- This topic has 7 ответов, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
Вот сегодня подцепил этот злобный вирус 🙁 Скачал эту программу Malwarebytes Anti-Malware, когда выполняется проверка, система автоматически перезагружается. Подскажите пожалуйста что делать? Вот скачал еще программу RSIT, вот логи:
Файл log.txt
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-20 22:43:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (68%) free of 60 GB
Total RAM: 2047 MB (69% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:19, on 20.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesMy Lockboxflockbox.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:DOCUME~19335~1LOCALS~1Tempert52968.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:DOCUME~19335~1LOCALS~1Temp~tmpa.exe
T:usrlocalprogramapachestart.exe
T:usrlocalApachebinApache.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesQIP Infiuminfium.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/ri6
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — {63432924-FF0F-4F2D-BA15-FE46454977A3} — (no file)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO Class — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: Anonymous Friend — {A3884B05-8D20-483A-A2E3-C70A66E75C34} — C:Program FilesAnonymous FriendAnonymousFriend.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [avast!] C:WINDOWSrubrica
O4 — HKLM..Run: [Path] C:WINDOWSrubrica
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Performance Center] C:Program FilesAscentivePerformance CenterApcMain.exe -m
O4 — HKCU..Run: [Path] C:WINDOWSrubrica
O4 — HKCU..Run: [MSFox] C:DOCUME~19335~1LOCALS~1Tempert52968.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Ameba] C:Program FilesAmebaAmeba.exe
O4 — HKCU..Run: [14197584677636430179385521643027] C:Program FilesAntivirus 2009av2009.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra ‘Tools’ menuitem: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12596 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-24 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264]
{A3884B05-8D20-483A-A2E3-C70A66E75C34} — Anonymous Friend — C:Program FilesAnonymous FriendAnonymousFriend.dll [2007-11-22 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-02 4417016]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
«alls»= []
«avast!»=C:WINDOWSrubrica []
«Path»=C:WINDOWSrubrica []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Performance Center»=C:Program FilesAscentivePerformance CenterApcMain.exe -m []
«Path»=C:WINDOWSrubrica []
«MSFox»=C:DOCUME~19335~1LOCALS~1Tempert52968.exe [2009-01-19 81924]
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304]
«Ameba»=C:Program FilesAmebaAmeba.exe [2009-01-18 2412544]
«14197584677636430179385521643027»=C:Program FilesAntivirus 2009av2009.exe [2009-01-20 2513][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe silent [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-01-20 22:43:14 —-D—- C:rsit
2009-01-20 22:43:14 —-D—- C:Program Filestrend micro
2009-01-20 22:39:47 —-A—- C:WINDOWSsystem32CF11768.exe
2009-01-20 22:39:40 —-D—- C:32788R22FWJFW
2009-01-20 22:39:01 —-A—- C:WINDOWSsystem32CF11618.exe
2009-01-20 22:38:18 —-A—- C:WINDOWSsystem32CF11478.exe
2009-01-20 22:34:21 —-A—- C:WINDOWSsystem32CF10704.exe
2009-01-20 22:33:58 —-A—- C:WINDOWSsystem32CF10612.exe
2009-01-20 22:32:47 —-D—- C:WINDOWSERDNT
2009-01-20 22:32:47 —-D—- C:Qoobox
2009-01-20 22:32:46 —-D—- C:ComboFix
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10338.exe
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10335.exe
2009-01-20 22:32:27 —-A—- C:Bug.txt
2009-01-20 22:32:26 —-A—- C:WINDOWSsystem32cmd.execf
2009-01-20 21:32:45 —-D—- C:Documents and SettingsАдминистраторApplication DataMalwarebytes
2009-01-20 21:32:36 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-20 21:32:36 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-20 21:24:36 —-A—- C:avenger.txt
2009-01-20 21:13:36 —-D—- C:Avenger
2009-01-20 21:04:27 —-D—- C:Program FilesAntivirus 2009
2009-01-20 17:04:14 —-D—- C:Documents and SettingsАдминистраторApplication DataAmeba
2009-01-20 17:03:30 —-D—- C:Program FilesAmeba
2009-01-18 22:56:29 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-01-11 21:17:32 —-D—- C:Program FilesAddSite FREE
2009-01-11 11:41:27 —-D—- C:Program FilesFreePromote 2.1
2009-01-10 19:20:18 —-D—- C:Program FilesAddPromo
2009-01-09 12:31:12 —-A—- C:WINDOWShfs.new.exe
2009-01-03 13:56:36 —-D—- C:Program FilesMicrosoft Common
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-01-03 12:04:57 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-01-03 12:04:15 —-D—- C:WINDOWSLogs
2009-01-03 00:12:13 —-D—- C:Program FilesEarthView
2009-01-03 00:12:13 —-D—- C:Documents and SettingsАдминистраторApplication DataDeskSoft
2009-01-01 22:15:11 —-D—- C:Documents and SettingsАдминистраторApplication DataSmartFTP
2009-01-01 22:14:31 —-D—- C:Program FilesSmartFTP Client
2009-01-01 22:14:20 —-D—- C:Program FilesSmartFTP Client 3.0 Setup Files
2009-01-01 02:49:20 —-D—- C:WINDOWSvf_hip
2009-01-01 02:49:19 —-D—- C:Program FilesHide IP Platinum
2009-01-01 00:28:24 —-A—- C:WINDOWSavisplitter.INI
2008-12-31 21:14:37 —-D—- C:Program FilesDreamRender
2008-12-30 20:52:11 —-D—- C:Inf1188
2008-12-29 19:37:45 —-D—- C:WINDOWSpss
2008-12-28 23:40:40 —-D—- C:Program FilesTopServer 2.1
2008-12-28 22:51:25 —-D—- C:Denwer
2008-12-28 19:39:03 —-D—- C:Program FilesMySQL
2008-12-28 19:32:37 —-D—- C:Program FilesApache Group
2008-12-27 21:28:21 —-D—- C:Program FilesICQ6.5
2008-12-25 12:17:50 —-D—- C:Program FilesXvid
2008-12-25 11:42:32 —-D—- C:Fraps======List of files/folders modified in the last 1 months======
2009-01-20 22:43:14 —-RD—- C:Program Files
2009-01-20 22:39:47 —-D—- C:WINDOWSsystem32
2009-01-20 22:39:30 —-D—- C:WINDOWSTemp
2009-01-20 22:32:47 —-D—- C:WINDOWS
2009-01-20 22:16:55 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-01-20 22:16:34 —-D—- C:WINDOWSMinidump
2009-01-20 22:05:05 —-D—- C:WINDOWSsystem32drivers
2009-01-20 21:43:39 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-20 21:22:51 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-20 21:10:40 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-01-20 21:02:24 —-D—- C:WINDOWSPrefetch
2009-01-20 21:01:05 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-01-20 20:53:47 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-01-20 20:52:37 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-19 21:25:20 —-D—- C:Program FilesICQ6
2009-01-19 17:54:17 —-D—- C:Documents and SettingsАдминистраторApplication DataICQ
2009-01-18 22:56:29 —-D—- C:Program FilesCommon Files
2009-01-18 20:07:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-01-18 20:01:03 —-D—- C:Program FilesMozilla Firefox
2009-01-17 19:56:47 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-01-17 17:15:33 —-D—- C:Documents and SettingsАдминистраторApplication DataYandex
2009-01-14 18:13:54 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-01-14 17:53:12 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-01-14 17:31:16 —-RSD—- C:WINDOWSFonts
2009-01-09 20:36:44 —-D—- C:Program FilesHfs
2009-01-09 12:38:51 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-09 11:40:06 —-SH—- C:boot.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSwin.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSsystem.ini
2009-01-07 16:27:51 —-A—- C:WINDOWSNeroDigital.ini
2009-01-06 22:46:34 —-D—- C:Program FilesTotal Commander
2009-01-03 12:12:14 —-SHD—- C:WINDOWSInstaller
2009-01-03 12:04:59 —-HD—- C:WINDOWSinf
2009-01-03 12:04:59 —-D—- C:WINDOWSsystem32DirectX
2009-01-03 12:04:51 —-RSD—- C:WINDOWSassembly
2009-01-01 01:44:19 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 16:22:26 —-D—- C:Program FilesFieryAds
2008-12-28 09:56:51 —-D—- C:Program FilesICQ6Toolbar
2008-12-27 21:29:38 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2008-12-26 20:37:23 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-12-26 10:28:29 —-D—- C:Poker
2008-12-21 21:49:31 —-D—- C:Program FilesOpera======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2008-11-03 213008]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 agu8wfev;agu8wfev; C:WINDOWSsystem32driversagu8wfev.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Файл info.txt
info.txt logfile of random’s system information tool 1.05 2009-01-20 22:43:21
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
AddPromo 1.1—>»C:Program FilesAddPromounins000.exe»
AddSite FREE 1.0—>»C:Program FilesAddSite FREEunins000.exe»
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player 9 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil9d.exe -uninstallDelete
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers2ac78060bc5856b0c1cf873bb919b58Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup—>MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AllSubmitter 4.7—>»C:Program FilesWebLogAnalyzerAllSubmitterunins000.exe»
Anonymous Friend 2.9—>»C:Program FilesAnonymous Friendunins000.exe»
Daemon Tools—>»C:Program FilesDaemon ToolsUninst.exe»
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
EA Download Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1049
EarthView V3.10.1—>C:Program FilesEarthViewUninstall.exe
FIFA 09—>MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Fraps—>»C:Frapsuninstall.exe»
FreePromote 2.1—>»C:Program FilesFreePromote 2.1unins000.exe»
GrandBilliards 1.0—>»C:Program FilesGrandBilliardsunins000.exe»
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
Hide IP Platinum 3.1—>»C:Program FilesHide IP Platinumunins000.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Mega Codec Pack 3.5.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Mail.Ru Агент 5.2 (сборка 2405, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.29—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
MansionPoker—>»C:PokerMansionPoker_SetupPoker.exe» /uninstall
Marketiva—>C:Program FilesNovativa StreamsterUninstall.exe
MaxlerMediaTranslate.—>C:Program FilesMaxlerMediaTranslate.uninstall.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>MsiExec.exe /X{F4D0F248-2BF7-4912-814E-4FD751923838}
Microsoft .NET Framework 2.0—>MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WorldWide Telescope—>MsiExec.exe /I{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}
Mouse Off-road 2.12—>C:WINDOWSUnGins.exe «C:Program FilesA!K Research LabsOff-roadinstall.log»
Mozilla Firefox (3.0.5)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
My Lockbox 1.2 for Windows 2000/XP—>»C:Program FilesMy Lockboxunins000.exe»
MyPlayCityRU Toolbar—>C:PROGRA~1MYPLAY~1UNWISE.EXE C:PROGRA~1MYPLAY~1INSTALL.LOG
Need for Speed™ Undercover—>MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 7 Micro v7.10.1.0—>»C:Program FilesNerounins000.exe»
NHL™ 09—>MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates — Expire in 2050)—>»C:Program FilesESETESET NOD32 Antivirusunins000.exe»
Norton PartitionMagic 8.0—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
Opera 9.63—>MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerRoomSchool—>»C:PokerPokerRoomSchool_SetupPoker.exe» /uninstall
Pro Pilkki 2—>»C:Program FilesProPilkki2uninstall.exe»
QIP Infium 2.0.9020 RC3—>»C:Program FilesQIP Infiumunins000.exe»
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Security Update для Microsoft .NET Framework 2.0 (КБ928365)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client 3.0 Setup Files (remove only)—>C:Program FilesSmartFTP Client 3.0 Setup Filesuninst-sftp.exe
SmartFTP Client—>MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SMJ Client 1.0.0.7—>C:Program FilesSS AGSMJ ClientUninstall.exe
SMJ Client—>C:Program FilesSS AGSMJ ClientUninstall.exe
SopCast 3.0.3—>C:Program FilesSopCastuninst.exe
SPORE™—>»C:Program FilesInstallShield Installation Information{9DF0196F-B6B8-4C3A-8790-DE42AA530101}SPORESetup.exe» -runfromtemp -l0x0019 -removeonly
Stronghold Crusader Extreme—>»E:IgriStrongholdSCEunins000.exe»
System Requirements Lab—>C:Program FilesSystemRequirementsLabUninstall.exe
Titan Poker—>»C:PokerTitan Poker_SetupPoker.exe» /uninstall
TopServer 2.1—>»C:Program FilesTopServer 2.1uninstall.exe»
Total Commander 7.04 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Undelete Plus 2.93—>»C:Program FilesfdrlabUndelete Plusunins000.exe»
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
Update для Microsoft .NET Framework 3.0 (КБ932394)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {6CDA893D-A8BB-44B5-896E-A474508B2EFF} /package {7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Virtual DJ — Atomix Productions—>C:PROGRA~1VIRTUA~1UNWISE.EXE C:PROGRA~1VIRTUA~1INSTALL.LOG
WebMoney Advisor—>regsvr32 /u /s «C:Program FilesWebMoney Advisorwmadvisor.dll»
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.6.0.6—>»c:program fileswebmoneyUninstall.exe» «c:program fileswebmoneyinstall.log» -u
WIDCOMM Bluetooth Software—>MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xerox Phaser 3117—>»C:WINDOWSXeroxP3117setup.exe» /L0019
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Xvid 1.1.3 final uninstall—>»C:Program FilesXvidunins000.exe»
Амеба — интернет проект 2.3.1—>C:Program FilesAmebauninst.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Единый модуль поддержки сети Fiery—>C:Program FilesFieryAdsFieryAdsUninstall.exe
Пакет обновления 2 для клиента управления правами Windows с поддержкой прежних версий—>MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Пакет обновления 2 для клиента управления правами Windows—>MsiExec.exe /X{9350CD11-D3F0-4B6D-B18F-74E968D5770A}
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Триал-Мото—>»E:ИгрыТриаоТриал-Мотоunins000.exe»
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Hosts File======
127.0.0.1 localhost prime second
======Security center information======
AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)System event log
Computer Name: MICROSOF-F4C65C
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».Record Number: 5
Source Name: Service Control Manager
Time Written: 20081227161745.000000+120
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-F4C65C
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.Record Number: 4
Source Name: Service Control Manager
Time Written: 20081227161745.000000+120
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 7000
Message: Сбой при запуске службы «Apache2.2» из-за ошибки
Системе не удается найти указанный путь.Record Number: 3
Source Name: Service Control Manager
Time Written: 20081227161745.000000+120
Event Type: ошибка
User:Computer Name: MICROSOF-F4C65C
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20081227161613.000000+120
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20081227161613.000000+120
Event Type: информация
User:Application event log
Computer Name: MICROSOF-F4C65C
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20081001175945.000000+180
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20081001175942.000000+180
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20081001175836.000000+180
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20081001175824.000000+180
Event Type: информация
User:Computer Name: MICROSOF-F4C65C
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20081001175731.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=2
«OS»=Windows_NT
«Page2Chm»=C:Program FilesOperaACmisc
«Path»=C:WINDOWSSystem32;C:WINDOWS;System32
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=4303
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%
EOF
Помогите пожалуйста, невозможно работать с компьютером…постоянно выскакивает рамочка для проверки системы…
Здравствуйте, добро пожаловать на Spyware-ru форум.
Закройте все окна Windows и Internet Explorer. Запустите HijackThis. Для этого кликните Пуск, Выполнить, введите C:Program Filestrend microАдминистратор.exe и нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:R3 - URLSearchHook: (no name) - {63432924-FF0F-4F2D-BA15-FE46454977A3} - (no file)
R3 - URLSearchHook: (no name) - - (no file)Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезапустите компьютер.Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
agu8wfev
:reg
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"alls"=-
"avast!"=-
"Path"=-
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"Path"=-
"MSFox"=-
"Ameba"=-
"14197584677636430179385521643027"=-
:files
C:Program FilesAntivirus 2009
C:WINDOWSsystem32driversagu8wfev.sys
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же к вашему ответу приложите свежий RSIT лог.========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service agu8wfev .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\alls deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\avast! deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Path deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Path deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\MSFox deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Ameba not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\14197584677636430179385521643027 not found.
========== FILES ==========
File/Folder C:Program FilesAntivirus 2009 not found.
File/Folder C:WINDOWSsystem32driversagu8wfev.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1Tempert52968.exe scheduled to be deleted on reboot.
File delete failed. C:DOCUME~19335~1LOCALS~1Temp~tmpb.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01232009_202955
Files moved on Reboot…
C:DOCUME~19335~1LOCALS~1Tempert52968.exe moved successfully.
C:DOCUME~19335~1LOCALS~1Temp~tmpb.exe moved successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.логи от RSIT
log.txt
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-23 20:37:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (69%) free of 60 GB
Total RAM: 2047 MB (72% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:20, on 23.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesMy Lockboxflockbox.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
T:usrlocalprogramapachestart.exe
T:usrlocalApachebinApache.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesOperaopera.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO Class — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: Anonymous Friend — {A3884B05-8D20-483A-A2E3-C70A66E75C34} — C:Program FilesAnonymous FriendAnonymousFriend.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Performance Center] C:Program FilesAscentivePerformance CenterApcMain.exe -m
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra ‘Tools’ menuitem: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12254 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-24 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264]
{A3884B05-8D20-483A-A2E3-C70A66E75C34} — Anonymous Friend — C:Program FilesAnonymous FriendAnonymousFriend.dll [2007-11-22 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-02 4417016]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Performance Center»=C:Program FilesAscentivePerformance CenterApcMain.exe -m []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe silent [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-01-23 20:29:55 —-D—- C:_OTMoveIt
2009-01-20 22:43:14 —-D—- C:rsit
2009-01-20 22:43:14 —-D—- C:Program Filestrend micro
2009-01-20 22:39:47 —-A—- C:WINDOWSsystem32CF11768.exe
2009-01-20 22:39:40 —-D—- C:32788R22FWJFW
2009-01-20 22:39:01 —-A—- C:WINDOWSsystem32CF11618.exe
2009-01-20 22:38:18 —-A—- C:WINDOWSsystem32CF11478.exe
2009-01-20 22:34:21 —-A—- C:WINDOWSsystem32CF10704.exe
2009-01-20 22:33:58 —-A—- C:WINDOWSsystem32CF10612.exe
2009-01-20 22:32:47 —-D—- C:WINDOWSERDNT
2009-01-20 22:32:47 —-D—- C:Qoobox
2009-01-20 22:32:46 —-D—- C:ComboFix
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10338.exe
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10335.exe
2009-01-20 22:32:27 —-A—- C:Bug.txt
2009-01-20 22:32:26 —-A—- C:WINDOWSsystem32cmd.execf
2009-01-20 21:32:45 —-D—- C:Documents and SettingsАдминистраторApplication DataMalwarebytes
2009-01-20 21:32:36 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-20 21:32:36 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-20 21:24:36 —-A—- C:avenger.txt
2009-01-20 21:13:36 —-D—- C:Avenger
2009-01-20 17:04:14 —-D—- C:Documents and SettingsАдминистраторApplication DataAmeba
2009-01-20 17:03:30 —-D—- C:Program FilesAmeba
2009-01-18 22:56:29 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-01-11 21:17:32 —-D—- C:Program FilesAddSite FREE
2009-01-11 11:41:27 —-D—- C:Program FilesFreePromote 2.1
2009-01-10 19:20:18 —-D—- C:Program FilesAddPromo
2009-01-09 12:31:12 —-A—- C:WINDOWShfs.new.exe
2009-01-03 13:56:36 —-D—- C:Program FilesMicrosoft Common
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-01-03 12:04:57 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-01-03 12:04:15 —-D—- C:WINDOWSLogs
2009-01-03 00:12:13 —-D—- C:Program FilesEarthView
2009-01-03 00:12:13 —-D—- C:Documents and SettingsАдминистраторApplication DataDeskSoft
2009-01-01 22:15:11 —-D—- C:Documents and SettingsАдминистраторApplication DataSmartFTP
2009-01-01 22:14:31 —-D—- C:Program FilesSmartFTP Client
2009-01-01 22:14:20 —-D—- C:Program FilesSmartFTP Client 3.0 Setup Files
2009-01-01 02:49:20 —-D—- C:WINDOWSvf_hip
2009-01-01 02:49:19 —-D—- C:Program FilesHide IP Platinum
2009-01-01 00:28:24 —-A—- C:WINDOWSavisplitter.INI
2008-12-31 21:14:37 —-D—- C:Program FilesDreamRender
2008-12-30 20:52:11 —-D—- C:Inf1188
2008-12-29 19:37:45 —-D—- C:WINDOWSpss
2008-12-28 23:40:40 —-D—- C:Program FilesTopServer 2.1
2008-12-28 22:51:25 —-D—- C:Denwer
2008-12-28 19:39:03 —-D—- C:Program FilesMySQL
2008-12-28 19:32:37 —-D—- C:Program FilesApache Group
2008-12-27 21:28:21 —-D—- C:Program FilesICQ6.5
2008-12-25 12:17:50 —-D—- C:Program FilesXvid
2008-12-25 11:42:32 —-D—- C:Fraps======List of files/folders modified in the last 1 months======
2009-01-23 20:37:01 —-D—- C:WINDOWSTemp
2009-01-23 20:36:38 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-01-23 20:34:43 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-23 20:19:04 —-A—- C:WINDOWSNeroDigital.ini
2009-01-23 14:32:27 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-23 14:32:10 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-01-23 14:15:12 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-01-22 21:45:21 —-RD—- C:Program Files
2009-01-22 17:57:03 —-D—- C:Program FilesMozilla Firefox
2009-01-22 16:06:51 —-D—- C:Program FilesQIP Infium
2009-01-22 15:38:21 —-D—- C:WINDOWS
2009-01-22 15:36:13 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-21 21:12:53 —-D—- C:Program FilesHfs
2009-01-20 22:39:47 —-D—- C:WINDOWSsystem32
2009-01-20 22:33:58 —-D—- C:WINDOWSsystem32drivers
2009-01-20 22:16:34 —-D—- C:WINDOWSMinidump
2009-01-20 21:10:40 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-01-20 21:02:24 —-D—- C:WINDOWSPrefetch
2009-01-20 21:01:05 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-01-19 21:25:20 —-D—- C:Program FilesICQ6
2009-01-19 17:54:17 —-D—- C:Documents and SettingsАдминистраторApplication DataICQ
2009-01-18 22:56:29 —-D—- C:Program FilesCommon Files
2009-01-18 20:07:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-01-17 17:15:33 —-D—- C:Documents and SettingsАдминистраторApplication DataYandex
2009-01-14 18:13:54 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-01-14 17:53:12 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-01-14 17:31:16 —-RSD—- C:WINDOWSFonts
2009-01-09 12:38:51 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-09 11:40:06 —-SH—- C:boot.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSwin.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSsystem.ini
2009-01-06 22:46:34 —-D—- C:Program FilesTotal Commander
2009-01-03 12:12:14 —-SHD—- C:WINDOWSInstaller
2009-01-03 12:04:59 —-HD—- C:WINDOWSinf
2009-01-03 12:04:59 —-D—- C:WINDOWSsystem32DirectX
2009-01-03 12:04:51 —-RSD—- C:WINDOWSassembly
2009-01-01 01:44:19 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 16:22:26 —-D—- C:Program FilesFieryAds
2008-12-28 09:56:51 —-D—- C:Program FilesICQ6Toolbar
2008-12-27 21:29:38 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2008-12-26 20:37:23 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-12-26 10:28:29 —-D—- C:Poker======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2008-11-03 213008]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 a499cg5k;a499cg5k; C:WINDOWSsystem32driversa499cg5k.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Несколько завершающих действий.
Обновите Java, у вас устаревшая версия. Прочитайте эту инструкцию: Как обновить Java.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите HijackThis и RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ..
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
