[Sony]

Ага, я б и сам так написал 🙂
Проблема в том, что Майкрософт секьлюрити ессеншиал тогда не было, а отзывов я не слышал. Имею собственный опыт, что сильно тормозит комп.

[Sony]

Вы знаете, периодически пропадает языковая панель, часто виснет при загрузке обновлений системы или открытии панели управления, при запуске мозилы. Антивирус и брандмауэр вроде перестали самопроизвольно отключаться. Все же у меня подозрение, что тут что-то аппаратное, он у меня старый очень. Но большое спасибо! Еще вопрос, стоит ли мне перейти на майкрософт секьюрити ессеншиал?

[Sony]

Сделано:
ComboFix 10-05-10.05 — main 17.05.2010 4:51.2.1 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.255.101 [GMT 3:00]
Running from: c:documents and settingsmainРабочий столComboFix.exe
Command switches used :: c:documents and settingsmainРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_MEMSWEEP2

---

Service_Cqvmcumpt.1f

---

Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-06 09:09 . 2010-05-06 09:10

---

d

---

w- c:program filestrend micro
2010-05-06 09:09 . 2010-05-06 09:10

---

d

---

w- C:rsit
2010-05-05 11:40 . 2010-05-05 11:40

---

d

---

w- c:documents and settingsmainLocal SettingsApplication DataHelp
2010-05-05 11:38 . 2010-05-05 11:38

---

d

---

w- c:program filesSophos
2010-05-05 09:10 . 2010-05-05 09:10

---

d

---

w- c:documents and settingsLocalServiceApplication DataAvira
2010-05-05 09:08 . 2010-05-05 09:08

---

d

---

r- c:documents and settingsLocalServiceИзбранное

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 15:00 . 2010-02-20 07:08

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-04-29 12:39 . 2010-02-20 07:09 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 12:39 . 2010-02-20 07:08 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-03-30 17:39 . 2010-03-30 17:39 12800 —-a-w- c:documents and settingsmainApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-7939aba4-ndecora-d3d.dll
2010-03-30 17:39 . 2010-03-30 17:39 61440 —-a-w- c:documents and settingsmainApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-7939aba4-ndecora-sse.dll
2010-03-30 17:36 . 2010-02-19 09:05

---

d

---

w- c:program filesJava
2010-03-30 17:35 . 2010-03-30 17:35 79488 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_19gtapi.dll
2010-03-29 17:05 . 2003-05-29 19:00 65280 —-a-w- c:windowssystem32perfc019.dat
2010-03-29 17:05 . 2003-05-29 19:00 422060 —-a-w- c:windowssystem32perfh019.dat
2010-03-26 04:25 . 2010-03-26 04:25

---

d

---

w- c:documents and settingsmainApplication DataAvira
2010-03-25 07:07 . 2010-03-25 07:07

---

d

---

w- c:program filesAvira
2010-03-25 07:07 . 2010-03-25 07:07

---

d

---

w- c:documents and settingsAll UsersApplication DataAvira
2010-03-10 06:17 . 2003-05-29 19:00 420352 —-a-w- c:windowssystem32vbscript.dll
2010-03-09 01:28 . 2010-02-19 15:29 411368 —-a-w- c:windowssystem32deploytk.dll
2010-03-08 09:09 . 2010-02-19 11:10 36568 —-a-w- c:documents and settingsmainLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-01 07:05 . 2010-03-25 07:07 124784 —-a-w- c:windowssystem32driversavipbb.sys
2010-02-25 06:19 . 2003-05-29 19:00 916480 —-a-w- c:windowssystem32wininet.dll
2010-02-24 13:11 . 2003-05-29 19:00 455680 —-a-w- c:windowssystem32driversmrxsmb.sys
2010-02-22 15:25 . 2010-02-22 14:29 45056 —-a-w- c:windowsNCUNINST.EXE
2010-02-19 15:43 . 2010-02-19 15:43 0 —-a-w- c:windowsnsreg.dat
2010-02-19 15:27 . 2010-02-19 15:27 152576 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_17lzma.dll
2010-02-19 15:22 . 2010-02-19 14:48 79488 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_17gtapi.dll
2010-02-19 13:03 . 2010-02-19 13:03 127 —-a-w- c:documents and settingsmainLocal SettingsApplication Datafusioncache.dat
2010-02-19 12:01 . 2010-02-19 08:42 77500 —-a-w- c:windowsPCHealthHelpCtrOfflineCacheindex.dat
2010-02-19 10:36 . 2010-02-19 10:36 15584 —-a-w- c:windowssystem32driversmdc8021x.sys
2010-02-19 08:40 . 2010-02-19 08:40 22564 —-a-w- c:windowssystem32emptyregdb.dat
2010-02-17 11:09 . 2003-05-29 19:00 2191744 —-a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 19:09 . 2002-09-24 11:13 2068608 —-a-w- c:windowssystem32ntkrnlpa.exe
2010-02-16 11:24 . 2010-02-22 18:06 60936 —-a-w- c:windowssystem32driversavgntflt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Apoint»=»c:program filesApoint2KApoint.exe» [2003-10-07 159744]
«AGRSMMSG»=»AGRSMMSG.exe» [2004-01-30 88363]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-04-07 4730880]
«nwiz»=»nwiz.exe» [2004-04-07 323584]
«Cpqset»=»c:program filesHPQDefault Settingscpqset.exe» [2004-03-01 200766]
«eabconfg.cpl»=»c:program filesHPQQuick Launch ButtonsEabServr.exe» [2004-01-13 245760]
«UpdateManager»=»c:program filesCommon FilesSonicUpdate Managersgtray.exe» [2003-08-18 110592]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2003-09-25 114741]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-04-04 36272]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-03-24 952768]
«PEOPLEnet_CCU550″=»c:program filesPEOPLEnetCCU-550BinCMTNFCM.exe» [2006-05-06 208896]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«StatusClient»=»c:program filesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe» [2002-12-16 36864]
«TomcatStartup»=»c:program filesHewlett-PackardToolbox2.0hpbpsttp.exe» [2003-03-31 155648]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2010-03-02 282792]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-02-25 437160]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2010-2-21 113664]

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe»=
«c:\Program Files\QIP Infium\infium.exe»=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [25.03.2010 10:07 135336]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:windowssystem32driverscmusbser.sys [19.02.2010 13:41 97408]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:windowssystem32driverscmo_bus.sys [21.02.2010 11:57 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:windowssystem32driverscmo_mdfl.sys [21.02.2010 11:58 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:windowssystem32driverscmo_mdm.sys [21.02.2010 11:58 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:windowssystem32driverscmo_serd.sys [21.02.2010 11:58 73696]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
uInternet Settings,ProxyOverride =
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office10EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — c:progra~1MICROS~3OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsmainApplication DataMozillaFirefoxProfiles9gluv0ix.default

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 05:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????????9?9?4?4??@???? ???B???????????????B? ??????

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(2540)
c:windowssystem32WININET.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:program filesAviraAntiVir Desktopavguard.exe
c:program filesJavajre6binjqs.exe
c:windowsSystem32nvsvc32.exe
c:program filesAnalog DevicesSoundMAXSMAgent.exe
c:windowsSystem32wltrysvc.exe
c:program filesAviraAntiVir Desktopavshadow.exe
c:windowsSystem32wbemwmiapsrv.exe
c:windowsAGRSMMSG.exe
c:program filesApoint2KApntex.exe
c:program filesHewlett-PackardToolbox2.0JavasoftJRE1.3.1binjavaw.exe
c:windowssystem32wscntfy.exe
c:windowsSystem32bcmwltry.exe
.
**************************************************************************
.
Completion time: 2010-05-17 05:14:18 — machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 02:14
ComboFix2.txt 2010-05-12 05:07

Pre-Run: 3 549 732 864 байт свободно
Post-Run: 3 508 891 648 байт свободно

— — End Of File — — 0F9B42EB7019ECD52A0722EC7B024815

[Sony]

Спасибо! Просканировал. Комбофикс что-то удалил, в том числе какие-то папки HP. После запуска не перезагружался. Сейчас комп работает быстрее. А не может ли это быть аппаратная проблема с видеокартой или глюки FireFox? Лог ниже:
ComboFix 10-05-10.05 — main 12.05.2010 7:54.1.1 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.255.104 [GMT 3:00]
Running from: c:documents and settingsmainРабочий столComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersГлавное менюИнформационный центр HP
c:documents and settingsAll UsersГлавное менюИнформационный центр HP Configuration Record.lnk
c:documents and settingsAll UsersГлавное менюИнформационный центр HP Diagnostics for Windows.lnk
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssystem32msssc.dll

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-06 09:09 . 2010-05-06 09:10

---

d

---

w- c:program filestrend micro
2010-05-06 09:09 . 2010-05-06 09:10

---

d

---

w- C:rsit
2010-05-05 11:40 . 2010-05-05 11:40

---

d

---

w- c:documents and settingsmainLocal SettingsApplication DataHelp
2010-05-05 11:38 . 2010-05-05 11:38

---

d

---

w- c:program filesSophos
2010-05-05 09:10 . 2010-05-05 09:10

---

d

---

w- c:documents and settingsLocalServiceApplication DataAvira
2010-05-05 09:08 . 2010-05-05 09:08

---

d

---

r- c:documents and settingsLocalServiceИзбранное

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 15:00 . 2010-02-20 07:08

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-04-29 12:39 . 2010-02-20 07:09 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 12:39 . 2010-02-20 07:08 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-03-30 17:39 . 2010-03-30 17:39 12800 —-a-w- c:documents and settingsmainApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-7939aba4-ndecora-d3d.dll
2010-03-30 17:39 . 2010-03-30 17:39 61440 —-a-w- c:documents and settingsmainApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-7939aba4-ndecora-sse.dll
2010-03-30 17:36 . 2010-02-19 09:05

---

d

---

w- c:program filesJava
2010-03-30 17:35 . 2010-03-30 17:35 79488 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_19gtapi.dll
2010-03-29 17:05 . 2003-05-29 19:00 65280 —-a-w- c:windowssystem32perfc019.dat
2010-03-29 17:05 . 2003-05-29 19:00 422060 —-a-w- c:windowssystem32perfh019.dat
2010-03-26 04:25 . 2010-03-26 04:25

---

d

---

w- c:documents and settingsmainApplication DataAvira
2010-03-25 07:07 . 2010-03-25 07:07

---

d

---

w- c:program filesAvira
2010-03-25 07:07 . 2010-03-25 07:07

---

d

---

w- c:documents and settingsAll UsersApplication DataAvira
2010-03-10 06:17 . 2003-05-29 19:00 420352 —-a-w- c:windowssystem32vbscript.dll
2010-03-09 01:28 . 2010-02-19 15:29 411368 —-a-w- c:windowssystem32deploytk.dll
2010-03-08 09:09 . 2010-02-19 11:10 36568 —-a-w- c:documents and settingsmainLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-01 07:05 . 2010-03-25 07:07 124784 —-a-w- c:windowssystem32driversavipbb.sys
2010-02-25 06:19 . 2003-05-29 19:00 916480 —-a-w- c:windowssystem32wininet.dll
2010-02-24 13:11 . 2003-05-29 19:00 455680 —-a-w- c:windowssystem32driversmrxsmb.sys
2010-02-22 15:25 . 2010-02-22 14:29 45056 —-a-w- c:windowsNCUNINST.EXE
2010-02-19 15:43 . 2010-02-19 15:43 0 —-a-w- c:windowsnsreg.dat
2010-02-19 15:27 . 2010-02-19 15:27 152576 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_17lzma.dll
2010-02-19 15:22 . 2010-02-19 14:48 79488 —-a-w- c:documents and settingsmainApplication DataSunJavajre1.6.0_17gtapi.dll
2010-02-19 13:03 . 2010-02-19 13:03 127 —-a-w- c:documents and settingsmainLocal SettingsApplication Datafusioncache.dat
2010-02-19 12:01 . 2010-02-19 08:42 77500 —-a-w- c:windowsPCHealthHelpCtrOfflineCacheindex.dat
2010-02-19 10:36 . 2010-02-19 10:36 15584 —-a-w- c:windowssystem32driversmdc8021x.sys
2010-02-19 08:40 . 2010-02-19 08:40 22564 —-a-w- c:windowssystem32emptyregdb.dat
2010-02-17 11:09 . 2003-05-29 19:00 2191744 —-a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 19:09 . 2002-09-24 11:13 2068608 —-a-w- c:windowssystem32ntkrnlpa.exe
2010-02-16 11:24 . 2010-02-22 18:06 60936 —-a-w- c:windowssystem32driversavgntflt.sys
2010-02-12 04:35 . 2003-05-29 19:00 100864 —-a-w- c:windowssystem326to4svc.dll
2010-02-11 12:02 . 2003-05-29 19:00 226880 —-a-w- c:windowssystem32driverstcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Apoint»=»c:program filesApoint2KApoint.exe» [2003-10-07 159744]
«AGRSMMSG»=»AGRSMMSG.exe» [2004-01-30 88363]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-04-07 4730880]
«nwiz»=»nwiz.exe» [2004-04-07 323584]
«Cpqset»=»c:program filesHPQDefault Settingscpqset.exe» [2004-03-01 200766]
«eabconfg.cpl»=»c:program filesHPQQuick Launch ButtonsEabServr.exe» [2004-01-13 245760]
«UpdateManager»=»c:program filesCommon FilesSonicUpdate Managersgtray.exe» [2003-08-18 110592]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2003-09-25 114741]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-04-04 36272]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-03-24 952768]
«PEOPLEnet_CCU550″=»c:program filesPEOPLEnetCCU-550BinCMTNFCM.exe» [2006-05-06 208896]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«StatusClient»=»c:program filesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe» [2002-12-16 36864]
«TomcatStartup»=»c:program filesHewlett-PackardToolbox2.0hpbpsttp.exe» [2003-03-31 155648]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2010-03-02 282792]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-02-25 437160]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2010-2-21 113664]

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe»=
«c:\Program Files\QIP Infium\infium.exe»=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [25.03.2010 10:07 135336]
R3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:windowssystem32driverscmo_bus.sys [21.02.2010 11:57 58352]
R3 cmo_mdfl;Data Modem @ CDMA Filter;c:windowssystem32driverscmo_mdfl.sys [21.02.2010 11:58 8304]
R3 cmo_mdm;Data Modem @ CDMA Drivers;c:windowssystem32driverscmo_mdm.sys [21.02.2010 11:58 93904]
R3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:windowssystem32driverscmo_serd.sys [21.02.2010 11:58 73696]
S3 Cqvmcumpt.1f;Cqvmcumpt.1f; [x]
S3 MEMSWEEP2;MEMSWEEP2;??c:windowssystem32101.tmp —> c:windowssystem32101.tmp [?]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:windowssystem32driverscmusbser.sys [19.02.2010 13:41 97408]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office10EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — c:progra~1MICROS~3OFFICE11EXCEL.EXE/3000
TCP: {6BD385C3-DA12-4538-8719-EB5D2C4894FE} = 77.109.1.8 77.109.1.9
FF — ProfilePath — c:documents and settingsmainApplication DataMozillaFirefoxProfiles9gluv0ix.default

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 08:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????????9?9?4?4??????? ???B???????????????B? ??????

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesMEMSWEEP2]
«ImagePath»=»??c:windowssystem32101.tmp»
.
Completion time: 2010-05-12 08:07:36
ComboFix-quarantined-files.txt 2010-05-12 05:07

Pre-Run: 3 436 244 992 байт свободно
Post-Run: 3 467 022 336 байт свободно

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Home Edition RU» /fastdetect /NoExecute=OptIn

— — End Of File — — F442AA87427338AF0D78820268FCE9D1

[Sony]

попробовал как раз:
GMER 1.0.15.15281 — http://www.gmer.net
Rootkit scan 2010-05-08 16:27:20
Windows 5.1.2600 Service Pack 3
Running: lmft0bep.exe; Driver: C:DOCUME~1mainLOCALS~1Tempuwriruod.sys

—- System — GMER 1.0.15 —-

SSDT F98953BE ZwCreateKey
SSDT F98953B4 ZwCreateThread
SSDT F98953C3 ZwDeleteKey
SSDT F98953CD ZwDeleteValueKey
SSDT F98953D2 ZwLoadKey
SSDT F98953A0 ZwOpenProcess
SSDT F98953A5 ZwOpenThread
SSDT F98953DC ZwReplaceKey
SSDT F98953D7 ZwRestoreKey
SSDT F98953C8 ZwSetValueKey

—- Kernel code sections — GMER 1.0.15 —-

init C:WINDOWSsystem32driverstiumflt.sys entry point in «init» section [0xF9640E00]
init C:WINDOWSsystem32driverstiumfwl.sys entry point in «init» section [0xF956AF00]
.text C:WINDOWSSystem32DRIVERSnv4_mini.sys section is writeable [0xF8AC6340, 0x106FDF, 0xF8000020]
.text C:WINDOWSSystem32nv4_disp.dll section is writeable [0xBF9D6300, 0x238E10, 0xF8000020]

—- Devices — GMER 1.0.15 —-

AttachedDevice DriverKbdclass DeviceKeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice DriverKbdclass DeviceKeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device FileSystemFs_Rec FileSystemUdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device FileSystemFs_Rec FileSystemFatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device FileSystemFs_Rec FileSystemCdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device FileSystemFs_Rec FileSystemFatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device FileSystemFs_Rec FileSystemUdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device FileSystemCdfs Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

—- Registry — GMER 1.0.15 —-

Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet003ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?

—- EOF — GMER 1.0.15 —-

[Автор]

Сообщения