Никак не одержу победу над вирусом.

This topic has 8 ответов, 2 участника, and was last updated 13 years, 8 months назад by dmitrch.

Просмотр 9 сообщений - с 1 по 9 (из 9 всего)

Автор

Сообщения
3 апреля, 2010 в 6:33 дп #18226
dmitrch
Participant
- Темы:1
- Сообщений:6
Доброго времени суток, господа!
Очень надеюсь на помощь. Уже какой день не могу победить вирус (скорей всего троян). Опишу в чем дело.
В папке WINDOWS на моем компе появилась папка Темп (C:WINDOWSTemp), в которой есть файл WGAErrLog. При удалении его при помощи некторых утилит ничего не происходит, вернее он удаляется, но при повторной загрузке вновь появляется.
При кликаньи на любые папки на рабочем столе появляется вот это:

Не знаю, связано ли с этим или нет, но заметил, что интернет стал притормаживать. Так же при скачивании любой информации, даже файла RSIT, мой антивирус показывает, что загружаются какие-то вредоносные файлы…
Вот, что показывает Лог:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2010-04-03 10:31:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 767 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:19, on 03.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsДимаDesktopRSIT.exe
C:Program Filestrend microДима.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: (no name) — {9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB} — C:WINDOWSsystem32atmpvcn.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VGAUtil] C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [EPSON Stylus C87 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE /P23 «EPSON Stylus C87 Series» /O6 «USB001» /M «Stylus C87»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [PViever] «C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe» hide
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [RavMon] «C:WINDOWSsystem32RavMon.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [RavAV] «C:Documents and SettingsДимаStart MenuProgramsStartupRavMonE.exe»
O4 — HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Отправить через &Bluetooth — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-4017 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCCSServicesTcpip..{AE47C836-6FF5-4B39-A6A1-9F54555F7BA4}: NameServer = 88.147.129.15 88.147.128.17
O17 — HKLMSystemCS1ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCS2ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: ice_time.dll
O23 — Service: Autodesk Licensing Service — Autodesk, Inc. — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
O23 — Service: Google Updater Service (gusvc) — Unknown owner — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe

—
End of file — 7713 bytes

======Scheduled tasks folder======

C:WINDOWStasksError scan.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB}]
C:WINDOWSsystem32atmpvcn.dll [2001-08-23 118272]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-26 849392]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-06-15 6803456]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-06-15 86016]
«VGAUtil»=C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe [2005-08-17 544768]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-07-23 81920]
«EPSON Stylus C87 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE [2005-01-27 98304]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2005-09-25 155648]
«PViever»=C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe hide []
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«RavMon»=C:WINDOWSsystem32RavMon.exe []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-06 98304]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-09-04 949376]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«RavAV»=C:Documents and SettingsДимаStart MenuProgramsStartupRavMonE.exe []
«amva»=C:WINDOWSsystem32amvo.exe []
«swg»=C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe []
«DriverLoad»= []
«DriverCheck»= []
«SystemDriverLoad»= []
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesD-Toolsdaemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrickler]
c:documents and settingsдимаlocal settingstemp~vis0000fsg_4104.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2004-02-25 10872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»ice_time.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHmp60.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHmp60.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesNeed For Speed IIInfs3.exe»=»C:Program FilesNeed For Speed IIInfs3.exe:*:Enabled:Need For Speed III for Win32»
«C:GamesCounter Strike Sourcehl2.exe»=»C:GamesCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыCounter Strike Sourcehl2.exe»=»D:ИгрыCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыAlien2AVP2XServ.exe»=»D:ИгрыAlien2AVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:ИгрыРазноеБильярдPerfectPool.exe»=»D:ИгрыРазноеБильярдPerfectPool.exe:*:Enabled:Perfect Pool Application»
«G:ApexDC-s14.exe»=»G:ApexDC-s14.exe:*:Enabled:ApexDC++»
«G:Анекс ДиСиApexDC-s14.exe»=»G:Анекс ДиСиApexDC-s14.exe:*:Enabled:ApexDC++»
«G:75_apexdc++_mod_s14ApexDC-s14.exe»=»G:75_apexdc++_mod_s14ApexDC-s14.exe:*:Enabled:ApexDC++»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesGigaByteVGA Utility ManagerG-vga.exe»=»C:Program FilesGigaByteVGA Utility ManagerG-vga.exe:*:Disabled:Menu»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe»=»D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe:*:Enabled:GoldenLand»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe»=»G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe:*:Enabled:Lost. Остаться в живых Game»
«G:УстановкаLost. Остаться в живыхgu.exe»=»G:УстановкаLost. Остаться в живыхgu.exe:*:Enabled:Lost. Остаться в живых Updater»
«G:УстановкаLost. Остаться в живыхdetectionLauncher.exe»=»G:УстановкаLost. Остаться в живыхdetectionLauncher.exe:*:Enabled:Lost. Остаться в живых Requirements Tool»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e7fa271c-6bbc-11dd-8e56-00142a77e665}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-04-02 23:10:35 —-DC—- C:Program Filestrend micro
2010-04-02 23:10:34 —-DC—- C:rsit
2010-04-02 13:15:17 —-DC—- C:Documents and SettingsДимаApplication DataWinRAR
2010-04-01 19:04:43 —-AC—- C:WINDOWSsystem32atmpvcn.dll
2010-03-19 10:10:32 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe336032826999
2010-03-19 10:10:06 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe
2010-03-19 10:10:02 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe332996826853
2010-03-19 10:09:25 —-AC—- C:Documents and SettingsДимаApplication Datapfjgcydu.exe
2010-03-13 12:41:35 —-DC—- C:Program FilesNival Interactive

======List of files/folders modified in the last 1 months======

2010-04-03 10:20:49 —-DC—- C:WINDOWSTemp
2010-04-03 10:08:51 —-DC—- C:WINDOWSsystem32
2010-04-03 10:07:59 —-A—- C:WINDOWSSchedLgU.Txt
2010-04-03 09:41:25 —-AC—- C:WINDOWSsetuplog.txt
2010-04-03 09:40:44 —-DC—- C:WINDOWSsystem32oobe
2010-04-03 09:36:36 —-DC—- C:WINDOWS
2010-04-02 23:10:35 —-RDC—- C:Program Files
2010-04-02 23:09:55 —-HDC—- C:WINDOWSinf
2010-04-02 22:49:16 —-DC—- C:WINDOWSsystem32CatRoot2
2010-04-02 22:44:38 —-DC—- C:WINDOWSsystem32drivers
2010-04-02 22:44:37 —-HDC—- C:WINDOWS$hf_mig$
2010-04-02 22:34:49 —-AC—- C:WINDOWSntbtlog.txt
2010-04-02 22:33:09 —-SHDC—- C:RECYCLER
2010-04-02 22:31:02 —-DC—- C:Documents and Settings
2010-04-02 18:39:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-04-02 13:57:01 —-DC—- C:Program FilesESET
2010-04-02 13:38:22 —-DC—- C:WINDOWSsystem32CatRoot
2010-04-02 13:36:35 —-DC—- C:WINDOWSHelp
2010-04-01 21:27:21 —-DC—- C:WINDOWSPrefetch
2010-04-01 21:03:34 —-DC—- C:WINDOWSsystem32config
2010-04-01 19:07:16 —-AC—- C:WINDOWSIE4 Error Log.txt
2010-04-01 07:05:02 —-DC—- C:Documents and SettingsДимаApplication DatauTorrent
2010-03-28 11:30:19 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-25 13:33:48 —-DC—- C:WINDOWSsystem32wbem
2010-03-25 13:33:48 —-DC—- C:WINDOWSRegistration
2010-03-15 22:15:07 —-AC—- C:WINDOWSNeroDigital.ini
2010-03-13 12:41:31 —-HDC—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2009-09-04 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2009-09-04 512096]
R2 BTSERIAL;Bluetooth Serial Driver; ??C:WINDOWSsystem32driversbtserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; ??C:WINDOWSsystem32driversbtslbcsp.sys []
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 hl_mull;hl_mull; C:WINDOWSSystem32drivershl_mull.SYS [2005-09-22 67712]
R2 lf;lf; ??C:Program FilesLock Folder XP 3.2UniShieldXP.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-05-04 9855]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-07-27 3644032]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-12 1342602]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; ??C:WINDOWSGPCIDrv.sys []
R3 GVTDrv;GVTDrv; ??C:WINDOWSsystem32DriversGVTDrv.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-18 16128]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-06-15 3200256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 Winachcf;Winachcf; C:WINDOWSsystem32DRIVERSwinachcf.sys [2005-05-04 917988]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 aulxqo7j;aulxqo7j; C:WINDOWSsystem32driversaulxqo7j.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-05-12 401664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-05-12 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys []
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-05-12 148168]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-12 57320]
S3 catchme;catchme; ??C:DOCUME~1C4C4~1LOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2006-04-20 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5b.sys [2002-10-29 40960]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe [2006-05-12 258103]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-09-04 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-06-15 127043]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2006-01-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

EOF

Надеюсь на помощь.
3 апреля, 2010 в 6:31 пп #29277
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
```
:reg

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]



[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

"RavMon"=-



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

"RavAV"=-

"amva"=-

"DriverLoad"=-

"DriverCheck"=-

"SystemDriverLoad"=-



[-HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrickler]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLS"=""



[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHmp60.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHmp60.sys]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e7fa271c-6bbc-11dd-8e56-00142a77e665}]



:files

C:WINDOWStasksError scan.job



:Commands

[emptytemp]

[Reboot]
```
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
4 апреля, 2010 в 7:47 дп #29278
dmitrch
Participant
- Темы:1
- Сообщений:6
Лог ОТМ:

========== FILES ==========
C:WINDOWStasksError scan.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 103842 bytes

User: Дима
->Temp folder emptied: 1870870 bytes
->Temporary Internet Files folder emptied: 61467379 bytes
->Flash cache emptied: 41333 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 2950144 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174971 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16086027 bytes

Total Files Cleaned = 79,00 mb

OTM by OldTimer — Version 3.1.10.1 log created on 04042010_094559

Files moved on Reboot…
C:Documents and SettingsДимаLocal SettingsTemporary Internet FilesContent.IE5MHH67UD0viewtopic[2].php moved successfully.
C:WINDOWStempINF11.tmp moved successfully.

Registry entries deleted on Reboot…

Свежий RSit лог:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2010-04-04 11:41:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 767 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:29, on 04.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSExplorer.EXE
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesDAEMON Tools ProDTProShellHlp.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsДимаDesktopRSIT.exe
C:Program Filestrend microДима.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
O2 — BHO: (no name) — {9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB} — C:WINDOWSsystem32atmpvcn.dll (file missing)
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VGAUtil] C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [EPSON Stylus C87 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE /P23 «EPSON Stylus C87 Series» /O6 «USB001» /M «Stylus C87»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [PViever] «C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe» hide
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
O4 — Startup: _uninst_setup_9.0.0.722_03.04.2010_21-05.exe.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Отправить через &Bluetooth — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-4017 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCCSServicesTcpip..{AE47C836-6FF5-4B39-A6A1-9F54555F7BA4}: NameServer = 88.147.129.15 88.147.128.17
O17 — HKLMSystemCS1ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCS2ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Autodesk Licensing Service — Autodesk, Inc. — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
O23 — Service: Google Updater Service (gusvc) — Unknown owner — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe

—
End of file — 7525 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB}]
C:WINDOWSsystem32atmpvcn.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-26 849392]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-06-15 6803456]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-06-15 86016]
«VGAUtil»=C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe [2005-08-17 544768]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-07-23 81920]
«EPSON Stylus C87 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE [2005-01-27 98304]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2005-09-25 155648]
«PViever»=C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe hide []
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-06 98304]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-09-04 949376]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe []
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesD-Toolsdaemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2004-02-25 10872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe

C:Documents and SettingsДимаStart MenuProgramsStartup
_uninst_setup_9.0.0.722_03.04.2010_21-05.exe.lnk — C:Documents and SettingsДимаLocal SettingsTemp_uninst_setup_9.0.0.722_03.04.2010_21-05.exe.bat

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesNeed For Speed IIInfs3.exe»=»C:Program FilesNeed For Speed IIInfs3.exe:*:Enabled:Need For Speed III for Win32»
«C:GamesCounter Strike Sourcehl2.exe»=»C:GamesCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыCounter Strike Sourcehl2.exe»=»D:ИгрыCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыAlien2AVP2XServ.exe»=»D:ИгрыAlien2AVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:ИгрыРазноеБильярдPerfectPool.exe»=»D:ИгрыРазноеБильярдPerfectPool.exe:*:Enabled:Perfect Pool Application»
«G:ApexDC-s14.exe»=»G:ApexDC-s14.exe:*:Enabled:ApexDC++»
«G:Анекс ДиСиApexDC-s14.exe»=»G:Анекс ДиСиApexDC-s14.exe:*:Enabled:ApexDC++»
«G:75_apexdc++_mod_s14ApexDC-s14.exe»=»G:75_apexdc++_mod_s14ApexDC-s14.exe:*:Enabled:ApexDC++»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesGigaByteVGA Utility ManagerG-vga.exe»=»C:Program FilesGigaByteVGA Utility ManagerG-vga.exe:*:Disabled:Menu»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe»=»D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe:*:Enabled:GoldenLand»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe»=»G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe:*:Enabled:Lost. Остаться в живых Game»
«G:УстановкаLost. Остаться в живыхgu.exe»=»G:УстановкаLost. Остаться в живыхgu.exe:*:Enabled:Lost. Остаться в живых Updater»
«G:УстановкаLost. Остаться в живыхdetectionLauncher.exe»=»G:УстановкаLost. Остаться в живыхdetectionLauncher.exe:*:Enabled:Lost. Остаться в живых Requirements Tool»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-04-04 11:41:11 —-DC—- C:rsit
2010-04-04 09:45:59 —-DC—- C:_OTM
2010-04-02 23:10:35 —-DC—- C:Program Filestrend micro
2010-04-02 13:15:17 —-DC—- C:Documents and SettingsДимаApplication DataWinRAR
2010-03-19 10:10:32 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe336032826999
2010-03-19 10:10:06 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe
2010-03-19 10:10:02 —-AC—- C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe332996826853
2010-03-19 10:09:25 —-AC—- C:Documents and SettingsДимаApplication Datapfjgcydu.exe
2010-03-13 12:41:35 —-DC—- C:Program FilesNival Interactive

======List of files/folders modified in the last 1 months======

2010-04-04 11:41:19 —-DC—- C:WINDOWSPrefetch
2010-04-04 11:00:12 —-DC—- C:WINDOWSTemp
2010-04-04 09:49:13 —-DC—- C:WINDOWSsystem32
2010-04-04 09:47:41 —-A—- C:WINDOWSSchedLgU.Txt
2010-04-04 09:46:01 —-SDC—- C:WINDOWSTasks
2010-04-04 09:41:18 —-DC—- C:WINDOWS
2010-04-04 09:35:39 —-DC—- C:WINDOWSsystem32drivers
2010-04-04 08:50:56 —-DC—- C:WINDOWSMinidump
2010-04-04 08:08:03 —-SHD—- C:System Volume Information
2010-04-04 08:06:18 —-HDC—- C:WINDOWSinf
2010-04-04 08:05:52 —-DC—- C:WINDOWSsystem32CatRoot2
2010-04-03 14:25:55 —-AC—- C:WINDOWSIE4 Error Log.txt
2010-04-03 09:41:25 —-AC—- C:WINDOWSsetuplog.txt
2010-04-03 09:40:44 —-DC—- C:WINDOWSsystem32oobe
2010-04-02 23:10:35 —-RDC—- C:Program Files
2010-04-02 22:44:37 —-HDC—- C:WINDOWS$hf_mig$
2010-04-02 22:34:49 —-AC—- C:WINDOWSntbtlog.txt
2010-04-02 22:33:09 —-SHDC—- C:RECYCLER
2010-04-02 22:31:02 —-DC—- C:Documents and Settings
2010-04-02 18:39:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-04-02 13:57:01 —-DC—- C:Program FilesESET
2010-04-02 13:38:22 —-DC—- C:WINDOWSsystem32CatRoot
2010-04-02 13:36:35 —-DC—- C:WINDOWSHelp
2010-04-01 21:03:34 —-DC—- C:WINDOWSsystem32config
2010-04-01 07:05:02 —-DC—- C:Documents and SettingsДимаApplication DatauTorrent
2010-03-28 11:30:19 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-25 13:33:48 —-DC—- C:WINDOWSsystem32wbem
2010-03-25 13:33:48 —-DC—- C:WINDOWSRegistration
2010-03-15 22:15:07 —-AC—- C:WINDOWSNeroDigital.ini
2010-03-13 12:41:31 —-HDC—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2009-09-04 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2009-09-04 512096]
R2 BTSERIAL;Bluetooth Serial Driver; ??C:WINDOWSsystem32driversbtserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; ??C:WINDOWSsystem32driversbtslbcsp.sys []
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 hl_mull;hl_mull; C:WINDOWSSystem32drivershl_mull.SYS [2005-09-22 67712]
R2 lf;lf; ??C:Program FilesLock Folder XP 3.2UniShieldXP.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-05-04 9855]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-07-27 3644032]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-12 1342602]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; ??C:WINDOWSGPCIDrv.sys []
R3 GVTDrv;GVTDrv; ??C:WINDOWSsystem32DriversGVTDrv.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-18 16128]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-06-15 3200256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 Winachcf;Winachcf; C:WINDOWSsystem32DRIVERSwinachcf.sys [2005-05-04 917988]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 avwk0ug6;avwk0ug6; C:WINDOWSsystem32driversavwk0ug6.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-05-12 401664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-05-12 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys []
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-05-12 148168]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-12 57320]
S3 catchme;catchme; ??C:DOCUME~1C4C4~1LOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2006-04-20 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5b.sys [2002-10-29 40960]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe [2006-05-12 258103]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-09-04 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-06-15 127043]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2006-01-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

EOF

Кстате, ошибка Эррор при нажатии на папки на рабочем столе перестала появляться, но Темп с файлом WGAErrLog не исчез…
9 апреля, 2010 в 2:19 пп #29279
Admin
Keymaster
- Темы:40
- Сообщений:5676
Нужно ещё немного поработать.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
```
:reg

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB}]



:files

C:Documents and SettingsДимаStart MenuProgramsStartup_uninst_setup_9.0.0.722_03.04.2010_21-05.exe.lnk

C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe336032826999

C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe

C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe332996826853

C:Documents and SettingsДимаApplication Datapfjgcydu.exe



:Commands

[emptytemp]

[Reboot]
```
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.

Темп с файлом WGAErrLog не исчез…

Этот файл создаётся операционной системой.
11 апреля, 2010 в 5:27 дп #29280
dmitrch
Participant
- Темы:1
- Сообщений:6
Valeri, проделал написанные Вами операции. Получилось вот это:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9F0EA3A5-B7BA-4631-8F6D-A7CA68DC28CB} deleted successfully.
========== FILES ==========
C:Documents and SettingsДимаStart MenuProgramsStartup_uninst_setup_9.0.0.722_03.04.2010_21-05.exe.lnk moved successfully.
C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe336032826999 moved successfully.
C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe moved successfully.
C:Documents and SettingsAll UsersApplication Datapfjgcydu.exe332996826853 moved successfully.
C:Documents and SettingsДимаApplication Datapfjgcydu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Дима
->Temp folder emptied: 1220160 bytes
->Temporary Internet Files folder emptied: 51308506 bytes
->Flash cache emptied: 1599 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20900 bytes

Total Files Cleaned = 50,00 mb

OTM by OldTimer — Version 3.1.10.1 log created on 04112010_091916

Files moved on Reboot…
C:Documents and SettingsДимаLocal SettingsTemporary Internet FilesContent.IE5CZE1QPY7viewtopic[1].php moved successfully.

Registry entries deleted on Reboot…

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2010-04-11 09:26:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 767 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:06, on 11.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSExplorer.EXE
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsДимаDesktopRSIT.exe
C:Program Filestrend microДима.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VGAUtil] C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [EPSON Stylus C87 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE /P23 «EPSON Stylus C87 Series» /O6 «USB001» /M «Stylus C87»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [PViever] «C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe» hide
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Отправить через &Bluetooth — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie_ctx.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-4017 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCCSServicesTcpip..{AE47C836-6FF5-4B39-A6A1-9F54555F7BA4}: NameServer = 88.147.129.15 88.147.128.17
O17 — HKLMSystemCS1ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O17 — HKLMSystemCS2ServicesTcpip..{22A5240C-070E-4EB9-9DF3-5EB6891E5E76}: NameServer = 88.147.164.12
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Autodesk Licensing Service — Autodesk, Inc. — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe
O23 — Service: Google Updater Service (gusvc) — Unknown owner — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe

—
End of file — 7276 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-26 849392]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-06-15 6803456]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-06-15 86016]
«VGAUtil»=C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe [2005-08-17 544768]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-07-23 81920]
«EPSON Stylus C87 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE [2005-01-27 98304]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2005-09-25 155648]
«PViever»=C:Program FilesGay-Lesbian-PhotoGay-Lesbian-Photo.exe hide []
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-06 98304]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-09-04 949376]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe []
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesD-Toolsdaemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2004-02-25 10872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesNeed For Speed IIInfs3.exe»=»C:Program FilesNeed For Speed IIInfs3.exe:*:Enabled:Need For Speed III for Win32»
«C:GamesCounter Strike Sourcehl2.exe»=»C:GamesCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыCounter Strike Sourcehl2.exe»=»D:ИгрыCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыAlien2AVP2XServ.exe»=»D:ИгрыAlien2AVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:ИгрыРазноеБильярдPerfectPool.exe»=»D:ИгрыРазноеБильярдPerfectPool.exe:*:Enabled:Perfect Pool Application»
«G:ApexDC-s14.exe»=»G:ApexDC-s14.exe:*:Enabled:ApexDC++»
«G:Анекс ДиСиApexDC-s14.exe»=»G:Анекс ДиСиApexDC-s14.exe:*:Enabled:ApexDC++»
«G:75_apexdc++_mod_s14ApexDC-s14.exe»=»G:75_apexdc++_mod_s14ApexDC-s14.exe:*:Enabled:ApexDC++»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesGigaByteVGA Utility ManagerG-vga.exe»=»C:Program FilesGigaByteVGA Utility ManagerG-vga.exe:*:Disabled:Menu»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe»=»D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe:*:Enabled:GoldenLand»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe»=»G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe:*:Enabled:Lost. Остаться в живых Game»
«G:УстановкаLost. Остаться в живыхgu.exe»=»G:УстановкаLost. Остаться в живыхgu.exe:*:Enabled:Lost. Остаться в живых Updater»
«G:УстановкаLost. Остаться в живыхdetectionLauncher.exe»=»G:УстановкаLost. Остаться в живыхdetectionLauncher.exe:*:Enabled:Lost. Остаться в живых Requirements Tool»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-04-04 11:41:11 —-DC—- C:rsit
2010-04-04 09:45:59 —-DC—- C:_OTM
2010-04-02 23:10:35 —-DC—- C:Program Filestrend micro
2010-04-02 13:15:17 —-DC—- C:Documents and SettingsДимаApplication DataWinRAR
2010-03-13 12:41:35 —-DC—- C:Program FilesNival Interactive

======List of files/folders modified in the last 1 months======

2010-04-11 09:23:14 —-DC—- C:WINDOWSTemp
2010-04-11 09:22:26 —-DC—- C:WINDOWSsystem32
2010-04-11 09:20:38 —-A—- C:WINDOWSSchedLgU.Txt
2010-04-09 21:08:48 —-DC—- C:WINDOWSPrefetch
2010-04-09 20:03:48 —-AC—- C:WINDOWSNeroDigital.ini
2010-04-09 20:02:52 —-DC—- C:WINDOWS
2010-04-08 23:42:18 —-AC—- C:WINDOWSIE4 Error Log.txt
2010-04-08 19:16:42 —-DC—- C:WINDOWSsystem32CatRoot2
2010-04-08 19:16:36 —-HDC—- C:WINDOWSinf
2010-04-08 04:43:40 —-DC—- C:Documents and SettingsДимаApplication DatauTorrent
2010-04-04 09:46:01 —-SDC—- C:WINDOWSTasks
2010-04-04 09:35:39 —-DC—- C:WINDOWSsystem32drivers
2010-04-04 08:50:56 —-DC—- C:WINDOWSMinidump
2010-04-04 08:13:03 —-DC—- C:Documents and SettingsДимаApplication DataFieryAds
2010-04-04 08:08:03 —-SHD—- C:System Volume Information
2010-04-03 09:41:25 —-AC—- C:WINDOWSsetuplog.txt
2010-04-03 09:40:44 —-DC—- C:WINDOWSsystem32oobe
2010-04-02 23:10:35 —-RDC—- C:Program Files
2010-04-02 22:44:37 —-HDC—- C:WINDOWS$hf_mig$
2010-04-02 22:34:49 —-AC—- C:WINDOWSntbtlog.txt
2010-04-02 22:33:09 —-SHDC—- C:RECYCLER
2010-04-02 22:31:02 —-DC—- C:Documents and Settings
2010-04-02 18:39:10 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-04-02 13:57:01 —-DC—- C:Program FilesESET
2010-04-02 13:38:22 —-DC—- C:WINDOWSsystem32CatRoot
2010-04-02 13:36:35 —-DC—- C:WINDOWSHelp
2010-04-01 21:03:34 —-DC—- C:WINDOWSsystem32config
2010-03-28 11:30:19 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-25 13:33:48 —-DC—- C:WINDOWSsystem32wbem
2010-03-25 13:33:48 —-DC—- C:WINDOWSRegistration
2010-03-13 12:41:31 —-HDC—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2009-09-04 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2009-09-04 512096]
R2 BTSERIAL;Bluetooth Serial Driver; ??C:WINDOWSsystem32driversbtserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; ??C:WINDOWSsystem32driversbtslbcsp.sys []
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 hl_mull;hl_mull; C:WINDOWSSystem32drivershl_mull.SYS [2005-09-22 67712]
R2 lf;lf; ??C:Program FilesLock Folder XP 3.2UniShieldXP.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-05-04 9855]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-07-27 3644032]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-12 1342602]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; ??C:WINDOWSGPCIDrv.sys []
R3 GVTDrv;GVTDrv; ??C:WINDOWSsystem32DriversGVTDrv.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-18 16128]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-06-15 3200256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 Winachcf;Winachcf; C:WINDOWSsystem32DRIVERSwinachcf.sys [2005-05-04 917988]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 a0bv8zkg;a0bv8zkg; C:WINDOWSsystem32driversa0bv8zkg.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-05-12 401664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-05-12 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys []
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-05-12 148168]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-12 57320]
S3 catchme;catchme; ??C:DOCUME~1C4C4~1LOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2006-04-20 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5b.sys [2002-10-29 40960]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe [2006-05-12 258103]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-09-04 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-06-15 127043]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2006-01-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

EOF
12 апреля, 2010 в 7:24 пп #29281
Admin
Keymaster
- Темы:40
- Сообщений:5676
Лог выглядит нормально. Как работает компьютер ?
13 апреля, 2010 в 3:02 пп #29282
dmitrch
Participant
- Темы:1
- Сообщений:6
Компьютер работает нормально как и раньше, до поимки вируса. Меня интересует, не «затаился» ли этот файл на будущее, который остался в папке Темп. Ведь так ничем я и не смог его удалить… Как бы то нибыло, спасибо Вам, Valeri, за помощь, и за потраченное время!
15 марта, 2011 в 3:13 пп #29283
dmitrch
Participant
- Темы:1
- Сообщений:6
Доброго времнени суток. У меня опять проблема.
В общем суть такая — при нажатии Ctrl+Alt+Delete — стал появляться не диспетчер задач, а калькулятор. И еще после загрузки, в начале перед рабочим столом появляется вот это —

там еще внутри что-то написано, но не успеваю разгледеть и сфокусировать, длительность этого окна — не более 1 секунды, затем пропадает…
____________________________
После запуска RSIT:
info:

info.txt logfile of random’s system information tool 1.06 2011-03-15 18:16:35

======Uninstall list======

—>MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuninstall.exe»
Acorp Modem Booster v.3.18D—>»C:Program FilesAcorp Modem Boosterunins000.exe»
Acorp Sprinter@56k Prime V.92 Modem—>C:UIUCXT10B6HXFSETUP.EXE -U -IVEN_14F1&DEV_10B6
Adobe Acrobat 4.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 4.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 4.0NTUninst.dll»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashFlashUtil10n_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player—>C:WINDOWSsystem32AdobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
AGEIA PhysX v7.11.13—>MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AusLogics Registry Defrag—>»C:Program FilesAusLogics Registry Defragunins000.exe»
AutoCAD 2005 — English—>MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk AutoCad 2005 Russian Version—>C:PROGRA~1AUTOCA~1UNWISE.EXE C:PROGRA~1AUTOCA~1INSTALL.LOG
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Delta Force — Team Sabre—>»C:Program FilesDFTSunins000.exe»
DivX Pro Codec Adware—>C:WINDOWSunvise32.exe C:Program FilesDivXDivX Pro Codec AdwareUninstalDivXProCodecAdware.log
DOOM III—>»J:УстанDOOM IIIunins000.exe»
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
Enigmo Download—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{930E3A6E-C479-4AB8-9060-65F44B0B8296}Setup.exe» -l0x9
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E86BC406-944E-41F6-ADE6-2C136734C96B}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
ESC87 Руководство пользователя—>C:Program FilesEPSONTPMANUALESC87_RUSUSE_GDOCUNINS.EXE
FIFA 08—>D:Игры8FIFA08unwise.exe
FIFA 08—>D:ИГРЫ8FIFA08UNWISE.EXE D:ИГРЫ8FIFA08INSTALL.LOG
FLV Player 1.3.3—>»C:Program FilesFLVPlayeruninstall.exe»
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Haali Media Splitter—>»C:Program FilesHaaliMatroskaSplitteruninstall.exe»
Heroes of Might and Magic V — Tribes of the East—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{66FF4C48-0083-4E60-8556-B883AB212392}setup.exe» -l0x19
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB914440)—>»C:WINDOWS$NtUninstallKB914440$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Lock Folder XP 3.2—>»C:Program FilesLock Folder XP 3.2unins000.exe»
Lost. Остаться в живых—>»C:Program FilesInstallShield Installation Information{2702B8FC-6003-4AC6-ADBC-EC65746D800A}setup.exe» -runfromtemp -l0x0019 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Modem Tweak v 1.0—>»C:Program FilesModem Tweakunins000.exe»
MSN—>C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need for Speed™ Carbon—>D:ИгрыКарбонEAUninstall.exe
Nero 7 Ultra Edition—>MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 10.00—>MsiExec.exe /X{81EC7A2F-EB36-44EB-A89D-C11A7D9A9EE8}
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
QuickTime—>C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» -l0x19 -removeonly
Recuva (remove only)—>»C:Program FilesRecuvauninst.exe»
Samsung PC Studio II 2.0 Sample—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll -l0x19
Samsung Samples Installer—>»C:Program FilesInstallShield Installation Information{7AC15160-A49B-4A89-B181-D4619C025FFF}setup.exe» -runfromtemp -l0x0019 -removeonly
Security Update for Windows Media Player (KB911564)—>»C:WINDOWS$NtUninstallKB911564$spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows Media Player 6.4 (KB925398)—>»C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe»
Security Update for Windows XP (KB890046)—>»C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe»
Security Update for Windows XP (KB893066)—>»C:WINDOWS$NtUninstallKB893066$spuninstspuninst.exe»
Security Update for Windows XP (KB893756)—>»C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe»
Security Update for Windows XP (KB896358)—>»C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe»
Security Update for Windows XP (KB896422)—>»C:WINDOWS$NtUninstallKB896422$spuninstspuninst.exe»
Security Update for Windows XP (KB896423)—>»C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe»
Security Update for Windows XP (KB896424)—>»C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe»
Security Update for Windows XP (KB896428)—>»C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe»
Security Update for Windows XP (KB899587)—>»C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe»
Security Update for Windows XP (KB899589)—>»C:WINDOWS$NtUninstallKB899589$spuninstspuninst.exe»
Security Update for Windows XP (KB899591)—>»C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe»
Security Update for Windows XP (KB900725)—>»C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe»
Security Update for Windows XP (KB901017)—>»C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe»
Security Update for Windows XP (KB901214)—>»C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe»
Security Update for Windows XP (KB902400)—>»C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe»
Security Update for Windows XP (KB904706)—>»C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe»
Security Update for Windows XP (KB905414)—>»C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe»
Security Update for Windows XP (KB905749)—>»C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe»
Security Update for Windows XP (KB905915)—>»C:WINDOWS$NtUninstallKB905915$spuninstspuninst.exe»
Security Update for Windows XP (KB908519)—>»C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe»
Security Update for Windows XP (KB908531)—>»C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe»
Security Update for Windows XP (KB911562)—>»C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe»
Security Update for Windows XP (KB911567)—>»C:WINDOWS$NtUninstallKB911567$spuninstspuninst.exe»
Security Update for Windows XP (KB911927)—>»C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe»
Security Update for Windows XP (KB912812)—>»C:WINDOWS$NtUninstallKB912812$spuninstspuninst.exe»
Security Update for Windows XP (KB912919)—>»C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe»
Security Update for Windows XP (KB913446)—>»C:WINDOWS$NtUninstallKB913446$spuninstspuninst.exe»
Security Update for Windows XP (KB913580)—>»C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe»
Security Update for Windows XP (KB914388)—>»C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe»
Security Update for Windows XP (KB914389)—>»C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe»
Security Update for Windows XP (KB918118)—>»C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe»
Security Update for Windows XP (KB918439)—>»C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe»
Security Update for Windows XP (KB920213)—>»C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe»
Security Update for Windows XP (KB920670)—>»C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe»
Security Update for Windows XP (KB920683)—>»C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe»
Security Update for Windows XP (KB920685)—>»C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe»
Security Update for Windows XP (KB923191)—>»C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe»
Security Update for Windows XP (KB923414)—>»C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe»
Security Update for Windows XP (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
Security Update for Windows XP (KB923980)—>»C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe»
Security Update for Windows XP (KB924270)—>»C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe»
Security Update for Windows XP (KB924667)—>»C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe»
Security Update for Windows XP (KB925902)—>»C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe»
Security Update for Windows XP (KB926255)—>»C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe»
Security Update for Windows XP (KB926436)—>»C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe»
Security Update for Windows XP (KB927779)—>»C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe»
Security Update for Windows XP (KB927802)—>»C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe»
Security Update for Windows XP (KB928255)—>»C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe»
Security Update for Windows XP (KB928843)—>»C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe»
Security Update for Windows XP (KB929123)—>»C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe»
Security Update for Windows XP (KB930178)—>»C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe»
Security Update for Windows XP (KB931261)—>»C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe»
Security Update for Windows XP (KB931784)—>»C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe»
Security Update for Windows XP (KB932168)—>»C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe»
Security Update for Windows XP (KB933729)—>»C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe»
Security Update for Windows XP (KB935839)—>»C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe»
Security Update for Windows XP (KB935840)—>»C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe»
Security Update for Windows XP (KB936021)—>»C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe»
Security Update for Windows XP (KB937894)—>»C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe»
Security Update for Windows XP (KB938127)—>»C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB941693)—>»C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe»
Security Update for Windows XP (KB943055)—>»C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe»
Security Update for Windows XP (KB943460)—>»C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe»
Security Update for Windows XP (KB943485)—>»C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe»
Security Update for Windows XP (KB944338-v2)—>»C:WINDOWS$NtUninstallKB944338-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB944653)—>»C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe»
Security Update for Windows XP (KB945553)—>»C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe»
Security Update for Windows XP (KB946026)—>»C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB948590)—>»C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe»
Security Update for Windows XP (KB950749)—>»C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe»
Security Update for Windows XP (KB950759)—>»C:WINDOWS$NtUninstallKB950759$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953838)—>»C:WINDOWS$NtUninstallKB953838$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956390)—>»C:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Silent Hill 4—>»C:Program FilesSilentHill4unins000.exe»
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
The KMPlayer (remove only)—>»C:Program FilesThe KMPlayeruninstall.exe»
Tune Your Guitar! 1.8—>C:Program FilesTune Your Guitar!Uninstall.exe
U-Clean 2.3 SE—>»C:Program FilesU-Clean 2.3 SEuninstall.exe»
Update for Windows XP (KB894391)—>»C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe»
Update for Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Update for Windows XP (KB900485)—>»C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe»
Update for Windows XP (KB904942)—>»C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe»
Update for Windows XP (KB910437)—>»C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe»
Update for Windows XP (KB911280)—>»C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe»
Update for Windows XP (KB916595)—>»C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe»
Update for Windows XP (KB920872)—>»C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe»
Update for Windows XP (KB922582)—>»C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe»
Update for Windows XP (KB927891)—>»C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe»
Update for Windows XP (KB930916)—>»C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe»
Update for Windows XP (KB938828)—>»C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe»
Update for Windows XP (KB942763)—>»C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe»
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Version 1.0 of the game—>D:МиниигрыAirHockey3Dunins000.exe
VIA Rhine-Family Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA Диспетчер устройств платформы—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Video ActiveX Object 2.07—>C:Program FilesVideo ActiveX Objectuninst.exe
WIDCOMM Bluetooth Software—>MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Hotfix — KB873339—>C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
Windows XP Hotfix — KB885250—>C:WINDOWS$NtUninstallKB885250$spuninstspuninst.exe
Windows XP Hotfix — KB885835—>C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
Windows XP Hotfix — KB885836—>C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
Windows XP Hotfix — KB885884—>C:WINDOWS$NtUninstallKB885884$spuninstspuninst.exe
Windows XP Hotfix — KB886185—>C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
Windows XP Hotfix — KB887472—>C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
Windows XP Hotfix — KB887742—>C:WINDOWS$NtUninstallKB887742$spuninstspuninst.exe
Windows XP Hotfix — KB888113—>C:WINDOWS$NtUninstallKB888113$spuninstspuninst.exe
Windows XP Hotfix — KB888302—>C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
Windows XP Hotfix — KB890859—>»C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe»
Windows XP Hotfix — KB891781—>C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
XviD 1.2.-127 +SMP Alpha uninstall—>»C:Program FilesXviDunins000.exe»
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Златогорье-2. Версия 1.3—>»D:ИгрыЗлатогорье 2Burut CTunins000.exe»
Камень судьбы—>C:Program FilesAlawar.ruКамень судьбыUninstall.exe
Колыбель cвета—>C:Program FilesAlawar.ruКолыбель cветаUninstall.exe
КОМПАС-3D V8—>MsiExec.exe /I{887726B3-CC2B-4C51-B31A-C8077409D25E}
Удалить игру—>»D:ИгрыТанчики 3DTanksunins000.exe»
Чистильщик—>»C:Program FilesBukaHellforcesunins000.exe»

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: HOME-DFBC22F1E0
Event Code: 7036
Message: Служба «Remote Access Connection Manager» перешла в состояние Работает.

Record Number: 16567
Source Name: Service Control Manager
Time Written: 20110122124706.000000+180
Event Type: информация
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 7035
Message: Служба «Remote Access Connection Manager» успешно отправила управляющий элемент «запустить».

Record Number: 16566
Source Name: Service Control Manager
Time Written: 20110122124705.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: HOME-DFBC22F1E0
Event Code: 7036
Message: Служба «Telephony» перешла в состояние Работает.

Record Number: 16565
Source Name: Service Control Manager
Time Written: 20110122124705.000000+180
Event Type: информация
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 7036
Message: Служба «Application Layer Gateway Service» перешла в состояние Работает.

Record Number: 16564
Source Name: Service Control Manager
Time Written: 20110122124705.000000+180
Event Type: информация
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 7035
Message: Служба «Application Layer Gateway Service» успешно отправила управляющий элемент «запустить».

Record Number: 16563
Source Name: Service Control Manager
Time Written: 20110122124705.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

=====Application event log=====

Computer Name: HOME-DFBC22F1E0
Event Code: 11
Message: Ошибка извлечения стороннего корневого списка из CAB автоматического обновления на: с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке по системным часам или по штампу времени в подписанном файле.

Record Number: 783
Source Name: crypt32
Time Written: 20090801103557.000000+240
Event Type: ошибка
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 11
Message: Ошибка извлечения стороннего корневого списка из CAB автоматического обновления на: с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке по системным часам или по штампу времени в подписанном файле.

Record Number: 782
Source Name: crypt32
Time Written: 20090801103557.000000+240
Event Type: ошибка
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 781
Source Name: SecurityCenter
Time Written: 20090801102305.000000+240
Event Type: информация
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 0
Message:
Record Number: 780
Source Name: btwdins
Time Written: 20090801102250.000000+240
Event Type: информация
User:

Computer Name: HOME-DFBC22F1E0
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 779
Source Name: SecurityCenter
Time Written: 20090731140718.000000+240
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAutodesk Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=2c02
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

EOF

log:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2011-03-15 18:16:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (26%) free of 20 GB
Total RAM: 767 MB (52% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«nwiz»=nwiz.exe /install []
«VGAUtil»=C:Program FilesGigaByteVGA Utility ManagerG-VGA.exe [2005-08-17 544768]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-07-23 81920]
«EPSON Stylus C87 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABP.EXE [2005-01-27 98304]
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-06 98304]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe []
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-06-15 6803456]
«NevoDRM»=cmd /c C:Program FilesИгры GameHitsNevoDRMNevoDRM.exe []
«avast5″=C:PROGRA~1ALWILS~1Avast5avastUI.exe [2010-06-29 2837864]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«swg»=C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe []
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [2009-04-09 228808]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesD-Toolsdaemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2004-02-25 10872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMПрограммное обеспечение BluetoothBTTray.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesNeed For Speed IIInfs3.exe»=»C:Program FilesNeed For Speed IIInfs3.exe:*:Enabled:Need For Speed III for Win32»
«C:GamesCounter Strike Sourcehl2.exe»=»C:GamesCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыCounter Strike Sourcehl2.exe»=»D:ИгрыCounter Strike Sourcehl2.exe:*:Enabled:hl2»
«D:ИгрыAlien2AVP2XServ.exe»=»D:ИгрыAlien2AVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:ИгрыРазноеБильярдPerfectPool.exe»=»D:ИгрыРазноеБильярдPerfectPool.exe:*:Enabled:Perfect Pool Application»
«G:ApexDC-s14.exe»=»G:ApexDC-s14.exe:*:Enabled:ApexDC++»
«G:Анекс ДиСиApexDC-s14.exe»=»G:Анекс ДиСиApexDC-s14.exe:*:Enabled:ApexDC++»
«G:75_apexdc++_mod_s14ApexDC-s14.exe»=»G:75_apexdc++_mod_s14ApexDC-s14.exe:*:Enabled:ApexDC++»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesGigaByteVGA Utility ManagerG-vga.exe»=»C:Program FilesGigaByteVGA Utility ManagerG-vga.exe:*:Disabled:Menu»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe»=»D:ИгрыЗлатогорье 2Burut CTGoldenLandGoldenLand.exe:*:Enabled:GoldenLand»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe»=»G:УстановкаLost. Остаться в живыхYeti_Final_Win32.exe:*:Enabled:Lost. Остаться в живых Game»
«G:УстановкаLost. Остаться в живыхgu.exe»=»G:УстановкаLost. Остаться в живыхgu.exe:*:Enabled:Lost. Остаться в живых Updater»
«G:УстановкаLost. Остаться в живыхdetectionLauncher.exe»=»G:УстановкаLost. Остаться в живыхdetectionLauncher.exe:*:Enabled:Lost. Остаться в живых Requirements Tool»
«C:Program FilesOpera 10 Betaopera.exe»=»C:Program FilesOpera 10 Betaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesSharemanShareman.exe»=»C:Program FilesSharemanShareman.exe:*:Enabled:Shareman»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2011-03-15 18:16:10 —-DC—- C:rsit
2011-03-15 18:16:10 —-DC—- C:Program Filestrend micro
2011-03-14 20:37:13 —-DC—- C:Program FilesOpera 10 Beta
2011-03-14 18:44:03 —-AC—- C:WINDOWSsystem32aswBoot.exe
2011-03-14 18:43:50 —-DC—- C:Program FilesAlwil Software
2011-03-14 18:43:50 —-DC—- C:Documents and SettingsAll UsersApplication DataAlwil Software
2011-03-12 12:19:01 —-DC—- C:Documents and SettingsДимаApplication DataShareman
2011-03-12 12:18:54 —-DC—- C:Program FilesShareman
2011-03-11 20:09:29 —-DC—- C:WINDOWSAнтивир

======List of files/folders modified in the last 1 months======

2011-03-15 18:16:14 —-DC—- C:WINDOWSPrefetch
2011-03-15 18:16:10 —-RDC—- C:Program Files
2011-03-15 17:58:33 —-DC—- C:WINDOWSTemp
2011-03-15 17:58:29 —-DC—- C:WINDOWSsystem32
2011-03-14 22:09:36 —-A—- C:WINDOWSSchedLgU.Txt
2011-03-14 20:37:17 —-SHDC—- C:WINDOWSInstaller
2011-03-14 20:36:21 —-SDC—- C:Documents and SettingsДимаApplication DataMicrosoft
2011-03-14 20:35:08 —-DC—- C:Documents and SettingsДимаApplication DataOpera
2011-03-14 20:15:34 —-DC—- C:Program FilesVideo ActiveX Object
2011-03-14 18:44:25 —-DC—- C:WINDOWSsystem32drivers
2011-03-14 18:44:11 —-DC—- C:WINDOWSWinSxS
2011-03-14 18:44:03 —-DC—- C:WINDOWS
2011-03-14 18:31:41 —-SDC—- C:WINDOWSTasks
2011-03-13 11:25:12 —-AC—- C:WINDOWSNeroDigital.ini
2011-03-12 11:38:02 —-RSHDC—- C:WINDOWSsystem32dllcache
2011-03-12 11:37:46 —-DC—- C:WINDOWSsystem32CatRoot2
2011-03-10 17:14:09 —-DC—- C:WINDOWSsystem32config
2011-03-10 17:13:49 —-DC—- C:WINDOWSsystem32wbem
2011-03-10 17:13:49 —-DC—- C:WINDOWSRegistration
2011-03-06 19:04:27 —-DC—- C:Documents and SettingsДимаApplication DatauTorrent
2011-03-02 10:56:31 —-AC—- C:WINDOWSIE4 Error Log.txt
2011-02-22 12:45:26 —-DC—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2010-06-29 28880]
R1 aswSP;aswSP; C:WINDOWSsystem32driversaswSP.sys [2010-06-29 165456]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2010-06-29 46672]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32driversaswFsBlk.sys [2010-06-29 17744]
R2 aswMon2;aswMon2; C:WINDOWSsystem32driversaswMon2.sys [2010-06-29 100176]
R2 BTSERIAL;Bluetooth Serial Driver; ??C:WINDOWSsystem32driversbtserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; ??C:WINDOWSsystem32driversbtslbcsp.sys []
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 hl_mull;hl_mull; C:WINDOWSSystem32drivershl_mull.SYS [2005-09-22 67712]
R2 lf;lf; ??C:Program FilesLock Folder XP 3.2UniShieldXP.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-05-04 9855]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-07-27 3644032]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2010-06-29 23376]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-12 1342602]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; ??C:WINDOWSGPCIDrv.sys []
R3 GVTDrv;GVTDrv; ??C:WINDOWSsystem32DriversGVTDrv.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-18 16128]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-06-15 3200256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 Winachcf;Winachcf; C:WINDOWSsystem32DRIVERSwinachcf.sys [2005-05-04 917988]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 ax2m7uqy;ax2m7uqy; C:WINDOWSsystem32driversax2m7uqy.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-05-12 401664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-05-12 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys []
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-05-12 148168]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-12 57320]
S3 catchme;catchme; ??C:DOCUME~1C4C4~1LOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2006-04-19 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5b.sys [2002-10-29 40960]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-06-29 40384]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMПрограммное обеспечение Bluetoothbinbtwdins.exe [2006-05-12 258103]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-06-15 127043]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-06-29 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-06-29 40384]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2006-01-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]

EOF
27 марта, 2011 в 9:11 дп #29284
dmitrch
Participant
- Темы:1
- Сообщений:6
Проблема еще не решена. Никто не поможет?
Автор

Сообщения