Здравствуйте!
Сейчас при сканировании Malwarebytes’ Anti-Malware вирусы не находятся, но комп иногда во время работы сам перезагружается 😯
Что это может быть?
Вот последние логи RSIT:
info.txt logfile of random’s system information tool 1.08 2010-07-27 09:51:51
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Ask Toolbar—>MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI AVIVO Codecs—>MsiExec.exe /I{79AE776D-FA42-4040-B5F3-F317500D0FCD}
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Problem Report Wizard—>MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Call of Duty: Modern Warfare 2 — Multiplayer—>»C:Program FilesSteamsteam.exe» steam://uninstall/10190
Call of Duty: Modern Warfare 2—>»C:Program FilesSteamsteam.exe» steam://uninstall/10180
Catalyst Control Center — Branding—>MsiExec.exe /I{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
CCleaner—>»C:Program FilesCCleaneruninst.exe»
CDDRV_Installer—>MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
DiRT2—>»C:Program FilesInstallShield Installation Information{61FC48EA-AE7C-40B4-8A31-B3EAA2752BE4}setup.exe» -runfromtemp -l0x0419 -removeonly
DiRT2—>MsiExec.exe /I{61FC48EA-AE7C-40B4-8A31-B3EAA2752BE4}
Glary Utilities 2.26.0.956—>»C:Program FilesGlary Utilitiesunins000.exe»
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
HydraVision—>MsiExec.exe /X{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}
KhalInstallWrapper—>MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
K-Lite Mega Codec Pack 5.0.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}SETUP.EXE» -l0x9 UNINSTALL
Logitech Registration—>MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint—>C:Program FilesInstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}setup.exe -runfromtemp -l0x0019 -removeonly
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Mozilla Firefox (3.6.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MyPlayCityRU Toolbar—>C:PROGRA~1MYPLAY~1UNWISE.EXE /U C:PROGRA~1MYPLAY~1INSTALL.LOG
OLYMPUS Master 2—>MsiExec.exe /X{9FA93155-472F-4778-87A8-95244FD1535D}
OpenAL—>»C:Program FilesOpenALOpenALwEAX.exe» /U
PES 2010—>»C:Program FilesPES 2010unins000.exe»
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
Rapture3D 2.3.22 Game—>»C:Program FilesBRSunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe -runfromtemp -removeonly
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Total Commander 7.02a PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
VIA Диспетчер устройств платформы—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Vit Registry Fix 9.5 (remove only)—>C:Program FilesVITSOFTVit Registry FixUninstall.exe
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Yahoo! Anti-Spy—>C:PROGRA~1Yahoo!Commonunypsr.exe
Yahoo! Toolbar—>C:PROGRA~1Yahoo!Commonunyt.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Барнаул 01.07.2010—>MsiExec.exe /X{9865FB9F-F7D0-4587-B86F-220F92286280}
ДубльГИС 3.0.7.1—>MsiExec.exe /X{ABAFFBBB-3076-460D-BD3D-85FF187F1CC4}
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
======Security center information======
AV: avast! antivirus 4.8.1368 [VPS 100726-1]
======System event log======
Computer Name: 02E3D0A6B317490
Event Code: 6005
Message: Запущена служба журнала событий.
Record Number: 10670
Source Name: EventLog
Time Written: 20100623173456.000000+420
Event Type: информация
User:
Computer Name: 02E3D0A6B317490
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 10669
Source Name: EventLog
Time Written: 20100623173456.000000+420
Event Type: информация
User:
Computer Name: 02E3D0A6B317490
Event Code: 6006
Message: Служба журнала событий остановлена.
Record Number: 10668
Source Name: EventLog
Time Written: 20100622224306.000000+420
Event Type: информация
User:
Computer Name: 02E3D0A6B317490
Event Code: 20159
Message: Подключение пользователя «97897@512» к «стк», выполненное с помощью устройства «PPPoE4-0», было прервано.
Record Number: 10667
Source Name: RemoteAccess
Time Written: 20100622224301.000000+420
Event Type: информация
User:
Computer Name: 02E3D0A6B317490
Event Code: 7036
Message: Служба «Ati HotKey Poller» перешла в состояние Остановлена.
Record Number: 10666
Source Name: Service Control Manager
Time Written: 20100622224250.000000+420
Event Type: информация
User:
======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 10, GenuineIntel
«PROCESSOR_REVISION»=170a
«NUMBER_OF_PROCESSORS»=4
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
И вот
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Эдуард at 2010-07-28 12:33:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 165 GB (82%) free of 200 GB
Total RAM: 3327 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:36, on 28.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32savedump.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program Files2gis3.02GISTrayNotifier.exe
C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
D:Мои документыЗагрузкиRSIT.exe
C:Program FilesAlwil SoftwareAvast4setupavast.setup
C:Program Filestrend microЭдуард.exe
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.drp.su/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: UrlSearchHook Class — {00000000-6E41-4FD3-8538-502F5495E5FC} — C:Program FilesAsk.comGenericAskToolbar.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
R3 — URLSearchHook: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP1.dll
O2 — BHO: &Yahoo! Toolbar Helper — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Ask Toolbar BHO — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP1.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP1.dll
O3 — Toolbar: Ask Toolbar — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [OM2_Monitor] «C:Program FilesOLYMPUSOLYMPUS Master 2FirstStart.exe» /OM
O4 — HKLM..Run: [2Gis Update Notifier] C:Program Files2gis3.02GISTrayNotifier.exe
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [OM2_Monitor] «C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{3C2709A6-AA56-4977-BAED-A14A7C665053}: NameServer = 212.94.96.70 212.94.96.124
O17 — HKLMSystemCCSServicesTcpip..{E77B005B-9A07-4C85-A200-F52FDCF8B52A}: NameServer = 212.94.96.70,212.94.96.124
O17 — HKLMSystemCS1ServicesTcpip..{3C2709A6-AA56-4977-BAED-A14A7C665053}: NameServer = 212.94.96.70 212.94.96.124
O17 — HKLMSystemCS2ServicesTcpip..{3C2709A6-AA56-4977-BAED-A14A7C665053}: NameServer = 212.94.96.70 212.94.96.124
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: 2GIS UpdateService (2GISUpdateService) — ООО ДубльГИС — C:Program Files2gis3.02GISUpdateService.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: PnkBstrB — Unknown owner — C:WINDOWSsystem32PnkBstrB.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
—
End of file — 7506 bytes
======Scheduled tasks folder======
C:WINDOWStasksGlaryInitialize.job
C:WINDOWStasksScheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-21 803864]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-11-18 1196936]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP1.dll [2010-06-14 2515552]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-21 803864]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP1.dll [2010-06-14 2515552]
{D4027C7F-154A-4066-A1AD-4243D8127440} — Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-11-18 1196936]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2009-07-14 98304]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2007-04-11 56080]
«OM2_Monitor»=C:Program FilesOLYMPUSOLYMPUS Master 2FirstStart.exe [2009-11-25 54672]
«2Gis Update Notifier»=C:Program Files2gis3.02GISTrayNotifier.exe [2010-06-04 3319640]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«OM2_Monitor»=C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe [2009-11-25 95632]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech Desktop Messenger.lnk]
C:PROGRA~1LogitechDESKTO~18876480ProgramLOGITE~1.EXE [2009-11-24 67128]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech SetPoint.lnk]
C:PROGRA~1LogitechSetPointSetPoint.exe [2007-04-23 692224]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-07-15 155648]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSteamSteam.exe»=»C:Program FilesSteamSteam.exe:*:Enabled:Steam»
«C:Program FilesCodemastersDiRT2dirt2_game.exe»=»C:Program FilesCodemastersDiRT2dirt2_game.exe:*:Enabled:DiRT2 Executable»
«C:Program FilesPES 2010pes2010.exe»=»C:Program FilesPES 2010pes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe»=»C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2»
«C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe»=»C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 — Multiplayer»
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
======List of files/folders created in the last 1 months======
2010-07-27 09:51:41 —-D—- C:rsit
2010-07-18 22:01:34 —-SHD—- C:RECYCLER
2010-07-18 21:49:21 —-A—- C:Boot.bak
2010-07-18 21:49:16 —-RASHD—- C:cmdcons
2010-07-18 18:15:13 —-D—- C:WINDOWSERDNT
2010-07-18 08:48:56 —-D—- C:Program Filestrend micro
2010-07-15 09:25:02 —-D—- C:WINDOWSsystem32NtmsData
2010-07-02 17:59:44 —-A—- C:WINDOWSwinamp.ini
2010-07-02 17:59:42 —-R—- C:WINDOWSW95INF32.DLL
2010-07-02 17:59:42 —-R—- C:WINDOWSW95INF16.DLL
2010-07-02 17:59:42 —-R—- C:WINDOWSADVPACK.DLL
2010-07-02 17:59:42 —-A—- C:WINDOWSwmaudsdk.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSstrmdll.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSNPWMSDrm.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSmsvcrt.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSDrmStor.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSDRMClien.dll
2010-07-02 17:59:42 —-A—- C:WINDOWSasfsipc.dll
2010-07-02 17:59:42 —-A—- C:WINDOWS_WMANScp.exe
2010-07-02 17:59:41 —-D—- C:Program FilesWinamp
======List of files/folders modified in the last 1 months======
2010-07-28 12:33:21 —-D—- C:WINDOWSTemp
2010-07-28 12:32:30 —-D—- C:Program FilesMozilla Firefox
2010-07-28 12:31:17 —-D—- C:WINDOWS
2010-07-28 12:30:29 —-D—- C:Documents and SettingsЭдуардApplication DatauTorrent
2010-07-28 01:26:25 —-D—- C:WINDOWSsystem32CatRoot2
2010-07-27 20:59:36 —-D—- C:Program FilesSteam
2010-07-27 15:41:55 —-D—- C:Program FilesCCleaner
2010-07-27 03:12:52 —-SHD—- C:System Volume Information
2010-07-27 03:12:52 —-D—- C:WINDOWSsystem32Restore
2010-07-26 21:58:21 —-D—- C:Documents and SettingsЭдуардApplication DataMedia Player Classic
2010-07-26 21:05:10 —-D—- C:WINDOWSsystem32drivers
2010-07-18 22:55:17 —-D—- C:WINDOWSPrefetch
2010-07-18 21:53:15 —-A—- C:WINDOWSsystem.ini
2010-07-18 21:51:24 —-D—- C:WINDOWSsystem32
2010-07-18 21:51:24 —-D—- C:WINDOWSAppPatch
2010-07-18 21:51:15 —-D—- C:Program FilesCommon Files
2010-07-18 21:49:21 —-RASH—- C:boot.ini
2010-07-18 21:45:44 —-D—- C:WINDOWSsystem32driversetc
2010-07-18 21:38:45 —-D—- C:WINDOWSPeerNet
2010-07-18 18:38:17 —-D—- C:WINDOWSMinidump
2010-07-18 14:53:27 —-D—- C:WINDOWSHelp
2010-07-18 10:06:22 —-HDC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2010-07-18 10:06:14 —-D—- C:WINDOWSWinSxS
2010-07-18 08:48:56 —-D—- C:Program Files
2010-07-17 19:22:12 —-D—- C:WINDOWSsystem32config
2010-07-17 19:22:01 —-D—- C:WINDOWSsystem32wbem
2010-07-17 19:22:00 —-D—- C:WINDOWSRegistration
2010-07-17 19:05:37 —-D—- C:WINDOWSsrchasst
2010-07-17 17:45:57 —-HD—- C:WINDOWSinf
2010-07-17 16:31:14 —-HDC—- C:WINDOWS$NtUninstallWdf01005$
2010-07-17 15:56:41 —-D—- C:WINDOWSProvisioning
2010-07-17 14:43:52 —-RD—- C:WINDOWSOffline Web Pages
2010-07-17 14:43:51 —-D—- C:WINDOWSSHELLNEW
2010-07-17 12:09:29 —-RSD—- C:WINDOWSFonts
2010-07-14 17:28:06 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-07-06 22:29:07 —-SHD—- C:WINDOWSInstaller
2010-07-06 22:29:07 —-D—- C:Program Files2gis
2010-07-06 22:29:06 —-D—- C:Config.Msi
2010-07-01 19:20:27 —-D—- C:Program FilesGlary Utilities
2010-07-01 19:19:27 —-SD—- C:WINDOWSTasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2009-04-29 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:WINDOWSSystem32driverssfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:WINDOWSSystem32driverssfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:WINDOWSSystem32driverssfsync04.sys [2006-03-24 50176]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-07-15 4407808]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2009-06-02 99856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2007-04-11 36112]
R3 monfilt;monfilt; C:WINDOWSsystem32driversmonfilt.sys [2008-02-14 1389056]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2009-05-25 142336]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:WINDOWSsystem32driversviahduaa.sys [2009-06-02 1374464]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWSsystem32DRIVERSL8042Kbd.sys [2007-04-11 20496]
S3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2006-03-02 12416]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 vaxscsi;vaxscsi; C:WINDOWSSystem32Driversvaxscsi.sys [2010-02-05 223128]
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2009-12-26 721904]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-07-15 602112]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-11-30 66872]
R2 PnkBstrB;PnkBstrB; C:WINDOWSsystem32PnkBstrB.exe [2009-11-30 107832]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2009-07-14 593920]
S3 2GISUpdateService;2GIS UpdateService; C:Program Files2gis3.02GISUpdateService.exe [2010-06-04 775512]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
ComboFix скачал снова, CFScript создал по Вашей последней инструкции, но при перетаскивании открывается синее окно, потом появляется табличка Wire you triyng to run CFSscrypt. The name,CFSskript appears to be incorrectly spilt нажимаю ОК и синее окно закрывается и больше ни чего не происходит 😕
За ранее спасибо!
