Созданные ответы форума
-
Сообщения
-
Валерий, проблема прошла. Отлечилась Dr.Web (сканером). Спасибо за советы, очень пригодились.
Сегодня при загрузке системы указанных мной симптомов не было. Вернулась ситуация из этой темы. Звук барахлит. Также прилагаю свежий RSIT лог.
P.S. Валерий, на другом компьютере (ноутбуке) в русской раскладке клавиатуры вместо цифр, буквы Ё, знаков препинания выводятся другие знаки.
Не могу разобраться в чем дело. И прилагаю с ноутбука лог в вложенииinfo.txt logfile of random’s system information tool 1.06 2009-08-09 20:47:28
======Uninstall list======
—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuninstall.exe»
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
AIMP2—>C:Program FilesAIMP2Uninstall.exe
Attansic Giga Ethernet Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1F698102-5739-441E-96F0-74F4EA540F06}setup.exe» -l0x9
Attansic L1 Gigabit Ethernet Driver—>rundll32.exe C:WINDOWSsystem32AttansicL1atcInst.dll,AtcUninst C:WINDOWSsystem32AttansicL1 x86 1969 1048 L1
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters—>C:Program FilesDivXDivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
ImgBurn—>»C:Program FilesImgBurnuninstall.exe»
iriver Music Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{072D2077-9E22-4F7F-B817-A92CA6CCC843}setup.exe» -l0x9 anything
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.2)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
QIP 2005 8080—>»C:Program FilesQIPunins000.exe»
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
VC80CRTRedist — 8.0.50727.762—>MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Томск 01.08.2009—>MsiExec.exe /X{84B48E61-3587-4C14-9727-29FD2E70DA6C}
ДубльГИС 3.0.5.4—>MsiExec.exe /X{67A1DF48-1CEA-468C-ADAA-74BA915437D8}
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB969897)—>»C:WINDOWSie8updatesKB969897-IE8spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB963027)—>»C:WINDOWS$NtUninstallKB963027$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB969897)—>»C:WINDOWS$NtUninstallKB969897$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB971180)—>»C:WINDOWSie8updatesKB971180-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
СеверскГИС для ПК—>C:Program FilesK-SoftСеверскГИСUninstall.exe
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}======System event log======
Computer Name: MARINA
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceHarddisk0D во время выполнения операции страничного обмена.Record Number: 7805
Source Name: Disk
Time Written: 20090629152529.000000+420
Event Type: предупреждение
User:Computer Name: MARINA
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceHarddisk0D во время выполнения операции страничного обмена.Record Number: 7804
Source Name: Disk
Time Written: 20090629152527.000000+420
Event Type: предупреждение
User:Computer Name: MARINA
Event Code: 26
Message: Всплывающее окно приложения: Windows — Ошибка отложенной записи : Не удалось сохранить все данные файла C:Program FilesAgnitumOutpost Firewall Prologmac.log. Часть данных потеряна. Эта ошибка может быть вызвана отказом оборудования компьютера или сетевого подключения. Попытайтесь сохранить этот файл в другом месте.Record Number: 7803
Source Name: Application Popup
Time Written: 20090629152524.000000+420
Event Type: информация
User:Computer Name: MARINA
Event Code: 50
Message: {Ошибка отложенной записи}
Не удалось сохранить все данные файла . Часть данных потеряна.
Эта ошибка может быть вызвана отказом оборудования компьютера или сетевого подключения. Попытайтесь сохранить этот файл в другом месте.Record Number: 7802
Source Name: Ntfs
Time Written: 20090629152524.000000+420
Event Type: предупреждение
User:Computer Name: MARINA
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceHarddisk0D во время выполнения операции страничного обмена.Record Number: 7801
Source Name: Disk
Time Written: 20090629152514.000000+420
Event Type: предупреждение
User:=====Application event log=====
Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090425231651.000000+420
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090425231647.000000+420
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090425230546.000000+420
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090425230513.000000+420
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090425230512.000000+420
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesDivX Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
«PROCESSOR_REVISION»=0f0b
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Rozochka at 2009-08-09 20:47:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 2047 MB (84% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:26, on 09.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXsmax4.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesuTorrentuTorrent.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsRozochkaРабочий столRSIT.exe
C:Program Filestrend microRozochka.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.7wolf.net
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXsmax4.exe» /tray
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241019036578
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5452 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-05-06 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-05-06 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-12-26 13680640]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-12-26 86016]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-05-06 148888]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2007-03-16 868352]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXsmax4.exe [2007-04-03 839680][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2009-08-07 287536][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 3 months======
2009-08-09 20:47:18 —-D—- C:rsit
2009-08-09 20:47:18 —-D—- C:Program Filestrend micro
2009-08-07 20:32:55 —-D—- C:Program Files2gis
2009-08-07 20:32:55 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication Data2GIS
2009-08-07 20:07:23 —-A—- C:WINDOWSsystem32hidserv.dll
2009-07-05 19:12:59 —-A—- C:WINDOWSntbtlog.txt
2009-06-29 16:26:44 —-D—- C:Program FilesQIP
2009-06-29 14:21:15 —-A—- C:WINDOWSsystem32PostProc.dll
2009-06-27 22:37:20 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataWindows Genuine Advantage
2009-06-18 23:47:09 —-A—- C:WINDOWSIsUninst.exe
2009-06-17 13:31:47 —-D—- C:WINDOWSie8updates
2009-06-17 13:29:43 —-HDC—- C:WINDOWSie8
2009-06-16 20:17:43 —-SHD—- C:found.002
2009-06-14 21:32:05 —-D—- C:Program FilesK-Soft
2009-06-13 00:48:41 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-06-13 00:48:21 —-HDC—- C:WINDOWS$NtUninstallKB969897$
2009-06-13 00:48:08 —-HDC—- C:WINDOWS$NtUninstallKB969898$
2009-06-13 00:46:16 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-06-13 00:46:02 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-06-12 20:10:57 —-D—- C:ProgramData
2009-06-12 20:10:57 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataElectronic Arts
2009-06-12 20:08:33 —-D—- C:Program FilesElectronic Arts
2009-06-12 15:15:19 —-RA—- C:WINDOWSsystem32vp6vfw.dll
2009-06-12 15:13:07 —-A—- C:WINDOWSsystem32d3dx9_31.dll
2009-06-12 15:12:51 —-D—- C:WINDOWSLogs
2009-05-27 11:37:38 —-A—- C:WINDOWSsystem32msxml4r.dll
2009-05-27 11:37:38 —-A—- C:WINDOWSsystem32msxml4.dll
2009-05-26 00:06:03 —-A—- C:WINDOWSsystem32wmpns.dll
2009-05-26 00:04:13 —-D—- C:WINDOWSPrefetch
2009-05-25 23:58:55 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-05-25 23:58:37 —-HDC—- C:WINDOWS$NtUninstallKB963027$
2009-05-25 23:58:28 —-HDC—- C:WINDOWS$NtUninstallKB961373$
2009-05-25 23:58:19 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-05-25 23:58:11 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-05-25 23:58:04 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-05-25 23:57:57 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-05-25 23:57:50 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-05-25 23:57:42 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-05-25 23:57:36 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-05-25 23:57:29 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-05-25 23:57:23 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-05-25 23:56:57 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-05-25 23:56:45 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-05-25 23:56:37 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-05-25 23:56:29 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-05-25 23:56:23 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-05-25 23:56:12 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-05-25 23:56:04 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-05-25 23:55:54 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-05-25 23:55:48 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-05-25 23:55:42 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-05-25 23:55:36 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-05-25 23:55:29 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-05-25 23:55:21 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-05-25 23:55:13 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-05-25 23:51:13 —-D—- C:WINDOWSsystem32bits
2009-05-25 23:45:07 —-D—- C:WINDOWSServicePackFiles
2009-05-25 23:34:18 —-HDC—- C:WINDOWS$NtServicePackUninstall$
2009-05-25 23:16:57 —-A—- C:WINDOWSsystem32MRT.exe
2009-05-25 22:39:43 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataGoogle
2009-05-24 13:51:03 —-SHD—- C:found.001
2009-05-23 00:03:25 —-HDC—- C:WINDOWS$MSI31Uninstall_KB893803v2$
2009-05-21 21:52:00 —-D—- C:Documents and SettingsRozochkaApplication DataMicrosoft Games
2009-05-21 21:52:00 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft Games
2009-05-15 04:14:50 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-05-15 04:14:41 —-D—- C:Program FilesDAEMON Tools Lite
2009-05-13 19:24:50 —-D—- C:Documents and SettingsRozochkaApplication DataDivX
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxinsi64.exe
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxhpinst.exe
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxcpyi64.exe
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-05-13 18:56:31 —-N—- C:WINDOWSsystem32pxafs.dll
2009-05-13 18:56:30 —-N—- C:WINDOWSsystem32vxblock.dll
2009-05-13 18:56:30 —-N—- C:WINDOWSsystem32pxwave.dll
2009-05-13 18:56:30 —-N—- C:WINDOWSsystem32pxmas.dll
2009-05-13 18:56:30 —-N—- C:WINDOWSsystem32pxdrv.dll
2009-05-13 18:56:30 —-N—- C:WINDOWSsystem32px.dll
2009-05-13 18:55:26 —-D—- C:Program FilesGoogle
2009-05-13 18:55:26 —-D—- C:Program FilesCommon FilesDivX Shared
2009-05-13 18:55:25 —-D—- C:Program FilesDivX======List of files/folders modified in the last 3 months======
2009-08-09 20:47:18 —-RD—- C:Program Files
2009-08-09 20:46:28 —-D—- C:Documents and SettingsRozochkaApplication DatauTorrent
2009-08-09 20:46:06 —-D—- C:WINDOWSsystem32CatRoot2
2009-08-09 20:45:59 —-D—- C:WINDOWStemp
2009-08-09 20:37:02 —-A—- C:WINDOWSSchedLgU.Txt
2009-08-07 21:02:07 —-D—- C:Program FilesMozilla Firefox
2009-08-07 20:37:55 —-SHD—- C:Config.Msi
2009-08-07 20:37:53 —-SHD—- C:WINDOWSInstaller
2009-08-07 20:36:49 —-D—- C:WINDOWSsystem32
2009-08-07 20:15:42 —-D—- C:WINDOWSsystem32wbem
2009-08-07 20:15:41 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-08-07 20:15:40 —-SD—- C:Documents and SettingsRozochkaApplication DataMicrosoft
2009-08-07 20:07:28 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-08-07 20:07:19 —-D—- C:WINDOWSsystem32drivers
2009-07-06 22:12:42 —-D—- C:WINDOWS
2009-07-06 22:12:01 —-D—- C:WINDOWSsystem32config
2009-07-05 19:36:49 —-D—- C:Documents and Settings
2009-06-30 01:01:57 —-HD—- C:WINDOWSinf
2009-06-30 01:01:57 —-D—- C:WINDOWSsystem32CatRoot
2009-06-29 14:22:30 —-D—- C:WINDOWSsystem
2009-06-27 22:41:13 —-SD—- C:WINDOWSDownloaded Program Files
2009-06-17 13:36:56 —-D—- C:WINDOWSsystem32ru-ru
2009-06-17 13:36:55 —-D—- C:WINDOWSHelp
2009-06-17 13:36:55 —-D—- C:Program FilesInternet Explorer
2009-06-17 13:32:06 —-HD—- C:WINDOWS$hf_mig$
2009-06-17 13:31:49 —-A—- C:WINDOWSimsins.BAK
2009-06-17 13:31:09 —-D—- C:WINDOWSWBEM
2009-06-17 13:30:48 —-D—- C:WINDOWSMedia
2009-06-12 20:51:44 —-D—- C:WINDOWSsystem32DirectX
2009-05-28 16:16:38 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2009-05-28 16:16:19 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-05-26 00:06:35 —-A—- C:WINDOWSOEWABLog.txt
2009-05-26 00:04:45 —-A—- C:WINDOWSsetuplog.txt
2009-05-26 00:03:34 —-D—- C:WINDOWSsystem32Setup
2009-05-26 00:03:34 —-D—- C:WINDOWSAppPatch
2009-05-26 00:03:32 —-RSD—- C:WINDOWSFonts
2009-05-25 23:55:31 —-D—- C:Program FilesMessenger
2009-05-25 23:54:57 —-D—- C:WINDOWSsecurity
2009-05-25 23:52:45 —-D—- C:WINDOWSWinSxS
2009-05-25 23:52:33 —-D—- C:Program FilesWindows Media Player
2009-05-25 23:52:02 —-D—- C:WINDOWSehome
2009-05-25 23:51:59 —-D—- C:WINDOWSsystem32inetsrv
2009-05-25 23:51:57 —-D—- C:WINDOWSNetwork Diagnostic
2009-05-25 23:51:55 —-D—- C:WINDOWSime
2009-05-25 23:51:16 —-D—- C:WINDOWSsystem32usmt
2009-05-25 23:51:14 —-D—- C:WINDOWSsystem32ru
2009-05-25 23:51:14 —-D—- C:WINDOWSL2Schemas
2009-05-25 23:51:13 —-D—- C:WINDOWSPeerNet
2009-05-25 23:51:13 —-D—- C:Program FilesMovie Maker
2009-05-25 23:44:36 —-D—- C:WINDOWSsystem32Restore
2009-05-25 23:44:35 —-D—- C:WINDOWSsystem32npp
2009-05-25 23:44:34 —-D—- C:WINDOWSmsagent
2009-05-25 23:44:30 —-D—- C:WINDOWSsrchasst
2009-05-25 23:44:27 —-D—- C:Program FilesNetMeeting
2009-05-25 23:44:24 —-D—- C:WINDOWSsystem32Com
2009-05-25 23:44:16 —-D—- C:Program FilesWindows NT
2009-05-25 23:44:15 —-D—- C:Program FilesOutlook Express
2009-05-25 23:44:06 —-D—- C:Program FilesCommon FilesSystem
2009-05-25 23:43:23 —-D—- C:WINDOWSsystem32oobe
2009-05-25 23:37:25 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-05-25 23:17:11 —-D—- C:WINDOWSDebug
2009-05-25 22:39:41 —-SD—- C:WINDOWSTasks
2009-05-21 19:29:50 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-15 04:15:55 —-D—- C:Documents and SettingsRozochkaApplication DataDAEMON Tools Lite
2009-05-13 18:55:26 —-D—- C:Program FilesCommon Files
2009-05-13 12:05:49 —-A—- C:WINDOWSsystem32wininet.dll
2009-05-13 12:05:48 —-A—- C:WINDOWSsystem32mshtml.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 uzmymjk3;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzmymjk3.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2007-05-18 94848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-14 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:WINDOWSsystem32DRIVERSatl01_xp.sys [2006-10-31 35840]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-14 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-12-26 6301344]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 a0kvbp0y;a0kvbp0y; C:WINDOWSsystem32driversa0kvbp0y.sys []
S3 b57w2k;BCM5701 Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2001-10-19 96640]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-05-06 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-12-26 163908]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Пробовала, только, что это мне дает? Урезанная в функциях операционная система. Или мне нужно что -то проверить в безопасном режиме?
Спасибо за ваш труд и терпение. Вы избавили меня от грустного настроения и вечной депрессии, потому что без компьютера мне никак,
конечно, техника начинает заменять людям реальную жизнь, книги, посещение библиотек и другое, но это уже не та тема.
У меня все работает: помогло автоматическое обновление, а вот вредный Касперский съел последние 100 Мб (у меня лимитная внешка, хоть и бесплатная). Если будут проблемы, буду знать где искать помощи. Даже не буду говорить о своей помощи дабы я чайник 😀 , хоть и с компьютером знакома уже более семи лет.Установка Windows была произведена во втором случае.
ComboFix 09-05-02.4 — Rozochka 03.05.2009 17:35.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.2047.1663 [GMT 4:00]
Running from: c:documents and settingsRozochkaРабочий столComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32_000006_.tmp.dll
c:windowssystem32_000007_.tmp.dll
c:windowssystem32_000008_.tmp.dll
c:windowssystem32_000020_.tmp.dll
c:windowssystem32_000021_.tmp.dll
c:windowssystem32_000022_.tmp.dll
c:windowssystem32_000023_.tmp.dll.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.2009-05-02 10:45 . 2008-06-14 17:59 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-05-02 10:45 . 2008-06-14 17:59 272512
w c:windowssystem32driversbthport.sys
2009-05-02 10:28 . 2009-05-02 10:36
d
w c:windowssystem32CatRoot_bak
2009-05-01 10:14 . 2009-05-01 10:14
d
w C:rsit
2009-05-01 10:13 . 2009-02-09 11:52 2059520 -c—-w c:windowssystem32dllcachentkrnlpa.exe
2009-05-01 10:13 . 2009-02-09 11:52 2017792 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-05-01 10:13 . 2009-02-09 11:52 2182272 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-05-01 10:13 . 2009-02-09 11:52 2138112 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-05-01 09:50 . 2008-10-24 11:10 453632 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-30 15:06 . 2009-04-30 15:06
d
w c:documents and settingsRozochkaApplication DataMalwarebytes
2009-04-30 15:06 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-30 15:06 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-30 15:06 . 2009-04-30 15:06
d
w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2009-04-30 15:06 . 2009-04-30 15:06
d
w c:program filesMalwarebytes’ Anti-Malware
2009-04-30 15:03 . 2009-04-30 15:03
d
w c:documents and settingsRozochkaDoctorWeb
2009-04-30 13:50 . 2006-10-31 07:10 35840 —-a-w c:windowssystem32driversatl01_xp.sys
2009-04-30 11:13 . 2009-04-30 11:13
d
w c:program filesAvira
2009-04-30 11:13 . 2009-04-30 11:13
d
w c:documents and settingsAll Users.WINDOWSApplication DataAvira
2009-04-30 11:07 . 2009-04-30 11:07
d
w c:program filesAIMP2
2009-04-30 10:59 . 2004-08-03 19:15 145792 -c—a-w c:windowssystem32dllcacheportcls.sys
2009-04-30 10:59 . 2004-08-03 19:15 145792 —-a-w c:windowssystem32driversportcls.sys
2009-04-30 10:59 . 2004-08-17 12:04 4096 -c—a-w c:windowssystem32dllcacheksuser.dll
2009-04-30 10:59 . 2004-08-17 12:04 4096 —-a-w c:windowssystem32ksuser.dll
2009-04-30 10:59 . 2004-08-03 19:08 60288 -c—a-w c:windowssystem32dllcachedrmk.sys
2009-04-30 10:59 . 2004-08-03 19:08 60288 —-a-w c:windowssystem32driversdrmk.sys
2009-04-30 10:59 . 2005-05-04 05:20 53248 —-a-w c:windowssystem32wdmioctl.dll
2009-04-30 10:59 . 2001-09-11 11:20 1285632 —-a-w c:windowssystem32SMMedia.dll
2009-04-30 10:59 . 2006-07-10 11:42 49152 —-a-w c:windowssystem32DSndUp.exe
2009-04-30 10:59 . 2002-04-17 11:05 45056 —-a-w c:windowssystem32CleanUp.exe
2009-04-30 10:59 . 2008-07-09 07:58 26488 —-a-w c:windowssystem32spupdsvc.exe
2009-04-30 10:57 . 2006-03-17 14:18 392960 —-a-w c:windowssystem32driverssenfilt.sys
2009-04-30 10:57 . 2007-03-27 06:36 28160 —-a-w c:windowssystem32PostProc.dll
2009-04-30 10:57 . 2001-09-19 09:47 765952 —-a-w c:windowssystemcrlds3d.dll
2009-04-30 10:57 . 2007-05-18 05:20 94848 —-a-w c:windowssystem32driversaeaudio.sys
2009-04-30 10:57 . 2003-08-19 15:36 65536 -c—a-w c:windowssystem32dllcachea3d.dll
2009-04-30 10:57 . 2007-05-18 07:01 304640 —-a-w c:windowssystem32driversADIHdAud.sys
2009-04-30 10:57 . 2003-08-19 15:36 65536 —-a-w c:windowssystem32a3d.dll
2009-04-30 10:53 . 2009-04-30 10:53
dc—-w c:windowssystem32DRVSTORE
2009-04-30 10:53 . 2009-04-30 10:53
d
w C:Intel
2009-04-29 19:36 . 2009-04-30 12:53
d
w c:program filesSIW
2009-04-29 15:31 . 2008-10-16 10:09 43544 —-a-w c:windowssystem32wups2.dll
2009-04-29 15:26 . 2009-04-29 15:26
d-s—w c:documents and settingsRozochkaUserData
2009-04-26 18:18 . 1998-10-07 13:14 327168 —-a-w c:windowsIsUn0419.exe
2009-04-26 18:17 . 2009-04-30 11:06
d
w c:documents and settingsRozochkaApplication DataAIMP
2009-04-26 17:16 . 2009-04-26 17:16
d
w c:documents and settingsRozochkaApplication DataDAEMON Tools
2009-04-26 17:16 . 2009-04-26 17:17
d
w c:documents and settingsRozochkaApplication DataDAEMON Tools Pro
2009-04-26 17:15 . 2009-04-26 17:15
d
w c:documents and settingsAll Users.WINDOWSApplication DataDAEMON Tools Lite
2009-04-26 16:39 . 2009-04-26 16:39 717296 —-a-w c:windowssystem32driverssptd.sys
2009-04-26 16:39 . 2009-04-26 16:39
d
w c:documents and settingsRozochkaApplication DataDAEMON Tools Lite
2009-04-26 10:02 . 2003-06-18 19:31 17920 —-a-w c:windowssystem32mdimon.dll
2009-04-26 09:56 . 2009-04-29 17:25
d
w c:documents and settingsRozochkaLocal SettingsApplication DataAdobe
2009-04-26 09:53 . 2009-04-26 16:34
d
w c:documents and settingsRozochkaApplication DataImgBurn
2009-04-26 09:53 . 2009-04-26 09:53
d
w c:program filesImgBurn
2009-04-25 20:01 . 2001-08-17 21:59 3072 —-a-w c:windowssystem32driversaudstub.sys
2009-04-25 20:01 . 2004-08-17 15:49 58112 —-a-w c:windowssystem32driversredbook.sys
2009-04-25 20:00 . 2001-08-17 21:46 6400 —-a-w c:windowssystem32driversenum1394.sys
2009-04-25 20:00 . 2004-08-17 12:04 76800 -c—a-w c:windowssystem32dllcacheusbui.dll
2009-04-25 20:00 . 2004-08-17 12:04 76800 —-a-w c:windowssystem32usbui.dll
2009-04-25 19:56 . 2009-04-25 16:19
d
w c:documents and settingsAll Users.WINDOWS
2009-04-25 19:56 . 2009-05-03 13:35
d—h—w c:documents and settingsDefault User.WINDOWS
2009-04-25 16:51 . 2009-04-25 16:51 0 —-a-w c:windowsnsreg.dat
2009-04-25 16:51 . 2009-04-25 16:51
d
w c:documents and settingsRozochkaLocal SettingsApplication DataMozilla
2009-04-25 16:50 . 2009-02-26 06:27 704384 —-a-w c:windowssystem32driversSandBox.sys
2009-04-25 16:50 . 2009-02-10 12:15 257432 —-a-w c:windowssystem32driversafwcore.sys
2009-04-25 16:50 . 2008-06-20 05:45 30864 —-a-w c:windowssystem32driversafw.sys
2009-04-25 16:50 . 2009-04-25 16:50
d
w c:documents and settingsAll Users.WINDOWSApplication DataAgnitum
2009-04-25 16:45 . 2004-08-03 19:08 26496 -c—a-w c:windowssystem32dllcacheusbstor.sys
2009-04-25 16:30 . 2008-12-25 18:08 453152 —-a-w c:windowssystem32nvudisp.exe
2009-04-25 16:30 . 2008-12-23 17:58 453152 —-a-w c:windowssystem32NVUNINST.EXE
2009-04-25 16:25 . 2009-04-25 16:25
d
w c:documents and settingsLocalService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2009-04-25 16:25 . 2009-04-25 16:25
d-sh—w c:documents and settingsLocalService.NT AUTHORITY
2009-04-25 16:24 . 2009-04-25 16:24
d
w c:documents and settingsNetworkService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2009-04-25 16:24 . 2009-04-25 16:24
d-sh—w c:documents and settingsNetworkService.NT AUTHORITY
2009-04-25 16:21 . 2004-08-18 12:00 10129408 -c—a-w c:windowssystem32dllcachehwxkor.dll
2009-04-25 16:20 . 2009-04-25 16:20
d
w c:documents and settingsDefault User.WINDOWSLocal SettingsApplication DataMicrosoft
2009-04-25 16:19 . 2009-04-25 16:19
d-sh—w c:documents and settingsAll Users.WINDOWSDRM
2009-04-25 16:17 . 2004-08-18 12:00 240640 -c—a-w c:windowssystem32dllcachesrrstr.dll
2009-04-25 16:16 . 2004-08-18 12:00 5632 -c—a-w c:windowssystem32dllcachewrite.exe
2009-04-25 16:15 . 2004-08-18 12:00 11776 -c—a-w c:windowssystem32dllcachexolehlp.dll
2009-04-25 08:47 . 2009-04-25 08:47
d
w c:documents and settingsAdministratorApplication DataImgBurn
2009-04-23 09:18 . 2009-04-23 09:18
d-sh—w C:found.000
2009-04-18 15:59 . 2009-04-25 06:08
d
w c:program filesSpybot — Search & Destroy
2009-04-16 13:26 . 2009-04-16 13:27
d
w c:documents and settingsAdministratorApplication DataMedia Player Classic.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 13:38 . 2009-04-25 16:25 6 —ha-w c:windowsTasksSA.DAT
2009-04-30 11:00 . 2004-08-18 12:00 49552 —-a-w c:windowssystem32perfc019.dat
2009-04-30 11:00 . 2004-08-18 12:00 346452 —-a-w c:windowssystem32perfh019.dat
2009-04-27 18:06 . 2009-04-25 16:19 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-04-26 10:02 . 2009-04-25 16:26 42168 —-a-w c:documents and settingsRozochkaLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-26 09:49 . 2009-01-16 15:17
d
w c:program filesThe KMPlayer
2009-04-25 16:20 . 2004-08-18 12:00 67 —sha-w c:windowsFontsdesktop.ini
2009-04-25 16:17 . 2009-04-25 16:17 22564 —-a-w c:windowssystem32emptyregdb.dat
2009-04-25 06:18 . 2009-02-28 12:19
d
w c:program filesCommon FilesAdobe
2009-04-25 06:06 . 2009-01-05 14:39
d—h—w c:program filesInstallShield Installation Information
2009-04-05 12:58 . 2009-01-05 12:38 48632 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-24 15:03 . 2009-03-24 15:03
d
w c:program filesInterpretatio
2009-03-14 09:05 . 2009-03-14 09:05
d
w c:program filesAgnitum
2009-03-06 14:47 . 2004-08-18 12:00 284160 —-a-w c:windowssystem32pdh.dll
2009-02-20 08:32 . 2004-08-18 12:00 659968 —-a-w c:windowssystem32wininet.dll
2009-02-20 08:32 . 2004-08-18 12:00 81920 —-a-w c:windowssystem32ieencode.dll
2009-02-09 14:18 . 2004-08-18 12:00 1846400 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:52 . 2004-08-17 15:58 2017792 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 11:52 . 2004-08-18 12:00 2138112 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 10:21 . 2004-08-18 12:00 725504 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:21 . 2004-08-18 12:00 687104 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:21 . 2004-08-18 12:00 399360 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:21 . 2004-08-18 12:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-09 10:10 . 2004-08-18 12:00 111104 —-a-w c:windowssystem32services.exe
2009-02-06 16:54 . 2004-08-18 12:00 35328 —-a-w c:windowssystem32sc.exe
2009-02-03 20:11 . 2004-08-18 12:00 55808 —-a-w c:windowssystem32secur32.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-25 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-25 86016]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-03-16 868352]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-06-12 266497]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-12-25 1657376][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=S1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-02-26 704384]
S3 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-02 1267016]
S3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-20 30864]
S3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-02-26 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32DRIVERSatl01_xp.sys [2006-10-31 35840].
.
Supplementary Scan
.
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsRozochkaApplication DataMozillaFirefoxProfilesq3i1x0zg.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 17:40
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wscntfy.exe
c:windowssystem32rundll32.exe
.
**************************************************************************
.
Completion time: 2009-05-03 17:41 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 13:41Pre-Run: 34 383 249 408 байт свободно
Post-Run: 34 417 557 504 байт свободно191 — E O F — 2009-05-03 12:25
Прилагаю Rsit лог
info.txt logfile of random’s system information tool 1.06 2009-05-01 14:14:30
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
AIMP2—>C:Program FilesAIMP2Uninstall.exe
Attansic Giga Ethernet Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1F698102-5739-441E-96F0-74F4EA540F06}setup.exe» -l0x9
Attansic L1 Gigabit Ethernet Driver—>rundll32.exe C:WINDOWSsystem32AttansicL1atcInst.dll,AtcUninst C:WINDOWSsystem32AttansicL1 x86 1969 1048 L1
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir PersonalEdition ClassicSETUP.EXE /REMOVE
Beach Life—>C:WINDOWSIsUn0419.exe -fd:ПляжUninst.isu
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
ImgBurn—>»C:Program FilesImgBurnuninstall.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.7)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
Outpost Firewall Pro—>»C:Program FilesAgnitumOutpost Firewall Prounins000.exe»
SIW version 2009-03-17—>»C:Program FilesSIWunins000.exe»
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»======Security center information======
AV: Avira AntiVir PersonalEdition
FW: Outpost Firewall Pro======System event log======
Computer Name: MARINA
Event Code: 3260
Message: Этот компьютер был успешно присоединен к workgroup ‘WORKGROUP’.Record Number: 5
Source Name: Workstation
Time Written: 20090425201542.000000+240
Event Type: информация
User:Computer Name: MARINA
Event Code: 6011
Message: NetBIOS-имя и имя DNS-узла этого компьютера были изменены с «MACHINENAME» на «MARINA».Record Number: 4
Source Name: EventLog
Time Written: 20090425200500.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial0 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 3
Source Name: Serial
Time Written: 20090425235625.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20090425235611.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20090425235611.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090425201651.000000+240
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090425201647.000000+240
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090425200546.000000+240
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090425200513.000000+240
Event Type: информация
User:Computer Name: MARINA
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090425200512.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
«PROCESSOR_REVISION»=0f0b
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Rozochka at 2009-05-01 14:14:25
Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (84%) free of 40 GB
Total RAM: 2047 MB (77% free)HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-12-10 929224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-12-25 13680640]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-12-25 86016]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2009-03-02 1225032]
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Firewall Profeedback.exe [2009-03-02 433480]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2007-04-03 839680]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2007-03-16 868352]
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-06-12 266497]
«UserFaultCheck»=C:WINDOWSsystem32dumprep 0 -u [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:progra~1agnitumoutpos~1wl_hook.dll»[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-05-01 14:14:26 —-D—- C:Program Filestrend micro
2009-05-01 14:14:25 —-D—- C:rsit
2009-05-01 13:43:19 —-D—- C:Documents and SettingsRozochkaApplication DataMacromedia
2009-05-01 13:35:18 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-01 13:35:15 —-D—- C:WINDOWSLastGood
2009-04-30 19:06:58 —-D—- C:Documents and SettingsRozochkaApplication DataMalwarebytes
2009-04-30 19:06:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-04-30 19:06:51 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataMalwarebytes
2009-04-30 15:13:41 —-D—- C:Program FilesAvira
2009-04-30 15:13:41 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataAvira
2009-04-30 15:07:45 —-D—- C:Program FilesAIMP2
2009-04-30 14:59:57 —-A—- C:WINDOWSsystem32ksuser.dll
2009-04-30 14:59:53 —-A—- C:WINDOWSsystem32wdmioctl.dll
2009-04-30 14:59:53 —-A—- C:WINDOWSsystem32SMMedia.dll
2009-04-30 14:59:52 —-A—- C:WINDOWSsystem32DSndUp.exe
2009-04-30 14:59:52 —-A—- C:WINDOWSsystem32CleanUp.exe
2009-04-30 14:59:08 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-04-30 14:59:07 —-HDC—- C:WINDOWS$NtUninstallKB888111WXPSP2$
2009-04-30 14:57:23 —-A—- C:WINDOWSsystem32PostProc.dll
2009-04-30 14:57:23 —-A—- C:WINDOWSsystem32a3d.dll
2009-04-30 14:53:46 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-04-30 14:53:23 —-D—- C:Intel
2009-04-29 23:36:23 —-D—- C:Program FilesSIW
2009-04-29 19:31:23 —-A—- C:WINDOWSsystem32wups2.dll
2009-04-29 19:31:23 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2009-04-29 19:31:22 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2009-04-29 19:31:21 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2009-04-26 22:18:05 —-A—- C:WINDOWSIsUn0419.exe
2009-04-26 22:17:40 —-D—- C:Documents and SettingsRozochkaApplication DataAIMP
2009-04-26 21:16:35 —-D—- C:Documents and SettingsRozochkaApplication DataDAEMON Tools Pro
2009-04-26 21:16:35 —-D—- C:Documents and SettingsRozochkaApplication DataDAEMON Tools
2009-04-26 21:15:53 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataDAEMON Tools Lite
2009-04-26 20:58:01 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-04-26 20:57:59 —-D—- C:Program FilesDAEMON Tools Lite
2009-04-26 20:39:52 —-D—- C:Documents and SettingsRozochkaApplication DataDAEMON Tools Lite
2009-04-26 14:02:08 —-A—- C:WINDOWSODBC.INI
2009-04-26 14:02:04 —-A—- C:WINDOWSsystem32mdimon.dll
2009-04-26 13:56:17 —-D—- C:Documents and SettingsRozochkaApplication DataAdobe
2009-04-26 13:53:53 —-D—- C:Documents and SettingsRozochkaApplication DataImgBurn
2009-04-26 13:53:18 —-D—- C:Program FilesImgBurn
2009-04-26 00:04:41 —-A—- C:WINDOWSsystem32h323log.txt
2009-04-26 00:00:13 —-A—- C:WINDOWSsystem32usbui.dll
2009-04-25 23:58:59 —-A—- C:WINDOWSimsins.BAK
2009-04-25 23:58:56 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-25 23:58:55 —-A—- C:WINDOWSODBCINST.INI
2009-04-25 23:58:48 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-04-25 23:58:48 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-04-25 23:58:48 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-04-25 23:58:46 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-04-25 23:58:45 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-04-25 23:58:45 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-04-25 23:58:45 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-04-25 23:58:45 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-04-25 23:58:45 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-04-25 23:58:43 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-04-25 23:58:42 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdur.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-04-25 23:58:39 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-04-25 23:58:38 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-04-25 23:58:38 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-04-25 23:58:37 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-04-25 23:58:37 —-A—- C:WINDOWSsystem32irclass.dll
2009-04-25 23:58:37 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-04-25 23:58:37 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-04-25 23:58:37 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-04-25 23:58:34 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-04-25 23:58:34 —-A—- C:WINDOWSTASKMAN.EXE
2009-04-25 23:58:33 —-A—- C:WINDOWSsystem32batt.dll
2009-04-25 23:58:30 —-A—- C:WINDOWSsystem32storprop.dll
2009-04-25 23:58:30 —-A—- C:WINDOWSNOTEPAD.EXE
2009-04-25 23:58:22 —-ASH—- C:Documents and SettingsAll Users.WINDOWSApplication Datadesktop.ini
2009-04-25 23:56:40 —-RA—- C:WINDOWSSET8.tmp
2009-04-25 23:56:37 —-RA—- C:WINDOWSSET4.tmp
2009-04-25 23:56:35 —-RA—- C:WINDOWSSET3.tmp
2009-04-25 23:56:25 —-SD—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft
2009-04-25 23:56:07 —-A—- C:WINDOWSsetuplog.txt
2009-04-25 20:51:30 —-D—- C:Documents and SettingsRozochkaApplication DataMozilla
2009-04-25 20:50:22 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataAgnitum
2009-04-25 20:49:06 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataAdobe
2009-04-25 20:48:10 —-D—- C:Program FilesMozilla Firefox
2009-04-25 20:46:38 —-D—- C:Documents and SettingsRozochkaApplication DataWinRAR
2009-04-25 20:30:56 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-04-25 20:30:35 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-04-25 20:26:35 —-D—- C:Documents and SettingsRozochkaApplication DataIdentities
2009-04-25 20:26:18 —-ASH—- C:Documents and SettingsRozochkaApplication Datadesktop.ini
2009-04-25 20:26:17 —-SD—- C:Documents and SettingsRozochkaApplication DataMicrosoft
2009-04-25 20:25:12 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-25 20:20:39 —-A—- C:WINDOWScontrol.ini
2009-04-25 20:20:29 —-A—- C:WINDOWSOEWABLog.txt
2009-04-25 20:20:23 —-A—- C:WINDOWSsystem32mapi32.dll
2009-04-25 20:19:36 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-04-25 20:19:30 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-04-25 20:18:37 —-A—- C:WINDOWSsystem32atrace.dll
2009-04-25 20:18:34 —-A—- C:WINDOWSsystem32desktop.ini
2009-04-25 20:18:34 —-A—- C:WINDOWSdesktop.ini
2009-04-25 20:18:24 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-04-25 20:18:23 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-04-25 20:18:23 —-A—- C:WINDOWSsystem32acctres.dll
2009-04-25 20:18:14 —-A—- C:WINDOWSsystem32wuweb.dll
2009-04-25 20:18:14 —-A—- C:WINDOWSsystem32wucltui.dll
2009-04-25 20:18:14 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-04-25 20:18:14 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32wups.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32wuapi.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-04-25 20:18:13 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-04-25 20:18:12 —-A—- C:WINDOWSsystem32qmgr.dll
2009-04-25 20:18:05 —-A—- C:WINDOWSsystem32safrslv.dll
2009-04-25 20:18:05 —-A—- C:WINDOWSsystem32safrdm.dll
2009-04-25 20:18:05 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-04-25 20:18:05 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-04-25 20:18:00 —-A—- C:WINDOWSsystem32fltMc.exe
2009-04-25 20:18:00 —-A—- C:WINDOWSsystem32fltlib.dll
2009-04-25 20:17:59 —-A—- C:WINDOWSsystem32srsvc.dll
2009-04-25 20:17:59 —-A—- C:WINDOWSsystem32srrstr.dll
2009-04-25 20:17:59 —-A—- C:WINDOWSsystem32srclient.dll
2009-04-25 20:17:59 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-04-25 20:17:59 —-A—- C:WINDOWSsystem32ils.dll
2009-04-25 20:17:58 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-04-25 20:17:58 —-A—- C:WINDOWSsystem32msconf.dll
2009-04-25 20:17:58 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-04-25 20:17:58 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-04-25 20:17:54 —-A—- C:WINDOWSsystem32msoert2.dll
2009-04-25 20:17:54 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-04-25 20:17:53 —-A—- C:WINDOWSsystem32inetres.dll
2009-04-25 20:17:52 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-04-25 20:17:50 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-04-25 20:17:50 —-A—- C:WINDOWSsystem32mstinit.exe
2009-04-25 20:17:50 —-A—- C:WINDOWSsystem32mstask.dll
2009-04-25 20:17:49 —-A—- C:WINDOWSsystem32isign32.dll
2009-04-25 20:17:49 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-04-25 20:17:49 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-04-25 20:17:49 —-A—- C:WINDOWSsystem32icwdial.dll
2009-04-25 20:17:03 —-A—- C:WINDOWSvbaddin.ini
2009-04-25 20:17:03 —-A—- C:WINDOWSvb.ini
2009-04-25 20:16:40 —-A—- C:WINDOWSsystem32write.exe
2009-04-25 20:16:33 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-04-25 20:16:33 —-A—- C:WINDOWSsystem32hticons.dll
2009-04-25 20:16:33 —-A—- C:WINDOWSsystem32avwav.dll
2009-04-25 20:16:33 —-A—- C:WINDOWSsystem32avtapi.dll
2009-04-25 20:16:33 —-A—- C:WINDOWSsystem32avmeter.dll
2009-04-25 20:16:32 —-A—- C:WINDOWSsystem32winchat.exe
2009-04-25 20:16:25 —-A—- C:WINDOWSsystem32getuname.dll
2009-04-25 20:16:24 —-A—- C:WINDOWSsystem32sol.exe
2009-04-25 20:16:24 —-A—- C:WINDOWSsystem32charmap.exe
2009-04-25 20:16:24 —-A—- C:WINDOWSsystem32calc.exe
2009-04-25 20:16:23 —-A—- C:WINDOWSsystem32winmine.exe
2009-04-25 20:16:23 —-A—- C:WINDOWSsystem32mshearts.exe
2009-04-25 20:16:20 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-04-25 20:16:20 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-04-25 20:16:20 —-A—- C:WINDOWSsystem32tskill.exe
2009-04-25 20:16:20 —-A—- C:WINDOWSsystem32reset.exe
2009-04-25 20:16:20 —-A—- C:WINDOWSsystem32freecell.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32tslabels.ini
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32tscon.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32shadow.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32regini.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-04-25 20:16:19 —-A—- C:WINDOWSsystem32msg.exe
2009-04-25 20:16:18 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-04-25 20:16:18 —-A—- C:WINDOWSsystem32logoff.exe
2009-04-25 20:16:18 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32stclient.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32mtxex.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32comsnap.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32comrepl.dll
2009-04-25 20:16:17 —-A—- C:WINDOWSsystem32comaddin.dll
2009-04-25 20:16:11 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-04-25 20:16:09 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-04-25 20:16:09 —-A—- C:WINDOWSsystem32mplay32.exe
2009-04-25 20:16:09 —-A—- C:WINDOWSsystem32accwiz.exe
2009-04-25 20:16:07 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-04-25 20:16:06 —-A—- C:WINDOWSsystem32mspaint.exe
2009-04-25 20:16:04 —-A—- C:WINDOWSsystem32spider.exe
2009-04-25 20:16:04 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-04-25 20:16:03 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-04-25 20:16:03 —-A—- C:WINDOWSsystem32mstscax.dll
2009-04-25 20:16:03 —-A—- C:WINDOWSsystem32mstsc.exe
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32remotepg.dll
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32rdshost.exe
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-04-25 20:16:02 —-A—- C:WINDOWSsystem32rdchost.dll
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32termsrv.dll
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32qprocess.exe
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32icaapi.dll
2009-04-25 20:16:01 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-04-25 20:16:00 —-A—- C:WINDOWSsystem32mtxoci.dll
2009-04-25 20:16:00 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2009-04-25 20:16:00 —-A—- C:WINDOWSsystem32msdtctm.dll
2009-04-25 20:16:00 —-A—- C:WINDOWSsystem32msdtcprx.dll
2009-04-25 20:15:59 —-A—- C:WINDOWSsystem32xolehlp.dll
2009-04-25 20:15:59 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-04-25 20:15:59 —-A—- C:WINDOWSsystem32msdtc.exe
2009-04-25 20:15:58 —-A—- C:WINDOWSsystem32colbact.dll
2009-04-25 20:15:58 —-A—- C:WINDOWSsystem32clbcatex.dll
2009-04-25 20:15:58 —-A—- C:WINDOWSsystem32catsrvut.dll
2009-04-25 20:15:58 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-04-25 20:15:58 —-A—- C:WINDOWSsystem32catsrv.dll
2009-04-25 20:15:57 —-A—- C:WINDOWSsystem32comuid.dll
2009-04-25 20:15:57 —-A—- C:WINDOWSsystem32comsvcs.dll
2009-04-25 20:15:57 —-A—- C:WINDOWSsystem32clbcatq.dll
2009-04-25 20:15:49 —-A—- C:WINDOWSsystem32servdeps.dll
2009-04-25 20:15:48 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-04-25 20:15:48 —-A—- C:WINDOWSsystem32licwmi.dll
2009-04-25 20:15:47 —-A—- C:WINDOWSsystem32cmprops.dll
2009-04-25 09:55:11 —-SHD—- C:Config.Msi
2009-04-23 13:18:10 —-SHD—- C:found.000
2009-04-18 19:59:29 —-D—- C:Program FilesSpybot — Search & Destroy
2009-04-16 11:00:18 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-04-16 11:00:12 —-HDC—- C:WINDOWS$NtUninstallKB961373$
2009-04-16 10:56:57 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-04-16 10:56:36 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-04-16 10:56:31 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-04-16 10:56:21 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-04-11 12:36:17 —-D—- C:Program FilesAdobe
2009-04-04 15:09:21 —-SHD—- C:RECYCLER
2009-04-04 15:04:44 —-D—- C:WINDOWStemp======List of files/folders modified in the last 1 months======
2009-05-01 14:14:28 —-HD—- C:WINDOWSinf
2009-05-01 14:14:26 —-RD—- C:Program Files
2009-05-01 14:13:38 —-D—- C:WINDOWS
2009-05-01 14:13:30 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-01 13:59:48 —-D—- C:WINDOWSsystem32
2009-05-01 13:43:57 —-HD—- C:WINDOWS$hf_mig$
2009-05-01 13:43:17 —-D—- C:WINDOWSPrefetch
2009-05-01 13:22:39 —-D—- C:WINDOWSsystem32Filt
2009-04-30 19:06:55 —-D—- C:WINDOWSsystem32drivers
2009-04-30 15:02:50 —-D—- C:WINDOWSsystem
2009-04-30 15:02:46 —-D—- C:WINDOWSsystem32CatRoot
2009-04-30 14:53:50 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-04-29 22:08:31 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-29 19:31:29 —-D—- C:WINDOWSSoftwareDistribution
2009-04-29 19:31:26 —-D—- C:WINDOWSHelp
2009-04-29 19:30:43 —-SD—- C:WINDOWSDownloaded Program Files
2009-04-26 14:08:02 —-D—- C:WINDOWSsystem32config
2009-04-26 14:02:04 —-SHD—- C:WINDOWSInstaller
2009-04-26 14:01:52 —-A—- C:WINDOWSwin.ini
2009-04-26 14:01:43 —-RSD—- C:WINDOWSFonts
2009-04-26 14:01:43 —-HD—- C:WINDOWSShellNew
2009-04-26 13:59:50 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-04-26 13:49:46 —-D—- C:Program FilesThe KMPlayer
2009-04-25 23:58:51 —-A—- C:WINDOWSsystem.ini
2009-04-25 23:56:23 —-D—- C:WINDOWSWinSxS
2009-04-25 23:56:07 —-D—- C:WINDOWSDebug
2009-04-25 23:54:51 —-D—- C:WINDOWSsystem32Setup
2009-04-25 23:54:30 —-D—- C:WINDOWSsystem32usmt
2009-04-25 23:54:20 —-D—- C:WINDOWSAppPatch
2009-04-25 23:54:19 —-D—- C:WINDOWSehome
2009-04-25 23:54:18 —-D—- C:WINDOWSime
2009-04-25 23:54:16 —-D—- C:WINDOWSMedia
2009-04-25 23:54:05 —-D—- C:WINDOWSPeerNet
2009-04-25 23:53:51 —-D—- C:WINDOWSsystem32npp
2009-04-25 23:53:45 —-D—- C:WINDOWSmsagent
2009-04-25 23:50:11 —-D—- C:WINDOWSsystem321049
2009-04-25 23:50:02 —-D—- C:WINDOWStwain_32
2009-04-25 23:49:41 —-D—- C:WINDOWSsystem32ras
2009-04-25 23:49:21 —-D—- C:WINDOWSsystem32icsxml
2009-04-25 23:48:50 —-D—- C:WINDOWSsystem32ias
2009-04-25 23:48:44 —-D—- C:WINDOWSsystem321033
2009-04-25 23:47:28 —-D—- C:WINDOWSWBEM
2009-04-25 23:47:27 —-D—- C:WINDOWSsystem32ru-ru
2009-04-25 23:47:27 —-D—- C:WINDOWSsystem32ru
2009-04-25 23:47:27 —-D—- C:WINDOWSsystem32NtmsData
2009-04-25 23:47:20 —-D—- C:WINDOWSrepair
2009-04-25 23:47:19 —-RD—- C:WINDOWSOffline Web Pages
2009-04-25 23:47:19 —-D—- C:WINDOWSNetwork Diagnostic
2009-04-25 23:47:19 —-D—- C:WINDOWSL2Schemas
2009-04-25 23:47:16 —-HDC—- C:WINDOWSie7
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallwmp11$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallWMFDist11$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-04-25 23:47:15 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-04-25 23:47:15 —-D—- C:WINDOWSASUSInstAll
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB939683$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB936782_WMP11$
2009-04-25 23:47:14 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2009-04-25 20:46:05 —-D—- C:Program FilesWinRAR
2009-04-25 20:31:29 —-D—- C:WINDOWSsecurity
2009-04-25 20:30:56 —-D—- C:WINDOWSnview
2009-04-25 20:26:17 —-D—- C:Documents and Settings
2009-04-25 20:25:14 —-SHD—- C:System Volume Information
2009-04-25 20:25:14 —-D—- C:WINDOWSsystem32Restore
2009-04-25 20:25:13 —-SD—- C:WINDOWSTasks
2009-04-25 20:20:19 —-D—- C:WINDOWSRegistration
2009-04-25 20:19:39 —-RD—- C:WINDOWSWeb
2009-04-25 20:19:35 —-D—- C:Program FilesInternet Explorer
2009-04-25 20:19:11 —-D—- C:WINDOWSsrchasst
2009-04-25 20:18:39 —-D—- C:WINDOWSsystem32oobe
2009-04-25 20:18:17 —-D—- C:Program FilesWindows Media Player
2009-04-25 20:18:12 —-D—- C:Program FilesMovie Maker
2009-04-25 20:17:58 —-D—- C:Program FilesNetMeeting
2009-04-25 20:17:53 —-D—- C:Program FilesOutlook Express
2009-04-25 20:17:53 —-D—- C:Program FilesCommon FilesSystem
2009-04-25 20:17:16 —-D—- C:WINDOWSsystem32Com
2009-04-25 20:16:55 —-D—- C:WINDOWSsystem32MsDtc
2009-04-25 20:16:43 —-D—- C:Program FilesMessenger
2009-04-25 20:16:40 —-D—- C:WINDOWSCursors
2009-04-25 20:16:16 —-D—- C:WINDOWSsystem32wbem
2009-04-25 20:16:07 —-D—- C:Program FilesWindows NT
2009-04-25 20:04:55 —-SH—- C:boot.ini
2009-04-25 10:18:31 —-D—- C:Program FilesCommon FilesAdobe
2009-04-25 10:18:31 —-D—- C:Program FilesCommon Files
2009-04-25 10:06:33 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-16 10:59:25 —-D—- C:WINDOWSie7updates
2009-04-04 15:24:34 —-D—- C:WINDOWSERDNT======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-04-30 75072]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 SandBox;SandBox; ??C:WINDOWSsystem32driversSandBox.sys []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2007-05-18 94848]
R3 afw;Agnitum firewall driver; C:WINDOWSsystem32DRIVERSafw.sys [2008-06-20 30864]
R3 afwcore;afwcore; C:WINDOWSsystem32driversafwcore.sys [2009-02-10 257432]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-18 60800]
R3 ASWFilt;ASWFilt; ??C:WINDOWSsystem32FiltASWFilt.dll []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:WINDOWSsystem32DRIVERSatl01_xp.sys [2006-10-31 35840]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
R3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-18 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-12-25 6301344]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 az2mq2cc;az2mq2cc; C:WINDOWSsystem32driversaz2mq2cc.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; C:PROGRA~1AgnitumOUTPOS~1acs.exe [2009-03-02 1267016]
R2 AntiVirScheduler;Avira AntiVir Personal — Free Antivirus Scheduler; C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal — Free Antivirus Guard; C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe [2008-10-15 151297]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-12-25 163908]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Дорогой Valery, а у меня опять проблемы.
31 января у меня была такая же проблема с компьютером, что и сейчас:
выходило сообщение от svhost, после которого выключалось сетевое соединение, звук( при нажатии на значок микшера выдает : Активных устройств- микшеров не обнаружено. Для установки устройства откройте панель Установка оборудования, менялась темы с классической на Windows XP и увеличение размера панели задач.Все вышеперечисленные симптомы наблюдается сейчас. Все это началось после переустановки Windows XP и выхода в Интернет (Outpost, MBAM, и другие антивирусные программы в тот момент работали)
Да, вы правильно меня поняли. Так что делать? Пере устанавливать или есть какой-то другой способ решения проблемы?
Upd — модуль установился сам( автоматически)
14.04 при запуске компьютера произошло автоматическое обновление:
Установились Обновление для системы безопасности Windows XP,Средство удаления вредоносных программ: апрель 2009 г. (Впервые вижу и слышу)
P.S. Может мне купить лицензионный диск и переустановить все заново.
(Прим. я устанавливала диск с многоразовой установкой Windows XP, может в этом ошибка?)Компьютер ведет себя также:
Барахлит звук при загрузке самих звуковых файлов, других программ, utorrent’a и периодически зависает мышь.
Кстати, компания Microsoft Windows проверила посредством автоматического обновления мою операционную систему на подлинность.
Результат:
Изображение на фоне:
Возможно вы приобрели не лицензионную копию Windows.В трее иконка в виде синей звездочки.ComboFix 09-04-03.01 — Administrator 2009-04-04 18:01:57.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1672 [GMT 7:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdministratorРабочий столCFScript.txt
FW: Outpost Firewall Pro *enabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.2009-04-01 22:10 . 2009-04-01 22:10 d
c:documents and settingsAdministratorApplication DataImgBurn
2009-04-01 22:05 . 2009-04-01 22:05 d
c:program filesImgBurn
2009-03-29 18:42 . 2009-03-29 18:42 d
c:windowssystem32Kaspersky Lab
2009-03-29 18:42 . 2009-03-29 18:42 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-25 14:43 . 2009-03-25 14:48 d
c:program filesmIRC
2009-03-25 14:33 . 2009-03-25 14:37 d
c:program filesDenS-mIRC
2009-03-25 13:56 . 2009-03-25 13:56 361,600 —a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-25 00:16 . 2001-09-19 22:47 765,952 —a
c:windowssystemcrlds3d.dll
2009-03-25 00:16 . 2006-03-18 03:18 392,960 —a
c:windowssystem32driverssenfilt.sys
2009-03-25 00:16 . 2008-07-10 19:22 334,336 —a
c:windowssystem32driversADIHdAud.sys
2009-03-25 00:16 . 2007-10-18 00:37 28,672 —a
c:windowssystem32PostProc.dll
2009-03-24 22:03 . 2009-03-24 22:03 d
c:program filesInterpretatio
2009-03-23 15:22 . 2009-03-23 15:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 13:42 . 2009-03-25 20:05 d
c:program filesAlawar.ru
2009-03-23 13:25 . 2009-03-23 13:25 d
c:program filesVirtualDubMod
2009-03-22 17:00 . 2009-03-22 17:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 19:02 . 2009-03-20 22:52 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-20 16:27 . 2009-03-20 16:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 16:05 . 2009-04-03 22:55 d
c:windowssystem32Filt
2009-03-14 16:05 . 2009-03-14 16:05 d
c:program filesAgnitum
2009-03-14 16:05 . 2009-02-26 11:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 16:05 . 2009-02-10 17:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 16:05 . 2008-06-20 10:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 16:05 . 2009-01-16 12:14 49 —a
c:windowstransp.gif
2009-03-14 16:04 . 2009-03-14 16:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 15:53 . 2009-03-14 15:53 d
c:program filesYandex
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 20:42 . 2004-09-06 11:25 d
c:program filesDjvuReader
2009-03-09 19:21 . 2009-03-09 19:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 17:42 . 2009-03-09 17:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 17:42 . 2009-03-09 17:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 17:41 . 2009-03-09 17:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 17:40 . 2009-03-14 15:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 17:39 . 2009-03-09 17:40 d
c:program filesDAEMON Tools Lite
2009-03-09 17:39 . 2009-03-09 17:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 17:15 . 2009-03-07 20:54 d
c:documents and settingsAll UsersApplication DataDoctor Web.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 10:54
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-04-03 17:50
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-30 05:04
d
w c:program filesFinale 2007
2009-03-30 04:51
d
w c:program filesNero
2009-03-25 06:56 361,600 —-a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-03-01 16:46
d
w c:program filesWindows Media Connect 2
2009-02-28 12:40 4,608 —-a-w c:windowssystem32w95inf32.dll
2009-02-28 12:40 2,272 —-a-w c:windowssystem32w95inf16.dll
2009-02-28 12:20
d
w c:program filesCommon FilesAdobe
2009-02-26 12:48
d
w c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 12:01
d—a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-18 12:04 632 —-a-w C:settings.dat
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 18:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 19:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2008-04-15 1040384]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
.
Contents of the ‘Scheduled Tasks’ folder2009-04-02 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 19:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 18:03:12
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-04-04 18:04:42
ComboFix-quarantined-files.txt 2009-04-04 11:04:40
ComboFix2.txt 2009-03-31 10:11:30Pre-Run: 34 810 609 664 байт свободно
Post-Run: 34,802,872,320 байт свободно157 — E O F — 2009-03-14 08:20:38
ComboFix 09-03-30.02 — Administrator 2009-03-31 17:08:47.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1660 [GMT 7:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *enabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.2009-03-29 18:42 . 2009-03-29 18:42 d
c:windowssystem32Kaspersky Lab
2009-03-29 18:42 . 2009-03-29 18:42 d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-25 14:43 . 2009-03-25 14:48 d
c:program filesmIRC
2009-03-25 14:33 . 2009-03-25 14:37 d
c:program filesDenS-mIRC
2009-03-25 13:56 . 2009-03-25 13:56 361,600 —a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-25 00:16 . 2001-09-19 22:47 765,952 —a
c:windowssystemcrlds3d.dll
2009-03-25 00:16 . 2006-03-18 03:18 392,960 —a
c:windowssystem32driverssenfilt.sys
2009-03-25 00:16 . 2008-07-10 19:22 334,336 —a
c:windowssystem32driversADIHdAud.sys
2009-03-25 00:16 . 2007-10-18 00:37 28,672 —a
c:windowssystem32PostProc.dll
2009-03-24 22:03 . 2009-03-24 22:03 d
c:program filesInterpretatio
2009-03-23 15:22 . 2009-03-23 15:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 13:42 . 2009-03-25 20:05 d
c:program filesAlawar.ru
2009-03-23 13:25 . 2009-03-23 13:25 d
c:program filesVirtualDubMod
2009-03-22 17:00 . 2009-03-22 17:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 19:02 . 2009-03-20 22:52 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-20 16:27 . 2009-03-20 16:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 16:05 . 2009-03-30 12:05 d
c:windowssystem32Filt
2009-03-14 16:05 . 2009-03-14 16:05 d
c:program filesAgnitum
2009-03-14 16:05 . 2009-02-26 11:27 704,384 —a
c:windowssystem32driversSandBox.sys
2009-03-14 16:05 . 2009-02-10 17:15 257,432 —a
c:windowssystem32driversafwcore.sys
2009-03-14 16:05 . 2008-06-20 10:45 30,864 —a
c:windowssystem32driversafw.sys
2009-03-14 16:05 . 2009-01-16 12:14 49 —a
c:windowstransp.gif
2009-03-14 16:04 . 2009-03-14 16:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 15:53 . 2009-03-14 15:53 d
c:program filesYandex
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 19:28 . 2009-03-11 19:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 20:42 . 2004-09-06 11:25 d
c:program filesDjvuReader
2009-03-09 19:21 . 2009-03-09 19:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 17:42 . 2009-03-09 17:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 17:42 . 2009-03-09 17:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 17:41 . 2009-03-09 17:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 17:40 . 2009-03-14 15:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 17:39 . 2009-03-09 17:40 d
c:program filesDAEMON Tools Lite
2009-03-09 17:39 . 2009-03-09 17:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 17:15 . 2009-03-07 20:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 23:46 . 2009-03-01 23:46 d
c:windowssystem32LogFiles
2009-03-01 23:46 . 2009-03-01 23:46 d
c:windowssystem32driversUMDF
2009-03-01 23:46 . 2009-03-01 23:46 d
c:program filesWindows Media Connect 2
2009-03-01 14:01 . 2008-10-30 20:24 d
c:program filesPlugins
2009-03-01 14:01 . 2008-10-30 20:52 d
c:program filesLangs
2009-03-01 14:01 . 2008-10-30 20:24 d
c:program filesHelp
2009-02-28 20:12 . 2000-07-10 12:04 155,648 —a
c:windowsRusUinst.exe
2009-02-28 20:12 . 1998-06-25 16:13 28,160 —a
c:windowsUnSetup.exe
2009-02-28 19:40 . 1998-09-02 15:02 194,320 —a
c:windowssystem32qcut.dll
2009-02-28 19:40 . 1998-08-27 11:51 182,032 —a
c:windowssystem32dxtmsft3.dll
2009-02-28 19:40 . 1998-08-20 18:02 140,800 —a
c:windowssystem32tm20dec.ax
2009-02-28 19:40 . 1998-09-02 15:28 63,488 —a
c:windowssystem32unam4ie.exe
2009-02-28 19:40 . 1998-09-02 15:28 38,160 —a
c:windowssystem32LMRTREND.dll
2009-02-28 19:40 . 1998-08-17 16:21 11,776 —a
c:windowssystem32mciqtz.drv
2009-02-28 19:40 . 1998-08-17 16:21 10,240 —a
c:windowssystem32vidx16.dll
2009-02-28 19:40 . 1998-08-17 16:21 5,672 —a
c:windowssystem32quartz.vxd
2009-02-28 19:40 . 2009-02-28 19:40 4,608 —a
c:windowssystem32w95inf32.dll
2009-02-28 19:40 . 2009-02-28 19:40 2,272 —a
c:windowssystem32w95inf16.dll
2009-02-28 19:38 . 1998-01-19 18:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 19:38 . 2009-02-28 19:38 306 —a
c:windowsQTW.INI
2009-02-28 19:37 . 2009-02-28 19:38 30 —a
c:windowsRESULT.QTW
2009-02-28 19:34 . 2009-02-28 19:37 63 —a
c:windowsMaris.ini
2009-02-28 19:33 . 2009-02-28 19:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 19:33 . 1996-11-06 12:58 302,592 —a
c:windowsunin0419.exe
2009-02-28 19:19 . 2009-02-28 19:20 d
c:program filesCommon FilesAdobe
2009-02-28 19:00 . 1998-10-02 20:00 327,168 —a
c:windowsIsUninst.exe
2009-02-26 23:57 . 2008-04-14 01:17 25,856 —a
c:windowssystem32driversusbprint.sys
2009-02-26 23:57 . 2008-04-14 01:17 25,856 —a—c— c:windowssystem32dllcacheusbprint.sys
2009-02-26 19:48 . 2009-02-26 19:48 d
c:documents and settingsAdministratorApplication DatamIRC
2009-02-21 19:01 . 2009-02-21 19:01 d-a
c:program filesCoolReader 3.0.8
2009-02-21 18:56 . 2009-02-21 18:57 d
c:documents and settingsAdministratorApplication Datacr3
2009-02-20 21:07 . 2001-10-19 21:33 12,160 —a
c:windowssystem32driversmouhid.sys
2009-02-20 21:07 . 2001-10-19 21:33 12,160 —a—c— c:windowssystem32dllcachemouhid.sys
2009-02-20 21:06 . 2008-04-14 01:15 10,368 —a
c:windowssystem32drivershidusb.sys
2009-02-20 21:06 . 2008-04-14 01:15 10,368 —a—c— c:windowssystem32dllcachehidusb.sys
2009-02-17 23:54 . 2009-02-17 23:54 d
c:program filesNative Instruments
2009-02-17 23:54 . 2009-02-17 23:56 d
c:program filesFinale GPO 2.0
2009-02-17 23:54 . 2006-05-19 17:54 393,216 —a
c:windowssystem32NI_IRC_1_1.dll
2009-02-17 23:54 . 2005-04-04 19:00 393,216 —a
c:windowssystem32NI_IRC_1_0_3.dll
2009-02-17 23:54 . 2006-07-11 17:16 61,440 —a
c:windowssystem32NI_DFD_1_4.dll
2009-02-17 23:52 . 2009-03-30 12:04 d
c:program filesFinale 2007
2009-02-17 23:35 . 2009-02-17 23:53 d
C:Psfonts
2009-02-17 23:34 . 2009-03-14 15:23 d
c:program filesFinale 2006
2009-02-17 23:34 . 2009-02-17 23:34 573 —a
c:windowswiniini.fin
2009-02-16 23:57 . 2009-02-16 23:57 d
c:program filesSolo9
2009-02-16 23:57 . 2009-02-16 23:57 d
c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 18:37 . 2009-02-15 18:37 d
c:program filesuTorrent
2009-02-14 23:16 . 2009-03-02 22:19 208 —a
c:windowsUpdateClientUI.INI
2009-02-13 16:01 . 2009-03-31 17:07 d
c:documents and settingsAdministratorApplication DatauTorrent
2009-02-12 20:34 . 2009-02-12 20:34 1,172 —a
c:windowsmozver.dat
2009-02-12 18:40 . 2009-02-12 18:40 0 —a
c:windowsnsreg.dat
2009-02-12 18:24 . 2009-02-12 18:24 d
c:program files2gis
2009-02-12 18:05 . 2009-02-12 18:05 d
c:documents and settingsAdministratorApplication DataGrym
2009-02-12 17:53 . 2009-02-12 18:09 d
c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 17:30 . 2009-02-12 17:30 d
c:program filesK-Soft
2009-02-10 18:49 . 2008-12-21 06:03 6,066,688
c— c:windowssystem32dllcacheieframe.dll
2009-02-10 18:49 . 2007-04-17 16:32 2,455,488
c— c:windowssystem32dllcacheieapfltr.dat
2009-02-10 18:49 . 2007-03-08 12:12 1,060,864
c— c:windowssystem32dllcacheieframe.dll.mui
2009-02-10 18:49 . 2008-12-21 06:03 459,264
c— c:windowssystem32dllcachemsfeeds.dll
2009-02-10 18:49 . 2008-12-21 06:03 383,488
c— c:windowssystem32dllcacheieapfltr.dll
2009-02-10 18:49 . 2008-12-21 06:03 267,776
c— c:windowssystem32dllcacheiertutil.dll
2009-02-10 18:49 . 2008-12-21 06:03 63,488
c— c:windowssystem32dllcacheicardie.dll
2009-02-10 18:49 . 2008-12-21 06:03 52,224
c— c:windowssystem32dllcachemsfeedsbs.dll
2009-02-10 18:49 . 2008-12-19 16:10 13,824
c— c:windowssystem32dllcacheieudinit.exe
2009-02-08 01:52 . 2009-02-08 01:52 d
c:program filesMSXML 4.0
2009-02-07 22:17 . 2002-01-05 04:40 487,424 —a
c:windowssystem32Msvcp70.dll
2009-02-07 22:17 . 2004-08-18 13:34 442,368 —a
c:windowssystem32vp6vfw.dll
2009-02-07 22:17 . 2002-01-05 07:37 344,064 —a
c:windowssystem32Msvcr70.dll
2009-02-07 22:17 . 2004-08-06 14:49 265,785 —a
c:windowssystem32pixomatic.dll
2009-02-07 22:17 . 2004-01-06 11:43 188,416 —a
c:windowssystem32eax.dll
2009-02-07 22:17 . 2004-10-18 15:04 161,280 —a
c:windowssystem32fmod.dll
2009-02-07 22:17 . 2002-02-04 03:43 82,432 —a
c:windowssystem32msxml4r.dll
2009-02-07 22:17 . 2002-01-05 04:38 54,784 —a
c:windowssystem32msvci70.dll
2009-02-07 22:17 . 2002-02-01 08:00 22,016 —a
c:windowssystem32borlndmm.dll
2009-02-07 17:21 . 2008-06-15 00:35 272,512
c:windowssystem32driversbthport.sys
2009-02-07 17:21 . 2008-06-15 00:35 272,512
c— c:windowssystem32dllcachebthport.sys
2009-02-07 17:18 . 2009-02-07 17:20 d
c:windowssystem32NtmsData
2009-02-01 02:17 . 2008-08-14 20:26 2,190,976
c— c:windowssystem32dllcachentoskrnl.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,147,328
c— c:windowssystem32dllcachentkrnlmp.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,067,840
c— c:windowssystem32dllcachentkrnlpa.exe
2009-02-01 02:17 . 2008-08-14 20:26 2,025,984
c— c:windowssystem32dllcachentkrpamp.exe
2009-02-01 02:10 . 2008-10-24 18:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-02-01 01:51 . 2009-03-11 18:16 d—h
c:windows$hf_mig$
2009-02-01 01:51 . 2007-07-27 10:41 26,488 —a
c:windowssystem32spupdsvc.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 14:43
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-30 04:51
d
w c:program filesNero
2009-03-25 06:56 361,600 —-a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d—h—w c:program filesInstallShield Installation Information
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 —-a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-01-31 11:43 14,336 —-a-w c:windowssystem32svchost.exe
2009-01-18 12:04 632 —-a-w C:settings.dat
2008-12-23 15:58 453,152 —-a-w c:windowssystem32NVUNINST.EXE
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2008-12-05 06:57 144,896 —-a-w c:windowssystem32schannel.dll
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 18:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 19:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 13:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-26 86016]
«2gis update client UI»=»c:program files2gisUpdateClientWin32UpdateClientUI.exe» [2008-09-17 4055040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2008-04-15 1040384]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-26 13680640]
«nwiz»=»nwiz.exe» [2008-12-26 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
.
Contents of the ‘Scheduled Tasks’ folder2009-03-30 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
— c:windowssystem32mobsync.exe [2008-04-15 19:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web — http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage —
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:09:59
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-2000478354-1292428093-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{897B7768-C70E-C0DE-BBAB-739DB4D9838D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
«jacjbhbapdocbnljnjaf»=hex:62,61,67,70,00,00
«jacjbhbapdocbnljnjme»=hex:62,61,64,70,00,00
«iaciglnpcmbbkjgenh»=hex:6b,61,62,70,6c,66,63,62,67,6f,6e,69,64,67,68,67,62,70,
62,6f,6a,6a,00,00
«hagjfjjilhmoipdj»=hex:61,62,62,69,63,68,61,68,68,6b,63,70,6f,6a,6a,61,67,6f,
68,69,6c,6f,6f,61,69,61,63,6f,63,61,64,6a,66,6f,00,00
«jahjchdopolfihckdggn»=hex:64,62,6e,69,64,69,64,64,70,63,6e,65,6b,6c,63,69,65,
6b,6a,6b,67,65,66,64,65,6c,62,61,62,6d,6f,6b,6e,68,61,63,6a,6b,6f,65,00,00
«haeipjdhjomfipen»=hex:6b,61,62,70,6c,66,63,62,67,6f,6e,69,64,67,6d,67,6f,6f,
61,62,63,6c,00,00
.
Completion time: 2009-03-31 17:11:28
ComboFix-quarantined-files.txt 2009-03-31 10:11:26
ComboFix2.txt 2009-03-25 18:42:41Pre-Run: 34 410 795 008 байт свободно
Post-Run: 34,404,618,240 байт свободно236 — E O F — 2009-03-14 08:20:38
Просканировала KIS’oм и выкладываю результаты сканирования:
[attachment=0:27bcignu]Scan by KIS.txt[/attachment:27bcignu]GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 00:31:06
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB2B13A60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB2AF8BF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB2B15920]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB2AF4F60]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB2B00090]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB2B0C2B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB2B0CBB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB2AF3D10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB2AFFE40]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB2B0AD70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB2B18F30]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB2AFEB20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB2B01900]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB2B083A0]
SSDT spdy.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spdy.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB2B09BB0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB2AFF6B0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB2AF7C10]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2B00FC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB2B0ECA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB2AF4580]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB2B0E060]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB2B14DA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB2AF98A0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB2B03750]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB2B03FA0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2B12ED0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB2B07590]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB2B05500]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB2B17A50]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB2B17D70]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB2B06D20]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB2B05C80]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB2B064D0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB2B16480]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB2B12440]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xB2B19520]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2AFABF0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB2B091C0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB2B04820]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2B11190]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB2B11AC0]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB2B18770]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB2B0F790]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2B10620]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB2B0A530]
SSDT ??C:WINDOWSsystem32driversSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB2B142B0]
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89BE3BF8
INT 0x73 ? 89A45BF8
INT 0x73 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89BE3BF8
INT 0x83 ? 89A45BF8
INT 0x83 ? 89BE3BF8
INT 0x84 ? 89A45BF8
INT 0xA4 ? 89A45BF8
INT 0xB4 ? 89A45BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [90, 11, B1, B2, C0, 1A, B1, ...]
? spdy.sys Íå óäàåòñÿ íàéòè óêàçàííûé ôàéë. !
.text USBPORT.SYS!DllUnload B84DE8AC 5 Bytes JMP 89A451D8
? System32Driversa8943f91.SYS Ñèñòåìå íå óäàåòñÿ íàéòè óêàçàííûé ïóòü. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spdy.sys
IAT SystemRootsystem32DRIVERSndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSraspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSpsched.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootSystem32DriversNDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSarp1394.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B83FC906] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device FileSystemNtfs Ntfs 89BE21F8
Device FileSystemFastfat FatCdrom 87C281F8
Device DriverTcpip DeviceIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverPCI_PNP6566 Device0000043 spdy.sys
Device Driverusbuhci DeviceUSBPDO-0 89A5F1F8
Device Driverdmio DeviceDmControlDmIoDaemon 89C541F8
Device Driverdmio DeviceDmControlDmConfig 89C541F8
Device Driverdmio DeviceDmControlDmPnP 89C541F8
Device Driverdmio DeviceDmControlDmInfo 89C541F8
Device Driverusbuhci DeviceUSBPDO-1 89A5F1F8
Device Driverusbehci DeviceUSBPDO-2 89A411F8
Device Driverusbuhci DeviceUSBPDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBPDO-4 89A5F1F8
Device DriverTcpip DeviceTcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBPDO-5 89A5F1F8
Device Driverusbehci DeviceUSBPDO-6 89A411F8
Device DriverFtdisk DeviceHarddiskVolume1 89BE41F8
Device DriverFtdisk DeviceHarddiskVolume2 89BE41F8
Device DriverCdrom DeviceCdRom0 899F11F8
Device DriverFtdisk DeviceHarddiskVolume3 89BE41F8
Device DriverCdrom DeviceCdRom1 899F11F8
Device DriverCdrom DeviceCdRom2 899F11F8
Device DriverNetBT DeviceNetBt_Wins_Export 893831F8
Device DriverNetBT DeviceNetbiosSmb 893831F8
Device Driversptd Device2574426566 spdy.sys
Device DriverTcpip DeviceUdp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverTcpip DeviceRawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBFDO-0 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-1 89A5F1F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 8839E1F8
Device DriverTcpip DeviceIPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbehci DeviceUSBFDO-2 89A411F8
Device FileSystemMRxSmb DeviceLanmanRedirector 8839E1F8
Device Driverusbuhci DeviceUSBFDO-3 89A5F1F8
Device Driverusbuhci DeviceUSBFDO-4 89A5F1F8
Device DriverFtdisk DeviceFtControl 89BE41F8
Device Driverusbuhci DeviceUSBFDO-5 89A5F1F8
Device Driverusbehci DeviceUSBFDO-6 89A411F8
Device Drivera8943f91 DeviceScsia8943f911 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target0Lun0 899AB500
Device Drivera8943f91 DeviceScsia8943f911Port6Path0Target1Lun0 899AB500
Device FileSystemFastfat Fat 87C281F8
Device FileSystemCdfs Cdfs 898FB500
---- Registry - GMER 1.0.15 ----
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!0454B0450424>494 0000440404?4B0454@4 0010039004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xD5 0x3E 0x15 0x6E ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x8F 0x4C 0x37 0xAF ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0xFD 0x35 0x7E 0x0D ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0xFE 0xBB 0x6A 0xA3 ...
---- EOF - GMER 1.0.15 ----ComboFix 09-03-23.01 - Administrator 2009-03-26 0:40:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2047.1571 [GMT 6:00]
Running from: c:documents and settingsAdministratorРабочий столComboFix.exe
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-25 13:43 . 2009-03-25 13:48 d
c:program filesmIRC
2009-03-25 13:33 . 2009-03-25 13:37 d
c:program filesDenS-mIRC
2009-03-25 12:56 . 2009-03-25 12:56 361,600 --a
c:windowssystem32driversTCPIP.SYS.ORIGINAL
2009-03-24 23:16 . 2001-09-19 21:47 765,952 --a
c:windowssystemcrlds3d.dll
2009-03-24 23:16 . 2006-03-18 02:18 392,960 --a
c:windowssystem32driverssenfilt.sys
2009-03-24 23:16 . 2008-07-10 18:22 334,336 --a
c:windowssystem32driversADIHdAud.sys
2009-03-24 23:16 . 2007-10-17 23:37 28,672 --a
c:windowssystem32PostProc.dll
2009-03-24 21:03 . 2009-03-24 21:03 d
c:program filesInterpretatio
2009-03-23 14:22 . 2009-03-23 14:23 d
c:documents and settingsAll UsersApplication DataBarbie Fashion Show
2009-03-23 12:42 . 2009-03-25 19:05 d
c:program filesAlawar.ru
2009-03-23 12:25 . 2009-03-23 12:25 d
c:program filesVirtualDubMod
2009-03-22 16:00 . 2009-03-22 16:00 d
c:documents and settingsAdministratorApplication DataGaijin Ent
2009-03-20 18:02 . 2009-03-20 21:52 d
c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2009-03-20 15:27 . 2009-03-20 15:27 d
c:documents and settingsAdministratorApplication DataBloom
2009-03-14 15:05 . 2009-03-25 12:13 d
c:windowssystem32Filt
2009-03-14 15:05 . 2009-03-14 15:05 d
c:program filesAgnitum
2009-03-14 15:05 . 2009-02-26 10:27 704,384 --a
c:windowssystem32driversSandBox.sys
2009-03-14 15:05 . 2009-02-10 16:15 257,432 --a
c:windowssystem32driversafwcore.sys
2009-03-14 15:05 . 2008-06-20 09:45 30,864 --a
c:windowssystem32driversafw.sys
2009-03-14 15:05 . 2009-01-16 11:14 49 --a
c:windowstransp.gif
2009-03-14 15:04 . 2009-03-14 15:04 d
c:documents and settingsAll UsersApplication DataAgnitum
2009-03-14 14:53 . 2009-03-14 14:53 d
c:program filesYandex
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 18:28 . 2009-03-11 18:28 d
c:documents and settingsAdministratorApplication DataMalwarebytes
2009-03-09 19:42 . 2004-09-06 10:25 d
c:program filesDjvuReader
2009-03-09 18:21 . 2009-03-09 18:21 d
c:documents and settingsAdministratorApplication DataTurbogames.ru
2009-03-09 16:42 . 2009-03-09 16:50 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Pro
2009-03-09 16:42 . 2009-03-09 16:42 d
c:documents and settingsAdministratorApplication DataDAEMON Tools
2009-03-09 16:41 . 2009-03-09 16:41 d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-03-09 16:40 . 2009-03-14 14:53 d
c:documents and settingsAdministratorApplication DataYandex
2009-03-09 16:39 . 2009-03-09 16:40 d
c:program filesDAEMON Tools Lite
2009-03-09 16:39 . 2009-03-09 16:57 d
c:documents and settingsAdministratorApplication DataDAEMON Tools Lite
2009-03-07 16:15 . 2009-03-07 19:54 d
c:documents and settingsAll UsersApplication DataDoctor Web
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32LogFiles
2009-03-01 22:46 . 2009-03-01 22:46 d
c:windowssystem32driversUMDF
2009-03-01 22:46 . 2009-03-01 22:46 d
c:program filesWindows Media Connect 2
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesPlugins
2009-03-01 13:01 . 2008-10-30 19:52 d
c:program filesLangs
2009-03-01 13:01 . 2008-10-30 19:24 d
c:program filesHelp
2009-02-28 19:12 . 2000-07-10 11:04 155,648 --a
c:windowsRusUinst.exe
2009-02-28 19:12 . 1998-06-25 15:13 28,160 --a
c:windowsUnSetup.exe
2009-02-28 18:40 . 1998-09-02 14:02 194,320 --a
c:windowssystem32qcut.dll
2009-02-28 18:40 . 1998-08-27 10:51 182,032 --a
c:windowssystem32dxtmsft3.dll
2009-02-28 18:40 . 1998-08-20 17:02 140,800 --a
c:windowssystem32tm20dec.ax
2009-02-28 18:40 . 1998-09-02 14:28 63,488 --a
c:windowssystem32unam4ie.exe
2009-02-28 18:40 . 1998-09-02 14:28 38,160 --a
c:windowssystem32LMRTREND.dll
2009-02-28 18:40 . 1998-08-17 15:21 11,776 --a
c:windowssystem32mciqtz.drv
2009-02-28 18:40 . 1998-08-17 15:21 10,240 --a
c:windowssystem32vidx16.dll
2009-02-28 18:40 . 1998-08-17 15:21 5,672 --a
c:windowssystem32quartz.vxd
2009-02-28 18:40 . 2009-02-28 18:40 4,608 --a
c:windowssystem32w95inf32.dll
2009-02-28 18:40 . 2009-02-28 18:40 2,272 --a
c:windowssystem32w95inf16.dll
2009-02-28 18:38 . 1998-01-19 17:39 27,600 -ra
c:windowsisk3ro.exe
2009-02-28 18:38 . 2009-02-28 18:38 306 --a
c:windowsQTW.INI
2009-02-28 18:37 . 2009-02-28 18:38 30 --a
c:windowsRESULT.QTW
2009-02-28 18:34 . 2009-02-28 18:37 63 --a
c:windowsMaris.ini
2009-02-28 18:33 . 2009-02-28 18:33 d
c:documents and settingsAdministratorWINDOWS
2009-02-28 18:33 . 1996-11-06 11:58 302,592 --a
c:windowsunin0419.exe
2009-02-28 18:19 . 2009-02-28 18:20 d
c:program filesCommon FilesAdobe
2009-02-28 18:00 . 1998-10-02 19:00 327,168 --a
c:windowsIsUninst.exe
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a
c:windowssystem32driversusbprint.sys
2009-02-26 22:57 . 2008-04-14 00:17 25,856 --a--c--- c:windowssystem32dllcacheusbprint.sys
2009-02-26 18:48 . 2009-02-26 18:48 d
c:documents and settingsAdministratorApplication DatamIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 17:58
d
w c:documents and settingsAdministratorApplication DatauTorrent
2009-03-25 16:12
d
w c:documents and settingsAdministratorApplication DataAIMP
2009-03-25 06:56 361,600 ----a-w c:windowssystem32driversTCPIP.SYS
2009-03-20 09:22
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-14 08:23
d
w c:program filesFinale 2006
2009-03-09 12:28
d
w c:documents and settingsAll UsersApplication DataPlayFirst
2009-03-09 12:28
d
w c:documents and settingsAdministratorApplication DataPlayFirst
2009-03-02 09:45
d--h--w c:program filesInstallShield Installation Information
2009-02-21 12:01
d---a-w c:program filesCoolReader 3.0.8
2009-02-21 11:57
d
w c:documents and settingsAdministratorApplication Datacr3
2009-02-17 17:02
d
w c:program filesFinale 2007
2009-02-17 16:56
d
w c:program filesFinale GPO 2.0
2009-02-17 16:54
d
w c:program filesNative Instruments
2009-02-16 16:57
d
w c:program filesSolo9
2009-02-16 16:57
d
w c:documents and settingsAll UsersApplication DataSolo9
2009-02-15 11:37
d
w c:program filesuTorrent
2009-02-12 11:24
d
w c:program files2gis
2009-02-12 11:09
d
w c:documents and settingsAll UsersApplication Data2GIS
2009-02-12 11:05
d
w c:documents and settingsAdministratorApplication DataGrym
2009-02-12 10:30
d
w c:program filesK-Soft
2009-02-10 11:50
d
w c:program filesCommon FilesReGet Shared
2009-02-09 14:07 1,846,912 ----a-w c:windowssystem32win32k.sys
2009-02-08 12:26
d
w c:documents and settingsAdministratorApplication DataReGet Software
2009-02-07 18:52
d
w c:program filesMSXML 4.0
2009-01-31 11:43 14,336 ----a-w c:windowssystem32svchost.exe
2009-01-30 15:08
d
w c:program filesNero
2009-01-29 17:08
d
w c:program filesCommon FilesNero
2009-01-29 17:08
d
w c:documents and settingsAll UsersApplication DataNero
2009-01-29 17:08
d
w c:documents and settingsAdministratorApplication DataNero
2009-01-18 12:04 632 ----a-w C:settings.dat
2006-06-23 06:48 32,768 ----a-r c:windowsinfUpdateUSB.exe
.
Sigcheck
2008-06-20 17:59 361600 ad978a1b783b5719720cff204b666c8e c:windows$hf_mig$KB951748SP3QFEtcpip.sys
2008-04-15 18:00 361344 93ea8d04ec73a85db02eb8805988f733 c:windows$NtUninstallKB951748$tcpip.sys
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32dllcacheTCPIP.SYS
2009-03-25 12:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:windowssystem32driversTCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32ctfmon.exe" [2008-04-15 15360]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-12-26 86016]
"2gis update client UI"="c:program files2gisUpdateClientWin32UpdateClientUI.exe" [2008-09-17 4055040]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-06-12 34672]
"OutpostFeedBack"="c:program filesAgnitumOutpost Firewall Profeedback.exe" [2009-03-02 433480]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2008-04-15 1040384]
"nwiz"="nwiz.exe" [2008-12-26 c:windowssystem32nwiz.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"c:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\sessmgr.exe"=
"c:\Program Files\uTorrent\utorrent.exe"=
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-03-14 704384]
R2 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2009-03-14 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-03-14 257432]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-03-14 33888]
S2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-14 1267016]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32driversatl01_xp.sys [2009-01-05 35840]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
*Deregistered* - DwShield00006C58
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:windowsTasks{DB41A4E8-349D-406A-AAA5-9B1F0B64152B}_HOME_Administrator.job
- c:windowssystem32mobsync.exe [2008-04-15 18:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tomtel.ru/
IE: &Экспорт в Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Проверить ссылку Dr.Web - http://www.drweb.com/online/drweb-online-ru.html
Trusted Zone: vtomske.rutorrents
Handler: solores - {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} - c:progra~1Solo9SoloRes.dll
FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileslbvkc7xv.default
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 00:41:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-26 0:42:41
ComboFix-quarantined-files.txt 2009-03-25 18:42:39
ComboFix2.txt 2009-03-23 06:08:00
Pre-Run: 33 174 167 552 байт свободно
Post-Run: 33,177,890,816 байт свободно
183 --- E O F --- 2009-03-14 08:20:38Firewall стоит и обнаруживает только атаки разных IP на мой компьютер (Scan).
Звук продолжает барахлить, компьютер тормозит (мышка не двигается порой). Кстати это происходит как при запуске различных приложений (например браузер, utorrent,Другие программы) так и при бездействии. Раньше такого не случалось. Не знаю что и делать…
