- This topic has 12 ответов, 3 участника, and was last updated 14 years, 4 months назад by
.
-
Сообщения
-
😥 давненько вирусов не цеплял((
Проблема такая — сначала начал вываливатся svchost с ошибкой, потом он же начал тормозить систему, потом начал медленно инет работать, были подозрения что что-то выходит в инет, но был безлим 100МБсек и как то не трогало, а щас выхожу в инет через телефон и маленькая скорость.
Решил пробить что это за svchost в википедии сказало что он запускается только системно от SYSTEM, NETWORK SERVICE,LOCAL SERVICE. А если от имени админа то это признак вируса, глянул в процессы, действительно есть от админа пару svchost’ов, щас захожу через auslogics boostspeed смотрю кто в инет выходит, пишет что svchost ломится, постоянно, думаю может чтото качает система, запускаю обновление винды, какие то там не важные обновы, и вуа-ля, появляется еще один svchost и качает обнуву, тоесть на лицо явно что вирус! Фуф, надеюсь поймете что написал! Помогите плиз!))Здравствуйте!
Добро пожаловать на Spyware-ru форум.
Сделайте сканирование вашего компьютера программой RSIT,
— подробно описано как и что надо делать, в этой теме:
Как вылечить компьютер, первые шаги.Лог
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Админ at 2010-07-15 00:38:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 8 GB (5%) free of 153 GB
Total RAM: 3070 MB (57% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:39:43, on 15.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: NormalRunning processes:
C:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesASUSSmartLogonsensorsrv.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesATKOSD2ATKOSD2.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesASUSATK MediaDMedia.exe
C:WindowsASScrPro.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesSynapticsSynTPSynAsus.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Windowsehomeehtray.exe
C:Windowsehomeehmsas.exe
C:UsersАдминwuaucldt.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesHTCHTC SyncClientInitiatedStarterClientInitiatedStarter.exe
C:Program FilesHTCHTC SyncMobile Phone Monitorepmworker.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorHTCVBTServer.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorFsynSrvStarter.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Windowssystem32conime.exe
C:Windowssystem32Taskmgr.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Program FilesOperaopera.exe
C:Program FilesQIPqip.exe
C:UsersАдминDocumentsRSIT.exe
C:Program Filestrend microАдмин.exe
C:Windowssystem32SearchFilterHost.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=47639
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.asus.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: IDM Helper — {0055C089-8582-441B-A0BF-17B458C2A3A8} — C:Program FilesInternet Download ManagerIDMIECC.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:UsersАдминAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 — Toolbar: (no name) — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — (no file)
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ATKOSD2] «C:Program FilesATKOSD2ATKOSD2.exe»
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 — HKLM..Run: [ASUS Camera ScreenSaver] C:WindowsASScrProlog.exe
O4 — HKLM..Run: [ASUS Screen Saver Protector] C:WindowsASScrPro.exe
O4 — HKLM..Run: [CognizanceTS] rundll32.exe C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll,RegisterModule
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 — HKLM..Run: [Skytel] Skytel.exe
O4 — HKLM..Run: [AdobeAAMUpdater-1.0] «C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe»
O4 — HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 — HKLM..Run: [AdobeCS5ServiceManager] «C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Mobile Connectivity Suite] «C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe» /startoptions
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [Steam] «c:program filessteamsteam.exe» -silent
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [RGSC] D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [MSConfig] C:UsersАдминraquqgu.exe u
O4 — HKCU..Run: [syncman] c:usersАдминwuaucldt.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: Загрузить FLV видео содержимое с помощью IDM — C:Program FilesInternet Download ManagerIEGetVL.htm
O8 — Extra context menu item: Загрузить все ссылки с помощью IDM — C:Program FilesInternet Download ManagerIEGetAll.htm
O8 — Extra context menu item: Загрузить с помощью IDM — C:Program FilesInternet Download ManagerIEExt.htm
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra ‘Tools’ menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O16 — DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) — http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 — DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 — DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) — http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 — DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) — http://vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{89044238-E038-4724-ADE3-C544860C93D3}: NameServer = 77.244.45.1,77.244.45.4
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASLDR Service (ASLDRService) — Unknown owner — C:Program FilesATK HotkeyASLDRSrv.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — Unknown owner — C:Program FilesATKGFNEXGFNEXSrv.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: spmgr — Unknown owner — C:Program FilesASUSNB ProbeSPMspmgr.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe
O23 — Service: SwitchBoard — Adobe Systems Incorporated — C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe—
End of file — 11755 bytes======Scheduled tasks folder======
C:WindowstasksUser_Feed_Synchronization-{FA06EA3E-F23F-4491-B3CF-C15E55239616}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class — C:Program FilesInternet Download ManagerIDMIECC.dll [2008-10-28 153008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:UsersАдминAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-06-08 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-11-21 70928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-07-17 691656]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2010-06-01 10336584][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184]
«ATKOSD2″=C:Program FilesATKOSD2ATKOSD2.exe [2007-10-17 7737344]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2008-01-15 4874240]
«JMB36X IDE Setup»=C:WindowsRaidToolxInsIDE.exe [2007-03-21 36864]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-11-16 1029416]
«ATKMEDIA»=C:Program FilesASUSATK MediaDMEDIA.EXE [2006-11-02 61440]
«ASUS Camera ScreenSaver»=C:WindowsASScrProlog.exe [2008-06-05 37232]
«ASUS Screen Saver Protector»=C:WindowsASScrPro.exe [2008-06-05 33136]
«CognizanceTS»=C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll [2003-12-22 17920]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2009-10-19 210400]
«Windows Mobile Device Center»=C:WindowsWindowsMobilewmdc.exe [2007-05-31 648072]
«Skytel»=C:WindowsSkytel.exe [2007-11-20 1826816]
«AdobeAAMUpdater-1.0″=C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2010-05-11 500208]
«SwitchBoard»=C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
«AdobeCS5ServiceManager»=C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe [2010-02-22 406992]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Mobile Connectivity Suite»=C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe [2009-11-19 598016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1233920]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-21 125952]
«AdobeBridge»= []
«Steam»=c:program filessteamsteam.exe [2010-05-11 1238352]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
«RGSC»=D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent []
«IDMan»=C:Program FilesInternet Download ManagerIDMan.exe [2008-10-28 2606512]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2010-06-08 322352]
«MSConfig»=C:UsersАдминraquqgu.exe [2010-06-16 11776]
«syncman»=c:usersАдминwuaucldt.exe [2010-06-23 30976][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeCS4ServiceManager]
C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe -launchedbylogin [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2010-05-13 26192168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«BindDirectlyToPropertySetStorage»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======File associations======
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*======List of files/folders created in the last 1 months======
2010-07-15 00:38:16 —-D—- C:Program Filestrend micro
2010-07-15 00:38:15 —-D—- C:rsit
2010-07-14 17:27:57 —-A—- C:Windowssystem32MRT.INI
2010-07-10 20:55:08 —-RSH—- C:UsersАдминAppDataRoamingsbeb.exe
2010-07-02 11:31:29 —-ASH—- C:hiberfil.sys
2010-07-02 11:28:28 —-D—- C:ProgramDataNVIDIA Corporation
2010-07-02 11:27:37 —-A—- C:Windowssystem32OpenCL.dll
2010-07-02 11:27:37 —-A—- C:Windowssystem32driversnvlddmkm.sys
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvwgf2um.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvoglv32.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvd3dum.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvid.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvenc.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuda.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcompiler.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod1921.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvapi.dll
2010-07-01 14:46:46 —-D—- C:Program FilesMovie Maker 2.6
2010-06-29 12:19:06 —-D—- C:ProgramDataHTC
2010-06-29 12:18:52 —-D—- C:ProgramDataTeleca
2010-06-29 12:17:46 —-D—- C:Program FilesSpirent Communications
2010-06-23 23:00:24 —-A—- C:WindowsDbgOut.INI
2010-06-23 17:51:45 —-A—- C:Windowssystem32PresentationHostProxy.dll
2010-06-23 17:51:45 —-A—- C:Windowssystem32PresentationHost.exe
2010-06-23 17:51:45 —-A—- C:Windowssystem32netfxperf.dll
2010-06-23 17:51:45 —-A—- C:Windowssystem32mscoree.dll
2010-06-23 17:51:44 —-A—- C:Windowssystem32dfshim.dll
2010-06-23 17:45:51 —-A—- C:Windowssystem32GameUXLegacyGDFs.dll
2010-06-23 17:45:51 —-A—- C:Windowssystem32Apphlpdm.dll
2010-06-21 11:22:12 —-D—- C:UsersАдминAppDataRoamingTeleca
2010-06-21 11:20:21 —-D—- C:Program FilesCommon FilesTeleca Shared
2010-06-21 11:18:06 —-D—- C:Program FilesHTC
2010-06-21 11:16:58 —-D—- C:WindowsDownloaded Installations
2010-06-19 17:11:55 —-D—- C:Program FilesCommon FilesSkype======List of files/folders modified in the last 1 months======
2010-07-15 00:38:34 —-D—- C:WindowsPrefetch
2010-07-15 00:38:26 —-D—- C:WindowsTemp
2010-07-15 00:38:16 —-RD—- C:Program Files
2010-07-15 00:27:53 —-D—- C:UsersАдминAppDataRoamingSkype
2010-07-15 00:06:36 —-D—- C:UsersАдминAppDataRoamingskypePM
2010-07-14 22:28:30 —-D—- C:WindowsSystem32
2010-07-14 22:28:30 —-D—- C:Windowsinf
2010-07-14 22:28:30 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-07-14 22:26:21 —-D—- C:UsersАдминAppDataRoaminguTorrent
2010-07-14 22:25:43 —-D—- C:Program FilesSteam
2010-07-14 22:24:56 —-D—- C:ProgramDataKaspersky Lab
2010-07-14 22:23:46 —-A—- C:Windowssystem32acovcnt.exe
2010-07-14 19:30:23 —-D—- C:Fraps
2010-07-14 17:42:44 —-D—- C:Windowswinsxs
2010-07-14 17:29:33 —-D—- C:Windowssystem32catroot
2010-07-14 17:29:17 —-D—- C:Program FilesWindows Mail
2010-07-14 17:23:02 —-SHD—- C:System Volume Information
2010-07-14 16:11:01 —-D—- C:UsersАдминAppDataRoamingWebMoney
2010-07-13 17:09:48 —-AD—- C:ProgramDataTEMP
2010-07-13 16:12:06 —-D—- C:Program FilesWebMoney
2010-07-09 23:10:04 —-SHD—- C:WindowsInstaller
2010-07-09 23:09:57 —-D—- C:Program FilesOpera
2010-07-07 22:04:33 —-D—- C:UsersАдминAppDataRoamingDMCache
2010-07-02 22:39:05 —-A—- C:Windowssystem32mrt.exe
2010-07-02 13:04:03 —-HD—- C:ProgramData
2010-07-02 11:32:39 —-D—- C:Windows
2010-07-02 11:31:52 —-D—- C:ProgramDataNVIDIA
2010-07-02 11:29:29 —-D—- C:Program FilesNVIDIA Corporation
2010-07-02 11:29:28 —-D—- C:WindowsHelp
2010-07-02 11:28:25 —-D—- C:Windowssystem32drivers
2010-07-02 11:28:23 —-D—- C:Windowssystem32catroot2
2010-06-23 22:17:40 —-D—- C:WindowsMicrosoft.NET
2010-06-23 22:14:19 —-D—- C:WindowsAppPatch
2010-06-23 22:14:18 —-D—- C:Windowsehome
2010-06-23 21:01:46 —-D—- C:Program FilesGarena
2010-06-23 18:21:49 —-RSD—- C:Windowsassembly
2010-06-21 23:58:28 —-D—- C:Program FilesCommon FilesSteam
2010-06-21 11:20:21 —-D—- C:Program FilesCommon Files
2010-06-20 17:47:23 —-A—- C:UsersАдминAppDataRoamingdesktop.ini
2010-06-19 17:11:56 —-D—- C:Windowssystem32Tasks======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32DRIVERSiaStor.sys [2007-09-30 308248]
R0 JGOGO;JMicron Hot-Plug Driver; C:Windowssystem32DRIVERSJGOGO.sys [2006-02-08 6912]
R0 JRAID;JRAID; C:Windowssystem32DRIVERSjraid.sys [2007-04-12 48000]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:Windowssystem32driversklbg.sys [2009-02-12 33808]
R0 lullaby;lullaby; C:Windowssystem32DRIVERSlullaby.sys [2007-09-26 15416]
R0 sptd;sptd; C:WindowsSystem32Driverssptd.sys [2008-09-16 717296]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys [2008-05-24 73728]
R1 kl1;kl1; C:Windowssystem32DRIVERSkl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:Windowssystem32DRIVERSklif.sys [2009-02-12 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:Windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
R2 ASMMAP;ASMMAP; ??C:Program FilesATKGFNEXASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-09-22 279712]
R2 ghaio;ghaio; ??C:Program FilesASUSNB ProbeSPMghaio.sys [2007-08-03 20936]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-09-22 25888]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-07-30 38400]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:Windowssystem32DRIVERSATSwpDrv.sys [2007-06-16 146824]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:Windowssystem32DRIVERSetDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:Windowssystem32DRIVERSetFilter.sys [2007-10-15 206336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-15 2047576]
R3 kbfiltr;Keyboard Filter; C:Windowssystem32DRIVERSkbfiltr.sys [2007-01-25 5632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:Windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:Windowssystem32driversMODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:Windowssystem32DRIVERSATKACPI.sys [2006-12-15 7680]
R3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-06-21 2222080]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2010-06-08 10888168]
R3 ScanUSBET;ET USB Still Image Capture Device; C:Windowssystem32DRIVERSetScan.sys [2007-09-06 6656]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:Windowssystem32DRIVERSsmserial.sys [2006-11-25 982272]
R3 SynTP;Synaptics TouchPad Driver; C:Windowssystem32DRIVERSSynTP.sys [2007-11-16 195760]
R3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2009-04-11 15872]
R3 usbaudio;Аудио драйвер USB (WDM); C:Windowssystem32driversusbaudio.sys [2009-04-11 73216]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x86.sys [2007-12-06 298496]
S2 adfs;adfs; C:Windowssystem32driversadfs.sys []
S3 acylr6wi;acylr6wi; C:Windowssystem32driversacylr6wi.sys []
S3 aw32bus;ASUS Device W32 Driver driver (WDM); C:Windowssystem32DRIVERSaw32bus.sys [2007-06-20 83456]
S3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter; C:Windowssystem32DRIVERSaw32mdfl.sys [2007-06-20 14848]
S3 aw32mdm;ASUS Device W32 USB WMC Modem Driver; C:Windowssystem32DRIVERSaw32mdm.sys [2007-06-20 109696]
S3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSaw32mgmt.sys [2007-06-20 102912]
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-11 22528]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2008-01-21 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-11 507904]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:WindowsSystem32DriversANDROIDUSB.sys [2009-06-10 24576]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:Windowssystem32DRIVERSewusbdev.sys [2009-10-12 101120]
S3 itecir;ITECIR Infrared Receiver; C:Windowssystem32DRIVERSitecir.sys [2007-06-20 49664]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2009-04-11 148992]
S3 SymIMMP;SymIMMP; C:Windowssystem32DRIVERSSymIM.sys []
S3 TPM;TPM; C:Windowssystem32driverstpm.sys [2008-01-21 45624]
S3 TVICHW32;TVICHW32; ??C:Windowssystem32DRIVERSTVICHW32.SYS [2008-10-07 23600]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;Nokia USB Serial Port; C:Windowssystem32driversusbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 usbvideo;USB-видеоустройство (WDM); C:WindowsSystem32Driversusbvideo.sys [2008-01-21 134016]
S3 winusb;WinUsb драйвер; C:Windowssystem32DRIVERSwinusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASBroker;Logon Session Broker; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASLDRService;ASLDR Service; C:Program FilesATK HotkeyASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:Program FilesATKGFNEXGFNEXSrv.exe [2007-08-07 94208]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2007-06-01 647168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2008-03-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2010-06-07 129640]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2008-09-16 66872]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2007-06-01 327680]
R2 spmgr;spmgr; C:Program FilesASUSNB ProbeSPMspmgr.exe [2007-08-03 125496]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
R3 FontCache;@%systemroot%system32FntCache.dll,-100; C:Windowssystem32svchost.exe [2008-01-21 21504]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
S3 aspnet_state;Служба состояний ASP.NET; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2009-03-30 31048]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-08-07 575488]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2010-06-21 395048]
S3 SwitchBoard;SwitchBoard; C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
EOF
Инфо
info.txt logfile of random’s system information tool 1.08 2010-07-15 00:39:47
======Uninstall list======
—>MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
µTorrent—>»C:Program FilesuTorrentuTorrent.exe» /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites—>»C:ProgramData{623D32E9-0C62-4453-AD44-98B31F52A5E1}Microsoft Office Activation Assistant.exe» REMOVE=TRUE MODIFY=FALSE
Ad-Aware SE Personal—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help—>msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help—>MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 Plugin—>C:Windowssystem32MacromedFlashFlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX—>C:Windowssystem32MacromedFlashuninstall_activeX.exe
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Photoshop CS5—>C:Program FilesCommon FilesAdobeOOBEPDAppcorePDApp.exe —appletID=»DWA_UI» —appletVersion=»1.0″ —mode=»Uninstall» —mediaSignature=»{15FEDA5F-141C-4127-8D7E-B962D1742728}»
Adobe Reader 9.1.2 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
Apple Mobile Device Support—>MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS CopyProtect—>C:Program FilesInstallShield Installation Information{2396F815-84E0-4353-83D7-8B190556DA42}SETUP.exe -runfromtemp -l0x0019 -removeonly
ASUS InstantFun—>MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS LifeFrame3—>MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}setup.exe» -l0x9
ASUS Security Protect Manager—>rundll32.exe «C:Program FilesASUS Security CenterASUS Security Protect ManagerBinSetupHelper.dll»,ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
ASUS SmartLogon—>MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology—>C:Program FilesInstallShield Installation Information{C0FC1C14-4824-4A73-87A6-9E888C9C3102}SETUP.exe -runfromtemp -l0x0019 -removeonly
Asus_Camera_ScreenSaver—>»C:WindowsASUS Camera ScreenSaver Uninstaller.exe»
ATK Generic Function Service—>C:Program FilesInstallShield Installation Information{D3D54F3E-C5C3-443D-978F-87A72E5616E8}setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey—>C:Program FilesInstallShield Installation Information{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}SETUP.exe -runfromtemp -l0x0019 -removeonly
ATK Media—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}SETUP.EXE» -l0x9
ATKOSD2—>C:Program FilesInstallShield Installation Information{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}SETUP.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install—>MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
Avanquest update—>C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}setup.exe -runfromtemp -l0x0019 -removeonly
Bonjour—>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
ChkMail—>C:Program FilesInstallShield Installation Information{250F0996-1830-40C8-9B1D-6874D808DD95}SETUP.exe -runfromtemp -l0x0009 -removeonly
Counter-Strike: Source—>»C:Program FilesSteamsteam.exe» steam://uninstall/240
Counter-Strike: Source—>MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CyberLink LabelPrint—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}setup.exe» -uninstall
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
Download Master version 5.5.5.1135—>»C:Program FilesDownload Masterunins000.exe»
DriverAgent by TouchStone Software—>RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
FEAR—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2B653229-9854-4989-B780-D978F5F13EAB}setup.exe» -l0x19 -removeonly
FLV Player—>»C:WindowsFLV Playeruninstall.exe» «/U:C:Program FilesFLV PlayerUninstalluninstall.xml»
FlylinkDC++ r(372)—>»C:FlylinkDC++unins000.exe»
Fraps (remove only)—>»C:Frapsuninstall.exe»
Garena—>C:Program FilesGarenauninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
HTC Driver Installer—>MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync—>MsiExec.exe /I{BC4174D1-7970-40E6-AC57-F095F961FB08}
ITECIR Driver—>C:Program FilesInstallShield Installation Information{FCED9B62-34FF-4C15-8A23-F65221F7874D}SETUP.exe -runfromtemp -l0x0009 -removeonly
Japanese Fonts Support For Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 20—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JMB36X Raid Configurer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}SETUP.exe» -l0x19 -removeonly
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
LightScribe System Software 1.12.37.1—>MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
mCore—>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver—>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Media Player Classic — Home Cinema v. 1.2.1179.0—>»C:Program FilesMPC HomeCinemaunins000.exe»
mHelp—>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Security Update (KB979906)—>»C:WindowsMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WindowsMicrosoft.NETFrameworkv1.1.4322UpdatesM979906M979906Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>C:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator version 2.0 — ENU—>MsiExec.exe /X{5561F82F-61D8-3184-B7A4-169F1F823CF4}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022.218—>MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft_VC80_ATL_x86—>MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86—>MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86—>MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86—>MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86—>MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86—>MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86—>MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
mMHouse—>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mobile PhoneTools—>C:Program FilesInstallShield Installation Information{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}setup.exe -runfromtemp -l0x0019 -removeonly
Monkey’s Audio—>»C:Program FilesMonkey’s Audiounins000.exe»
Motorola SM56 Speakerphone Modem—>rundll32.exe sm56co6a.dll,SM56UnInstaller
mPfMgr—>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NB Probe—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}setup.exe» -l0x9
Nero 9—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver—>MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite—>C:ProgramDataInstallations{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}Nokia_PC_Suite_rel_7_0_8_2_rus_web.exe
Nokia PC Suite—>MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
NVIDIA Display Control Panel—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe DisplayControlPanel
NVIDIA Drivers—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
OpenAL—>»C:Program FilesOpenALOpenALwEAX.exe» /U
OpenOffice.org 3.2—>MsiExec.exe /I{DD533DFE-EB4C-489D-A8F7-45AF68891C82}
Opera 10.60—>MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
PC Connectivity Solution—>MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PDF Settings CS5—>MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PokerStars.net—>»C:Program FilesPokerStars.NETPokerStarsUninstall.exe» /u:PokerStars.net
Power2Go—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{40BF1E83-20EB-11D8-97C5-0009C5020658}setup.exe» -uninstall
Power4Gear eXtreme—>C:Program FilesInstallShield Installation Information{8CFEBE9C-F29F-4C49-80E0-7106970F8734}setup.exe -runfromtemp -l0x0019 -removeonly
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
QuickTime—>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}SETUP.EXE» -l0x19 anything
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0019 -removeonly
S.T.A.L.K.E.R. [v1.0006]—>»D:GamesGSC World PublishingS.T.A.L.K.E.Runins000.exe»
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
System Requirements Lab—>C:Program FilesSystemRequirementsLabUninstall.exe
System Requirements Lab—>MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TeamSpeak 2 RC2—>»C:Program FilesTeamspeak2_RC2unins000.exe»
TeamSpeak 3 Client—>»C:Program FilesTeamSpeak 3 Clientuninstall.exe»
The Mop—>C:Program FilesThe Mop TeamThe Mop 4uninst.exe
UltraISO Premium V9.3—>»C:Program FilesUltraISOunins000.exe»
U’manager—>C:Program FilesU’manageruninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
USB2.0 1.3M UVC WebCam—>C:WindowsUninstall.exe
uTorrent [tfile.ru edition]—>C:Program FilesuTorrent [tfile.ru]uninstall.exe
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual Machine Network Services Driver—>MsiExec.exe /I{A1795AC0-9B6A-40D9-8E07-A82662268D9F}
Vista Codec Package—>MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VistaFeaturePack—>C:Program FilesInstallShield Installation Information{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}setup.exe -runfromtemp -l0x0419
WarRun 4.00 alpha—>»C:Program FilesWarRununins000.exe»
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.9.2.1—>»c:program fileswebmoneyUninstall.exe» «c:program fileswebmoneyinstall.log» -u
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Movie Maker 2.6—>MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinFlash—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DE10AB76-4756-4913-BE25-55D1C1051F9A}setup.exe» -l0x9
Wireless Console 2—>C:Program FilesInstallShield Installation Information{83F73CB1-7705-49D1-9852-84D839CA2A45}SETUP.exe -runfromtemp -l0x0009 -removeonly
Xion v1.0 (build 109)—>C:Program Filesr2 StudiosXionUninstall.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Властелин Колец Онлайн™: Тени Ангмара™ v01.08.00.8155—>»C:Astrum Online EntertainmentВластелин Колец Онлайнunins000.exe»
Обновление 1.0.2.608 для игры «Анабиоз. Сон разума»—>C:Program Files1CАнабиоз Сон разумаunins001.exe
Пакет драйверов Windows — ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)—>C:PROGRA~1DIFXF46A63020E122F0ADPInst.exe /u C:WindowsSystem32DriverStoreFileRepositoryitecir.inf_709ef2e8itecir.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 3.8)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WindowsSystem32DriverStoreFileRepositorynokia_bluetooth.inf_5e0e55c3nokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 7.00.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WindowsSystem32DriverStoreFileRepositorynokbtmdm.inf_dcd936c5nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (10/12/2007 6.85.4.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:Windowssystem32DRVSTOREpccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175pccsmcfd.inf
Программное обеспечение Intel(R) PROSet/Wireless—>C:WindowsInstalleriProInst.exe
Удалить S.T.A.L.K.E.R. noDVD v.2.4. The End Full Pack—>C:Program FilesReaL StudioS.T.A.L.K.E.R. noDVD v.2.4.Uninstall.exe
Центр устройств Windows Mobile—>MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>C:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
Яндекс.Бар 5.0 для Internet Explorer—>MsiExec.exe /X{B1D8E65E-B8A2-48E4-90CF-34151C37EB45}======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Админ-ПК
Event Code: 10029
Message: DCOM запустил службу MSIServer с аргументами «», чтобы запустить сервер:
{000C101C-0000-0000-C000-000000000046}
Record Number: 158300
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100701155424.000000-000
Event Type: Сведения
User:Computer Name: Админ-ПК
Event Code: 7036
Message: Служба «Программный поставщик теневого копирования (Microsoft)» перешла в состояние Работает.
Record Number: 158299
Source Name: Service Control Manager
Time Written: 20100701155407.000000-000
Event Type: Сведения
User:Computer Name: Админ-ПК
Event Code: 7036
Message: Служба «Теневое копирование тома» перешла в состояние Работает.
Record Number: 158298
Source Name: Service Control Manager
Time Written: 20100701155338.000000-000
Event Type: Сведения
User:Computer Name: Админ-ПК
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию ?2 ?июля ?2010 ?г. в 3:00:
— Обновление для системы безопасности Movie Maker 2.6 в Windows Vista (KB975561)
Record Number: 158297
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100701155217.412000-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: Админ-ПК
Event Code: 104
Message: Файл журнала System очищен.
Record Number: 158296
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100701155129.310000-000
Event Type: Сведения
User: Админ-ПКАдмин=====Application event log=====
Computer Name: Админ-ПК
Event Code: 11728
Message: Product: Windows Movie Maker 2.6 — Configuration completed successfully.
Record Number: 50917
Source Name: MsiInstaller
Time Written: 20100701155458.000000-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: Админ-ПК
Event Code: 1036
Message: Установщик Windows выполнил установку обновления. Продукт: Windows Movie Maker 2.6. Версия: 2.6.4038.0. Язык: 1049. Обновление: Security Update for Windows Movie Maker 2.6 (KB975561). Установка завершена с состоянием: 0.
Record Number: 50916
Source Name: MsiInstaller
Time Written: 20100701155458.000000-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: Админ-ПК
Event Code: 1022
Message: Продукт: Windows Movie Maker 2.6 — пакет обновлений «Security Update for Windows Movie Maker 2.6 (KB975561)» успешно установлен.
Record Number: 50915
Source Name: MsiInstaller
Time Written: 20100701155458.000000-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: Админ-ПК
Event Code: 1040
Message: Начата транзакция установщика Windows: {B3DAF54F-DB25-4586-9EF1-96D24BB14088}. ИД клиентского процесса: 4384.
Record Number: 50914
Source Name: MsiInstaller
Time Written: 20100701155424.000000-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: Админ-ПК
Event Code: 8194
Message: Точка восстановления создана успешно (Процесс = C:Windowssystem32svchost.exe -k netsvcs; Описание = Центр обновления Windows).
Record Number: 50913
Source Name: System Restore
Time Written: 20100701155419.000000-000
Event Type: Сведения
User:=====Security event log=====
Computer Name: Админ-ПК
Event Code: 4648
Message: Выполнена попытка входа в систему с явным указанием учетных данных.Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: АДМИН-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}Были использованы учетные данные следующей учетной записи:
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
GUID входа: {00000000-0000-0000-0000-000000000000}Целевой сервер:
Имя целевого сервера: localhost
Дополнительные сведения: localhostСведения о процессе:
Идентификатор процесса: 0x320
Имя процесса: C:WindowsSystem32services.exeСведения о сети:
Сетевой адрес: —
Порт: —Данное событие возникает, когда процесс пытается выполнить вход с учетной записью, явно указав ее учетные данные. Это обычно происходит при использовании конфигураций пакетного типа, например назначенных задач, или выполнении команды RUNAS.
Record Number: 35286
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100701155406.691000-000
Event Type: Аудит выполнен успешно
User:Computer Name: Админ-ПК
Event Code: 4672
Message: Новому сеансу входа назначены специальные привилегии.Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7Привилегии: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35285
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100701155337.851000-000
Event Type: Аудит выполнен успешно
User:Computer Name: Админ-ПК
Event Code: 4624
Message: Вход с учетной записью выполнен успешно.Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: АДМИН-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7Тип входа: 5
Новый вход:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}Сведения о процессе:
Идентификатор процесса: 0x320
Имя процесса: C:WindowsSystem32services.exeСведения о сети:
Имя рабочей станции:
Сетевой адрес источника: —
Порт источника: —Сведения о проверке подлинности:
Процесс входа: Advapi
Пакет проверки подлинности: Negotiate
Промежуточные службы: —
Имя пакета (только NTLM): —
Длина ключа: 0Данное событие возникает при создании сеанса входа. Оно создается в системе, вход в которую выполнен.
Поля «Субъект» указывают на учетную запись локальной системы, запросившую вход. Обычно это служба, например служба «Сервер», или локальный процесс, такой как Winlogon.exe или Services.exe.
В поле «Тип входа» указан тип выполненного входа. Самыми распространенными являются типы 2 (интерактивный) и 3 (сетевой).
Поля «Новый вход» указывают на учетную запись, для которой создан новый сеанс входа, то есть на учетную запись, с которой выполнен вход.
В полях, которые относятся к сети, указан источник запроса на удаленный вход. Имя рабочей станции доступно не всегда, и в некоторых случаях это поле может оставаться незаполненным.
Поля сведений о проверке подлинности содержат подробные данные о конкретном запросе на вход.
— GUID входа — это уникальный идентификатор, который позволяет сопоставить данное событие с событием KDC.
— В поле «Промежуточные службы» указано, какие промежуточные службы участвовали в данном запросе на вход.
— Поле «Имя пакета» указывает на подпротокол, использованный с протоколами NTLM.
— Поле «Длина ключа» содержит длину созданного ключа сеанса. Это поле может иметь значение «0», если ключ сеанса не запрашивался.
Record Number: 35284
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100701155337.851000-000
Event Type: Аудит выполнен успешно
User:Computer Name: Админ-ПК
Event Code: 4648
Message: Выполнена попытка входа в систему с явным указанием учетных данных.Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: АДМИН-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}Были использованы учетные данные следующей учетной записи:
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
GUID входа: {00000000-0000-0000-0000-000000000000}Целевой сервер:
Имя целевого сервера: localhost
Дополнительные сведения: localhostСведения о процессе:
Идентификатор процесса: 0x320
Имя процесса: C:WindowsSystem32services.exeСведения о сети:
Сетевой адрес: —
Порт: —Данное событие возникает, когда процесс пытается выполнить вход с учетной записью, явно указав ее учетные данные. Это обычно происходит при использовании конфигураций пакетного типа, например назначенных задач, или выполнении команды RUNAS.
Record Number: 35283
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100701155337.851000-000
Event Type: Аудит выполнен успешно
User:Computer Name: Админ-ПК
Event Code: 1102
Message: Журнал аудита был очищен.
Тема:
ИД безопасности: S-1-5-21-709096500-265496976-1428508515-1000
Имя учетной записи: Админ
Имя домена: Админ-ПК
ИД сетевого входа: 0x47d53
Record Number: 35282
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100701155128.992000-000
Event Type: Аудит выполнен успешно
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=c:Program FilesNVIDIA CorporationPhysXCommon;C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesASUS Security CenterASUS Security Protect Managerbin;C:Program FilesQuickTimeQTSystem;C:Program FilesCommon FilesTeleca Shared
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«TRACE_FORMAT_SEARCH_PATH»=\NTREL202.ntdev.corp.microsoft.com4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0TraceFormat
«DFSTRACINGON»=FALSE
«configsetroot»=%SystemRoot%ConfigSetRoot
«CLASSPATH»=.;C:Program FilesQuickTimeQTSystemQTJava.zip
«QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip
«RGSCLauncher»=D:Program FilesRockstar GamesRockstar Games Social Club
«RGSC»=D:Program FilesRockstar GamesRockstar Games Social Club1_0_0_0
EOF
Здравствуйте!Выполните, пожалуйста , все рекомендации.
Скачайте OTM by OldTimer или с зеркала и сохраните на рабочий стол.
Запустите OTM (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)
временно выключите антивирус, firewall и другое защитное программное обеспечение[/url]. Выделите и скопируйте текст ниже (Ctrl+C)
:Processes
explorer.exe
:Services
:Files
C:UsersАдминraquqgu.exe
c:usersАдминwuaucldt.exe
:Reg
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MSConfig"=-
"syncman"=-
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
В OTM под панелью «Paste Instructions for Items to be Moved» (под желтой панелью) вставьте скопированный текст и нажмите кнопку «MoveIt!».
Компьютер перезагрузится.
Обязательно повторите логи RSIT.
Почитайте описание программы, сделайте лог и приложите егоСделал все что писали, комп перезагрузился, но когда делаю логи програмой RSIT получается только один лог:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Админ at 2010-07-23 09:53:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (3%) free of 153 GB
Total RAM: 3070 MB (63% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:39, on 23.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:Program FilesASUSASUS Live UpdateALU.exe
C:Program FilesASUSSmartLogonsensorsrv.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesATKOSD2ATKOSD2.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesASUSATK MediaDMedia.exe
C:WindowsASScrPro.exe
C:Program FilesWebMoney Agentwmagent.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Windowsehomeehtray.exe
C:Windowsehomeehmsas.exe
C:Program FilesSynapticsSynTPSynAsus.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Windowssystem32Taskmgr.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
C:Program FilesInternet Download ManagerIEMonitor.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesHTCHTC SyncClientInitiatedStarterClientInitiatedStarter.exe
C:Program FilesHTCHTC SyncMobile Phone Monitorepmworker.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorHTCVBTServer.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorFsynSrvStarter.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersАдминDocumentsRSIT (1).exe
C:Program FilesOperaopera.exe
C:Program Filestrend microАдмин.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=47639
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.asus.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: IDM Helper — {0055C089-8582-441B-A0BF-17B458C2A3A8} — C:Program FilesInternet Download ManagerIDMIECC.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:UsersАдминAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 — Toolbar: (no name) — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — (no file)
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ATKOSD2] «C:Program FilesATKOSD2ATKOSD2.exe»
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 — HKLM..Run: [ASUS Camera ScreenSaver] C:WindowsASScrProlog.exe
O4 — HKLM..Run: [ASUS Screen Saver Protector] C:WindowsASScrPro.exe
O4 — HKLM..Run: [CognizanceTS] rundll32.exe C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll,RegisterModule
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 — HKLM..Run: [Skytel] Skytel.exe
O4 — HKLM..Run: [AdobeAAMUpdater-1.0] «C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe»
O4 — HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 — HKLM..Run: [AdobeCS5ServiceManager] «C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Mobile Connectivity Suite] «C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe» /startoptions
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [Steam] «c:program filessteamsteam.exe» -silent
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [RGSC] D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: Загрузить FLV видео содержимое с помощью IDM — C:Program FilesInternet Download ManagerIEGetVL.htm
O8 — Extra context menu item: Загрузить все ссылки с помощью IDM — C:Program FilesInternet Download ManagerIEGetAll.htm
O8 — Extra context menu item: Загрузить с помощью IDM — C:Program FilesInternet Download ManagerIEExt.htm
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra ‘Tools’ menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O16 — DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) — http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 — DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 — DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) — http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 — DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) — http://vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{89044238-E038-4724-ADE3-C544860C93D3}: NameServer = 77.244.45.1,77.244.45.4
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASLDR Service (ASLDRService) — Unknown owner — C:Program FilesATK HotkeyASLDRSrv.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — Unknown owner — C:Program FilesATKGFNEXGFNEXSrv.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: spmgr — Unknown owner — C:Program FilesASUSNB ProbeSPMspmgr.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe
O23 — Service: SwitchBoard — Adobe Systems Incorporated — C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe—
End of file — 11467 bytes======Scheduled tasks folder======
C:WindowstasksUser_Feed_Synchronization-{FA06EA3E-F23F-4491-B3CF-C15E55239616}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class — C:Program FilesInternet Download ManagerIDMIECC.dll [2008-10-28 153008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:UsersАдминAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-06-08 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-11-21 70928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-07-17 691656]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2010-06-01 10336584][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184]
«ATKOSD2″=C:Program FilesATKOSD2ATKOSD2.exe [2007-10-17 7737344]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2008-01-15 4874240]
«JMB36X IDE Setup»=C:WindowsRaidToolxInsIDE.exe [2007-03-21 36864]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-11-16 1029416]
«ATKMEDIA»=C:Program FilesASUSATK MediaDMEDIA.EXE [2006-11-02 61440]
«ASUS Camera ScreenSaver»=C:WindowsASScrProlog.exe [2008-06-05 37232]
«ASUS Screen Saver Protector»=C:WindowsASScrPro.exe [2008-06-05 33136]
«CognizanceTS»=C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll [2003-12-22 17920]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2009-10-19 210400]
«Windows Mobile Device Center»=C:WindowsWindowsMobilewmdc.exe [2007-05-31 648072]
«Skytel»=C:WindowsSkytel.exe [2007-11-20 1826816]
«AdobeAAMUpdater-1.0″=C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2010-05-11 500208]
«SwitchBoard»=C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
«AdobeCS5ServiceManager»=C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe [2010-02-22 406992]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Mobile Connectivity Suite»=C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe [2009-11-19 598016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1233920]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-21 125952]
«AdobeBridge»= []
«Steam»=c:program filessteamsteam.exe [2010-05-11 1238352]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
«RGSC»=D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent []
«IDMan»=C:Program FilesInternet Download ManagerIDMan.exe [2008-10-28 2606512]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2010-06-08 322352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeCS4ServiceManager]
C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe -launchedbylogin [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2010-05-13 26192168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«BindDirectlyToPropertySetStorage»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======File associations======
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*======List of files/folders created in the last 1 months======
2010-07-23 09:40:35 —-D—- C:_OTM
2010-07-16 10:28:32 —-ASH—- C:hiberfil.sys
2010-07-15 00:38:16 —-D—- C:Program Filestrend micro
2010-07-15 00:38:15 —-D—- C:rsit
2010-07-14 17:27:57 —-A—- C:Windowssystem32MRT.INI
2010-07-10 20:55:08 —-RSH—- C:UsersАдминAppDataRoamingsbeb.exe
2010-07-02 11:28:28 —-D—- C:ProgramDataNVIDIA Corporation
2010-07-02 11:27:37 —-A—- C:Windowssystem32OpenCL.dll
2010-07-02 11:27:37 —-A—- C:Windowssystem32driversnvlddmkm.sys
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvwgf2um.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvoglv32.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvd3dum.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvid.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvenc.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuda.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcompiler.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod1921.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvapi.dll
2010-07-01 14:46:46 —-D—- C:Program FilesMovie Maker 2.6
2010-06-29 12:19:06 —-D—- C:ProgramDataHTC
2010-06-29 12:18:52 —-D—- C:ProgramDataTeleca
2010-06-29 12:17:46 —-D—- C:Program FilesSpirent Communications======List of files/folders modified in the last 1 months======
2010-07-23 09:53:38 —-D—- C:WindowsTemp
2010-07-23 09:51:42 —-D—- C:UsersАдминAppDataRoaminguTorrent
2010-07-23 09:51:41 —-D—- C:UsersАдминAppDataRoamingDMCache
2010-07-23 09:51:29 —-D—- C:Program FilesSteam
2010-07-23 09:51:26 —-D—- C:ProgramDataKaspersky Lab
2010-07-23 09:50:44 —-D—- C:WindowsPrefetch
2010-07-23 09:50:08 —-A—- C:Windowssystem32acovcnt.exe
2010-07-23 09:44:33 —-SHD—- C:System Volume Information
2010-07-23 09:37:32 —-D—- C:WindowsSystem32
2010-07-23 09:37:32 —-D—- C:Windowsinf
2010-07-23 09:37:32 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-07-23 00:26:30 —-D—- C:UsersАдминAppDataRoamingSkype
2010-07-23 00:04:24 —-D—- C:UsersАдминAppDataRoamingskypePM
2010-07-20 00:36:46 —-D—- C:Program FilesCommon FilesSteam
2010-07-16 20:21:21 —-D—- C:Live for Speed S2 ALPHA Z
2010-07-16 10:27:35 —-D—- C:Windowssystem32drivers
2010-07-16 10:27:18 —-A—- C:Windowsntbtlog.txt
2010-07-15 01:10:38 —-AD—- C:ProgramDataTEMP
2010-07-15 00:38:16 —-RD—- C:Program Files
2010-07-14 19:30:23 —-D—- C:Fraps
2010-07-14 17:42:44 —-D—- C:Windowswinsxs
2010-07-14 17:29:33 —-D—- C:Windowssystem32catroot
2010-07-14 17:29:17 —-D—- C:Program FilesWindows Mail
2010-07-14 16:11:01 —-D—- C:UsersАдминAppDataRoamingWebMoney
2010-07-13 16:12:06 —-D—- C:Program FilesWebMoney
2010-07-09 23:10:04 —-SHD—- C:WindowsInstaller
2010-07-09 23:09:57 —-D—- C:Program FilesOpera
2010-07-02 22:39:05 —-A—- C:Windowssystem32mrt.exe
2010-07-02 13:04:03 —-HD—- C:ProgramData
2010-07-02 11:32:39 —-D—- C:Windows
2010-07-02 11:31:52 —-D—- C:ProgramDataNVIDIA
2010-07-02 11:29:29 —-D—- C:Program FilesNVIDIA Corporation
2010-07-02 11:29:28 —-D—- C:WindowsHelp
2010-07-02 11:28:23 —-D—- C:Windowssystem32catroot2
2010-06-29 12:20:58 —-D—- C:UsersАдминAppDataRoamingTeleca
2010-06-29 12:19:06 —-D—- C:Program FilesCommon FilesTeleca Shared
2010-06-29 12:17:35 —-D—- C:Program FilesHTC======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32DRIVERSiaStor.sys [2007-09-30 308248]
R0 JGOGO;JMicron Hot-Plug Driver; C:Windowssystem32DRIVERSJGOGO.sys [2006-02-08 6912]
R0 JRAID;JRAID; C:Windowssystem32DRIVERSjraid.sys [2007-04-12 48000]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:Windowssystem32driversklbg.sys [2009-02-12 33808]
R0 lullaby;lullaby; C:Windowssystem32DRIVERSlullaby.sys [2007-09-26 15416]
R0 sptd;sptd; C:WindowsSystem32Driverssptd.sys [2008-09-16 717296]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys [2008-05-24 73728]
R1 kl1;kl1; C:Windowssystem32DRIVERSkl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:Windowssystem32DRIVERSklif.sys [2009-02-12 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:Windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
R2 ASMMAP;ASMMAP; ??C:Program FilesATKGFNEXASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-09-22 279712]
R2 ghaio;ghaio; ??C:Program FilesASUSNB ProbeSPMghaio.sys [2007-08-03 20936]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-09-22 25888]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-07-30 38400]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:Windowssystem32DRIVERSATSwpDrv.sys [2007-06-16 146824]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:Windowssystem32DRIVERSetDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:Windowssystem32DRIVERSetFilter.sys [2007-10-15 206336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-15 2047576]
R3 kbfiltr;Keyboard Filter; C:Windowssystem32DRIVERSkbfiltr.sys [2007-01-25 5632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:Windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:Windowssystem32driversMODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:Windowssystem32DRIVERSATKACPI.sys [2006-12-15 7680]
R3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-06-21 2222080]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2010-06-08 10888168]
R3 ScanUSBET;ET USB Still Image Capture Device; C:Windowssystem32DRIVERSetScan.sys [2007-09-06 6656]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:Windowssystem32DRIVERSsmserial.sys [2006-11-25 982272]
R3 SynTP;Synaptics TouchPad Driver; C:Windowssystem32DRIVERSSynTP.sys [2007-11-16 195760]
R3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2009-04-11 15872]
R3 usbaudio;Аудио драйвер USB (WDM); C:Windowssystem32driversusbaudio.sys [2009-04-11 73216]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x86.sys [2007-12-06 298496]
S2 adfs;adfs; C:Windowssystem32driversadfs.sys []
S3 ahyhpjm8;ahyhpjm8; C:Windowssystem32driversahyhpjm8.sys []
S3 aw32bus;ASUS Device W32 Driver driver (WDM); C:Windowssystem32DRIVERSaw32bus.sys [2007-06-20 83456]
S3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter; C:Windowssystem32DRIVERSaw32mdfl.sys [2007-06-20 14848]
S3 aw32mdm;ASUS Device W32 USB WMC Modem Driver; C:Windowssystem32DRIVERSaw32mdm.sys [2007-06-20 109696]
S3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSaw32mgmt.sys [2007-06-20 102912]
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-11 22528]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2008-01-21 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-11 507904]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:WindowsSystem32DriversANDROIDUSB.sys [2009-06-10 24576]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:Windowssystem32DRIVERSewusbdev.sys [2009-10-12 101120]
S3 itecir;ITECIR Infrared Receiver; C:Windowssystem32DRIVERSitecir.sys [2007-06-20 49664]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2009-04-11 148992]
S3 SymIMMP;SymIMMP; C:Windowssystem32DRIVERSSymIM.sys []
S3 TPM;TPM; C:Windowssystem32driverstpm.sys [2008-01-21 45624]
S3 TVICHW32;TVICHW32; ??C:Windowssystem32DRIVERSTVICHW32.SYS [2008-10-07 23600]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;Nokia USB Serial Port; C:Windowssystem32driversusbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 usbvideo;USB-видеоустройство (WDM); C:WindowsSystem32Driversusbvideo.sys [2008-01-21 134016]
S3 winusb;WinUsb драйвер; C:Windowssystem32DRIVERSwinusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASBroker;Logon Session Broker; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASLDRService;ASLDR Service; C:Program FilesATK HotkeyASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:Program FilesATKGFNEXGFNEXSrv.exe [2007-08-07 94208]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2007-06-01 647168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2008-03-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2010-06-07 129640]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2008-09-16 66872]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2007-06-01 327680]
R2 spmgr;spmgr; C:Program FilesASUSNB ProbeSPMspmgr.exe [2007-08-03 125496]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
R3 FontCache;@%systemroot%system32FntCache.dll,-100; C:Windowssystem32svchost.exe [2008-01-21 21504]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
S3 aspnet_state;Служба состояний ASP.NET; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2009-03-30 31048]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-08-07 575488]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2010-07-16 395048]
S3 SwitchBoard;SwitchBoard; C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
EOF
Вот помучался с комбофиксом! вот его лог ))
ComboFix 10-07-22.01 — Админ 24.07.2010 16:50:37.2.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.3070.1782 [GMT 3:00]
Running from: D:ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesWebMoney Advisor
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:programdatacommon.data
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersАдминAppDataLocalsvchost.exe
c:usersАдминAppDataRoamingkyrnmy.exe
c:usersАдминAppDataRoamingsbeb.exe
c:usersАдминoashdihasidhasuidhiasdhiashdiuasdhasd
c:usersАдминproxy_port
c:usersАдминsecupdat.dat
c:usersАдминsvchost.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://bar.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.2010-07-23 06:40 . 2010-07-23 06:40
d
w- C:_OTM
2010-07-16 07:16 . 2010-07-16 07:16
d
w- c:usersАдминDoctorWeb
2010-07-14 21:38 . 2010-07-23 06:55
d
w- c:program filestrend micro
2010-07-14 21:38 . 2010-07-14 21:39
d
w- C:rsit
2010-07-02 08:28 . 2010-07-02 08:28
d
w- c:programdataNVIDIA Corporation
2010-07-02 08:27 . 2010-06-07 23:57 56936 —-a-w- c:windowssystem32OpenCL.dll
2010-07-02 08:27 . 2010-06-07 23:57 10888168 —-a-w- c:windowssystem32driversnvlddmkm.sys
2010-07-02 08:27 . 2010-06-07 23:57 9712744 —-a-w- c:windowssystem32nvd3dum.dll
2010-07-02 08:27 . 2010-06-07 23:57 4967528 —-a-w- c:windowssystem32nvwgf2um.dll
2010-07-02 08:27 . 2010-06-07 23:57 15764072 —-a-w- c:windowssystem32nvoglv32.dll
2010-07-02 08:27 . 2010-06-07 23:57 4513384 —-a-w- c:windowssystem32nvcuda.dll
2010-07-02 08:27 . 2010-06-07 23:57 2632296 —-a-w- c:windowssystem32nvcuvenc.dll
2010-07-02 08:27 . 2010-06-07 23:57 232040 —-a-w- c:windowssystem32nvcod1921.dll
2010-07-02 08:27 . 2010-06-07 23:57 232040 —-a-w- c:windowssystem32nvcod.dll
2010-07-02 08:27 . 2010-06-07 23:57 2145896 —-a-w- c:windowssystem32nvcuvid.dll
2010-07-02 08:27 . 2010-06-07 23:57 1592424 —-a-w- c:windowssystem32nvapi.dll
2010-07-02 08:27 . 2010-06-07 23:57 10263144 —-a-w- c:windowssystem32nvcompiler.dll
2010-07-01 12:30 . 2010-07-01 12:46
d
w- c:usersАдминAppDataLocalWMTools Downloaded Files
2010-07-01 11:46 . 2010-07-01 15:54
d
w- c:program filesMovie Maker 2.6
2010-06-29 09:19 . 2010-06-29 09:19
d
w- c:usersАдминAppDataLocalHTC
2010-06-29 09:19 . 2010-06-29 09:19
d
w- c:programdataHTC
2010-06-29 09:18 . 2010-06-29 09:19
d
w- c:programdataTeleca
2010-06-29 09:17 . 2010-06-29 09:17
d
w- c:program filesSpirent Communications.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 14:30 . 2008-09-09 16:10 7340032 —sha-w- c:usersАдминNTUSER.DAT
2010-07-24 14:28 . 2010-07-02 09:24 36917 —-a-w- c:programdatanvModes.dat
2010-07-24 14:28 . 2008-10-02 21:11 1351712 —sha-w- c:windowssystem32driversfidbox2.dat
2010-07-24 14:28 . 2008-10-02 21:11 6748 —sha-w- c:windowssystem32driversfidbox2.idx
2010-07-24 14:28 . 2008-06-05 10:36 45056 —-a-w- c:windowssystem32acovcnt.exe
2010-07-24 14:26 . 2008-10-02 21:11 84364 —sha-w- c:windowssystem32driversfidbox.idx
2010-07-24 14:26 . 2008-10-02 21:11 10526240 —sha-w- c:windowssystem32driversfidbox.dat
2010-07-24 14:26 . 2008-04-13 23:55 12 —-a-w- c:windowsbthservsdp.dat
2010-07-24 13:41 . 2008-01-21 05:44 694088 —-a-w- c:windowssystem32perfh019.dat
2010-07-24 13:41 . 2008-01-21 05:44 144180 —-a-w- c:windowssystem32perfc019.dat
2010-07-24 09:47 . 2009-04-14 07:20
d
w- c:usersАдминAppDataRoamingSkype
2010-07-24 09:23 . 2008-10-02 07:36
d
w- c:usersАдминAppDataRoaminguTorrent
2010-07-24 07:34 . 2009-04-14 07:25
d
w- c:usersАдминAppDataRoamingskypePM
2010-07-23 16:56 . 2008-12-16 10:03
d
w- c:usersАдминAppDataRoamingDMCache
2010-07-23 16:55 . 2010-01-16 16:45
d
w- c:program filesSteam
2010-07-23 16:55 . 2008-10-02 21:11
d
w- c:programdataKaspersky Lab
2010-07-19 21:36 . 2010-01-16 16:59
d
w- c:program filesCommon FilesSteam
2010-07-15 07:58 . 2008-10-02 21:11 97549 —-a-w- c:windowssystem32driversklick.dat
2010-07-15 07:58 . 2008-10-02 21:11 113933 —-a-w- c:windowssystem32driversklin.dat
2010-07-14 14:29 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2010-07-14 13:11 . 2008-09-29 12:09
d
w- c:usersАдминAppDataRoamingWebMoney
2010-07-13 13:12 . 2008-09-29 11:58
d
w- c:program filesWebMoney
2010-07-10 21:40 . 2010-06-03 08:29 1 —-a-w- c:usersАдминAppDataRoamingOpenOffice.org3useruno_packagescachestamp.sys
2010-07-09 20:09 . 2008-10-19 11:52
d
w- c:program filesOpera
2010-07-02 08:31 . 2008-06-05 10:36
d
w- c:programdataNVIDIA
2010-07-02 08:29 . 2010-04-03 14:06
d
w- c:program filesNVIDIA Corporation
2010-07-02 08:20 . 2008-09-18 14:28 1356 —-a-w- c:usersАдминAppDataLocald3d9caps.dat
2010-06-29 09:20 . 2010-06-21 08:22
d
w- c:usersАдминAppDataRoamingTeleca
2010-06-29 09:19 . 2010-06-21 08:20
d
w- c:program filesCommon FilesTeleca Shared
2010-06-29 09:17 . 2010-06-21 08:18
d
w- c:program filesHTC
2010-06-23 18:01 . 2009-07-19 21:37
d
w- c:program filesGarena
2010-06-21 08:37 . 2010-06-21 08:37 0 —ha-w- c:windowssystem32driversMsft_Kernel_ANDROIDUSB_01007.Wdf
2010-06-19 14:11 . 2010-06-19 14:11
d
w- c:program filesCommon FilesSkype
2010-06-10 05:26 . 2008-09-09 16:17 103800 —-a-w- c:usersАдминAppDataLocalGDIPFONTCACHEV1.DAT
2010-06-09 08:54 . 2008-06-05 09:23
d
w- c:programdataMicrosoft Help
2010-06-08 18:08 . 2010-06-08 18:08
d
w- c:programdataYandex
2010-06-08 18:08 . 2008-10-05 16:05
d
w- c:usersАдминAppDataRoamingYandex
2010-06-08 18:07 . 2010-06-08 18:07
d
w- c:program filesYandex
2010-06-08 18:07 . 2010-06-08 18:07
d
w- c:program filesuTorrent
2010-06-08 17:27 . 2010-06-08 17:27 16384 —-a-w- c:usersАдминAppDataRoamingThinstallAuslogics BoostSpeedSKEL8ebe69ac374e57dc92b6dc3d27c92b8141f8e0.Console.EXE
2010-06-08 17:27 . 2010-06-08 17:27
d
w- c:usersАдминAppDataRoamingThinstall
2010-06-08 08:49 . 2010-06-08 08:49
d
w- c:program filesCommon FilesJava
2010-06-08 08:49 . 2010-06-08 08:49 411368 —-a-w- c:windowssystem32deployJava1.dll
2010-06-08 08:48 . 2010-06-08 08:48
d
w- c:program filesJava
2010-06-07 23:57 . 2010-07-02 08:27 10920 —-a-w- c:windowssystem32driversnvBridge.kmd
2010-06-07 14:47 . 2010-06-07 14:47 66664 —-a-w- c:windowssystem32nvshext.dll
2010-06-07 14:47 . 2010-06-07 14:47 255592 —-a-w- c:windowssystem32nvhotkey.dll
2010-06-07 14:47 . 2010-06-07 14:47 1691752 —-a-w- c:windowssystem32nvsvcr.dll
2010-06-07 14:47 . 2010-06-07 14:47 13917800 —-a-w- c:windowssystem32nvcpl.dll
2010-06-07 14:47 . 2010-06-07 14:47 1331816 —-a-w- c:windowssystem32nvsvc.dll
2010-06-07 14:47 . 2010-06-07 14:47 129640 —-a-w- c:windowssystem32nvvsvc.exe
2010-06-07 14:47 . 2010-06-07 14:47 110696 —-a-w- c:windowssystem32nvmctray.dll
2010-06-04 09:39 . 2010-06-03 08:25
d
w- c:program filesOpenOffice.org 3
2010-06-04 09:34 . 2010-06-04 09:34
d
w- c:program filesJRE
2010-06-03 08:28 . 2010-06-03 08:28
d
w- c:usersАдминAppDataRoamingOpenOffice.org
2010-05-26 17:06 . 2010-06-09 23:36 34304 —-a-w- c:windowssystem32atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:36 289792 —-a-w- c:windowssystem32atmfd.dll
2010-05-21 11:14 . 2009-10-02 18:53 221568
w- c:windowssystem32MpSigStub.exe
2010-05-04 05:59 . 2010-06-09 23:36 916480 —-a-w- c:windowssystem32wininet.dll
2010-05-04 05:55 . 2010-06-09 23:36 71680 —-a-w- c:windowssystem32iesetup.dll
2010-05-04 05:55 . 2010-06-09 23:36 109056 —-a-w- c:windowssystem32iesysprep.dll
2010-05-04 04:31 . 2010-06-09 23:36 133632 —-a-w- c:windowssystem32ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 23:35 2037248 —-a-w- c:windowssystem32win32k.sys
2010-04-26 20:48 . 2010-04-26 20:48 165296 —-a-w- c:usersАдминAppDataRoamingIDMidmmzcc2componentsidmmzcc.dll
2008-04-22 18:25 . 2008-10-31 10:28 47354036 —-a-w- c:program filesHelicon Filter_by_kriss.exe
2008-10-12 13:40 . 2008-10-12 13:37 952 —sha-w- c:windowsSystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-06-01 10336584][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2010-06-01 10336584][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-04-11 1233920]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-21 125952]
«Steam»=»c:program filessteamsteam.exe» [2010-05-11 1238352]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-07-24 490952]
«IDMan»=»c:program filesInternet Download ManagerIDMan.exe» [2008-10-28 2606512]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2010-06-08 322352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-21 1008184]
«ATKOSD2″=»c:program filesATKOSD2ATKOSD2.exe» [2007-10-17 7737344]
«RtHDVCpl»=»RtHDVCpl.exe» [2008-01-15 4874240]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-21 36864]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2007-11-16 1029416]
«ATKMEDIA»=»c:program filesASUSATK MediaDMEDIA.EXE» [2006-11-02 61440]
«ASUS Camera ScreenSaver»=»c:windowsASScrProlog.exe» [2008-06-05 37232]
«ASUS Screen Saver Protector»=»c:windowsASScrPro.exe» [2008-06-05 33136]
«CognizanceTS»=»c:progra~1ASUSSE~1ASUSSE~1BinASTSVCC.dll» [2003-12-21 17920]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-10-15 208616]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«Windows Mobile Device Center»=»c:windowsWindowsMobilewmdc.exe» [2007-05-31 648072]
«Skytel»=»Skytel.exe» [2007-11-20 1826816]
«AdobeAAMUpdater-1.0″=»c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe» [2010-05-11 500208]
«SwitchBoard»=»c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe» [2010-02-19 517096]
«AdobeCS5ServiceManager»=»c:program filesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe» [2010-02-22 406992]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«Mobile Connectivity Suite»=»c:program filesHTCHTC SyncApplication LauncherApplication Launcher.exe» [2009-11-19 598016][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowsSystem32APSHook.dll c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll c:progra~1KASPER~1KASPER~1adialhk.dll c:progra~1KASPER~1KASPER~1kloehk.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-02-27 14:10 35696 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
2008-07-24 15:02 490952 —-a-w- c:program filesDAEMON Tools Litedaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2010-05-13 13:12 26192168 —-a-r- c:program filesSkypePhoneSkype.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«VistaSp2″=hex(b):ab,03,5c,9c,9b,37,ca,01R3 aw32bus;ASUS Device W32 Driver driver (WDM);c:windowssystem32DRIVERSaw32bus.sys [2007-06-20 83456]
R3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter;c:windowssystem32DRIVERSaw32mdfl.sys [2007-06-20 14848]
R3 aw32mdm;ASUS Device W32 USB WMC Modem Driver;c:windowssystem32DRIVERSaw32mdm.sys [2007-06-20 109696]
R3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSaw32mgmt.sys [2007-06-20 102912]
R3 HTCAND32;HTC Device Driver;c:windowssystem32DriversANDROIDUSB.sys [2009-06-10 24576]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:windowssystem32DRIVERSewusbdev.sys [2009-10-12 101120]
R3 itecir;ITECIR Infrared Receiver;c:windowssystem32DRIVERSitecir.sys [2007-06-20 49664]
R3 SwitchBoard;SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:windowssystem32Driverssptd.sys [2008-09-15 717296]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-02-12 33808]
S0 lullaby;lullaby;c:windowssystem32DRIVERSlullaby.sys [2007-09-26 15416]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S2 ASBroker;Logon Session Broker;c:windowsSystem32svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe [2008-01-21 21504]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:windowssystem32DRIVERSetDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:windowssystem32DRIVERSetFilter.sys [2007-10-15 206336]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
S3 ScanUSBET;ET USB Still Image Capture Device;c:windowssystem32DRIVERSetScan.sys [2007-09-06 6656][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 13:56 451872 —-a-w- c:program filesCommon FilesLightScribeLSRunOnce.exe
.
Contents of the ‘Scheduled Tasks’ folder2010-07-24 c:windowsTasksUser_Feed_Synchronization-{FA06EA3E-F23F-4491-B3CF-C15E55239616}.job
— c:windowssystem32msfeedssync.exe [2010-06-09 04:30]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=47639
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Загрузить FLV видео содержимое с помощью IDM — c:program filesInternet Download ManagerIEGetVL.htm
IE: Загрузить все ссылки с помощью IDM — c:program filesInternet Download ManagerIEGetAll.htm
IE: Загрузить с помощью IDM — c:program filesInternet Download ManagerIEExt.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — c:program filesPokerStars.NETPokerStarsUpdate.exe
LSP: c:windowssystem32idmmbc.dll
TCP: {89044238-E038-4724-ADE3-C544860C93D3} = 77.244.45.1,77.244.45.4
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AdobeBridge — (no file)
HKCU-Run-RGSC — d:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe
MSConfigStartUp-AdobeCS4ServiceManager — c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} — c:program filesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}setup.exe
AddRemove-{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_update1.0.2.608 — c:program files1CАнабиоз Сон разумаunins001.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 17:28
Windows 6.0.6002 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{0be0946b-fc0b-40b0-bd19-21f08ca7834d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«Model»=dword:0000006f
«Therad»=dword:00000021
«MData»=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,da,f5,91,cf,e7,ac,02,f9,dc,aa,71,6d,8e,4b,c5,25,c8,de,06,43,c7,8e,[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«scansk»=hex(0):25,19,2f,ee,83,c3,08,ac,88,6a,b2,39,e9,17,4f,03,ab,ed,37,21,c9,
77,a5,2d,2e,7e,69,9d,28,f0,e3,03,96,09,93,06,e1,5d,c9,aa,00,00,00,00,00,00,[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):be,0a,e2,bb,41,8f,da,5a,af,7b,a3,06,b4,48,ae,da,ae,d6,65,ba,23,
5e,d2,50,6e,d5,b8,94,ee,be,e4,c3,e9,82,ce,e1,d9,1a,80,dd,00,00,00,00,00,00,[HKEY_USERSS-1-5-21-709096500-265496976-1428508515-1000_ClassesCLSID{b5b8374d-5318-4353-80dc-b6b1daa86b1f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
«Model»=dword:0000005c
«Therad»=dword:00000020
«MData»=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,29,e6,87,c4,17,da,eb,22,69,a7,5c,af,11,aa,[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b5[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(1772)
c:windowssystem32APSHook.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinItClient.dll
c:program filesNokiaNokia PC Suite 7phonebrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:windowssystem32nvvsvc.exe
c:windowssystem32nvvsvc.exe
c:program filesATK HotkeyASLDRSrv.exe
c:program filesATKGFNEXGFNEXSrv.exe
c:windowssystem32WLANExt.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesIntelWirelessBinEvtEng.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesCommon FilesNeroNero BackItUp 4NBService.exe
c:windowssystem32PnkBstrA.exe
c:program filesIntelWirelessBinRegSrvc.exe
c:program filesASUSNB ProbeSPMspmgr.exe
c:program filesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
c:program filesASUSSmartLogonsensorsrv.exe
c:program filesATK HotkeyHcontrol.exe
c:program filesATK HotkeyMsgTranAgt.exe
c:program filesWireless Console 2wcourier.exe
c:program filesP4GBatteryLife.exe
c:program filesASUSSplendidACMON.exe
c:windowsSystem32ACEngSvr.exe
c:program filesATK HotkeyATKOSD.exe
c:program filesATK HotkeyKBFiltr.exe
c:program filesATK HotkeyWDC.exe
c:windowsservicingTrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-24 17:40:05 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 14:40Pre-Run: 4 910 440 448 байт свободно
Post-Run: 4 772 147 200 байт свободно— — End Of File — — FDB2D7441961EACD423343BB26218457
И вот еще раз лог RSIT
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Админ at 2010-07-24 18:06:27
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (3%) free of 153 GB
Total RAM: 3070 MB (51% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:27, on 24.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:Program FilesASUSSmartLogonsensorsrv.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesATKOSD2ATKOSD2.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesASUSATK MediaDMedia.exe
C:WindowsASScrPro.exe
C:Program FilesWebMoney Agentwmagent.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Windowsehomeehtray.exe
C:Windowsehomeehmsas.exe
C:Program FilesSynapticsSynTPSynAsus.exe
C:Program FilesInternet Download ManagerIEMonitor.exe
C:Program FilesOperaopera.exe
C:Windowssystem32NOTEPAD.EXE
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesHTCHTC SyncClientInitiatedStarterClientInitiatedStarter.exe
C:Program FilesHTCHTC SyncMobile Phone Monitorepmworker.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorHTCVBTServer.exe
C:Program FilesHTCHTC SyncMobile Phone MonitorFsynSrvStarter.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesQIPqip.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesAuslogicsAuslogics BoostSpeedBoostSpeed.exe
C:Program FilesAuslogicsAuslogics BoostSpeedtaskmanager.exe
C:Windowssystem32Taskmgr.exe
C:UsersАдминDocumentsRSIT.exe
C:Windowssystem32SearchFilterHost.exe
C:Program Filestrend microАдмин.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=47639
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 — BHO: IDM Helper — {0055C089-8582-441B-A0BF-17B458C2A3A8} — C:Program FilesInternet Download ManagerIDMIECC.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 — Toolbar: (no name) — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — (no file)
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ATKOSD2] «C:Program FilesATKOSD2ATKOSD2.exe»
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 — HKLM..Run: [ASUS Camera ScreenSaver] C:WindowsASScrProlog.exe
O4 — HKLM..Run: [ASUS Screen Saver Protector] C:WindowsASScrPro.exe
O4 — HKLM..Run: [CognizanceTS] rundll32.exe C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll,RegisterModule
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 — HKLM..Run: [Skytel] Skytel.exe
O4 — HKLM..Run: [AdobeAAMUpdater-1.0] «C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe»
O4 — HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 — HKLM..Run: [AdobeCS5ServiceManager] «C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Mobile Connectivity Suite] «C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe» /startoptions
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [Steam] «c:program filessteamsteam.exe» -silent
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O8 — Extra context menu item: Загрузить FLV видео содержимое с помощью IDM — C:Program FilesInternet Download ManagerIEGetVL.htm
O8 — Extra context menu item: Загрузить все ссылки с помощью IDM — C:Program FilesInternet Download ManagerIEGetAll.htm
O8 — Extra context menu item: Загрузить с помощью IDM — C:Program FilesInternet Download ManagerIEExt.htm
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra ‘Tools’ menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O16 — DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) — http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 — DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 — DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) — http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 — DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) — http://vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{89044238-E038-4724-ADE3-C544860C93D3}: NameServer = 77.244.45.1,77.244.45.4
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:WindowsSystem32APSHook.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll C:PROGRA~1KASPER~1KASPER~1adialhk.dll C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASLDR Service (ASLDRService) — Unknown owner — C:Program FilesATK HotkeyASLDRSrv.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — Unknown owner — C:Program FilesATKGFNEXGFNEXSrv.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: spmgr — Unknown owner — C:Program FilesASUSNB ProbeSPMspmgr.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe
O23 — Service: SwitchBoard — Adobe Systems Incorporated — C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe—
End of file — 10794 bytes======Scheduled tasks folder======
C:WindowstasksUser_Feed_Synchronization-{FA06EA3E-F23F-4491-B3CF-C15E55239616}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class — C:Program FilesInternet Download ManagerIDMIECC.dll [2008-10-28 153008][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-06-08 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — C:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-11-21 70928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-07-17 691656]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2010-06-01 10336584][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184]
«ATKOSD2″=C:Program FilesATKOSD2ATKOSD2.exe [2007-10-17 7737344]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2008-01-15 4874240]
«JMB36X IDE Setup»=C:WindowsRaidToolxInsIDE.exe [2007-03-21 36864]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-11-16 1029416]
«ATKMEDIA»=C:Program FilesASUSATK MediaDMEDIA.EXE [2006-11-02 61440]
«ASUS Camera ScreenSaver»=C:WindowsASScrProlog.exe [2008-06-05 37232]
«ASUS Screen Saver Protector»=C:WindowsASScrPro.exe [2008-06-05 33136]
«CognizanceTS»=C:PROGRA~1ASUSSE~1ASUSSE~1BinASTSVCC.dll [2003-12-22 17920]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2009-10-19 210400]
«Windows Mobile Device Center»=C:WindowsWindowsMobilewmdc.exe [2007-05-31 648072]
«Skytel»=C:WindowsSkytel.exe [2007-11-20 1826816]
«AdobeAAMUpdater-1.0″=C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2010-05-11 500208]
«SwitchBoard»=C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
«AdobeCS5ServiceManager»=C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe [2010-02-22 406992]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Mobile Connectivity Suite»=C:Program FilesHTCHTC SyncApplication LauncherApplication Launcher.exe [2009-11-19 598016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1233920]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-21 125952]
«Steam»=c:program filessteamsteam.exe [2010-05-11 1238352]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
«IDMan»=C:Program FilesInternet Download ManagerIDMan.exe [2008-10-28 2606512]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2010-06-08 322352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2010-05-13 26192168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»C:WindowsSystem32APSHook.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll C:PROGRA~1KASPER~1KASPER~1adialhk.dll C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«BindDirectlyToPropertySetStorage»=0
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======File associations======
.js — edit — C:WindowsSystem32Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-07-24 17:40:11 —-D—- C:Windowstemp
2010-07-24 17:40:08 —-A—- C:ComboFix.txt
2010-07-24 17:28:35 —-D—- C:$RECYCLE.BIN
2010-07-24 16:41:15 —-A—- C:WindowsSWXCACLS.exe
2010-07-23 10:26:46 —-A—- C:Windowszip.exe
2010-07-23 10:26:46 —-A—- C:WindowsSWSC.exe
2010-07-23 10:26:46 —-A—- C:WindowsSWREG.exe
2010-07-23 10:26:46 —-A—- C:Windowssed.exe
2010-07-23 10:26:46 —-A—- C:WindowsPEV.exe
2010-07-23 10:26:46 —-A—- C:WindowsNIRCMD.exe
2010-07-23 10:26:46 —-A—- C:WindowsMBR.exe
2010-07-23 10:26:46 —-A—- C:Windowsgrep.exe
2010-07-23 10:26:27 —-D—- C:WindowsERDNT
2010-07-23 10:22:25 —-D—- C:Qoobox
2010-07-23 09:40:35 —-D—- C:_OTM
2010-07-16 10:28:32 —-ASH—- C:hiberfil.sys
2010-07-15 00:38:16 —-D—- C:Program Filestrend micro
2010-07-15 00:38:15 —-D—- C:rsit
2010-07-14 17:27:57 —-A—- C:Windowssystem32MRT.INI
2010-07-02 11:28:28 —-D—- C:ProgramDataNVIDIA Corporation
2010-07-02 11:27:37 —-A—- C:Windowssystem32OpenCL.dll
2010-07-02 11:27:37 —-A—- C:Windowssystem32driversnvlddmkm.sys
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvwgf2um.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvoglv32.dll
2010-07-02 11:27:36 —-A—- C:Windowssystem32nvd3dum.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvid.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuvenc.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcuda.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcompiler.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod1921.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvcod.dll
2010-07-02 11:27:34 —-A—- C:Windowssystem32nvapi.dll
2010-07-01 14:46:46 —-D—- C:Program FilesMovie Maker 2.6
2010-06-29 12:19:06 —-D—- C:ProgramDataHTC
2010-06-29 12:18:52 —-D—- C:ProgramDataTeleca
2010-06-29 12:17:46 —-D—- C:Program FilesSpirent Communications======List of files/folders modified in the last 1 months======
2010-07-24 18:06:34 —-D—- C:UsersАдминAppDataRoamingSkype
2010-07-24 18:03:16 —-D—- C:UsersАдминAppDataRoamingskypePM
2010-07-24 18:02:52 —-D—- C:WindowsSystem32
2010-07-24 18:02:52 —-D—- C:Windowsinf
2010-07-24 18:02:52 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-07-24 18:01:21 —-D—- C:UsersАдминAppDataRoamingDMCache
2010-07-24 18:00:11 —-D—- C:ProgramDataKaspersky Lab
2010-07-24 17:59:58 —-D—- C:Program FilesSteam
2010-07-24 17:59:38 —-D—- C:UsersАдминAppDataRoaminguTorrent
2010-07-24 17:59:10 —-A—- C:Windowssystem32acovcnt.exe
2010-07-24 17:40:13 —-D—- C:Windowssystem32drivers
2010-07-24 17:40:11 —-D—- C:Windows
2010-07-24 17:29:58 —-D—- C:Windowssystem32WDI
2010-07-24 17:28:50 —-A—- C:Windowssystem.ini
2010-07-24 17:28:33 —-D—- C:Windowssystem32driversetc
2010-07-24 17:15:12 —-RD—- C:Program Files
2010-07-24 17:15:10 —-D—- C:ProgramData
2010-07-24 17:04:04 —-D—- C:WindowsAppPatch
2010-07-24 17:04:03 —-D—- C:Program FilesCommon Files
2010-07-23 09:50:44 —-D—- C:WindowsPrefetch
2010-07-23 09:44:33 —-SHD—- C:System Volume Information
2010-07-20 00:36:46 —-D—- C:Program FilesCommon FilesSteam
2010-07-16 20:21:21 —-D—- C:Live for Speed S2 ALPHA Z
2010-07-16 10:27:18 —-A—- C:Windowsntbtlog.txt
2010-07-15 01:10:38 —-AD—- C:ProgramDataTEMP
2010-07-14 19:30:23 —-D—- C:Fraps
2010-07-14 17:42:44 —-D—- C:Windowswinsxs
2010-07-14 17:29:33 —-D—- C:Windowssystem32catroot
2010-07-14 17:29:17 —-D—- C:Program FilesWindows Mail
2010-07-14 16:11:01 —-D—- C:UsersАдминAppDataRoamingWebMoney
2010-07-13 16:12:06 —-D—- C:Program FilesWebMoney
2010-07-09 23:10:04 —-SHD—- C:WindowsInstaller
2010-07-09 23:09:57 —-D—- C:Program FilesOpera
2010-07-02 22:39:05 —-A—- C:Windowssystem32mrt.exe
2010-07-02 11:31:52 —-D—- C:ProgramDataNVIDIA
2010-07-02 11:29:29 —-D—- C:Program FilesNVIDIA Corporation
2010-07-02 11:29:28 —-D—- C:WindowsHelp
2010-07-02 11:28:23 —-D—- C:Windowssystem32catroot2
2010-06-29 12:20:58 —-D—- C:UsersАдминAppDataRoamingTeleca
2010-06-29 12:19:06 —-D—- C:Program FilesCommon FilesTeleca Shared
2010-06-29 12:17:35 —-D—- C:Program FilesHTC======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32DRIVERSiaStor.sys [2007-09-30 308248]
R0 JGOGO;JMicron Hot-Plug Driver; C:Windowssystem32DRIVERSJGOGO.sys [2006-02-08 6912]
R0 JRAID;JRAID; C:Windowssystem32DRIVERSjraid.sys [2007-04-12 48000]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:Windowssystem32driversklbg.sys [2009-02-12 33808]
R0 lullaby;lullaby; C:Windowssystem32DRIVERSlullaby.sys [2007-09-26 15416]
R0 sptd;sptd; C:WindowsSystem32Driverssptd.sys [2008-09-16 717296]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys [2008-05-24 73728]
R1 kl1;kl1; C:Windowssystem32DRIVERSkl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:Windowssystem32DRIVERSklif.sys [2009-02-12 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:Windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
R2 ASMMAP;ASMMAP; ??C:Program FilesATKGFNEXASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-09-22 279712]
R2 ghaio;ghaio; ??C:Program FilesASUSNB ProbeSPMghaio.sys [2007-08-03 20936]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-09-22 25888]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-07-30 38400]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:Windowssystem32DRIVERSATSwpDrv.sys [2007-06-16 146824]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:Windowssystem32DRIVERSetDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:Windowssystem32DRIVERSetFilter.sys [2007-10-15 206336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-15 2047576]
R3 kbfiltr;Keyboard Filter; C:Windowssystem32DRIVERSkbfiltr.sys [2007-01-25 5632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:Windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:Windowssystem32driversMODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:Windowssystem32DRIVERSATKACPI.sys [2006-12-15 7680]
R3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-06-21 2222080]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2010-06-08 10888168]
R3 ScanUSBET;ET USB Still Image Capture Device; C:Windowssystem32DRIVERSetScan.sys [2007-09-06 6656]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:Windowssystem32DRIVERSsmserial.sys [2006-11-25 982272]
R3 SynTP;Synaptics TouchPad Driver; C:Windowssystem32DRIVERSSynTP.sys [2007-11-16 195760]
R3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2009-04-11 15872]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x86.sys [2007-12-06 298496]
S2 adfs;adfs; C:Windowssystem32driversadfs.sys []
S3 a7wo1jfp;a7wo1jfp; C:Windowssystem32driversa7wo1jfp.sys []
S3 aw32bus;ASUS Device W32 Driver driver (WDM); C:Windowssystem32DRIVERSaw32bus.sys [2007-06-20 83456]
S3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter; C:Windowssystem32DRIVERSaw32mdfl.sys [2007-06-20 14848]
S3 aw32mdm;ASUS Device W32 USB WMC Modem Driver; C:Windowssystem32DRIVERSaw32mdm.sys [2007-06-20 109696]
S3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSaw32mgmt.sys [2007-06-20 102912]
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-11 22528]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2008-01-21 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-11 507904]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-11 29696]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:WindowsSystem32DriversANDROIDUSB.sys [2009-06-10 24576]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:Windowssystem32DRIVERSewusbdev.sys [2009-10-12 101120]
S3 itecir;ITECIR Infrared Receiver; C:Windowssystem32DRIVERSitecir.sys [2007-06-20 49664]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2009-04-11 148992]
S3 SymIMMP;SymIMMP; C:Windowssystem32DRIVERSSymIM.sys []
S3 TPM;TPM; C:Windowssystem32driverstpm.sys [2008-01-21 45624]
S3 TVICHW32;TVICHW32; ??C:Windowssystem32DRIVERSTVICHW32.SYS [2008-10-07 23600]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;Аудио драйвер USB (WDM); C:Windowssystem32driversusbaudio.sys [2009-04-11 73216]
S3 usbser;Nokia USB Serial Port; C:Windowssystem32driversusbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 usbvideo;USB-видеоустройство (WDM); C:WindowsSystem32Driversusbvideo.sys [2008-01-21 134016]
S3 winusb;WinUsb драйвер; C:Windowssystem32DRIVERSwinusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASBroker;Logon Session Broker; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ASLDRService;ASLDR Service; C:Program FilesATK HotkeyASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:Program FilesATKGFNEXGFNEXSrv.exe [2007-08-07 94208]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2007-06-01 647168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2008-03-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2010-06-07 129640]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2008-09-16 66872]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2007-06-01 327680]
R2 spmgr;spmgr; C:Program FilesASUSNB ProbeSPMspmgr.exe [2007-08-03 125496]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
R3 FontCache;@%systemroot%system32FntCache.dll,-100; C:Windowssystem32svchost.exe [2008-01-21 21504]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-10-15 208616]
S3 aspnet_state;Служба состояний ASP.NET; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2009-03-30 31048]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-08-07 575488]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2010-07-16 395048]
S3 SwitchBoard;SwitchBoard; C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
EOF
77.244.45.1,77.244.45.4
Ваши днс?
Что с проблемами?
C:Qoobox
запакуйте в архив с паролем virus, отправьте на адрес:
Anti-Spyware2010@yandex.ru
Только После этого удалите комбофиксднс мои, это дома на кабельный инет) щас 3ж пользуюсь.
Проблема вроде пропала, свцхост от админа не висит, трафик не кушает, вернее кушает но когда винда ищет обновления и все!
Заархивил и отправил.
А что с моими логами? чистенько все?)Чисто, WebMoney думаю стами ставили.
Только поставьте полную проверку Касперского антивируса. 🙂
И обновите его 2010, лицензия автоматически продлится.
- Для ответа в этой теме необходимо авторизоваться.
