 15:05:28 —-D—- C:WINDOWSsystem32drivers
2009-03-14 15:05:24 —-D—- C:WINDOWSsystem32CatRoot
2009-03-14 15:05:14 —-SHD—- C:WINDOWSInstaller
2009-03-14 15:05:13 —-D—- C:WINDOWSWinSxS
2009-03-14 15:05:00 —-RD—- C:Program Files
2009-03-14 14:23:01 —-D—- C:Program FilesFinale 2006
2009-03-13 18:40:40 —-D—- C:WINDOWSHelp
2009-03-13 16:52:14 —-D—- C:Program FilesCommon Files
2009-03-12 23:30:30 —-SHD—- C:System Volume Information
2009-03-12 23:30:30 —-D—- C:WINDOWSsystem32Restore
2009-03-12 22:51:32 —-A—- C:WINDOWSsystem.ini
2009-03-12 22:49:20 —-D—- C:WINDOWSAppPatch
2009-03-11 21:04:05 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-11 21:04:02 —-A—- C:WINDOWSimsins.BAK
2009-03-11 17:16:43 —-HD—- C:WINDOWS$hf_mig$
2009-03-09 23:21:06 —-A—- C:WINDOWSdemdata.txt
2009-03-09 18:28:29 —-D—- C:Documents and SettingsAll UsersApplication DataPlayFirst
2009-03-09 18:28:29 —-D—- C:Documents and SettingsAdministratorApplication DataPlayFirst
2009-03-08 21:53:35 —-A—- C:WINDOWSODBC.INI
2009-03-07 19:55:04 —-D—- C:WINDOWSsystem32appmgmt
2009-03-07 19:54:58 —-SD—- C:WINDOWSTasks
2009-03-03 15:48:37 —-SD—- C:Documents and SettingsAdministratorApplication DataMicrosoft
2009-03-02 21:19:23 —-A—- C:WINDOWSUpdateClientUI.INI
2009-03-02 15:45:39 —-HD—- C:Program FilesInstallShield Installation Information
2009-03-01 22:46:56 —-A—- C:WINDOWSwin.ini
2009-03-01 22:46:52 —-D—- C:Program FilesWindows Media Player
2009-02-28 18:21:50 —-D—- C:Documents and SettingsAdministratorApplication DataAdobe
2009-02-25 12:55:00 —-A—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 SandBox;SandBox; ??C:WINDOWSsystem32driversSandBox.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 afw;Agnitum firewall driver; C:WINDOWSsystem32DRIVERSafw.sys [2008-06-20 30864]
R3 afwcore;afwcore; C:WINDOWSsystem32driversafwcore.sys [2009-02-10 257432]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-15 60800]
R3 ASWFilt;ASWFilt; ??C:WINDOWSsystem32FiltASWFilt.dll []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:WINDOWSsystem32DRIVERSatl01_xp.sys [2006-10-31 35840]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-15 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-12-26 6301344]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 ach6s36y;ach6s36y; C:WINDOWSsystem32driversach6s36y.sys []
S3 npkcrypt;npkcrypt; ??E:Avadonsystemnpkcrypt.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-12-26 163908]
S2 acssrv;Agnitum Client Security Service; C:PROGRA~1AgnitumOUTPOS~1acs.exe [2009-03-02 1267016]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2009-01-31 14336]
EOF
info.txt logfile of random’s system information tool 1.05 2009-03-11 20:28:29======Uninstall list======
«Грибная эра»—>E:GamesMushroom AgeUninstal.exe
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuninstall.exe»
3D Fish School Screen Saver 4.7—>»C:Program Files3D Fish School 4unins000.exe»
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
AIMP2—>C:Program FilesAIMP2Uninstall.exe
Attansic Giga Ethernet Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1F698102-5739-441E-96F0-74F4EA540F06}setup.exe» -l0x9
Attansic L1 Gigabit Ethernet Driver—>rundll32.exe C:WINDOWSsystem32AttansicL1atcInst.dll,AtcUninst C:WINDOWSsystem32AttansicL1 x86 1969 1048 L1
Finale 2006—>C:WINDOWSunvise32.exe C:Program FilesFinale 2006uninstal.log
Finale 2007—>C:WINDOWSunvise32.exe C:Program FilesFinale 2007uninstal.log
Garritan Ambiance Installer—>C:Program FilesFinale 2007uninstallAmbience.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Kit Local Version 1.1—>C:Program FilesSchool-PlusKit Local VersionUninstall.exe
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Native Instruments Finale GPO 2.0—>C:PROGRA~1FINALE~1.0UNWISE.EXE C:PROGRA~1FINALE~1.0INSTALL.LOG
Nero Lite 9.2.6.0 Build.2.0—>»C:Program FilesNeroUninstalluninstall.exe» «/U:C:Program FilesNeroUninstalluninstall.xml»
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
Outpost Firewall Pro—>»C:Program FilesAgnitumOutpost Firewall Prounins000.exe»
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Stamina 2.5—>»C:Program FilesStaminauninstall.exe»
The KMPlayer (remove only)—>»C:Program FilesThe KMPlayeruninstall.exe»
The Sims 2 Free Time—>»C:Program FilesInstallShield Installation Information{8C4F7D50-DA00-48BE-A9E9-E0A9CE8800F0}setup.exe» -runfromtemp -l0x0419 -removeonly
The Sims 2 Free Time—>MsiExec.exe /I{8C4F7D50-DA00-48BE-A9E9-E0A9CE8800F0}
The Sims—>E:GamesTHESIM~1UNWISE.EXE E:GamesTHESIM~1INSTALL.LOG
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Томск 01.03.2009—>MsiExec.exe /X{9AB91C6F-DC5A-4750-A8C7-3E2C9E24735F}
Данные ДубльГИС г.Челябинск 01.03.2009—>MsiExec.exe /X{6CE4A31D-753D-407F-BC7A-C96A17570973}
ДубльГИС 3.0.4.2—>MsiExec.exe /X{EBF56A8E-3483-4704-98B8-7685891F8EA7}
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для проигрывателя Windows Media 11 — (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Как достать студента. Переполох в общаге—>E:GamesКак достать студентаUninstall.exe
Обеденный переполох—>E:GamesОбеденный переполохUninstall.exe
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Океан Эльфов—>C:WINDOWSIsUninst.exe -f»C:Program FilesSnowball InteractiveOEDeIsL1.isu»
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Свадебный переполох 2—>»E:GamesСвадебный Переполох 2unins000.exe»
СеверскГИС для ПК—>C:Program FilesK-SoftСеверскГИСUninstall.exe
Соло на клавиатуре 9.0—>»C:Program FilesSolo9Uninstall.exe» «C:Program FilesSolo9install.log»
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
FW: Outpost Firewall Pro
System event log
Computer Name: HOME
Event Code: 4377
Message: Windows XP Hotfix KB954211 was installed.Record Number: 1333
Source Name: NtServicePack
Time Written: 20090201012703.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: HOME
Event Code: 19
Message: Установка завершена: следующее обновление было успешно установлено: Обновление системы безопасности для Windows XP (KB956841)Record Number: 1332
Source Name: Windows Update Agent
Time Written: 20090201012700.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 4377
Message: Windows XP Hotfix KB956841 was installed.Record Number: 1331
Source Name: NtServicePack
Time Written: 20090201012700.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: HOME
Event Code: 19
Message: Установка завершена: следующее обновление было успешно установлено: Обновление для системы безопасности браузера Internet Explorer 6 для Windows XP (960714)Record Number: 1330
Source Name: Windows Update Agent
Time Written: 20090201012654.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 4377
Message: Windows XP Hotfix KB960714 was installed.Record Number: 1329
Source Name: NtServicePack
Time Written: 20090201012654.000000+360
Event Type: информация
User: NT AUTHORITYSYSTEMApplication event log
Computer Name: HOME
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090105182956.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090105182953.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090105182730.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090105182705.000000+360
Event Type: информация
User:Computer Name: HOME
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090105182705.000000+360
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
«PROCESSOR_REVISION»=0f0b
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Проверим ещё одно программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Выключила свой Outpost,но снова забыла указать в его настройках, чтобы антивирусник автоматически не включался после загрузки компьютера
Лог ComboFix
ComboFix 09-03-19.01 — Administrator 2009-03-20 17:32:10.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1634 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-15 22:05 . 2009-03-15 22:05 d
c:windowssystem32Kaspersky Lab
2009-03-15 22:05 . 2009-03-15 22:05 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-14 15:05 . 2009-03-20 13:41 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 —a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2009-03-09 19:42 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 —a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 —a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 —a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 —a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 —a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 —a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 —a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 —a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 —a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 —a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 —a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 —a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 —a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 —a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 —a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 —a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 —a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 18:01 . 2009-02-21 18:01 d-a
c:program filesCoolReader 3.0.8
2009-02-21 17:56 . 2009-02-21 17:57 d
c:documents and settingsAdministratorApplication Datacr3
2009-02-20 20:07 . 2001-10-19 20:33 12,160 —a
c:windowssystem32driversmouhid.sys
2009-02-20 20:07 . 2001-10-19 20:33 12,160 —a—c— c:windowssystem32dllcachemouhid.sys
2009-02-20 20:06 . 2008-04-14 00:15 10,368 —a
c:windowssystem32drivershidusb.sys
2009-02-20 20:06 . 2008-04-14 00:15 10,368 —a—c— c:windowssystem32dllcachehidusb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 11:33
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-20 11:21
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-24 16:54
d
w c:program filesMicrosoft.NET
2009-01-24 16:46 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-01-18 12:04 632 —-a-w C:settings.dat
2008-12-23 15:58 453,152 —-a-w c:windowssystem32NVUNINST.EXE
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2009-03-02 1225032]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
.
Contents of the ‘Scheduled Tasks’ folder2009-03-19 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 17:36:24
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B675C0C6-8153-8E1B-81BF-FF020DD1E204}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
«maapkpfojkmlacbjjmdjndaacf»=hex:6b,61,64,6b,67,6e,67,63,66,61,70,67,6a,68,70,
63,6a,61,65,6f,69,70,00,00
«maapkpfojkmlacmienmmdlofco»=hex:65,61,6a,6a,61,63,68,6c,61,67,00,67
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-20 17:38:09 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 11:38:06Pre-Run: 33 278 009 344 байт свободно
Post-Run: 33,286,086,656 байт свободно192 — E O F — 2009-03-14 08:20:38
После загрузки компьютера мой Outpost, как обычно после работы ComboFix’a, указал на обнаружение «опасных файлов».
Нужно ли мне их удалять? Или эти файлы создаются ComoboFix’ом, ошибочно принимаемые антивирусником как опасные?
При удалении Combofix’a они исчезнут?Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
RegNull::
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{B675C0C6-8153-8E1B-81BF-FF020DD1E204}*]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.мой Outpost, как обычно после работы ComboFix’a, указал на обнаружение «опасных файлов».
А на какие конкретно файлы он ругается ?
Мой ругается на следующие файлы:
12:10:17 Обнаружен вредоносный объект «BZub» (Trojan) в hkey_local_machinesoftwaremicrosoftwindowscurrentversioncontrol panelload
12:10:17 Обнаружен вредоносный объект «BiFrost» (Backdoor) в hkey_userss-1-5-21-2000478354-1292428093-1417001333-1003softwarewgetЛог Combofix:
ComboFix 09-03-22.01 — Administrator 2009-03-23 12:05:13.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1582 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdministratorРабочий столCFScript.txt
FW: Outpost Firewall Pro *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.2009-03-22 16:00 . 2009-03-22 16:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-22 15:01 . 2009-03-22 15:01 d
c:program filesInterpretatio
2009-03-20 18:02 . 2009-03-20 21:52 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 15:05 . 2009-03-21 13:22 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 —a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2004-09-06 10:25 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 —a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 —a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 —a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 —a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 —a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 —a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 —a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 —a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 —a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 —a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 —a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 —a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 —a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 —a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 —a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 —a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 —a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 11:56
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-22 10:53
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-02-21 12:01
d—a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-24 16:54
d
w c:program filesMicrosoft.NET
2009-01-24 16:46 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-01-18 12:04 632 —-a-w C:settings.dat
2008-12-23 15:58 453,152 —-a-w c:windowssystem32NVUNINST.EXE
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
.
Contents of the ‘Scheduled Tasks’ folder2009-03-21 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 12:06:29
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-03-23 12:07:58
ComboFix-quarantined-files.txt 2009-03-23 06:07:56
ComboFix2.txt 2009-03-20 11:38:09Pre-Run: 33 256 206 336 байт свободно
Post-Run: 33,268,654,080 байт свободно166 — E O F — 2009-03-14 08:20:38
Combofix лог выглядит нормально.
Как сейчас работает компьютер ? Антивирус находит что-либо ?Firewall стоит и обнаруживает только атаки разных IP на мой компьютер (Scan).
Звук продолжает барахлить, компьютер тормозит (мышка не двигается порой). Кстати это происходит как при запуске различных приложений (например браузер, utorrent,Другие программы) так и при бездействии. Раньше такого не случалось. Не знаю что и делать…Проверим ваш компьютер с помощью программы которая ищет руткиты.
Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.В ваш ответ вставьте получившийся GMER лог и свежий Combofix лог.
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 00:31:06
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB2B13A60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB2AF8BF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB2B15920]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB2AF4F60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB2B00090]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB2B0C2B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB2B0CBB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB2AF3D10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB2AFFE40]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB2B0AD70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB2B18F30]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB2AFEB20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB2B01900]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB2B083A0]
SSDT spdy.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spdy.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB2B09BB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB2AFF6B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB2AF7C10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2B00FC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB2B0ECA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB2AF4580]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB2B0E060]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB2B14DA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB2AF98A0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB2B03750]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB2B03FA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2B12ED0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB2B07590]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB2B05500]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB2B17A50]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB2B17D70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB2B06D20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB2B05C80]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB2B064D0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB2B16480]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB2B12440]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xB2B19520]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2AFABF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB2B091C0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB2B04820]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2B11190]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB2B11AC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB2B18770]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB2B0F790]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2B10620]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB2B0A530]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB2B142B0]
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89A45BF8
INT 0x73 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89A45BF8
INT 0x83 ? 89BE3BF8
INT 0x84 ? 89A45BF8
INT 0xA4 ? 89A45BF8
INT 0xB4 ? 89A45BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [90, 11, B1, B2, C0, 1A, B1, ...]
? spdy.sys Íå óäàåòñÿ íàéòè óêàçàííûé ôàéë. !
.text USBPORT.SYS!DllUnload B84DE8AC 5 Bytes JMP 89A451D8
? System32Driversa8943f91.SYS Ñèñòåìå íå óäàåòñÿ íàéòè óêàçàííûé ïóòü. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spdy.sys
IAT SystemRootsystem32DRIVERSndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSraspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSpsched.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootSystem32DriversNDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSarp1394.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device FileSystemNtfs Ntfs 89BE21F8
Device FileSystemFastfat FatCdrom 87C281F8
Device DriverTcpip DeviceIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverPCI_PNP6566 Device0000043 spdy.sys
Device Driverusbuhci DeviceUSBPDO-0 89A5F1F8
Device Driverdmio DeviceDmControlDmIoDaemon 89C541F8
Device Driverdmio DeviceDmControlDmConfig 89C541F8
Device Driverdmio DeviceDmControlDmPnP 89C541F8
Device Driverdmio DeviceDmControlDmInfo 89C541F8
Device Driverusbuhci DeviceUSBPDO-1 89A5F1F8
Device Driverusbehci DeviceUSBPDO-2 89A411F8
Device Driverusbuhci DeviceUSBPDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBPDO-4 89A5F1F8
Device DriverTcpip DeviceTcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBPDO-5 89A5F1F8
Device Driverusbehci DeviceUSBPDO-6 89A411F8
Device DriverFtdisk DeviceHarddiskVolume1 89BE41F8
Device DriverFtdisk DeviceHarddiskVolume2 89BE41F8
Device DriverCdrom DeviceCdRom0 899F11F8
Device DriverFtdisk DeviceHarddiskVolume3 89BE41F8
Device DriverCdrom DeviceCdRom1 899F11F8
Device DriverCdrom DeviceCdRom2 899F11F8
Device DriverNetBT DeviceNetBt_Wins_Export 893831F8
Device DriverNetBT DeviceNetbiosSmb 893831F8
Device Driversptd Device2574426566 spdy.sys
Device DriverTcpip DeviceUdp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverTcpip DeviceRawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBFDO-0 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-1 89A5F1F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 8839E1F8
Device DriverTcpip DeviceIPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbehci DeviceUSBFDO-2 89A411F8
Device FileSystemMRxSmb DeviceLanmanRedirector 8839E1F8
Device Driverusbuhci DeviceUSBFDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-4 89A5F1F8
Device DriverFtdisk DeviceFtControl 89BE41F8
Device Driverusbuhci DeviceUSBFDO-5 89A5F1F8
Device Driverusbehci DeviceUSBFDO-6 89A411F8
Device Drivera8943f91 DeviceScsia8943f911 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target0Lun0 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target1Lun0 899AB500
Device FileSystemFastfat Fat 87C281F8
Device FileSystemCdfs Cdfs 898FB500
---- Registry - GMER 1.0.15 ----
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
---- EOF - GMER 1.0.15 ----ComboFix 09-03-23.01 - Administrator 2009-03-26 0:40:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1571 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-25 13:43 . 2009-03-25 13:48 d
c:program filesmIRC
2009-03-25 13:33 . 2009-03-25 13:37 d
c:program filesDenS-mIRC
2009-03-25 12:56 . 2009-03-25 12:56 361,600 --a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-24 23:16 . 2001-09-19 21:47 765,952 --a
c:windowssystemcrlds3d.dll
2009-03-24 23:16 . 2006-03-18 02:18 392,960 --a
c:windowssystem32driverssenfilt.sys
2009-03-24 23:16 . 2008-07-10 18:22 334,336 --a
c:windowssystem32driversADIHdAud.sys
2009-03-24 23:16 . 2007-10-17 23:37 28,672 --a
c:windowssystem32PostProc.dll
2009-03-24 21:03 . 2009-03-24 21:03 d
c:program filesInterpretatio
2009-03-23 14:22 . 2009-03-23 14:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 12:42 . 2009-03-25 19:05 d
c:program filesAlawar.ru
2009-03-23 12:25 . 2009-03-23 12:25 d
c:program filesVirtualDubMod
2009-03-22 16:00 . 2009-03-22 16:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 18:02 . 2009-03-20 21:52 d
c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 15:05 . 2009-03-25 12:13 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 --a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 --a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 --a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 --a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2004-09-06 10:25 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 --a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 --a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 --a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 --a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 --a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 --a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 --a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 --a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 --a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 --a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 --a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 --a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 --a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 --a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 --a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 --a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 --a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a--c--- c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 17:58
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-25 16:12
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-25 06:56 361,600 ----a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d--h--w c:program filesInstallShield Installation Information
2009-02-21 12:01
d---a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 ----a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 ----a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-18 12:04 632 ----a-w C:settings.dat
2006-06-23 06:48 32,768 ----a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 17:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 18:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32ctfmon.exe" [2008-04-15 15360]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-12-26 86016]
"2gis update client UI"="c:program files2gisUpdateClientWin32UpdateClientUI.exe" [2008-09-17 4055040]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-06-12 34672]
"OutpostFeedBack"="c:program filesAgnitumOutpost Firewall Profeedback.exe" [2009-03-02 433480]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2008-04-15 1040384]
"nwiz"="nwiz.exe" [2008-12-26 c:windowssystem32nwiz.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"c:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\sessmgr.exe"=
"c:\Program Files\uTorrent\utorrent.exe"=
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
*Deregistered* - DwShield00006C58
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
- c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web - http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores - {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} - c:progra~1Solo9SoloRes.dll
FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 00:41:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-26 0:42:41
ComboFix-quarantined-files.txt 2009-03-25 18:42:39
ComboFix2.txt 2009-03-23 06:08:00
Pre-Run: 33 174 167 552 байт свободно
Post-Run: 33,177,890,816 байт свободно
183 --- E O F --- 2009-03-14 08:20:38Оба лога ничего странного не показывают.
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.Просканировала KIS’oм и выкладываю результаты сканирования:
[attachment=0:27bcignu]Scan by KIS.txt[/attachment:27bcignu]Касперский ничего не нашёл.
Поэтому наиболее очевидно, что причина не стабильной работы компьютера это какие-то установленные программы.
Опишите как сейчас работает компьютер и приложите свежий Combofix лог.Пожалуйста этот лог не помещайте в code контейнер, просто вставьте как обыкновенный текст.
ComboFix 09-03-30.02 — Administrator 2009-03-31 17:08:47.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1660 [GMT 7:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *enabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.2009-03-29 18:42 . 2009-03-29 18:42 d
c:windowssystem32Kaspersky Lab
2009-03-29 18:42 . 2009-03-29 18:42 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-25 14:43 . 2009-03-25 14:48 d
c:program filesmIRC
2009-03-25 14:33 . 2009-03-25 14:37 d
c:program filesDenS-mIRC
2009-03-25 13:56 . 2009-03-25 13:56 361,600 —a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-25 00:16 . 2001-09-19 22:47 765,952 —a
c:windowssystemcrlds3d.dll
2009-03-25 00:16 . 2006-03-18 03:18 392,960 —a
c:windowssystem32driverssenfilt.sys
2009-03-25 00:16 . 2008-07-10 19:22 334,336 —a
c:windowssystem32driversADIHdAud.sys
2009-03-25 00:16 . 2007-10-18 00:37 28,672 —a
c:windowssystem32PostProc.dll
2009-03-24 22:03 . 2009-03-24 22:03 d
c:program filesInterpretatio
2009-03-23 15:22 . 2009-03-23 15:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 13:42 . 2009-03-25 20:05 d
c:program filesAlawar.ru
2009-03-23 13:25 . 2009-03-23 13:25 d
c:program filesVirtualDubMod
2009-03-22 17:00 . 2009-03-22 17:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 19:02 . 2009-03-20 22:52 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-20 16:27 . 2009-03-20 16:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 16:05 . 2009-03-30 12:05 d
c:windowssystem32Filt
2009-03-14 16:05 . 2009-03-14 16:05 d
c:program filesAgnitum
2009-03-14 16:05 . 2009-02-26 11:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 16:05 . 2009-02-10 17:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 16:05 . 2008-06-20 10:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 16:05 . 2009-01-16 12:14 49 —a
c:windowstransp.gif
2009-03-14 16:04 . 2009-03-14 16:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 15:53 . 2009-03-14 15:53 d
c:program filesYandex
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 20:42 . 2004-09-06 11:25 d
c:program filesDjvuReader
2009-03-09 19:21 . 2009-03-09 19:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 17:42 . 2009-03-09 17:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 17:42 . 2009-03-09 17:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 17:41 . 2009-03-09 17:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 17:40 . 2009-03-14 15:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 17:39 . 2009-03-09 17:40 d
c:program filesDAEMON Tools Lite
2009-03-09 17:39 . 2009-03-09 17:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 17:15 . 2009-03-07 20:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 23:46 . 2009-03-01 23:46 d
c:windowssystem32LogFiles
2009-03-01 23:46 . 2009-03-01 23:46 d
c:windowssystem32driversUMDF
2009-03-01 23:46 . 2009-03-01 23:46 d
c:program filesWindows Media Connect 2
2009-03-01 14:01 . 2008-10-30 20:24 d
c:program filesPlugins
2009-03-01 14:01 . 2008-10-30 20:52 d
c:program filesLangs
2009-03-01 14:01 . 2008-10-30 20:24 d
c:program filesHelp
2009-02-28 20:12 . 2000-07-10 12:04 155,648 —a
c:windowsRusUinst.exe
2009-02-28 20:12 . 1998-06-25 16:13 28,160 —a
c:windowsUnSetup.exe
2009-02-28 19:40 . 1998-09-02 15:02 194,320 —a
c:windowssystem32qcut.dll
2009-02-28 19:40 . 1998-08-27 11:51 182,032 —a
c:windowssystem32dxtmsft3.dll
2009-02-28 19:40 . 1998-08-20 18:02 140,800 —a
c:windowssystem32tm20dec.ax
2009-02-28 19:40 . 1998-09-02 15:28 63,488 —a
c:windowssystem32unam4ie.exe
2009-02-28 19:40 . 1998-09-02 15:28 38,160 —a
c:windowssystem32LMRTREND.dll
2009-02-28 19:40 . 1998-08-17 16:21 11,776 —a
c:windowssystem32mciqtz.drv
2009-02-28 19:40 . 1998-08-17 16:21 10,240 —a
c:windowssystem32vidx16.dll
2009-02-28 19:40 . 1998-08-17 16:21 5,672 —a
c:windowssystem32quartz.vxd
2009-02-28 19:40 . 2009-02-28 19:40 4,608 —a
c:windowssystem32w95inf32.dll
2009-02-28 19:40 . 2009-02-28 19:40 2,272 —a
c:windowssystem32w95inf16.dll
2009-02-28 19:38 . 1998-01-19 18:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 19:38 . 2009-02-28 19:38 306 —a
c:windowsQTW.INI
2009-02-28 19:37 . 2009-02-28 19:38 30 —a
c:windowsRESULT.QTW
2009-02-28 19:34 . 2009-02-28 19:37 63 —a
c:windowsMaris.ini
2009-02-28 19:33 . 2009-02-28 19:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 19:33 . 1996-11-06 12:58 302,592 —a
c:windowsunin0419.exe
2009-02-28 19:19 . 2009-02-28 19:20 d
c:program filesCommon FilesAdobe
2009-02-28 19:00 . 1998-10-02 20:00 327,168 —a
c:windowsIsUninst.exe
2009-02-26 23:57 . 2008-04-14 01:17 25,856 —a
c:windowssystem32driversusbprint.sys
2009-02-26 23:57 . 2008-04-14 01:17 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-02-26 19:48 . 2009-02-26 19:48 d
c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 19:01 . 2009-02-21 19:01 d-a
c:program filesCoolReader 3.0.8
2009-02-21 18:56 . 2009-02-21 18:57 d
c:documents and settingsAdministratorApplication Datacr3
2009-02-20 21:07 . 2001-10-19 21:33 12,160 —a
c:windowssystem32driversmouhid.sys
2009-02-20 21:07 . 2001-10-19 21:33 12,160 —a—c— c:windowssystem32dllcachemouhid.sys
2009-02-20 21:06 . 2008-04-14 01:15 10,368 —a
c:windowssystem32drivershidusb.sys
2009-02-20 21:06 . 2008-04-14 01:15 10,368 —a—c— c:windowssystem32dllcachehidusb.sys
2009-02-17 23:54 . 2009-02-17 23:54 d
c:program filesNative Instruments
2009-02-17 23:54 . 2009-02-17 23:56 d
c:program filesFinale GPO 2.0
2009-02-17 23:54 . 2006-05-19 17:54 393,216 —a
c:windowssystem32NI_IRC_1_1.dll
2009-02-17 23:54 . 2005-04-04 19:00 393,216 —a
c:windowssystem32NI_IRC_1_0_3.dll
2009-02-17 23:54 . 2006-07-11 17:16 61,440 —a
c:windowssystem32NI_DFD_1_4.dll
2009-02-17 23:52 . 2009-03-30 12:04 d
c:program filesFinale 2007
2009-02-17 23:35 . 2009-02-17 23:53 d
C:Psfonts
2009-02-17 23:34 . 2009-03-14 15:23 d
c:program filesFinale 2006
2009-02-17 23:34 . 2009-02-17 23:34 573 —a
c:windowswiniini.fin
2009-02-16 23:57 . 2009-02-16 23:57 d
c:program filesSolo9
2009-02-16 23:57 . 2009-02-16 23:57 d
c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 18:37 . 2009-02-15 18:37 d
c:program filesuTorrent
2009-02-14 23:16 . 2009-03-02 22:19 208 —a
c:windowsUpdateClientUI.INI
2009-02-13 16:01 . 2009-03-31 17:07 d
c:documents and settingsAdministratorApplication DatauTorrent
2009-02-12 20:34 . 2009-02-12 20:34 1,172 —a
c:windowsmozver.dat
2009-02-12 18:40 . 2009-02-12 18:40 0 —a
c:windowsnsreg.dat
2009-02-12 18:24 . 2009-02-12 18:24 d
c:program files2gis
2009-02-12 18:05 . 2009-02-12 18:05 d
c:documents and settingsAdministratorApplication DataGrym
2009-02-12 17:53 . 2009-02-12 18:09 d
c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 17:30 . 2009-02-12 17:30 d
c:program filesK-Soft
2009-02-10 18:49 . 2008-12-21 06:03 6,066,688
c— c:windowssystem32dllcacheieframe.dll
2009-02-10 18:49 . 2007-04-17 16:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2009-02-10 18:49 . 2007-03-08 12:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2009-02-10 18:49 . 2008-12-21 06:03 459,264
c— c:windowssystem32dllcachemsfeeds.dll
2009-02-10 18:49 . 2008-12-21 06:03 383,488
c— c:windowssystem32dllcacheieapfltr.dll
2009-02-10 18:49 . 2008-12-21 06:03 267,776
c— c:windowssystem32dllcacheiertutil.dll
2009-02-10 18:49 . 2008-12-21 06:03 63,488
c— c:windowssystem32dllcacheicardie.dll
2009-02-10 18:49 . 2008-12-21 06:03 52,224
c— c:windowssystem32dllcachemsfeedsbs.dll
2009-02-10 18:49 . 2008-12-19 16:10 13,824
c— c:windowssystem32dllcacheieudinit.exe
2009-02-08 01:52 . 2009-02-08 01:52 d
c:program filesMSXML 4.0
2009-02-07 22:17 . 2002-01-05 04:40 487,424 —a
c:windowssystem32Msvcp70.dll
2009-02-07 22:17 . 2004-08-18 13:34 442,368 —a
c:windowssystem32vp6vfw.dll
2009-02-07 22:17 . 2002-01-05 07:37 344,064 —a
c:windowssystem32Msvcr70.dll
2009-02-07 22:17 . 2004-08-06 14:49 265,785 —a
c:windowssystem32pixomatic.dll
2009-02-07 22:17 . 2004-01-06 11:43 188,416 —a
c:windowssystem32eax.dll
2009-02-07 22:17 . 2004-10-18 15:04 161,280 —a
c:windowssystem32fmod.dll
2009-02-07 22:17 . 2002-02-04 03:43 82,432 —a
c:windowssystem32msxml4r.dll
2009-02-07 22:17 . 2002-01-05 04:38 54,784 —a
c:windowssystem32msvci70.dll
2009-02-07 22:17 . 2002-02-01 08:00 22,016 —a
c:windowssystem32borlndmm.dll
2009-02-07 17:21 . 2008-06-15 00:35 272,512
c:windowssystem32driversbthport.sys
2009-02-07 17:21 . 2008-06-15 00:35 272,512
c— c:windowssystem32dllcachebthport.sys
2009-02-07 17:18 . 2009-02-07 17:20 d
c:windowssystem32NtmsData
2009-02-01 02:17 . 2008-08-14 20:26 2,190,976
c— c:windowssystem32dllcachentoskrnl.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,147,328
c— c:windowssystem32dllcachentkrnlmp.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,067,840
c— c:windowssystem32dllcachentkrnlpa.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,025,984
c— c:windowssystem32dllcachentkrpamp.exe
2009-02-01 02:10 . 2008-10-24 18:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-02-01 01:51 . 2009-03-11 18:16 d—h
c:windows$hf_mig$
2009-02-01 01:51 . 2007-07-27 10:41 26,488 —a
c:windowssystem32spupdsvc.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 14:43
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-30 04:51
d
w c:program filesNero
2009-03-25 06:56 361,600 —-a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-18 12:04 632 —-a-w C:settings.dat
2008-12-23 15:58 453,152 —-a-w c:windowssystem32NVUNINST.EXE
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2008-12-05 06:57 144,896 —-a-w c:windowssystem32schannel.dll
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 18:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 19:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2008-04-15 1040384]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
.
Contents of the ‘Scheduled Tasks’ folder2009-03-30 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 19:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:09:59
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{897B7768-C70E-C0DE-BBAB-739DB4D9838D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
«jacjbhbapdocbnljnjaf»=hex:62,61,67,70,00,00
«jacjbhbapdocbnljnjme»=hex:62,61,64,70,00,00
«iaciglnpcmbbkjgenh»=hex:6b,61,62,70,6c,66,63,62,67,6f,6e,69,64,67,68,67,62,70,
62,6f,6a,6a,00,00
«hagjfjjilhmoipdj»=hex:61,62,62,69,63,68,61,68,68,6b,63,70,6f,6a,6a,61,67,6f,
68,69,6c,6f,6f,61,69,61,63,6f,63,61,64,6a,66,6f,00,00
«jahjchdopolfihckdggn»=hex:64,62,6e,69,64,69,64,64,70,63,6e,65,6b,6c,63,69,65,
6b,6a,6b,67,65,66,64,65,6c,62,61,62,6d,6f,6b,6e,68,61,63,6a,6b,6f,65,00,00
«haeipjdhjomfipen»=hex:6b,61,62,70,6c,66,63,62,67,6f,6e,69,64,67,6d,67,6f,6f,
61,62,63,6c,00,00
.
Completion time: 2009-03-31 17:11:28
ComboFix-quarantined-files.txt 2009-03-31 10:11:26
ComboFix2.txt 2009-03-25 18:42:41Pre-Run: 34 410 795 008 байт свободно
Post-Run: 34,404,618,240 байт свободно236 — E O F — 2009-03-14 08:20:38
Хмм, Combofix показал новый троян на вашем компьютере.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
RegNull::
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{897B7768-C70E-C0DE-BBAB-739DB4D9838D}*]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-04-03.01 — Administrator 2009-04-04 18:01:57.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1672 [GMT 7:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdministratorРабочий столCFScript.txt
FW: Outpost Firewall Pro *enabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.2009-04-01 22:10 . 2009-04-01 22:10 d
c:documents and settingsAdministratorApplication DataImgBurn
2009-04-01 22:05 . 2009-04-01 22:05 d
c:program filesImgBurn
2009-03-29 18:42 . 2009-03-29 18:42 d
c:windowssystem32Kaspersky Lab
2009-03-29 18:42 . 2009-03-29 18:42 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-25 14:43 . 2009-03-25 14:48 d
c:program filesmIRC
2009-03-25 14:33 . 2009-03-25 14:37 d
c:program filesDenS-mIRC
2009-03-25 13:56 . 2009-03-25 13:56 361,600 —a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-25 00:16 . 2001-09-19 22:47 765,952 —a
c:windowssystemcrlds3d.dll
2009-03-25 00:16 . 2006-03-18 03:18 392,960 —a
c:windowssystem32driverssenfilt.sys
2009-03-25 00:16 . 2008-07-10 19:22 334,336 —a
c:windowssystem32driversADIHdAud.sys
2009-03-25 00:16 . 2007-10-18 00:37 28,672 —a
c:windowssystem32PostProc.dll
2009-03-24 22:03 . 2009-03-24 22:03 d
c:program filesInterpretatio
2009-03-23 15:22 . 2009-03-23 15:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 13:42 . 2009-03-25 20:05 d
c:program filesAlawar.ru
2009-03-23 13:25 . 2009-03-23 13:25 d
c:program filesVirtualDubMod
2009-03-22 17:00 . 2009-03-22 17:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 19:02 . 2009-03-20 22:52 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-20 16:27 . 2009-03-20 16:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 16:05 . 2009-04-03 22:55 d
c:windowssystem32Filt
2009-03-14 16:05 . 2009-03-14 16:05 d
c:program filesAgnitum
2009-03-14 16:05 . 2009-02-26 11:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 16:05 . 2009-02-10 17:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 16:05 . 2008-06-20 10:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 16:05 . 2009-01-16 12:14 49 —a
c:windowstransp.gif
2009-03-14 16:04 . 2009-03-14 16:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 15:53 . 2009-03-14 15:53 d
c:program filesYandex
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 20:42 . 2004-09-06 11:25 d
c:program filesDjvuReader
2009-03-09 19:21 . 2009-03-09 19:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 17:42 . 2009-03-09 17:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 17:42 . 2009-03-09 17:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 17:41 . 2009-03-09 17:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 17:40 . 2009-03-14 15:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 17:39 . 2009-03-09 17:40 d
c:program filesDAEMON Tools Lite
2009-03-09 17:39 . 2009-03-09 17:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 17:15 . 2009-03-07 20:54 d
c:documents and settingsAll UsersApplication DataDoctor Web.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 10:54
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-04-03 17:50
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-30 05:04
d
w c:program filesFinale 2007
2009-03-30 04:51
d
w c:program filesNero
2009-03-25 06:56 361,600 —-a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-03-01 16:46
d
w c:program filesWindows Media Connect 2
2009-02-28 12:40 4,608 —-a-w c:windowssystem32w95inf32.dll
2009-02-28 12:40 2,272 —-a-w c:windowssystem32w95inf16.dll
2009-02-28 12:20
d
w c:program filesCommon FilesAdobe
2009-02-26 12:48
d
w c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 12:01
d—a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-18 12:04 632 —-a-w C:settings.dat
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 18:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 19:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2008-04-15 1040384]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
.
Contents of the ‘Scheduled Tasks’ folder2009-04-02 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 19:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 18:03:12
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-04-04 18:04:42
ComboFix-quarantined-files.txt 2009-04-04 11:04:40
ComboFix2.txt 2009-03-31 10:11:30Pre-Run: 34 810 609 664 байт свободно
Post-Run: 34,802,872,320 байт свободно157 — E O F — 2009-03-14 08:20:38
- Для ответа в этой теме необходимо авторизоваться.
