- This topic has 8 ответов, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Помогите пожалуйста удалить порно информер!
Logfile of HijackThis v1.99.1
Scan saved at 12:49:06, on 26.11.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)Running processes:
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:AcerEmpowering TechnologyeDataSecurityeDSLoader.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Windowssystem32taskeng.exe
C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCommon FilesACD SystemsENDevDetect.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesYandexOnlineonline.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Windowsehomeehmsas.exe
C:AcerEmpowering TechnologyENETENMTRAY.EXE
C:AcerEmpowering TechnologyEPOWEREPOWER_DMC.EXE
C:AcerEmpowering TechnologyACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:Windowssystem32igfxsrvc.exe
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:UsersACHTUNGAppDataLocalTempRtkBtMnt.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesApoint2KApntex.exe
C:Windowssystem32conime.exe
C:Windowssystem32Dwm.exe
D:радиосохраненияHijackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=21979
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ru.intl.acer.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.intl.acer.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: (no name) — {1E8A6170-7264-4D0F-BEAE-D42A53123C75} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0NppBho.dll
O2 — BHO: wqplibP — {66708DE7-C5EC-4F11-97C0-72EDB4952C48} — C:Windowssystem32wqplib.dll
O2 — BHO: ConnectionServices module — {6D7B211A-88EA-490c-BAB9-3600D8D7C503} — C:Program FilesConnectionServicesConnectionServices.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: ShowBarObj Class — {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} — C:Windowssystem32ActiveToolBand.dll
O2 — BHO: MyCentria Internet Mate v2.3 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
O3 — Toolbar: Acer eDataSecurity Management — {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} — C:Windowssystem32eDStoolbar.dll
O3 — Toolbar: Show Norton Toolbar — {90222687-F593-4738-B738-FBEE9C7B26DF} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0UIBHO.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ALaunch] C:AcerALaunchAlaunchClient.exe
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [osCheck] «C:Program FilesNorton Internet SecurityosCheck.exe»
O4 — HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 — HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 — HKLM..Run: [PlayMovie] «C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe»
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [Acer Tour Reminder] C:AcerAcerTourReminder.exe
O4 — HKLM..Run: [WarReg_PopUp] C:AcerWR_PopUpWarReg_PopUp.exe
O4 — HKLM..Run: [SetPanel] C:AcerAPanelAPanel.cmd
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [Symantec PIF AlertEng] «C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» /a /m «C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [Acer Tour Reminder] C:AcerAcerTourReminder.exe
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [AdobeUpdater] C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [CS Update] copy /Y «C:Program FilesConnectionServicesConnectionServices.dll.upd» «C:Program FilesConnectionServicesConnectionServices.dll»
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Empowering Technology Launcher.lnk = ?
O4 — Global Startup: Билайн Интернет Дома.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O10 — Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll
O10 — Unknown file in Winsock LSP: c:windowssystem32napinsp.dll
O11 — Options group: [INTERNATIONAL] International*
O13 — Gopher Prefix:
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 — Protocol: ms-help — {314111C7-A502-11D2-BBCA-00C04F8EC294} — C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 — Protocol: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} — D:Resource1CREPE~1binRepAPP.dll
O18 — Filter hijack: text/xml — {807563E5-5146-11D5-A672-00B0D022E945} — C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL
O20 — AppInit_DLLs: eNetHook.dll
O20 — Winlogon Notify: igfxcui — C:WindowsSYSTEM32igfxdev.dll
O23 — Service: ALaunch Service (ALaunchService) — Unknown owner — C:AcerALaunchALaunchSvc.exe
O23 — Service: Automatic LiveUpdate Scheduler — Symantec Corporation — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe» /h ccCommon (file missing)
O23 — Service: Symantec Settings Manager (ccSetMgr) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe» /h ccCommon (file missing)
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe» /h ccCommon (file missing)
O23 — Service: COM Host (comHost) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 — Service: eDSService.exe (eDataSecurity Service) — HiTRSUT — C:AcerEmpowering TechnologyeDataSecurityeDSService.exe
O23 — Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) — Unknown owner — %windir%system32svchost.exe (file missing)
O23 — Service: eLock Service (eLockService) — Acer Inc. — C:AcerEmpowering TechnologyeLockServiceeLockServ.exe
O23 — Service: eNet Service — Acer Inc. — C:AcerEmpowering TechnologyeNeteNet Service.exe
O23 — Service: eRecovery Service (eRecoveryService) — Acer Inc. — C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 — Service: eSettings Service (eSettingsService) — Unknown owner — C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe
O23 — Service: Symantec IS Password Validation (ISPwdSvc) — Symantec Corporation — C:Program FilesNorton Internet SecurityisPwdSvc.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe» /h ccCommon (file missing)
O23 — Service: LiveUpdate Notice Service — Unknown owner — C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» /m «C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifEng.dll (file missing)
O23 — Service: MobilityService — Unknown owner — C:AcerMobility CenterMobilityService.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) — Unknown owner — %windir%system32svchost.exe (file missing)
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) — Unknown owner — %windir%system32svchost.exe (file missing)
O23 — Service: Symantec Core LC — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 — Service: Symantec AppCore Service (SymAppCore) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
O23 — Service: ePower Service (WMIService) — acer — C:AcerEmpowering TechnologyePowerePowerSvc.exe
O23 — Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — %ProgramFiles%Windows Media Playerwmpnetwk.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exeЗдравствуйте, добро пожаловать на Spyware-ru форум.
Кроме паразита, который выводит информер на экран, ваш компьютер заражён еще несколькими вредоносными программами. Их удалим тоже.
Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:O2 - BHO: wqplibP - {66708DE7-C5EC-4F11-97C0-72EDB4952C48} - C:Windowssystem32wqplib.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:Program FilesConnectionServicesConnectionServices.dll
O2 - BHO: MyCentria Internet Mate v2.3 - {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} - C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
O4 - HKCU..Run: [CS Update] copy /Y "C:Program FilesConnectionServicesConnectionServices.dll.upd" "C:Program FilesConnectionServicesConnectionServices.dll"Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.
После этого, скачайте сканер RSIT кликнув по этой ссылке.Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба лога в ваш ответ.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Огромное спасибо за сообщение. Высылаю оба лога.
Logfile of random’s system information tool 1.04 (written by random/random)
Run by ACHTUNG at 2008-11-27 09:04:16
Microsoft® Windows Vista™ Home Premium
System drive C: has 7 GB (22%) free of 33 GB
Total RAM: 1013 MB (21% free)HijackThis download failed
======Scheduled tasks folder======
C:WindowstasksNorton Internet Security — Run Full System Scan — ACHTUNG.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-11-29 436288][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0NppBho.dll [2006-11-21 96984][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{66708DE7-C5EC-4F11-97C0-72EDB4952C48}]
Crypted Data Codec — C:Windowssystem32wqplib.dll [2008-10-25 469504][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
ConnectionServices Class — C:Program FilesConnectionServicesConnectionServices.dll [2008-10-02 462336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class — C:Windowssystem32ActiveToolBand.dll [2007-04-25 299008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.3 — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL [2008-11-17 691712][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} — Acer eDataSecurity Management — C:Windowssystem32eDStoolbar.dll [2007-04-25 151552]
{90222687-F593-4738-B738-FBEE9C7B26DF} — Show Norton Toolbar — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0UIBHO.dll [2006-11-21 565960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-11-29 436288]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-12-11 1336584][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2007-07-31 1006264]
«ALaunch»=C:AcerALaunchAlaunchClient.exe []
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-07-06 4669440]
«eDataSecurity Loader»=C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe [2007-04-25 457216]
«Acer Tour»= []
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-11-21 107112]
«osCheck»=C:Program FilesNorton Internet SecurityosCheck.exe [2006-11-21 22696]
«IgfxTray»=C:Windowssystem32igfxtray.exe [2007-05-25 142104]
«HotKeysCmds»=C:Windowssystem32hkcmd.exe [2007-05-25 154392]
«Persistence»=C:Windowssystem32igfxpers.exe [2007-05-25 138008]
«LManager»=C:PROGRA~1LAUNCH~1LManager.exe [2007-07-16 768520]
«PlayMovie»=C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe [2007-05-24 206952]
«Apoint»=C:Program FilesApoint2KApoint.exe [2007-06-06 159744]
«eRecoveryService»= []
«Acer Tour Reminder»=C:AcerAcerTourReminder.exe [2007-05-22 151552]
«WarReg_PopUp»=C:AcerWR_PopUpWarReg_PopUp.exe [2006-11-05 57344]
«SetPanel»=C:AcerAPanelAPanel.cmd []
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
«Device Detector»=DevDetect.exe -autorun []
«Symantec PIF AlertEng»=C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2008-01-29 583048]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-13 1232896]
«Acer Tour Reminder»=C:AcerAcerTourReminder.exe [2007-05-22 151552]
«ehTray.exe»=C:WindowsehomeehTray.exe [2006-11-02 125440]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-01-15 147456]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-12-11 457992]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe [2007-10-12 2109440]
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe
Билайн Интернет Дома.lnk — C:Program FilesZTEMF622Билайн Интернет ДомаBeeline Home Internet.exeC:UsersACHTUNGAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»eNetHook.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:Windowssystem32igfxdev.dll [2007-05-22 200704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62b08f57-db1c-11dc-8daf-001c26bc9a9d}]
shellAutoRuncommand — F:setupSNK.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{72b4a0a0-2c0c-11dd-8fa7-001c26bc9a9d}]
shellAutoRuncommand — «F:Setupedu.exe » /autorun======File associations======
.bat — edit — %SystemRoot%System32NOTEPAD.EXE %1″
.ini — open — %SystemRoot%System32NOTEPAD.EXE %1″
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2008-11-27 09:04:19 —-D—- C:Program Filestrend micro
2008-11-27 09:04:16 —-D—- C:rsit
2008-11-26 11:58:33 —-A—- C:Windowssystem32msxml6.dll
2008-11-26 11:58:32 —-A—- C:Windowssystem32msxml6r.dll
2008-11-24 12:27:07 —-A—- C:Windowssystem32wups2.dll
2008-11-24 12:27:07 —-A—- C:Windowssystem32wucltux.dll
2008-11-24 12:27:07 —-A—- C:Windowssystem32wuaueng.dll
2008-11-24 12:27:07 —-A—- C:Windowssystem32wuauclt.exe
2008-11-24 12:26:06 —-A—- C:Windowssystem32wups.dll
2008-11-24 12:26:06 —-A—- C:Windowssystem32wudriver.dll
2008-11-24 12:26:06 —-A—- C:Windowssystem32wuapi.dll
2008-11-24 12:25:29 —-A—- C:Windowssystem32wuwebv.dll
2008-11-24 12:25:28 —-A—- C:Windowssystem32wuapp.exe
2008-11-19 19:09:46 —-D—- C:ProgramDataMumboJumbo
2008-11-19 13:46:47 —-A—- C:Windowssystem32msxml3.dll
2008-11-19 13:46:46 —-A—- C:Windowssystem32msxml3r.dll
2008-11-17 11:45:01 —-D—- C:Program FilesMyCentria
2008-11-16 23:08:27 —-A—- C:Windowssystem32netapi32.dll
2008-11-16 22:52:12 —-D—- C:UsersACHTUNGAppDataRoamingiWin
2008-11-16 22:30:27 —-AD—- C:ProgramDataTEMP
2008-11-14 14:19:09 —-A—- C:WindowsALCHUNIN.EXE
2008-11-14 14:16:31 —-D—- C:Program FilesAlchemy Mindworks
2008-11-14 14:11:20 —-A—- C:WindowsNeroDigital.ini
2008-11-11 14:47:08 —-A—- C:Windowssystem32win32spl.dll
2008-11-11 14:47:08 —-A—- C:Windowssystem32printcom.dll
2008-11-11 14:46:22 —-A—- C:Windowssystem32ntoskrnl.exe
2008-11-11 14:46:22 —-A—- C:Windowssystem32ntkrnlpa.exe
2008-11-11 14:43:45 —-A—- C:Windowssystem32ieapfltr.dll
2008-11-11 14:43:45 —-A—- C:Windowssystem32advpack.dll
2008-11-11 14:43:44 —-A—- C:Windowssystem32wininet.dll
2008-11-11 14:43:44 —-A—- C:Windowssystem32jsproxy.dll
2008-11-11 14:43:43 —-A—- C:Windowssystem32dxtrans.dll
2008-11-11 14:43:43 —-A—- C:Windowssystem32dxtmsft.dll
2008-11-11 14:43:42 —-A—- C:Windowssystem32ieui.dll
2008-11-11 14:43:41 —-A—- C:Windowssystem32ieframe.dll
2008-11-11 14:43:39 —-A—- C:Windowssystem32mshtmled.dll
2008-11-11 14:43:39 —-A—- C:Windowssystem32mshtml.dll
2008-11-11 14:43:37 —-A—- C:Windowssystem32mstime.dll
2008-11-11 14:43:36 —-A—- C:Windowssystem32icardie.dll
2008-11-11 14:43:34 —-A—- C:Windowssystem32ieUnatt.exe
2008-11-11 14:43:33 —-A—- C:Windowssystem32urlmon.dll
2008-11-11 14:43:32 —-A—- C:Windowssystem32pngfilt.dll
2008-11-11 14:43:32 —-A—- C:Windowssystem32iesetup.dll
2008-11-11 14:43:32 —-A—- C:Windowssystem32iertutil.dll
2008-11-11 14:43:32 —-A—- C:Windowssystem32iernonce.dll
2008-11-11 14:43:32 —-A—- C:Windowssystem32ie4uinit.exe
2008-10-30 19:16:50 —-D—- C:Program FilesDjVuSolo3.1======List of files/folders modified in the last 1 months======
2008-11-27 09:04:21 —-D—- C:WindowsTemp
2008-11-27 09:04:19 —-RD—- C:Program Files
2008-11-27 08:58:36 —-D—- C:WindowsSystem32
2008-11-27 08:58:34 —-A—- C:Windowssystem32PerfStringBackup.INI
2008-11-27 08:58:33 —-D—- C:Windowsinf
2008-11-26 16:44:25 —-D—- C:Windowswinsxs
2008-11-26 16:43:56 —-SHD—- C:System Volume Information
2008-11-26 12:20:01 —-SD—- C:WindowsDownloaded Program Files
2008-11-26 10:10:36 —-SHD—- C:WindowsInstaller
2008-11-26 10:10:28 —-HD—- C:Config.Msi
2008-11-26 10:10:27 —-D—- C:ProgramDataMicrosoft Help
2008-11-25 14:54:56 —-D—- C:WindowsMinidump
2008-11-25 14:54:56 —-D—- C:Windows
2008-11-24 14:57:42 —-D—- C:Windowsrescache
2008-11-24 14:01:23 —-D—- C:Windowssystem32catroot
2008-11-24 13:08:22 —-D—- C:Windowssystem32ru-RU
2008-11-24 13:08:21 —-D—- C:Windowssystem32drivers
2008-11-24 12:26:44 —-D—- C:Windowssystem32catroot2
2008-11-19 19:09:46 —-HD—- C:ProgramData
2008-11-17 16:45:58 —-D—- C:Windowsservicing
2008-11-17 11:43:41 —-D—- C:Windowssystem32Tasks
2008-11-11 15:28:42 —-D—- C:Program FilesInternet Explorer
2008-11-11 15:28:40 —-D—- C:Windowssystem32migration
2008-11-11 15:28:37 —-D—- C:WindowsAppPatch======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DritekPortIO;Dritek General Port I/O; ??C:PROGRA~1LAUNCH~1DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys [2008-09-06 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; ??C:PROGRA~2SymantecDEFINI~1SymcDataidsdefs20080829.001IDSvix86.sys [2008-02-13 261680]
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys [2006-11-21 406672]
R1 SRTSP;SRTSP; C:WindowsSystem32DriversSRTSP.SYS [2006-11-21 245880]
R1 SRTSPX;SRTSPX; C:WindowsSystem32DriversSRTSPX.SYS [2006-11-21 24184]
R1 SYMTDI;SYMTDI; C:WindowsSystem32DriversSYMTDI.SYS [2006-11-21 185744]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; ??C:Program FilesAcer Arcade DeluxePlay Movie�00.fcl [2006-11-02 13560]
R2 hardlock;hardlock; ??C:Windowssystem32drivershardlock.sys [2008-04-08 665600]
R2 Haspnt;Haspnt; ??C:Windowssystem32driversHaspnt.sys [2008-04-08 47616]
R2 int15;int15; ??C:AcerEmpowering TechnologyeRecoveryint15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2007-06-14 154624]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-06-05 179712]
R3 BCM43XX;Драйвер сетевого адаптера Broadcom 802.11; C:Windowssystem32DRIVERSbcmwl6.sys [2007-06-21 691192]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2006-11-02 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:Windowssystem32DRIVERSDKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:Windowssystem32DRIVERSigdkmd32.sys [2007-05-22 1771008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-07-10 1792792]
R3 NAVENG;NAVENG; ??C:PROGRA~2SymantecDEFINI~1VIRUSD~120080906.003NAVENG.SYS [2008-08-25 89104]
R3 NAVEX15;NAVEX15; ??C:PROGRA~2SymantecDEFINI~1VIRUSD~120080906.003NAVEX15.SYS [2008-08-25 873552]
R3 NTIDrvr;Upper Class Filter Driver; C:Windowssystem32DRIVERSNTIDrvr.sys [2007-07-31 6144]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-01-25 10368]
R3 SYMDNS;SYMDNS; C:WindowsSystem32DriversSYMDNS.SYS [2006-11-21 11792]
R3 SymEvent;SymEvent; ??C:Windowssystem32DriversSYMEVENT.SYS [2007-07-31 109744]
R3 SYMFW;SYMFW; C:WindowsSystem32DriversSYMFW.SYS [2006-11-21 144784]
R3 SYMIDS;SYMIDS; C:WindowsSystem32DriversSYMIDS.SYS [2006-11-21 38928]
R3 SYMNDISV;SYMNDISV; C:WindowsSystem32DriversSYMNDISV.SYS [2006-11-21 37008]
R3 SYMREDRV;SYMREDRV; C:WindowsSystem32DriversSYMREDRV.SYS [2006-11-21 26384]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32DRIVERSwmiacpi.sys [2006-11-02 11264]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:Windowssystem32DRIVERSZTEusbmdm6k.sys [2008-05-05 104960]
R3 ZTEusbnmea;ZTE NMEA Port; C:Windowssystem32DRIVERSZTEusbnmea.sys [2008-05-05 104960]
R3 ZTEusbser6k;ZTE Diagnostic Port; C:Windowssystem32DRIVERSZTEusbser6k.sys [2008-05-05 104960]
S3 athr;Atheros Extensible Wireless LAN device driver; C:Windowssystem32DRIVERSathr.sys [2007-06-18 737280]
S3 aypkb7k0;aypkb7k0; C:Windowssystem32driversaypkb7k0.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:Windowssystem32DRIVERSVSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:WindowsSystem32DriversSRTSPL.SYS [2006-11-21 275576]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:Windowssystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:Windowssystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:Windowssystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:Windowssystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:Windowssystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:Windowssystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 usbscan;Драйвер USB-сканера; C:Windowssystem32DRIVERSusbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ALaunchService;ALaunch Service; C:AcerALaunchALaunchSvc.exe [2007-01-26 50688]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe [2007-09-12 554352]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2006-11-21 107624]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2006-11-21 107624]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2006-11-21 107624]
R2 eDataSecurity Service;eDSService.exe; C:AcerEmpowering TechnologyeDataSecurityeDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:AcerEmpowering TechnologyeLockServiceeLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:AcerEmpowering TechnologyeNeteNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe [2007-05-10 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2006-11-21 107624]
R2 MobilityService;MobilityService; C:AcerMobility CenterMobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-23 266343]
R2 SymAppCore;Symantec AppCore Service; C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe [2006-11-21 46736]
R2 WMIService;ePower Service; C:AcerEmpowering TechnologyePowerePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-01-30 386560]
R3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2007-09-12 2999664]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-01-15 266240]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2008-01-29 583048]
S3 comHost;COM Host; C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe [2006-11-21 49296]
S3 ISPwdSvc;Symantec IS Password Validation; C:Program FilesNorton Internet SecurityisPwdSvc.exe [2006-11-21 80552]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe [2007-07-31 1174152]
EOF
info.txt logfile of random’s system information tool 1.04 2008-11-27 09:04:39======Uninstall list======
—>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:WindowsUNNeroBackItUp.exe /UNINSTALL
—>C:WindowsUNNeroMediaHome.exe /UNINSTALL
—>C:WindowsUNNeroShowTime.exe /UNINSTALL
—>C:WindowsUNNeroVision.exe /UNINSTALL
—>C:WindowsUNRecode.exe /UNINSTALL
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{31403E22-2FDB-452F-AE9E-20854633226D}Setup.EXE» -uninst
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A450831D-25F6-4F42-9662-D000B25E0D82}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AA4BF92B-2AAF-11DA-9D78-000129760D75}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B145EC69-66F5-11D8-9D75-000129760D75}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B804C424-B66D-447A-84BD-C6B88C392C3A}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F79A208D-D929-11D9-9D77-000129760D75}setup.exe» -uninstall
1С:Репетитор 2.1—>D:Resource1C RepetitorUnInstall.exe
1С:Репетитор. Биология (1.0a)—>D:Uninstall.exe
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Acer Arcade Deluxe—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}setup.exe» -uninstall
Acer eDataSecurity Management—>C:AcerEmpowering TechnologyeDataSecurityeDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}setup.exe» -l0x9 -removeonly
Acer Empowering Technology—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AB6097D9-D722-4987-BD9E-A076E2848EE2}setup.exe» -l0x19 -removeonly
Acer eNet Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C06554A1-2C1E-4D20-B613-EE62C79927CC}setup.exe» -l0x19 -removeonly
Acer ePower Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{58E5844B-7CE2-413D-83D1-99294BF6C74F}setup.exe» -l0x19 -removeonly
Acer ePresentation Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BF839132-BD43-4056-ACBF-4377F4A88E2A}setup.exe» -l0x9 -removeonly
Acer eSettings Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CE65A9A0-9686-45C6-9098-3C9543A412F0}setup.exe» -l0x19 -removeonly
Acer GridVista—>C:WindowsUnInst32.exe GridV.UNI
Acer Mobility Center Plug-In—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{11316260-6666-467B-AC34-183FCB5D4335}setup.exe» -l0x9 -removeonly
Acer ScreenSaver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}setup.exe» -l0x9 -removeonly
Acer Tour—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{94389919-B0AA-4882-9BE8-9F0B004ECA35}setup.exe» -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites—>»C:ProgramData{174892B1-CBE7-44F5-86FF-AB555EFD73A3}Microsoft Office Activation Assistant.exe» REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX—>C:Windowssystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
ALPS Touch Pad Driver—>C:Program FilesApoint2KUninstap.exe ADDREMOVE
AppCore—>MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV—>MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Kahuna Reef 2—>»C:Program FilesAcer GameZoneBig Kahuna Reef 2Uninstall.exe» «C:Program FilesAcer GameZoneBig Kahuna Reef 2install.log»
Bricks of Egypt—>»C:Program FilesAcer GameZoneBricks of EgyptUninstall.exe» «C:Program FilesAcer GameZoneBricks of Egyptinstall.log»
ccCommon—>MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ConnectionServices—>»C:Program FilesConnectionServicesUninstall.exe»
ContentSaver—>»C:Program FilesContentSaverUninstall.exe»
Digalo 2000 Russian—>C:WindowsIsUninst.exe -f»C:Program FilesDigaloDigalo 2000 RussianUninst.isu»
DjVu Solo v3.1 + DjVu Browser Plugin v4.5 (SPB)—>»C:Program FilesDjVuSolo3.1uninstall.exe»
Dynasty—>»C:Program FilesAcer GameZoneDynastyUninstall.exe» «C:Program FilesAcer GameZoneDynastyinstall.log»
eCover Studio v2.00—>»C:Program FileseCover Studiounins000.exe»
Galapago—>»C:Program FilesAcer GameZoneGalapagoUninstall.exe» «C:Program FilesAcer GameZoneGalapagoinstall.log»
HDAUDIO Soft Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118UIU32m.exe -U -IAcrZUn32z.inf
Indeo® Software—>C:WindowsIsUninst.exe -f»C:Program FilesLigosIndeoUninst.isu» -c»C:Program FilesLigosIndeoIndeo System Filesindounin.dll»
Intel(R) Graphics Media Accelerator Driver—>C:Windowssystem32igxpun.exe -uninstall
Jewel Quest Solitaire—>»C:Program FilesAcer GameZoneJewel Quest SolitaireUninstall.exe» «C:Program FilesAcer GameZoneJewel Quest Solitaireinstall.log»
Launch Manager—>C:WindowsUnInst32.exe LManager.UNI
LiveUpdate 3.2 (Symantec Corporation)—>»C:Program FilesSymantecLiveUpdateLSETUP.EXE» /U
LiveUpdate Notice (Symantec Corporation)—>MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Lizardtech DjVu Control—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{105CFC7C-6992-11D5-BD9D-000102C10FD8}Setup.exe» -l0x9
Luxor 2—>»C:Program FilesAcer GameZoneLuxor 2Uninstall.exe» «C:Program FilesAcer GameZoneLuxor 2install.log»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office Home and Student 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007—>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Silverlight—>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works—>MsiExec.exe /I{737E2345-2897-4B75-9C9B-D541F7394D6B}
MSRedist—>MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Mystery Case Files — Prime Suspects—>»C:Program FilesAcer GameZoneMystery Case Files — Prime SuspectsUninstall.exe» «C:Program FilesAcer GameZoneMystery Case Files — Prime Suspectsinstall.log»
Mystery Case Files Ravenhearst—>»C:Program FilesAcer GameZoneMystery Case Files RavenhearstUninstall.exe» «C:Program FilesAcer GameZoneMystery Case Files Ravenhearstinstall.log»
Nero 7 Ultra Edition—>MsiExec.exe /I{59E1F041-6CE2-4BF3-BD6A-AFC2B27B1049}
Norton AntiVirus—>MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component—>MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component—>MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)—>»C:Program FilesCommon FilesSymantec SharedSymSetup{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe» /X
Norton Internet Security—>MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security—>MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security—>MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security—>MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security—>MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center—>MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NTI Backup NOW! 4.7—>»C:Program FilesInstallShield Installation Information{1598034D-7147-432C-8CA8-888E0632D124}setup.exe» -removeonly
NTI Backup NOW! 4.7—>C:Program FilesInstallShield Installation Information{1598034D-7147-432C-8CA8-888E0632D124}setup.exe -runfromtemp -l0x0419
NTI CD & DVD-Maker—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1049 CDM7
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PowerProducer 3.72—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}Setup.EXE» -uninstall
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
SAMSUNG CDMA Modem Driver Set—>C:Windowssystem32Samsung_USB_Drivers3SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:Windowssystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:Windowssystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -l0x19 -removeonly
Samsung Samples Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7AC15160-A49B-4A89-B181-D4619C025FFF}setup.exe» -l0x19 -removeonly
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office OneNote 2007 (KB950130)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office OneNote 2007 (KB950130)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Office 2007 (KB936514)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Office 2007 (KB936514)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
SPBBC 32bit—>MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component—>MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet—>MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Treasures of the Deep—>»C:Program FilesAcer GameZoneTreasures of the DeepUninstall.exe» «C:Program FilesAcer GameZoneTreasures of the Deepinstall.log»
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office System 2007 Setup (KB929722)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Outlook 2007 Junk Email Filter (kb957258)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Vodafone WCDMA Composite Device Drive Software—>C:Windowssystem32Samsung_USB_Drivers4SSVDUninstall.exe
Yahoo! Toolbar—>C:PROGRA~1Yahoo!commonunyt.exe
Zuma Deluxe—>»C:Program FilesAcer GameZoneZuma DeluxeUninstall.exe» «C:Program FilesAcer GameZoneZuma Deluxeinstall.log»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Билайн Интернет Дома—>»C:Program FilesInstallShield Installation Information{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}setup.exe» -runfromtemp -l0x0019 -removeonly
Говорун+ 3.0 beta—>C:Windowsunvise32.exe C:Program FilesГоворун+uninstal.log
Интернет помощник MyCentria—>C:Program FilesMyCentriaMyCentriaUninstall.exe
КОМПАС-3D LT V8—>MsiExec.exe /I{4412E64F-7842-449C-AD71-E6EFDCAFE9E4}
НЕсерьезные уроки — Учим буквы и цифры—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EF6C78DC-E072-4FC1-9964-2AA434D13FD9}setup.exe»
Я.Онлайн 0.9.8—>»C:Program FilesYandexOnlineunins000.exe»
Яндекс.Бар для Internet Explorer 3.1.1—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Защитник Windows (outdated)
AS: Norton Internet Security======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesSamsungSamsung PC Studio 3
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 22 Stepping 1, GenuineIntel
«PROCESSOR_REVISION»=1601
«NUMBER_OF_PROCESSORS»=1
EOF
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 08-11-27.03 — ACHTUNG 2008-11-28 8:59:03.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.196 [GMT 3:00]
Running from: d:радиосохраненияComboFix.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:programdataVistaLib32.dll
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:usersACHTUNGAppDataLocalMicrosoftWindowsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:windowssystem32x64
BITS: Possible infected sites
hxxp://bar.export.yandex.ru
hxxp://download.yandex.ru
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.2008-11-27 09:04 . 2008-11-27 09:04
d
C:rsit
2008-11-27 09:04 . 2008-11-27 09:04d
c:program filestrend micro
2008-11-26 11:58 . 2008-09-10 06:25 1,341,440 —a
c:windowsSystem32msxml6.dll
2008-11-26 11:58 . 2008-09-10 06:21 2,048 —a
c:windowsSystem32msxml6r.dll
2008-11-24 12:27 . 2008-10-17 00:13 1,809,944 —a
c:windowsSystem32wuaueng.dll
2008-11-24 12:27 . 2008-10-16 23:56 1,524,736 —a
c:windowsSystem32wucltux.dll
2008-11-24 12:27 . 2008-08-26 04:11 211,456 —a
c:windowsSystem32driversmrxsmb10.sys
2008-11-24 12:27 . 2008-10-17 00:09 51,224 —a
c:windowsSystem32wuauclt.exe
2008-11-24 12:27 . 2008-10-17 00:09 43,544 —a
c:windowsSystem32wups2.dll
2008-11-24 12:26 . 2008-10-17 00:12 561,688 —a
c:windowsSystem32wuapi.dll
2008-11-24 12:26 . 2008-10-16 23:55 83,456 —a
c:windowsSystem32wudriver.dll
2008-11-24 12:26 . 2008-10-17 00:08 34,328 —a
c:windowsSystem32wups.dll
2008-11-24 12:25 . 2008-10-16 14:08 162,064 —a
c:windowsSystem32wuwebv.dll
2008-11-24 12:25 . 2008-10-16 13:56 31,232 —a
c:windowsSystem32wuapp.exe
2008-11-19 19:09 . 2008-11-19 19:09d
c:usersAll UsersMumboJumbo
2008-11-19 19:09 . 2008-11-19 19:09d
c:programdataMumboJumbo
2008-11-19 13:46 . 2008-09-05 07:48 1,194,496 —a
c:windowsSystem32msxml3.dll
2008-11-19 13:46 . 2008-09-05 07:45 2,048 —a
c:windowsSystem32msxml3r.dll
2008-11-17 11:45 . 2008-11-17 11:45d
c:program filesMyCentria
2008-11-17 11:45 . 2008-11-17 11:45 1,906,105 —a
c:usersACHTUNG45[1].zip
2008-11-16 22:52 . 2008-11-16 22:52d
c:usersACHTUNGAppDataRoamingiWin
2008-11-16 22:30 . 2008-11-20 15:26d-a
c:usersAll UsersTEMP
2008-11-16 22:30 . 2008-11-20 15:26d-a
c:programdataTEMP
2008-11-14 14:19 . 1999-03-15 16:39 212,992 —a
c:windowsALCHUNIN.EXE
2008-11-14 14:16 . 2008-11-16 22:24d
c:program filesAlchemy Mindworks
2008-11-14 14:11 . 2008-11-14 14:11 49 —a
c:windowsNeroDigital.ini
2008-11-11 14:47 . 2008-11-11 14:47 441,856 —a
c:windowsSystem32win32spl.dll
2008-11-11 14:47 . 2008-11-11 14:47 37,376 —a
c:windowsSystem32printcom.dll
2008-11-11 14:46 . 2008-11-11 14:46 3,505,208 —a
c:windowsSystem32ntkrnlpa.exe
2008-11-11 14:46 . 2008-11-11 14:46 3,470,904 —a
c:windowsSystem32ntoskrnl.exe
2008-10-30 19:16 . 2008-10-30 19:17d
c:program filesDjVuSolo3.1.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 05:09
d
w c:programdataMicrosoft Help
2008-11-11 11:43 826,368 —-a-w c:windowsSystem32wininet.dll
2008-11-11 11:43 56,320 —-a-w c:windowsSystem32iesetup.dll
2008-11-11 11:43 52,736 —-a-w c:windowsAppPatchiebrshim.dll
2008-11-11 11:43 26,624 —-a-w c:windowsSystem32ieUnatt.exe
2008-10-25 17:33 469,504
w c:windowsSystem32wqplib.dll
2008-10-19 19:08
d
w c:program filesConference
2008-10-18 06:38 2,027,520 —-a-w c:windowsSystem32win32k.sys
2008-10-18 06:35 7,168 —-a-w c:windowsSystem32f3ahvoas.dll
2008-10-18 06:26
d
w c:program fileseCover Studio
2008-10-17 20:32 290,304 —-a-w c:windowssystem32driverssrv.sys
2008-10-17 03:07
d
w c:program filesWindows Mail
2008-10-07 17:33
d
w c:program filesMicrosoft Silverlight
2008-10-07 16:33
d
w c:usersACHTUNGAppDataRoamingASCON
2008-10-07 16:18
d
w c:program filesASCON
2008-10-07 05:10 174 —sha-w c:program filesdesktop.ini
2008-10-06 11:10
d
w c:program filesMicrosoft Works
2008-10-04 17:41
d
w c:program filesConnectionServices
2008-10-02 19:55
d
w c:program filesDigalo
2008-10-02 18:31
d
w c:program filesГоворун+
2008-10-02 13:53
d—h—w c:program filesInstallShield Installation Information
2008-10-02 13:53
d
w c:program filesНЕсерьезные уроки
2008-10-01 20:00
d
w c:program filesCommon FilesAdobe
2008-09-27 21:41 303,616 —-a-w c:windowsSystem32wmpeffects.dll
2008-09-27 11:06 2,048 —-a-w c:windowsSystem32tzres.dll
2008-09-27 05:22 61,440 —-a-w c:windowsSystem32winipsec.dll
2008-09-27 05:22 361,984 —-a-w c:windowsSystem32IPSECSVC.DLL
2008-09-27 05:22 28,672 —-a-w c:windowsSystem32FwRemoteSvr.dll
2008-09-27 05:22 272,896 —-a-w c:windowsSystem32polstore.dll
2008-09-07 05:31 84,480 —-a-w c:windowsSystem32INETRES.dll
2008-09-07 05:31 737,792 —-a-w c:windowsSystem32inetcomm.dll
2008-09-06 04:55 268,800 —-a-w c:windowsSystem32es.dll
2007-06-09 14:50 65,536 —-a-w c:usersAll Usersaccdump.exe
2007-06-09 14:50 65,536 —-a-w c:programdataaccdump.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{66708DE7-C5EC-4F11-97C0-72EDB4952C48}]
2008-10-25 20:33 469504
c:windowssystem32wqplib.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-12-11 1336584][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-12-11 1336584][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-13 1232896]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2006-11-02 125440]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-01-15 147456]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2007-12-11 457992]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2007-10-12 2109440]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-04 165784]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2006-11-02 201728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«eDataSecurity Loader»=»c:acerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-04-25 457216]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-11-21 107112]
«osCheck»=»c:program filesNorton Internet SecurityosCheck.exe» [2006-11-21 22696]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-05-25 142104]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-05-25 154392]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-05-25 138008]
«LManager»=»c:progra~1LAUNCH~1LManager.exe» [2007-07-16 768520]
«PlayMovie»=»c:program filesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-05-24 206952]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-06-06 159744]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«WarReg_PopUp»=»c:acerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Symantec PIF AlertEng»=»c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2008-01-29 583048]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-07-06 c:windowsRtHDVCpl.exe]c:usersACHTUNGAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-07 101440]c:programdataMicrosoftWindowsStart MenuProgramsStartup
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-07-31 535336]
ЃЁ« © €вҐаҐв „®¬ .lnk — c:program filesZTEMF622ЃЁ« © €вҐаҐв „®¬ Beeline Home Internet.exe [2008-09-25 6550528][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=eNetHook.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UacDisableNotify»=dword:00000001
«InternetSettingsDisableNotify»=dword:00000001
«AutoUpdateDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{EF7C7406-094E-48CD-9051-2718E2D1228A}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{80FCC6EF-479E-4EDE-8FDC-4B202CCE2B54}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{2C4C0FB0-61F3-4C41-8E77-E20AF56202AA}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{AE9684F4-BFCE-4583-9052-FE1795BB4BBB}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{FCF90E03-7954-4E21-8179-22C5C36543B0}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{6A18EBF1-D7E0-44A2-B677-867073271469}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{863EBD37-C2B3-4861-83D2-434BE4806209}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{4454646F-782D-4984-94E2-DE24C5B995DF}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{D7E8BF72-EED7-41E3-A3CE-3D834A0BBDCF}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{5DEDE9AC-61DB-4999-B11F-0071316A3A64}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{70E78462-D441-4187-B666-8B588A025B2C}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{F5E91318-37C9-43C8-80EA-88148C76B409}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)R1 IDSvix86;Symantec Intrusion Prevention Driver;??c:progra~2SymantecDEFINI~1SymcDataidsdefs20080829.001IDSvix86.sys [2008-09-06 261680]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};??c:program filesAcer Arcade DeluxePlay Movie000.fcl [2007-09-14 20:22:17 13560]
R2 ALaunchService;ALaunch Service;c:acerALaunchALaunchSvc.exe [2007-07-31 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowssystem32DRIVERSb57nd60x.sys [2007-08-01 179712]
R3 SYMNDISV;SYMNDISV;c:windowssystem32DriversSYMNDISV.SYS [2006-11-21 37008]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:windowssystem32DRIVERSss_bus.sys [2007-12-18 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:windowssystem32DRIVERSss_mdfl.sys [2007-12-18 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:windowssystem32DRIVERSss_mdm.sys [2007-12-18 94000][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62b08f57-db1c-11dc-8daf-001c26bc9a9d}]
shellAutoRuncommand — F:setupSNK.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{72b4a0a0-2c0c-11dd-8fa7-001c26bc9a9d}]
shellAutoRuncommand — «F:Setupedu.exe » /autorun*Newly Created Service* — CATCHME
*Newly Created Service* — COMHOST
*Newly Created Service* — PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder2008-10-24 c:windowsTasksNorton Internet Security — Run Full System Scan — ACHTUNG.job
— c:progra~1NORTON~1NORTON~1Navw32.exe [2006-11-21 07:41]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AdobeUpdater — c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe
HKLM-Run-ALaunch — c:acerALaunchAlaunchClient.exe
HKLM-Run-SetPanel — c:acerAPanelAPanel.cmd
HKLM-Run-Acer Tour — (no file)
HKLM-Run-eRecoveryService — (no file)
HKLM-Run-Device Detector — DevDetect.exe.
File Associations
.
inifile=%SystemRoot%System32NOTEPAD.EXE %1″
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 09:03:07
Windows 6.0.6000 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:usersACHTUNGAppDataLocalTempcatchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(624)
c:windowssystem32eNetHook.dll— — — — — — — > ‘lsass.exe'(688)
c:windowssystem32eNetHook.dll
.
Completion time: 2008-11-28 9:04:41
ComboFix-quarantined-files.txt 2008-11-28 06:04:19Pre-Run: 7 762 513 920 байт свободно
Post-Run: 8,736,108,544 байт свободно239 — E O F — 2008-11-28 05:09:58
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Здравствуйте Валерий! Немногим ранее отправил Вам лог файл с результатами работы программы combofix.
Информер исчез,но осталась красная полоса внизу экрана. Сообщите пожалуйста как проверить удалён-ли combofix.Ещё нужно немножко подчистить ваш компьютер.
Откройте блокнот и вставьте в него следующий текст:Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{66708DE7-C5EC-4F11-97C0-72EDB4952C48}]
File::
c:windowssystem32wqplib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Полоса исчезла. Спасибо!
ComboFix 08-11-27.07 — ACHTUNG 2008-11-28 23:38:16.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.239 [GMT 3:00]
Running from: d:радиосохраненияComboFix.exe
Command switches used :: c:usersACHTUNGDesktopCFScript.txtFILE ::
c:windowssystem32wqplib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:windowssystem32wqplib.dll
BITS: Possible infected sites
hxxp://download.yandex.ru
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.2008-11-27 09:04 . 2008-11-27 09:04
d
C:rsit
2008-11-27 09:04 . 2008-11-27 09:04d
c:program filestrend micro
2008-11-26 11:58 . 2008-09-10 06:25 1,341,440 —a
c:windowsSystem32msxml6.dll
2008-11-26 11:58 . 2008-09-10 06:21 2,048 —a
c:windowsSystem32msxml6r.dll
2008-11-24 12:27 . 2008-10-17 00:13 1,809,944 —a
c:windowsSystem32wuaueng.dll
2008-11-24 12:27 . 2008-10-16 23:56 1,524,736 —a
c:windowsSystem32wucltux.dll
2008-11-24 12:27 . 2008-08-26 04:11 211,456 —a
c:windowsSystem32driversmrxsmb10.sys
2008-11-24 12:27 . 2008-10-17 00:09 51,224 —a
c:windowsSystem32wuauclt.exe
2008-11-24 12:27 . 2008-10-17 00:09 43,544 —a
c:windowsSystem32wups2.dll
2008-11-24 12:26 . 2008-10-17 00:12 561,688 —a
c:windowsSystem32wuapi.dll
2008-11-24 12:26 . 2008-10-16 23:55 83,456 —a
c:windowsSystem32wudriver.dll
2008-11-24 12:26 . 2008-10-17 00:08 34,328 —a
c:windowsSystem32wups.dll
2008-11-24 12:25 . 2008-10-16 14:08 162,064 —a
c:windowsSystem32wuwebv.dll
2008-11-24 12:25 . 2008-10-16 13:56 31,232 —a
c:windowsSystem32wuapp.exe
2008-11-19 19:09 . 2008-11-19 19:09d
c:usersAll UsersMumboJumbo
2008-11-19 19:09 . 2008-11-19 19:09d
c:programdataMumboJumbo
2008-11-19 13:46 . 2008-09-05 07:48 1,194,496 —a
c:windowsSystem32msxml3.dll
2008-11-19 13:46 . 2008-09-05 07:45 2,048 —a
c:windowsSystem32msxml3r.dll
2008-11-17 11:45 . 2008-11-17 11:45d
c:program filesMyCentria
2008-11-17 11:45 . 2008-11-17 11:45 1,906,105 —a
c:usersACHTUNG45[1].zip
2008-11-16 22:52 . 2008-11-16 22:52d
c:usersACHTUNGAppDataRoamingiWin
2008-11-16 22:30 . 2008-11-20 15:26d-a
c:usersAll UsersTEMP
2008-11-16 22:30 . 2008-11-20 15:26d-a
c:programdataTEMP
2008-11-14 14:19 . 1999-03-15 16:39 212,992 —a
c:windowsALCHUNIN.EXE
2008-11-14 14:16 . 2008-11-16 22:24d
c:program filesAlchemy Mindworks
2008-11-14 14:11 . 2008-11-14 14:11 49 —a
c:windowsNeroDigital.ini
2008-11-11 14:47 . 2008-11-11 14:47 441,856 —a
c:windowsSystem32win32spl.dll
2008-11-11 14:47 . 2008-11-11 14:47 37,376 —a
c:windowsSystem32printcom.dll
2008-11-11 14:46 . 2008-11-11 14:46 3,505,208 —a
c:windowsSystem32ntkrnlpa.exe
2008-11-11 14:46 . 2008-11-11 14:46 3,470,904 —a
c:windowsSystem32ntoskrnl.exe
2008-10-30 19:16 . 2008-10-30 19:17d
c:program filesDjVuSolo3.1.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 06:45
d
w c:programdataMicrosoft Help
2008-11-11 11:43 826,368 —-a-w c:windowsSystem32wininet.dll
2008-11-11 11:43 56,320 —-a-w c:windowsSystem32iesetup.dll
2008-11-11 11:43 52,736 —-a-w c:windowsAppPatchiebrshim.dll
2008-11-11 11:43 26,624 —-a-w c:windowsSystem32ieUnatt.exe
2008-10-19 19:08
d
w c:program filesConference
2008-10-18 06:38 2,027,520 —-a-w c:windowsSystem32win32k.sys
2008-10-18 06:35 7,168 —-a-w c:windowsSystem32f3ahvoas.dll
2008-10-18 06:26
d
w c:program fileseCover Studio
2008-10-17 20:32 290,304 —-a-w c:windowssystem32driverssrv.sys
2008-10-17 03:07
d
w c:program filesWindows Mail
2008-10-07 17:33
d
w c:program filesMicrosoft Silverlight
2008-10-07 16:33
d
w c:usersACHTUNGAppDataRoamingASCON
2008-10-07 16:18
d
w c:program filesASCON
2008-10-07 05:10 174 —sha-w c:program filesdesktop.ini
2008-10-06 11:10
d
w c:program filesMicrosoft Works
2008-10-04 17:41
d
w c:program filesConnectionServices
2008-10-02 19:55
d
w c:program filesDigalo
2008-10-02 18:31
d
w c:program filesГоворун+
2008-10-02 13:53
d—h—w c:program filesInstallShield Installation Information
2008-10-02 13:53
d
w c:program filesНЕсерьезные уроки
2008-10-01 20:00
d
w c:program filesCommon FilesAdobe
2008-09-27 21:41 303,616 —-a-w c:windowsSystem32wmpeffects.dll
2008-09-27 11:06 2,048 —-a-w c:windowsSystem32tzres.dll
2008-09-27 05:22 61,440 —-a-w c:windowsSystem32winipsec.dll
2008-09-27 05:22 361,984 —-a-w c:windowsSystem32IPSECSVC.DLL
2008-09-27 05:22 28,672 —-a-w c:windowsSystem32FwRemoteSvr.dll
2008-09-27 05:22 272,896 —-a-w c:windowsSystem32polstore.dll
2008-09-07 05:31 84,480 —-a-w c:windowsSystem32INETRES.dll
2008-09-07 05:31 737,792 —-a-w c:windowsSystem32inetcomm.dll
2008-09-06 04:55 268,800 —-a-w c:windowsSystem32es.dll
2007-06-09 14:50 65,536 —-a-w c:usersAll Usersaccdump.exe
2007-06-09 14:50 65,536 —-a-w c:programdataaccdump.exe
.((((((((((((((((((((((((((((( snapshot@2008-11-28_ 9.03.49,13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 11:23:04 347,432 —-a-r c:windowsInstaller$PatchCache$Managed00002109030000000000000000F01FEC12.0.4518WINWORD.EXE
+ 2006-10-27 11:23:08 17,483,560 —-a-r c:windowsInstaller$PatchCache$Managed00002109030000000000000000F01FEC12.0.4518WWLIB.DLL
— 2008-11-28 05:08:36 1,165,584 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}accicons.exe
+ 2008-11-28 06:45:26 1,165,584 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}accicons.exe
— 2008-11-28 05:08:39 20,240 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}cagicon.exe
+ 2008-11-28 06:45:27 20,240 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}cagicon.exe
— 2008-11-28 05:08:37 159,504 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}inficon.exe
+ 2008-11-28 06:45:27 159,504 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}inficon.exe
— 2008-11-28 05:08:37 184,080 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}joticon.exe
+ 2008-11-28 06:45:27 184,080 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}joticon.exe
— 2008-11-28 05:08:39 217,864 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}misc.exe
+ 2008-11-28 06:45:27 217,864 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}misc.exe
— 2008-11-28 05:08:39 18,704 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}mspicons.exe
+ 2008-11-28 06:45:27 18,704 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}mspicons.exe
— 2008-11-28 05:08:41 35,088 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}oisicon.exe
+ 2008-11-28 06:45:28 35,088 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}oisicon.exe
— 2008-11-28 05:08:38 845,584 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}outicon.exe
+ 2008-11-28 06:45:27 845,584 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}outicon.exe
— 2008-11-28 05:08:38 922,384 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}pptico.exe
+ 2008-11-28 06:45:27 922,384 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}pptico.exe
— 2008-11-28 05:08:39 272,648 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}pubs.exe
+ 2008-11-28 06:45:27 272,648 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}pubs.exe
— 2008-11-28 05:08:40 888,080 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}wordicon.exe
+ 2008-11-28 06:45:27 888,080 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}wordicon.exe
— 2008-11-28 05:08:37 1,172,240 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}xlicons.exe
+ 2008-11-28 06:45:27 1,172,240 —-a-r c:windowsInstaller{90120000-0030-0000-0000-0000000FF1CE}xlicons.exe
— 2008-11-26 07:10:26 20,240 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}cagicon.exe
+ 2008-11-28 06:45:55 20,240 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}cagicon.exe
— 2008-11-26 07:10:25 184,080 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}joticon.exe
+ 2008-11-28 06:45:55 184,080 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}joticon.exe
— 2008-11-26 07:10:26 217,864 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}misc.exe
+ 2008-11-28 06:45:55 217,864 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}misc.exe
— 2008-11-26 07:10:26 18,704 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}mspicons.exe
+ 2008-11-28 06:45:55 18,704 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}mspicons.exe
— 2008-11-26 07:10:26 35,088 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}oisicon.exe
+ 2008-11-28 06:45:55 35,088 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}oisicon.exe
— 2008-11-26 07:10:25 922,384 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}pptico.exe
+ 2008-11-28 06:45:55 922,384 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}pptico.exe
— 2008-11-26 07:10:26 888,080 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}wordicon.exe
+ 2008-11-28 06:45:55 888,080 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}wordicon.exe
— 2008-11-26 07:10:25 1,172,240 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}xlicons.exe
+ 2008-11-28 06:45:55 1,172,240 —-a-r c:windowsInstaller{91120000-002F-0000-0000-0000000FF1CE}xlicons.exe
— 2008-11-28 05:37:51 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2008-11-28 06:54:09 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
— 2008-11-28 05:37:51 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2008-11-28 06:54:09 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2008-11-28 05:54:45 262,144 —-a-w c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsusrclass.dat
+ 2008-11-28 20:05:10 262,144 —-a-w c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsusrclass.dat
— 2008-11-28 06:03:13 262,144 —sha-w c:windowsServiceProfilesLocalServicentuser.dat
+ 2008-11-28 06:56:35 262,144 —sha-w c:windowsServiceProfilesLocalServicentuser.dat
— 2008-11-28 05:46:56 262,144 —-a-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsusrclass.dat
+ 2008-11-28 20:05:12 262,144 —-a-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsusrclass.dat
— 2008-11-28 06:03:06 262,144 —sha-w c:windowsServiceProfilesNetworkServicentuser.dat
+ 2008-11-28 06:56:45 262,144 —sha-w c:windowsServiceProfilesNetworkServicentuser.dat
— 2008-11-28 05:48:57 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-11-28 20:16:12 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2008-11-28 05:48:57 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-11-28 20:16:12 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-11-28 05:48:57 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-11-28 20:16:12 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-11-28 05:58:40 262,144 —-a-w c:windowsSystem32configsystemprofilentuser.dat
+ 2008-11-28 20:37:51 262,144 —-a-w c:windowsSystem32configsystemprofilentuser.dat
— 2008-11-28 05:51:05 103,924 —-a-w c:windowsSystem32perfc009.dat
+ 2008-11-28 20:07:44 103,924 —-a-w c:windowsSystem32perfc009.dat
— 2008-11-28 05:51:05 85,044 —-a-w c:windowsSystem32perfc019.dat
+ 2008-11-28 20:07:44 85,044 —-a-w c:windowsSystem32perfc019.dat
— 2008-11-28 05:51:05 610,142 —-a-w c:windowsSystem32perfh009.dat
+ 2008-11-28 20:07:44 610,142 —-a-w c:windowsSystem32perfh009.dat
— 2008-11-28 05:51:05 526,940 —-a-w c:windowsSystem32perfh019.dat
+ 2008-11-28 20:07:44 526,940 —-a-w c:windowsSystem32perfh019.dat
— 2008-11-28 05:40:43 8,060 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1033026557-3016738698-4069032899-1000_UserData.bin
+ 2008-11-28 06:57:19 8,076 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1033026557-3016738698-4069032899-1000_UserData.bin
— 2008-11-28 05:40:42 75,282 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 06:57:18 75,492 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
— 2008-11-28 05:44:14 54,970 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 06:56:46 54,978 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
— 2008-11-27 14:32:52 354,196 —-a-w c:windowsSystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-28 17:29:29 355,752 —-a-w c:windowsSystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin
— 2008-11-24 09:27:33 2,735,880 —-a-w c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-28 09:07:50 3,473,128 —-a-w c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-12-11 1336584][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-12-11 1336584][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-13 1232896]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2006-11-02 125440]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2007-01-15 147456]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2007-12-11 457992]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2007-10-12 2109440]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-04 165784]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2006-11-02 201728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«eDataSecurity Loader»=»c:acerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-04-25 457216]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-11-21 107112]
«osCheck»=»c:program filesNorton Internet SecurityosCheck.exe» [2006-11-21 22696]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-05-25 142104]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-05-25 154392]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-05-25 138008]
«LManager»=»c:progra~1LAUNCH~1LManager.exe» [2007-07-16 768520]
«PlayMovie»=»c:program filesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-05-24 206952]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-06-06 159744]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«WarReg_PopUp»=»c:acerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«Symantec PIF AlertEng»=»c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2008-01-29 583048]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-07-06 c:windowsRtHDVCpl.exe]c:usersACHTUNGAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-07 101440]c:programdataMicrosoftWindowsStart MenuProgramsStartup
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-07-31 535336]
ЃЁ« © €вҐаҐв „®¬ .lnk — c:program filesZTEMF622ЃЁ« © €вҐаҐв „®¬ Beeline Home Internet.exe [2008-09-25 6550528][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=eNetHook.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UacDisableNotify»=dword:00000001
«InternetSettingsDisableNotify»=dword:00000001
«AutoUpdateDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{EF7C7406-094E-48CD-9051-2718E2D1228A}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{80FCC6EF-479E-4EDE-8FDC-4B202CCE2B54}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{2C4C0FB0-61F3-4C41-8E77-E20AF56202AA}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{AE9684F4-BFCE-4583-9052-FE1795BB4BBB}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{FCF90E03-7954-4E21-8179-22C5C36543B0}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{6A18EBF1-D7E0-44A2-B677-867073271469}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{863EBD37-C2B3-4861-83D2-434BE4806209}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{4454646F-782D-4984-94E2-DE24C5B995DF}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{D7E8BF72-EED7-41E3-A3CE-3D834A0BBDCF}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{5DEDE9AC-61DB-4999-B11F-0071316A3A64}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{70E78462-D441-4187-B666-8B588A025B2C}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{F5E91318-37C9-43C8-80EA-88148C76B409}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)R1 IDSvix86;Symantec Intrusion Prevention Driver;??c:progra~2SymantecDEFINI~1SymcDataidsdefs20080829.001IDSvix86.sys [2008-09-06 261680]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};??c:program filesAcer Arcade DeluxePlay Movie000.fcl [2007-09-14 20:22:17 13560]
R2 ALaunchService;ALaunch Service;c:acerALaunchALaunchSvc.exe [2007-07-31 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowssystem32DRIVERSb57nd60x.sys [2007-08-01 179712]
R3 SYMNDISV;SYMNDISV;c:windowssystem32DriversSYMNDISV.SYS [2006-11-21 37008]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:windowssystem32DRIVERSss_bus.sys [2007-12-18 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:windowssystem32DRIVERSss_mdfl.sys [2007-12-18 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:windowssystem32DRIVERSss_mdm.sys [2007-12-18 94000][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62b08f57-db1c-11dc-8daf-001c26bc9a9d}]
shellAutoRuncommand — F:setupSNK.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{72b4a0a0-2c0c-11dd-8fa7-001c26bc9a9d}]
shellAutoRuncommand — «F:Setupedu.exe » /autorun*Newly Created Service* — COMHOST
.
Contents of the ‘Scheduled Tasks’ folder2008-10-24 c:windowsTasksNorton Internet Security — Run Full System Scan — ACHTUNG.job
— c:progra~1NORTON~1NORTON~1Navw32.exe [2006-11-21 07:41]
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 23:42:34
Windows 6.0.6000 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-11-28 23:44:20
ComboFix-quarantined-files.txt 2008-11-28 20:43:50Pre-Run: 8 906 629 120 байт свободно
Post-Run: 8,775,786,496 байт свободно285 — E O F — 2008-11-28 06:46:15
Combofix лог выглядит нормально.
Несколько завершающих действий.Можете удалить HijackThis и RSIT.
Удалите Combofix с вашего компьютера. Прочитайте следующее: Как правильно удалить combofix с компьютера.Запустите ваш антивирус и проверьте состояние втоматической защиты. Включите, если она выключена.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоностных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
