Созданные ответы форума
-
Сообщения
-
Ох :))) мы с вами не состыкуемся никак 😀 😯 Моему компу по ощущениям осталось жить пару дней, уже почти не работает. Наверное его доедают :)) 🙄
Прикрепляю файл к сообщению. Не знаю есть ли смысл лечить 😥 Спасибоой! Не ожидала, что мне ответят! Ура…я за это время накачала с десяток спасительных программ..но ничего не помогло 😯 😕 .
вот ссылка на лог — я сделала новый http://rghost.ru/private/58134775/7f02bdc06c461bbf9830a1ac20917fd1Валерий!!! Большое вам спасибо за помощь, внимание и за мой чистенький компик!!!
Такая чудесная новость с утра!!! спасибоооо!!!!
Все надоедливые выскакивающие окна пропали. комп ведется себя в обычном режиме.
Только после загрузки выскакивает окно — VDO Tool — file error. please reinstall this program. Чего ему не хватает?
Можно ли теперь устанавливать заново нужные программы?.
У меня есть еще один винчестер, который подключается редко, по мере необходимости. нужно ли его просканировать? спаааасибо!ComboFix 08-11-09.04 — User 2008-11-10 23:14:59.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1653 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
Command switches used :: h:documents and settingsUserРабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
h:windowssystem32DriversWinad00.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_Winad00((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.2008-11-10 23:17 . 2008-11-10 23:17 16,384 —a—-t- h:tempPerflib_Perfdata_5d8.dat
2008-11-10 10:01 . 2008-11-10 23:17 53,248 —a
h:tempcatchme.dll
2008-11-09 01:26 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23d
h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49d
H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a
H:HijackThis.exe
2008-11-07 00:12 . 2008-11-10 22:44d
h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58d
h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a
h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01d
h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01d
h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a
h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13d
h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54d
h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01d
h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46d
h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08d
h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25d
h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35d
h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06d
h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a
h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a
h:windowssystem32driversmbam.sys
2008-10-29 23:33 . 2008-10-29 23:33d
h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46d—h
h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01d
h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10d
h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57d
h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a
h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52d—h
h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54d—s—- h:tempCookies
2008-10-22 21:01 . 2008-10-29 21:54d
h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53d
h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25d
h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55d
h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a
h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03d
h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 20:16
d
w h:program filesSuperCopier2
2008-11-10 19:54
d
w h:documents and settingsUserApplication DatauTorrent
2008-11-09 22:32
d
w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34
d
w h:program filesJava
2008-11-01 00:05
d
w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05
d
w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05
d
w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44
d
w h:program filesCommon FilesAdobe
2008-10-29 19:57
d
w h:program filesSkype
2008-10-29 19:57
d
w h:program filesOpera
2008-10-29 19:14
d
w h:program filesTotal Commander
2008-10-29 18:54
d
w h:program filesVDOTool
2008-10-29 18:54
d
w h:program filesfree-downloads.net
2008-10-29 18:54
d
w h:program filesAutoCAD 2009
2008-10-08 08:51
d
w h:documents and settingsUserApplication DataACD Systems
.
Sigcheck
2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe
2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 23:17:10
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.
Other Running Processes
.
h:program filesJavajre6binjqs.exe
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-10 23:18:05 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 20:18:03
ComboFix2.txt 2008-11-10 07:02:01
ComboFix3.txt 2008-11-09 16:55:51Pre-Run: 32 677 212 160 байт свободно
Post-Run: 32,667,152,384 байт свободно348
Доброе утро ))) вот новый лог:
ComboFix 08-11-09.01 — User 2008-11-10 9:58:44.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1704 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
Command switches used :: h:documents and settingsUserРабочий столCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
h:documents and settingsUserApplication Dataadimypi.com
h:documents and settingsUserApplication Datafugym.bat
h:documents and settingsUserApplication Datagomijofe.com
h:documents and settingsUserApplication Dataxacag.com
h:temppft158.tmp
h:windowsguhepiloj.reg
h:windowsicaz.dll
h:windowssiwebu.bin
h:windowssystem323191862102.dat
h:windowssystem32AcSignExtResw.sys
h:windowssystem32adptifj.dll
h:windowssystem32bitigol.ban
h:windowssystem32DriversWinea88.sys
h:windowssystem32DriversWinfm77.sys
h:windowssystem32DriversWinfr00.sys
h:windowssystem32DriversWinke11.sys
h:windowssystem32DriversWinla33.sys
h:windowssystem32DriversWinnq11.sys
h:windowssystem32DriversWinns33.sys
h:windowssystem32DriversWinpj77.sys
h:windowssystem32DriversWinpn33.sys
h:windowssystem32DriversWinrw88.sys
h:windowssystem32DriversWinsq88.sys
h:windowssystem32DriversWintg66.sys
h:windowssystem32DriversWintm00.sys
h:windowssystem32DriversWintp33.sys
h:windowssystem32DriversWinwc88.sys
h:windowssystem32DriversWinxb44.sys
h:windowssystem32DriversWinxd11.sys
h:windowssystem32DriversWinxk00.sys
h:windowssystem32ocafodylit.ban
h:windowsxyjafepoh.dat
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.h:documents and settingsUserApplication Dataadimypi.com
h:documents and settingsUserApplication Datafugym.bat
h:documents and settingsUserApplication Datagomijofe.com
h:documents and settingsUserApplication Dataxacag.com
h:windowsguhepiloj.reg
h:windowsicaz.dll
h:windowssiwebu.bin
h:windowssystem323191862102.dat
h:windowssystem32AcSignExtResw.sys
h:windowssystem32adptifj.dll
h:windowssystem32bitigol.ban
h:windowssystem32ocafodylit.ban
h:windowsxyjafepoh.dat.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_WINWC88
Service_Winea88
Service_Winfm77
Service_Winfr00
Service_Winke11
Service_Winla33
Service_Winnq11
Service_Winns33
Service_Winpj77
Service_Winpn33
Service_Winrw88
Service_Winsq88
Service_Wintg66
Service_Wintm00
Service_Wintp33
Service_Winwc88
Service_Winxb44
Service_Winxd11
Service_Winxk00((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.2008-11-10 10:01 . 2008-11-10 10:01 53,248 —a
h:tempcatchme.dll
2008-11-10 10:01 . 2008-11-10 10:01 0 —a—-t- h:tempPerflib_Perfdata_614.dat
2008-11-09 01:26 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23d
h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49d
H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a
H:HijackThis.exe
2008-11-07 00:12 . 2008-11-10 09:47d
h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58d
h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a
h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01d
h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01d
h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a
h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13d
h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54d
h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01d
h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46d
h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08d
h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25d
h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35d
h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06d
h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a
h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a
h:windowssystem32driversmbam.sys
2008-10-29 23:33 . 2008-10-29 23:33d
h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46d—h
h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01d
h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10d
h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57d
h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a
h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52d—h
h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54d—s—- h:tempCookies
2008-10-22 21:01 . 2008-10-29 21:54d
h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53d
h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25d
h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55d
h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a
h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03d
h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:38
d
w h:documents and settingsUserApplication DatauTorrent
2008-11-09 22:32
d
w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34
d
w h:program filesJava
2008-11-01 00:05
d
w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05
d
w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05
d
w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44
d
w h:program filesCommon FilesAdobe
2008-10-29 19:57
d
w h:program filesSkype
2008-10-29 19:57
d
w h:program filesOpera
2008-10-29 19:14
d
w h:program filesTotal Commander
2008-10-29 18:54
d
w h:program filesVDOTool
2008-10-29 18:54
d
w h:program filesSuperCopier2
2008-10-29 18:54
d
w h:program filesfree-downloads.net
2008-10-29 18:54
d
w h:program filesAutoCAD 2009
2008-10-08 08:51
d
w h:documents and settingsUserApplication DataACD Systems
.
Sigcheck
2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe
2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S0 Winad00;Winad00;h:windowssystem32DriversWinad00.sys [ ]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 10:01:05
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.
Other Running Processes
.
h:program filesJavajre6binjqs.exe
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-10 10:02:00 — machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-11-10 07:01:58
ComboFix2.txt 2008-11-09 16:55:51Pre-Run: 32,703,283,200 байт свободно
Post-Run: 32,694,398,976 байт свободно410
Вот результат сканирования ComboFix:
ComboFix 08-11-07.01 — User 2008-11-09 19:52:10.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1679 [GMT 3:00]
Running from: h:documents and settingsUserРабочий столComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008Antivirus XP 2008.lnk
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008How to Register Antivirus XP 2008.lnk
h:documents and settingsAll UsersГлавное менюПрограммыAntivirus XP 2008Uninstall.lnk
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009AntiSpywareXP2009.lnk
h:documents and settingsUserГлавное менюПрограммыAntiSpywareXP2009Uninstall.lnk
h:documents and settingsUserCookiesatazydy.ban
h:documents and settingsUserCookiesivecahipev.ban
h:documents and settingsUserLocal SettingsTemporary Internet Filessewyl.com
h:documents and settingsUserLocal SettingsTemporary Internet Filestakezihiz.sys
h:documents and settingsUserLocal SettingsTemporary Internet Filesysakapefek.sys
h:windowssystem32DriversWinpu33.sys
h:windowssystem32UnlockerHook.dll
h:windowssystem32WinCtrl32.dl_
h:windowssystem32WinCtrl32.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_VFILT
Legacy_WINPU33
Service_Winpu33((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.2008-11-09 19:54 . 2008-11-09 19:54 53,248 —a
h:tempcatchme.dll
2008-11-09 19:54 . 2008-11-09 19:54 16,384 —a—-t- h:tempPerflib_Perfdata_d8.dat
2008-11-09 01:26 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataMalwarebytes
2008-11-09 01:24 . 2008-11-09 01:26d
h:documents and settingsАдминистраторApplication DataSkype
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-05-17 15:39d—h
h:documents and settingsАдминистраторШаблоны
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 02:05d
h:documents and settingsАдминистраторРабочий стол
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-11-09 01:26d
h:documents and settingsАдминистраторМои документы
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35dr
h:documents and settingsАдминистраторГлавное меню
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 19:35d
h:documents and settingsАдминистраторИзбранное
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-05-17 15:42d
h:documents and settingsАдминистратор$inst
2008-11-09 01:23 . 2008-11-09 01:23d
h:documents and settingsАдминистратор
2008-11-08 13:48 . 2008-11-08 13:49d
H:rsit
2008-11-07 22:10 . 2008-11-07 22:10 396,288 —a
H:HijackThis.exe
2008-11-07 00:12 . 2008-11-09 19:55d
h:program fileshijack
2008-11-07 00:03 . 2008-11-08 13:58d
h:program filesTrend Micro
2008-11-06 22:39 . 2008-11-06 22:37 102,664 —a
h:windowssystem32driverstmcomm.sys
2008-11-06 22:37 . 2008-11-07 01:01d
h:documents and settingsUser.housecall6.6
2008-11-06 22:34 . 2008-11-07 01:01d
h:temphsperfdata_User
2008-11-06 22:34 . 2008-11-06 22:34 410,976 —a
h:windowssystem32deploytk.dll
2008-11-06 21:13 . 2008-11-06 21:13d
h:windowsShellNew
2008-11-06 21:11 . 2008-11-09 19:54d
h:tempOHotfix
2008-11-01 03:01 . 2008-11-01 03:01d
h:program filesAutodesk
2008-11-01 00:46 . 2008-11-01 00:46d
h:tempbye29.tmp
2008-11-01 00:46 . 2008-11-01 03:08d
h:program filesGoogle
2008-11-01 00:25 . 2008-11-01 00:25d
h:program filesuTorrent
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesSUPERAntiSpyware
2008-10-31 01:35 . 2008-10-31 01:35d
h:program filesCommon FilesWise Installation Wizard
2008-10-31 01:35 . 2008-10-31 01:35d
h:documents and settingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:06 . 2008-10-31 01:06d
h:program filesMalwarebytes’ Anti-Malware
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsUserApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-31 01:06d
h:documents and settingsAll UsersApplication DataMalwarebytes
2008-10-31 01:06 . 2008-10-22 16:10 38,496 —a
h:windowssystem32driversmbamswissarmy.sys
2008-10-31 01:06 . 2008-10-22 16:10 15,504 —a
h:windowssystem32driversmbam.sys
2008-10-29 23:57 . 2008-10-29 23:57 20,992 —ahs—- h:windowssystem32adptifj.dll
2008-10-29 23:33 . 2008-10-29 23:33d
h:temppft158.tmp
2008-10-29 23:33 . 2008-11-01 00:46d—h
h:program filesInstallShield Installation Information
2008-10-29 23:33 . 2008-11-01 03:01d
h:program filesCommon FilesInstallShield
2008-10-29 23:10 . 2008-10-29 23:10d
h:program filesQIP
2008-10-29 22:57 . 2008-10-29 22:57d
h:program filesCommon FilesSkype
2008-10-29 22:56 . 2008-11-01 00:30 1,336 —a
h:windowsWINCMD.INI
2008-10-29 21:52 . 2008-10-29 21:52d—h
h:windowssystem32GroupPolicy
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempTemporary Internet Files
2008-10-28 21:19 . 2008-10-28 21:19d—s—- h:tempHistory
2008-10-28 21:19 . 2008-11-09 19:54d—s—- h:tempCookies
2008-10-28 20:44 . 2008-11-09 18:38 0 —a
h:windowssystem32AcSignExtResw.sys
2008-10-27 19:24 . 2008-10-27 19:24 19,298 —a
h:windowssystem32bitigol.ban
2008-10-27 19:24 . 2008-10-27 19:24 16,583 —a
h:documents and settingsUserApplication Datafugym.bat
2008-10-27 19:24 . 2008-10-27 19:24 16,170 —a
h:windowssystem32ocafodylit.ban
2008-10-27 19:24 . 2008-10-27 19:24 15,069 —a
h:windowssiwebu.bin
2008-10-27 19:24 . 2008-10-27 19:24 15,009 —a
h:documents and settingsUserApplication Dataxacag.com
2008-10-27 19:24 . 2008-10-27 19:24 14,988 —a
h:documents and settingsUserApplication Datagomijofe.com
2008-10-27 19:24 . 2008-10-27 19:24 14,782 —a
h:windowsicaz.dll
2008-10-27 19:24 . 2008-10-27 19:24 14,351 —a
h:windowsguhepiloj.reg
2008-10-27 19:24 . 2008-10-27 19:24 14,261 —a
h:documents and settingsUserApplication Dataadimypi.com
2008-10-27 19:24 . 2008-10-27 19:24 10,752 —a
h:windowsxyjafepoh.dat
2008-10-27 12:00 . 2008-10-30 23:54 339 —a-s—- h:windowssystem323191862102.dat
2008-10-22 21:01 . 2008-10-29 21:54d
h:program filesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53 . 2008-10-19 16:53d
h:documents and settingsUserApplication DataDivX
2008-10-18 16:25 . 2008-10-18 16:25d
h:tempAdobe
2008-10-18 13:30 . 2008-10-29 22:55d
h:program filesCommon FilesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:program filesACD Systems
2008-10-18 13:30 . 2008-10-18 13:30d
h:documents and settingsAll UsersApplication DataACD Systems
2008-10-10 18:03 . 2008-10-15 22:09 194 —a
h:windowspoolemup.ini
2008-10-10 14:03 . 2008-10-10 14:03d
h:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 16:53
d
w h:documents and settingsUserApplication DatauTorrent
2008-11-09 11:02
d
w h:documents and settingsUserApplication DataSkype
2008-11-06 19:34
d
w h:program filesJava
2008-11-01 00:05
d
w h:program filesCommon FilesAutodesk Shared
2008-11-01 00:05
d
w h:documents and settingsUserApplication DataAutodesk
2008-11-01 00:05
d
w h:documents and settingsAll UsersApplication DataAutodesk
2008-10-30 20:44
d
w h:program filesCommon FilesAdobe
2008-10-29 19:57
d
w h:program filesSkype
2008-10-29 19:57
d
w h:program filesOpera
2008-10-29 19:14
d
w h:program filesTotal Commander
2008-10-29 18:54
d
w h:program filesVDOTool
2008-10-29 18:54
d
w h:program filesSuperCopier2
2008-10-29 18:54
d
w h:program filesfree-downloads.net
2008-10-29 18:54
d
w h:program filesAutoCAD 2009
2008-10-08 08:51
d
w h:documents and settingsUserApplication DataACD Systems
.
Sigcheck
2007-06-12 22:03 360576 c7be59b07c6eb74bea6fd67c1b164015 h:windowssystem32driverstcpip.sys2007-09-24 04:28 2162176 8467becb4c993d9880f4dd764e8a8b2d h:windowssystem32ntkrnlpa.exe
2007-09-24 04:20 2282496 04f70990885394ed61bd673479fc2012 h:windowssystem32ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «h:program filesfree-downloads.nettbfre1.dll» [2008-07-08 1569304][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32ctfmon.exe» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=»h:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
«PHIME2002ASync»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«PHIME2002A»=»h:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
«CoolSwitch»=»h:windowssystem32TaskSwitch.exe» [2005-12-22 45632]
«SoundMAXPnP»=»h:program filesAnalog DevicesCoresmax4pnp.exe» [2006-12-18 868352]
«TBPanel»=»h:program filesVDOToolTBPanel.exe» [2008-01-29 2157096]
«NvCplDaemon»=»h:windowssystem32NvCpl.dll» [2008-01-03 13508608]
«NvMediaCenter»=»h:windowssystem32NvMcTray.dll» [2008-01-03 86016]
«SpIDerNT»=»h:progra~1DrWebspidernt.exe» [2004-11-01 83968]
«DrWebScheduler»=»h:program filesDrWebDRWEBSCD.EXE» [2004-11-01 114688]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2008-11-06 136600]
«RemoteControl»=»h:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«Lingvo Launcher»=»h:program filesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» [2004-10-09 110592]
«h:program fileshijackHijackThis.exe»=»h:program fileshijackHijackThis.exe» [2008-11-07 396288]
«nwiz»=»nwiz.exe» [2008-01-03 h:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2004-08-18 15360]
«SuperCopier2.exe»=»h:program filesSuperCopier2SuperCopier2.exe» [2007-05-08 1052672][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«InstallVisualStyle»= h:windowsResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»= h:windowsResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMHelp»= 1 (0x1)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «h:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 h:program filesSUPERAntiSpywareSASWINLO.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.ACDV»= ACDV.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinad00.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinea88.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfm77.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfr00.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinke11.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinla33.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnq11.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns33.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpj77.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn33.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw88.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsq88.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintg66.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintm00.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintp33.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc88.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxb44.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd11.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxk00.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\uTorrent.exe»=
«h:\Program Files\Opera\opera.exe»=
«h:\Program Files\QIP\qip.exe»=
«g:\Program Files\uTorrent\uTorrent.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\XR_3DA.exe»=
«j:\Program Files\GSC World Publishing\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
«h:\Program Files\Skype\Phone\Skype.exe»=R0 iastor76;iastor76;h:windowssystem32driversiastor76.sys [2007-09-24 305176]
R0 pe3ajtsc;Stalker (Pro) Environment Driver (pe3ajtsc);h:windowssystem32driverspe3ajtsc.sys [2007-03-23 64896]
R0 ps6ajtsc;Stalker (Pro) Synchronization Driver (ps6ajtsc);h:windowssystem32driversps6ajtsc.sys [2007-03-23 52104]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;h:windowssystem32driversdrwebnet.sys [2004-11-01 7872]
R2 JavaQuickStarterService;Java Quick Starter;h:program filesJavajre6binjqs.exe [2008-11-06 152984]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;h:windowssystem32DRIVERSRTL8187.sys [2007-01-11 194304]
S0 Winad00;Winad00;h:windowssystem32DriversWinad00.sys [ ]
S0 Winea88;Winea88;h:windowssystem32DriversWinea88.sys [ ]
S0 Winfm77;Winfm77;h:windowssystem32DriversWinfm77.sys [ ]
S0 Winfr00;Winfr00;h:windowssystem32DriversWinfr00.sys [ ]
S0 Winke11;Winke11;h:windowssystem32DriversWinke11.sys [ ]
S0 Winla33;Winla33;h:windowssystem32DriversWinla33.sys [ ]
S0 Winnq11;Winnq11;h:windowssystem32DriversWinnq11.sys [ ]
S0 Winns33;Winns33;h:windowssystem32DriversWinns33.sys [ ]
S0 Winpj77;Winpj77;h:windowssystem32DriversWinpj77.sys [ ]
S0 Winpn33;Winpn33;h:windowssystem32DriversWinpn33.sys [ ]
S0 Winrw88;Winrw88;h:windowssystem32DriversWinrw88.sys [ ]
S0 Winsq88;Winsq88;h:windowssystem32DriversWinsq88.sys [ ]
S0 Wintg66;Wintg66;h:windowssystem32DriversWintg66.sys [ ]
S0 Wintm00;Wintm00;h:windowssystem32DriversWintm00.sys [ ]
S0 Wintp33;Wintp33;h:windowssystem32DriversWintp33.sys [ ]
S0 Winwc88;Winwc88;h:windowssystem32DriversWinwc88.sys [ ]
S0 Winxb44;Winxb44;h:windowssystem32DriversWinxb44.sys [ ]
S0 Winxd11;Winxd11;h:windowssystem32DriversWinxd11.sys [ ]
S0 Winxk00;Winxk00;h:windowssystem32DriversWinxk00.sys [ ]
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc);h:windowssystem32pr2ajtsc.exe svc [ ]
S2 SPIDER;SpIDer FS Monitor for Windows NT;h:program filesDrWebspider.sys [ ]
S2 spidernt;SpIDer Guard for Windows NT;h:program filesDrWebSpiderNT.exe [2004-11-01 83968]
S3 USBSTOR;Драйвер запоминающих устройств для USB;h:windowssystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
ShellAutoRuncommand — M:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music*Newly Created Service* — IMAPISERVICEIDSVC
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AlcoholAutomount — h:program filesAlcohol SoftAlcohol 120axcmd.exe
HKLM-Run-SpIDerMail — h:program filesDrWebspiderml.exe
HKLM-Run-LingvoTraining — h:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe
HKLM-Run-Device Detector — DevDetect.exe
SafeBoot-Winpu33.sys.
Supplementary Scan
.
FireFox -: Profile — h:documents and settingsUserApplication DataMozillaFirefoxProfilesua4i8nu5.default
FF -: plugin — h:program filesJavajre6binnew_pluginnpdeploytk.dll
FF -: plugin — h:program filesJavajre6binnew_pluginnpjp2.dll
FF -: plugin — h:program filesMozilla Firefoxpluginsnpdeploytk.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:54:52
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesAlerterLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiService]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesAutodeskImapiServiceHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesavast!WZCSVC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesBrowserclr_optimization_v2.0.50727_32]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCiSvcaspnet_stateVSS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesClipSrvRDSessMgrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32NetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001Servicesclr_optimization_v2.0.50727_32SamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesCOMSysAppPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesEventlogEventlog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFastUserSwitchingCompatibilityUPS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesFontCache3.0.0.0Themes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHidServCiSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceidsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesImapiServiceNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesmchInjDrv]
«ImagePath»=»??h:tempmc22.tmp»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerThemes]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcNVSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcdmadmin]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmanwscsvcSwPrvmnmsrvcWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetTcpPortSharingNetDDE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAuto]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNtLmSspRasAutoRDSessMgrdmserverAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayhelpsvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesPlugPlayWmdmPmSN]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesProtectedStorageSENS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRasAutoSysmonLog]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAE]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAEHTTPFilterupnphost]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpooler]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRemoteAccessStarWindServiceAESpoolerDcomLaunch]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvr]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrDnscache]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesRSVPMessengerTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsMSDTC]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSamSsNetTcpPortSharingLmHosts]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSchedulesrservice]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSENSSchedule]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesStarWindServiceAEMSIServer]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSwPrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesSysmonLogBITS]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesFastUserSwitchingCompatibility]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesThemesRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesTlntSvrSwPrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVP]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWmiApSrvRSVPTapiSrvMessenger]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServiceswscsvcAppMgmt]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVClanmanserver]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesWZCSVCNetTcpPortSharing]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovAudioSrv]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvc]
«ImagePath»=»р%Ђ|x0109 srv»[HKEY_LOCAL_MACHINESystemControlSet001ServicesxmlprovCryptSvcHTTPFilter]
«ImagePath»=»р%Ђ|x0109 srv»
.
Other Running Processes
.
h:windowssystem32nvsvc32.exe
h:windowssystem32rundll32.exe
h:program filesCommon FilesACD SystemsENDevDetect.exe
h:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-11-09 19:55:51 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 16:55:48Pre-Run: 32 420 290 560 байт свободно
Post-Run: 32,726,953,984 байт свободно447
добрый вечер, Valeri !!
загрузила Malwarebytes’ Anti-Malware, после сканирования удалила найденное.
при загрузке в обычный режим проснулся HijackThis, сразу же появившись на экране с предложением просканироваться , что я и сделала…
высылаю на всякий случай и его лог… спасибо!Malwarebytes’ Anti-Malware 1.30
Database version: 1375
Windows 5.1.2600 Service Pack 209.11.2008 2:03:53
mbam-log-2008-11-09 (02-03-53).txtScan type: Full Scan (C:|D:|E:|G:|H:|I:|J:|K:|)
Objects scanned: 200117
Time elapsed: 34 minute(s), 17 second(s)Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
H:WINDOWSsystem32WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswinpu33 (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet002Serviceswinpu33 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswinpu33 (Rootkit.Agent) -> Delete on reboot.Registry Values Infected:
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
H:WINDOWSkarna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
H:WINDOWSsystem32WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
H:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
H:WINDOWSsystem32driversbeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
H:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
H:WINDOWSbrastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32wini10541.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:WINDOWSsystem32driversWinpu33.sys (Rootkit.Agent) -> Delete on reboot.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:23, on 09.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
H:WINDOWSSystem32smss.exe
H:WINDOWSsystem32csrss.exe
H:WINDOWSsystem32winlogon.exe
H:WINDOWSsystem32services.exe
H:WINDOWSsystem32lsass.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSSystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32spoolsv.exe
H:WINDOWSExplorer.EXE
H:WINDOWSsystem32TaskSwitch.exe
H:Program FilesAnalog DevicesCoresmax4pnp.exe
H:WINDOWSsystem32RUNDLL32.EXE
H:PROGRA~1DrWebspidernt.exe
H:Program FilesDrWebDRWEBSCD.EXE
H:Program FilesJavajre6binjusched.exe
H:Program FilesCyberLinkPowerDVDPDVDServ.exe
H:Program FilesCommon FilesACD SystemsENDevDetect.exe
H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
H:Program FileshijackHijackThis.exe
H:WINDOWSsystem32ctfmon.exe
H:Program FilesSuperCopier2SuperCopier2.exe
H:Program FilesJavajre6binjqs.exe
H:WINDOWSsystem32nvsvc32.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32wbemwmiapsrv.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:WINDOWSSystem32alg.exe
H:WINDOWSsystem32wbemwmiprvse.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O4 — HKLM..Run: [IMJPMIG8.1] «H:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [PHIME2002ASync] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [CoolSwitch] H:WINDOWSsystem32TaskSwitch.exe
O4 — HKLM..Run: [SoundMAXPnP] H:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «H:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [TBPanel] H:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE H:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE H:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpIDerNT] H:PROGRA~1DrWebspidernt.exe /agent
O4 — HKLM..Run: [SpIDerMail] «H:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [DrWebScheduler] «H:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [NeroFilterCheck] H:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «H:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RemoteControl] «H:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [Lingvo Launcher] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [H:Program FileshijackHijackThis.exe] H:Program FileshijackHijackThis.exe
O4 — HKCU..Run: [CTFMON.EXE] H:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [AlcoholAutomount] «H:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = H:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Microsoft Office.lnk = H:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://H:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O14 — IERESET.INF: START_PAGE_URL=www.google.com
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — H:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: karna.dat
O20 — Winlogon Notify: !SASWinLogon — H:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 — Winlogon Notify: WinCtrl32 — H:WINDOWSSYSTEM32WinCtrl32.dll
O23 — Service: Оповещатель AlerterLmHosts (AlerterLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: ASP.NET State Service aspnet_stateVSS (aspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service — Unknown owner — H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe (file missing)
O23 — Service: Autodesk Licensing Service AutodeskImapiService (AutodeskImapiService) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch (AutodeskImapiServiceDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost (AutodeskImapiServiceHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров BrowserAppMgmt (BrowserAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров Browserclr_optimization_v2.0.50727_32 (Browserclr_optimization_v2.0.50727_32) — Unknown owner — H:WINDOWS
O23 — Service: Служба индексирования CiSvcaspnet_stateVSS (CiSvcaspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr (ClipSrvRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv (ClipSrvRDSessMgrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv (clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC (clr_optimization_v2.0.50727_32SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN (COMSysAppPlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер логических дисков dmserverAudioSrv (dmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Журнал событий EventlogEventlog (EventlogEventlog) — Unknown owner — H:WINDOWS
O23 — Service: Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS (FastUserSwitchingCompatibilityUPS) — Unknown owner — H:WINDOWS
O23 — Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes (FontCache3.0.0.0Themes) — Unknown owner — H:WINDOWS
O23 — Service: Доступ к HID-устройствам HidServCiSvc (HidServCiSvc) — Unknown owner — H:WINDOWS
O23 — Service: Протокол HTTP SSL HTTPFilterupnphost (HTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — H:WINDOWSsystem32imapi.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc (ImapiServiceNetmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — H:Program FilesJavajre6binjqs.exe
O23 — Service: Служба сообщений MessengerThemes (MessengerThemes) — Unknown owner — H:WINDOWS
O23 — Service: Служба сообщений MessengerTlntSvr (MessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc (Netmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc (NetmanwscsvcNVSvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv (NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc (NetmanwscsvcSwPrvmnmsrvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc NetmanwscsvcSwPrvmnmsrvcdmadmin (NetmanwscsvcSwPrvmnmsrvcdmadmin) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts (NetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE (NetTcpPortSharingNetDDE) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto (NtLmSspRasAuto) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr (NtLmSspRasAutoRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv (NtLmSspRasAutoRDSessMgrdmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — H:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Plug and Play PlugPlayhelpsvc (PlugPlayhelpsvc) — Unknown owner — H:WINDOWS
O23 — Service: Plug and Play PlugPlayWmdmPmSN (PlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsc) (pr2ajtsc) — 1C: Multimedia — H:WINDOWSsystem32pr2ajtsc.exe
O23 — Service: Защищенное хранилище ProtectedStorageSENS (ProtectedStorageSENS) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog (RasAutoSysmonLog) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE (RemoteAccessStarWindServiceAE) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAEHTTPFilterupnphost (RemoteAccessStarWindServiceAEHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler (RemoteAccessStarWindServiceAESpooler) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch (RemoteAccessStarWindServiceAESpoolerDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr (RSVPMessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache (RSVPMessengerTlntSvrDnscache) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv (RSVPMessengerTlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsMSDTC (SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts (SamSsNetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — H:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий Schedulesrservice (Schedulesrservice) — Unknown owner — H:WINDOWS
O23 — Service: Уведомление о системных событиях SENSSchedule (SENSSchedule) — Unknown owner — H:WINDOWS
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web Ltd — H:Program FilesDrWebSpiderNT.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: StarWind AE Service StarWindServiceAEMSIServer (StarWindServiceAEMSIServer) — Unknown owner — H:WINDOWS
O23 — Service: MS Software Shadow Copy Provider SwPrvRSVP (SwPrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — H:WINDOWSsystem32smlogsvc.exe
O23 — Service: Журналы и оповещения производительности SysmonLogBITS (SysmonLogBITS) — Unknown owner — H:WINDOWS
O23 — Service: Телефония TapiSrvMessenger (TapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesAppMgmt (ThemesAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesFastUserSwitchingCompatibility (ThemesFastUserSwitchingCompatibility) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesRSVP (ThemesRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Telnet TlntSvrSwPrv (TlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — H:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — H:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP (WmiApSrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger (WmiApSrvRSVPTapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Центр обеспечения безопасности wscsvcAppMgmt (wscsvcAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVClanmanserver (WZCSVClanmanserver) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVCNetTcpPortSharing (WZCSVCNetTcpPortSharing) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovAudioSrv (xmlprovAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovCryptSvc (xmlprovCryptSvc) — Unknown owner — H:WINDOWS—
End of file — 15132 bytesвсе получилось! вот файлы:
Logfile of random’s system information tool 1.04 (written by random/random)
Run by User at 2008-11-08 13:48:53
Microsoft Windows XP Professional Service Pack 2
System drive H: has 31 GB (76%) free of 41 GB
Total RAM: 2047 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:59, on 08.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
H:WINDOWSSystem32smss.exe
H:WINDOWSsystem32csrss.exe
H:WINDOWSsystem32winlogon.exe
H:WINDOWSsystem32services.exe
H:WINDOWSsystem32lsass.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSSystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32spoolsv.exe
H:WINDOWSExplorer.EXE
H:WINDOWSsystem32TaskSwitch.exe
H:Program FilesAnalog DevicesCoresmax4pnp.exe
H:WINDOWSsystem32RUNDLL32.EXE
H:PROGRA~1DrWebspidernt.exe
H:Program FilesJavajre6binjqs.exe
H:Program FilesDrWebDRWEBSCD.EXE
H:Program FilesJavajre6binjusched.exe
H:Program FilesCyberLinkPowerDVDPDVDServ.exe
H:WINDOWSsystem32nvsvc32.exe
H:Program FilesCommon FilesACD SystemsENDevDetect.exe
H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
H:WINDOWSsystem32ctfmon.exe
H:Program FilesSuperCopier2SuperCopier2.exe
H:WINDOWSsystem32svchost.exe
H:WINDOWSsystem32wbemwmiapsrv.exe
H:WINDOWSSystem32alg.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:WINDOWSSystem32svchost.exe
H:Program FilesMozilla Firefoxfirefox.exe
H:Documents and SettingsUserРабочий столRSIT.exe
H:WINDOWSsystem32wbemwmiprvse.exe
H:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — H:Program Filesfree-downloads.nettbfre1.dll
O4 — HKLM..Run: [IMJPMIG8.1] «H:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [PHIME2002ASync] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [CoolSwitch] H:WINDOWSsystem32TaskSwitch.exe
O4 — HKLM..Run: [SoundMAXPnP] H:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «H:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [TBPanel] H:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE H:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE H:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpIDerNT] H:PROGRA~1DrWebspidernt.exe /agent
O4 — HKLM..Run: [SpIDerMail] «H:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [DrWebScheduler] «H:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [NeroFilterCheck] H:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «H:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RemoteControl] «H:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [Lingvo Launcher] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [H:Program FileshijackHijackThis.exe] H:Program FileshijackHijackThis.exe
O4 — HKLM..Run: [brastk] brastk.exe
O4 — HKCU..Run: [CTFMON.EXE] H:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [AlcoholAutomount] «H:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] H:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] H:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = H:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Microsoft Office.lnk = H:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://H:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — H:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — H:Program FilesMessengermsmsgs.exe (file missing)
O14 — IERESET.INF: START_PAGE_URL=www.google.com
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — H:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: karna.dat
O20 — Winlogon Notify: !SASWinLogon — H:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 — Winlogon Notify: WinCtrl32 — H:WINDOWSSYSTEM32WinCtrl32.dll
O23 — Service: Оповещатель AlerterLmHosts (AlerterLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: ASP.NET State Service aspnet_stateVSS (aspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service — Unknown owner — H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe (file missing)
O23 — Service: Autodesk Licensing Service AutodeskImapiService (AutodeskImapiService) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch (AutodeskImapiServiceDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost (AutodeskImapiServiceHTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Обозреватель компьютеров BrowserAppMgmt (BrowserAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Служба индексирования CiSvcaspnet_stateVSS (CiSvcaspnet_stateVSS) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr (ClipSrvRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv (ClipSrvRDSessMgrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv (clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC (clr_optimization_v2.0.50727_32SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN (COMSysAppPlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер логических дисков dmserverAudioSrv (dmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Журнал событий EventlogEventlog (EventlogEventlog) — Unknown owner — H:WINDOWS
O23 — Service: Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS (FastUserSwitchingCompatibilityUPS) — Unknown owner — H:WINDOWS
O23 — Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes (FontCache3.0.0.0Themes) — Unknown owner — H:WINDOWS
O23 — Service: Доступ к HID-устройствам HidServCiSvc (HidServCiSvc) — Unknown owner — H:WINDOWS
O23 — Service: Протокол HTTP SSL HTTPFilterupnphost (HTTPFilterupnphost) — Unknown owner — H:WINDOWS
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — H:WINDOWSsystem32imapi.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc (ImapiServiceNetmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — H:Program FilesJavajre6binjqs.exe
O23 — Service: Служба сообщений MessengerThemes (MessengerThemes) — Unknown owner — H:WINDOWS
O23 — Service: Служба сообщений MessengerTlntSvr (MessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc (Netmanwscsvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc (NetmanwscsvcNVSvc) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv (NetmanwscsvcSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc (NetmanwscsvcSwPrvmnmsrvc) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts (NetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE (NetTcpPortSharingNetDDE) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto (NtLmSspRasAuto) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr (NtLmSspRasAutoRDSessMgr) — Unknown owner — H:WINDOWS
O23 — Service: Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv (NtLmSspRasAutoRDSessMgrdmserverAudioSrv) — Unknown owner — H:WINDOWS
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — H:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — H:WINDOWSsystem32services.exe
O23 — Service: Plug and Play PlugPlayhelpsvc (PlugPlayhelpsvc) — Unknown owner — H:WINDOWS
O23 — Service: Plug and Play PlugPlayWmdmPmSN (PlugPlayWmdmPmSN) — Unknown owner — H:WINDOWS
O23 — Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsc) (pr2ajtsc) — 1C: Multimedia — H:WINDOWSsystem32pr2ajtsc.exe
O23 — Service: Защищенное хранилище ProtectedStorageSENS (ProtectedStorageSENS) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog (RasAutoSysmonLog) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE (RemoteAccessStarWindServiceAE) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler (RemoteAccessStarWindServiceAESpooler) — Unknown owner — H:WINDOWS
O23 — Service: Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch (RemoteAccessStarWindServiceAESpoolerDcomLaunch) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr (RSVPMessengerTlntSvr) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache (RSVPMessengerTlntSvrDnscache) — Unknown owner — H:WINDOWS
O23 — Service: QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv (RSVPMessengerTlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsMSDTC (SamSsMSDTC) — Unknown owner — H:WINDOWS
O23 — Service: Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts (SamSsNetTcpPortSharingLmHosts) — Unknown owner — H:WINDOWS
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — H:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий Schedulesrservice (Schedulesrservice) — Unknown owner — H:WINDOWS
O23 — Service: Уведомление о системных событиях SENSSchedule (SENSSchedule) — Unknown owner — H:WINDOWS
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web Ltd — H:Program FilesDrWebSpiderNT.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: StarWind AE Service StarWindServiceAEMSIServer (StarWindServiceAEMSIServer) — Unknown owner — H:WINDOWS
O23 — Service: MS Software Shadow Copy Provider SwPrvRSVP (SwPrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — H:WINDOWSsystem32smlogsvc.exe
O23 — Service: Журналы и оповещения производительности SysmonLogBITS (SysmonLogBITS) — Unknown owner — H:WINDOWS
O23 — Service: Телефония TapiSrvMessenger (TapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesAppMgmt (ThemesAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesFastUserSwitchingCompatibility (ThemesFastUserSwitchingCompatibility) — Unknown owner — H:WINDOWS
O23 — Service: Темы ThemesRSVP (ThemesRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Telnet TlntSvrSwPrv (TlntSvrSwPrv) — Unknown owner — H:WINDOWS
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — H:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — H:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP (WmiApSrvRSVP) — Unknown owner — H:WINDOWS
O23 — Service: Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger (WmiApSrvRSVPTapiSrvMessenger) — Unknown owner — H:WINDOWS
O23 — Service: Центр обеспечения безопасности wscsvcAppMgmt (wscsvcAppMgmt) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVClanmanserver (WZCSVClanmanserver) — Unknown owner — H:WINDOWS
O23 — Service: Беспроводная настройка WZCSVCNetTcpPortSharing (WZCSVCNetTcpPortSharing) — Unknown owner — H:WINDOWS
O23 — Service: Служба обеспечения сети xmlprovAudioSrv (xmlprovAudioSrv) — Unknown owner — H:WINDOWS—
End of file — 14656 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — H:Program Filesfree-downloads.nettbfre1.dll [2008-07-08 1569304][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IMJPMIG8.1″=H:WINDOWSIMEimjp8_1IMJPMIG.EXE [2004-08-18 208952]
«PHIME2002ASync»=H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-18 455168]
«PHIME2002A»=H:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-18 455168]
«CoolSwitch»=H:WINDOWSsystem32TaskSwitch.exe [2005-12-22 45632]
«SoundMAXPnP»=H:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]
«SoundMAX»=H:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
«TBPanel»=H:Program FilesVDOToolTBPanel.exe [2008-01-29 2157096]
«NvCplDaemon»=H:WINDOWSsystem32NvCpl.dll [2008-01-03 13508608]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=H:WINDOWSsystem32NvMcTray.dll [2008-01-03 86016]
«SpIDerNT»=H:PROGRA~1DrWebspidernt.exe [2004-11-01 83968]
«SpIDerMail»=H:Program FilesDrWebspiderml.exe []
«DrWebScheduler»=H:Program FilesDrWebDRWEBSCD.EXE [2004-11-01 114688]
«NeroFilterCheck»=H:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«SunJavaUpdateSched»=H:Program FilesJavajre6binjusched.exe [2008-11-06 136600]
«RemoteControl»=H:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]
«Device Detector»=DevDetect.exe -autorun []
«»= []
«Lingvo Launcher»=H:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=H:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe /ND /NW /AS []
«H:Program FileshijackHijackThis.exe»=H:Program FileshijackHijackThis.exe [2008-11-07 396288]
«brastk»=H:WINDOWSsystem32brastk.exe [2008-11-08 9728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=H:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«SuperCopier2.exe»=H:Program FilesSuperCopier2SuperCopier2.exe [2007-05-08 1052672]
«AlcoholAutomount»=H:Program FilesAlcohol SoftAlcohol 120axcmd.exe /automount []H:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — H:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — H:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
Microsoft Office.lnk — H:Program FilesMicrosoft OfficeOffice10OSA.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»karna.dat»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
H:Program FilesSUPERAntiSpywareSASWINLO.dll [2008-07-23 352256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32]
H:WINDOWSsystem32WinCtrl32.dll [2008-11-08 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=H:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinad00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinea88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfm77.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfr00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinke11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinla33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnq11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpj77.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsq88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintg66.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintm00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintp33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxb44.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxk00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinad00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinea88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfm77.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfr00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinke11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinla33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinnq11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpj77.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrw88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsq88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintg66.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintm00.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintp33.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwc88.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxb44.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd11.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxk00.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«InstallVisualStyle»=H:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=H:WINDOWSResourcesThemesRoyale.Theme
«SynchronousMachineGroupPolicy»=0
«SynchronousUserGroupPolicy»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«ForceClassicControlPanel»=1
«NoSMConfigurePrograms»=1
«NoSMHelp»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«H:Program FilesuTorrentuTorrent.exe»=»H:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«H:Program FilesOperaopera.exe»=»H:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«H:Program FilesQIPqip.exe»=»H:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«G:Program FilesuTorrentuTorrent.exe»=»G:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«H:Program FilesSoulseekNSslsk.exe»=»H:Program FilesSoulseekNSslsk.exe:*:Enabled:SoulSeek»
«J:Program FilesGSC World PublishingS.T.A.L.K.E.RbinXR_3DA.exe»=»J:Program FilesGSC World PublishingS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
«J:Program FilesGSC World PublishingS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»J:Program FilesGSC World PublishingS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
«H:Program FilesSkypePhoneSkype.exe»=»H:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{44367194-994a-11dd-b29e-0015af64e372}]
shellAutoRuncommand — M:
shellExplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellFindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellOpencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======File associations======
.scr — open — H:WINDOWSsystem32notepad.exe «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2008-11-08 13:48:53 —-D—- H:rsit
2008-11-07 22:10:01 —-A—- H:HijackThis.exe
2008-11-07 22:06:06 —-A—- H:WINDOWSntbtlog.txt
2008-11-07 00:12:16 —-D—- H:Program Fileshijack
2008-11-07 00:03:44 —-D—- H:Program FilesTrend Micro
2008-11-06 22:34:30 —-A—- H:WINDOWSsystem32deploytk.dll
2008-11-06 21:13:26 —-D—- H:Program FilesCommon FilesDesigner
2008-11-06 21:13:20 —-D—- H:WINDOWSShellNew
2008-11-06 21:13:18 —-D—- H:Program FilesMicrosoft Office
2008-11-06 21:13:18 —-D—- H:Program FilesCommon FilesODBC
2008-11-01 03:03:53 —-HD—- H:Program FilesUninstall Information
2008-11-01 03:01:34 —-D—- H:Program FilesAutodesk
2008-11-01 00:46:35 —-D—- H:Program FilesGoogle
2008-11-01 00:25:20 —-D—- H:Program FilesuTorrent
2008-10-31 02:37:51 —-A—- H:WINDOWSsystem32wini10541.exe
2008-10-31 02:37:25 —-A—- H:WINDOWSbrastk.exe
2008-10-31 02:36:32 —-A—- H:WINDOWSsystem32delself.bat
2008-10-31 02:36:32 —-A—- H:WINDOWSsystem32brastk.exe
2008-10-31 02:34:36 —-A—- H:WINDOWSsystem32WinCtrl32.dll
2008-10-31 01:35:45 —-D—- H:Program FilesSUPERAntiSpyware
2008-10-31 01:35:45 —-D—- H:Documents and SettingsUserApplication DataSUPERAntiSpyware.com
2008-10-31 01:35:32 —-D—- H:Program FilesCommon FilesWise Installation Wizard
2008-10-31 01:06:23 —-D—- H:Documents and SettingsUserApplication DataMalwarebytes
2008-10-31 01:06:19 —-D—- H:Program FilesMalwarebytes’ Anti-Malware
2008-10-31 01:06:19 —-D—- H:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-10-31 00:14:59 —-D—- H:Documents and SettingsUserApplication DataMozilla
2008-10-31 00:14:55 —-D—- H:Program FilesMozilla Firefox
2008-10-29 23:57:42 —-ASH—- H:WINDOWSsystem32adptifj.dll
2008-10-29 23:33:30 —-HD—- H:Program FilesInstallShield Installation Information
2008-10-29 23:33:23 —-D—- H:Program FilesCommon FilesInstallShield
2008-10-29 23:10:22 —-D—- H:Program FilesQIP
2008-10-29 22:57:34 —-D—- H:Program FilesCommon FilesSkype
2008-10-29 22:56:06 —-A—- H:WINDOWSWINCMD.INI
2008-10-29 21:52:41 —-HD—- H:WINDOWSsystem32GroupPolicy
2008-10-27 19:24:15 —-A—- H:WINDOWSicaz.dll
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Dataxacag.com
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Datagomijofe.com
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Datafugym.bat
2008-10-27 19:24:15 —-A—- H:Documents and SettingsUserApplication Dataadimypi.com
2008-10-22 21:01:08 —-D—- H:Program FilesABBYY Lingvo 10 Multilingual Dictionary
2008-10-19 16:53:12 —-D—- H:Documents and SettingsUserApplication DataDivX
2008-10-18 13:30:09 —-D—- H:Documents and SettingsAll UsersApplication DataACD Systems
2008-10-18 13:30:08 —-D—- H:Program FilesCommon FilesACD Systems
2008-10-18 13:30:08 —-D—- H:Program FilesACD Systems
2008-10-12 18:03:57 —-D—- H:Documents and SettingsAll UsersApplication DataAdobe
2008-10-10 18:03:18 —-A—- H:WINDOWSpoolemup.ini
2008-10-10 14:03:22 —-D—- H:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files======List of files/folders modified in the last 1 months======
2008-11-08 13:48:34 —-D—- H:Temp
2008-11-08 13:45:56 —-D—- H:WINDOWSsystem32
2008-11-08 01:29:17 —-A—- H:WINDOWSSchedLgU.Txt
2008-11-08 01:29:15 —-D—- H:Documents and SettingsUserApplication DatauTorrent
2008-11-07 22:06:06 —-D—- H:WINDOWS
2008-11-07 21:44:58 —-D—- H:Documents and SettingsUserApplication DataSkype
2008-11-07 21:15:12 —-D—- H:WINDOWSPrefetch
2008-11-07 20:58:30 —-D—- H:WINDOWSsystem32CatRoot2
2008-11-07 01:44:05 —-SD—- H:Documents and SettingsUserApplication DataMicrosoft
2008-11-07 01:43:59 —-SHD—- H:WINDOWSInstaller
2008-11-07 00:48:06 —-D—- H:WINDOWSTemp
2008-11-07 00:12:27 —-RD—- H:Program Files
2008-11-06 23:06:29 —-HD—- H:WINDOWSinf
2008-11-06 22:39:05 —-D—- H:WINDOWSsystem32drivers
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32javaws.exe
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32javaw.exe
2008-11-06 22:34:24 —-A—- H:WINDOWSsystem32java.exe
2008-11-06 22:34:22 —-D—- H:Program FilesJava
2008-11-06 21:14:07 —-RSD—- H:WINDOWSFonts
2008-11-06 21:13:41 —-A—- H:WINDOWSODBC.INI
2008-11-06 21:13:29 —-D—- H:Program FilesCommon FilesMicrosoft Shared
2008-11-06 21:13:26 —-D—- H:Program FilesCommon Files
2008-11-06 21:13:18 —-SD—- H:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-06 21:11:17 —-D—- H:WINDOWSsystem
2008-11-01 03:05:21 —-D—- H:Program FilesCommon FilesAutodesk Shared
2008-11-01 03:05:21 —-D—- H:Documents and SettingsUserApplication DataAutodesk
2008-11-01 03:05:21 —-D—- H:Documents and SettingsAll UsersApplication DataAutodesk
2008-11-01 03:04:41 —-D—- H:WINDOWSWinSxS
2008-11-01 03:01:11 —-RSD—- H:WINDOWSassembly
2008-11-01 03:01:11 —-D—- H:WINDOWSsystem32DirectX
2008-10-31 02:37:27 —-RSHDC—- H:WINDOWSsystem32dllcache
2008-10-31 01:00:27 —-A—- H:WINDOWSsystem32PerfStringBackup.INI
2008-10-30 23:44:02 —-D—- H:Program FilesCommon FilesAdobe
2008-10-29 22:57:34 —-D—- H:Program FilesSkype
2008-10-29 22:57:00 —-D—- H:Program FilesOpera
2008-10-29 22:14:46 —-D—- H:Program FilesTotal Commander
2008-10-29 22:13:36 —-A—- H:WINDOWSDFC.INI
2008-10-29 21:54:56 —-D—- H:Program FilesWindows NT
2008-10-29 21:54:56 —-D—- H:Program FilesWindows Media Player
2008-10-29 21:54:55 —-D—- H:Program FilesOutlook Express
2008-10-29 21:54:55 —-D—- H:Program FilesNetMeeting
2008-10-29 21:54:54 —-D—- H:Program FilesMovie Maker
2008-10-29 21:54:53 —-D—- H:Program FilesInternet Explorer
2008-10-29 21:54:48 —-D—- H:Program FilesCommon FilesSystem
2008-10-29 21:54:45 —-D—- H:Program FilesVDOTool
2008-10-29 21:54:45 —-D—- H:Program FilesSuperCopier2
2008-10-29 21:54:42 —-D—- H:Program Filesfree-downloads.net
2008-10-29 21:54:40 —-D—- H:Program FilesAutoCAD 2009
2008-10-29 21:52:56 —-D—- H:WINDOWSRegistration
2008-10-19 17:37:46 —-A—- H:WINDOWSNeroDigital.ini
2008-10-18 16:25:23 —-D—- H:Documents and SettingsUserApplication DataAdobe
2008-10-12 18:03:48 —-D—- H:Program FilesAdobe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT; H:WINDOWSsystem32driversdrwebnet.sys [2004-11-01 7872]
R1 intelppm;Драйвер Intel процессора; H:WINDOWSsystem32DRIVERSintelppm.sys [2007-09-24 36096]
R2 rspndr;Ответчик обнаружения топологии уровня связи; H:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; H:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R2 tmcomm;tmcomm; ??H:WINDOWSsystem32driverstmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; H:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; H:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 Arp1394;Протокол клиента 1394 ARP; H:WINDOWSsystem32DRIVERSarp1394.sys [2007-09-24 60800]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; H:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 hidusb;Драйвер класса HID Microsoft; H:WINDOWSsystem32DRIVERShidusb.sys [2007-09-24 10368]
R3 mouhid;Драйвер мыши HID; H:WINDOWSsystem32DRIVERSmouhid.sys [2007-09-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; H:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NIC1394;Сетевой драйвер 1394; H:WINDOWSsystem32DRIVERSnic1394.sys [2007-09-24 61824]
R3 nv;nv; H:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-01-03 7077344]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; H:WINDOWSsystem32DRIVERSRtnicxp.sys [2007-07-12 96384]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; H:WINDOWSsystem32DRIVERSRTL8187.sys [2007-01-11 194304]
R3 SenFiltService;SenFilt Service; H:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; H:WINDOWSsystem32DRIVERSusbehci.sys [2007-07-19 30208]
R3 usbhub;USB2 концентратор; H:WINDOWSsystem32DRIVERSusbhub.sys [2007-07-19 59392]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; H:WINDOWSsystem32DRIVERSusbuhci.sys [2007-09-24 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:WINDOWSsystem32DRIVERSyk51x86.sys [2007-08-15 265856]
S2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne); ??H:Program FilesQuintessential Media Playercdrpdacc.sys []
S2 SPIDER;SpIDer FS Monitor for Windows NT; ??H:Program FilesDrWebspider.sys []
S3 ae1xt454;ae1xt454; H:WINDOWSsystem32driversae1xt454.sys []
S3 Cardex;Cardex; ??H:WINDOWSsystem32driversTBPANEL.SYS []
S3 usbscan;Драйвер USB-сканера; H:WINDOWSsystem32DRIVERSusbscan.sys [2007-07-18 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; H:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2007-07-18 26368]
S4 IntelIde;IntelIde; H:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??H:Tempmc21.tmp []
S4 sr;Драйвер фильтра восстановления системы; H:WINDOWSsystem32DRIVERSsr.sys [2007-09-24 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; H:Program FilesJavajre6binjqs.exe [2008-11-06 152984]
R2 NVSvc;NVIDIA Display Driver Service; H:WINDOWSsystem32nvsvc32.exe [2008-01-03 155716]
S2 AlerterLmHosts;Оповещатель AlerterLmHosts; р%Ђ|x srv []
S2 aspnet_stateVSS;ASP.NET State Service aspnet_stateVSS; р%Ђ|x srv []
S2 AutodeskImapiService;Autodesk Licensing Service AutodeskImapiService; р%Ђ|x srv []
S2 AutodeskImapiServiceDcomLaunch;Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceDcomLaunch; р%Ђ|x srv []
S2 AutodeskImapiServiceHTTPFilterupnphost;Autodesk Licensing Service AutodeskImapiService AutodeskImapiServiceHTTPFilterupnphost; р%Ђ|x srv []
S2 BrowserAppMgmt;Обозреватель компьютеров BrowserAppMgmt; р%Ђ|x srv []
S2 CiSvcaspnet_stateVSS;Служба индексирования CiSvcaspnet_stateVSS; р%Ђ|x srv []
S2 ClipSrvRDSessMgr;Сервер папки обмена ClipSrvRDSessMgr; р%Ђ|x srv []
S2 ClipSrvRDSessMgrSwPrv;Сервер папки обмена ClipSrvRDSessMgr ClipSrvRDSessMgrSwPrv; р%Ђ|x srv []
S2 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NetmanwscsvcSwPrv; р%Ђ|x srv []
S2 clr_optimization_v2.0.50727_32SamSsMSDTC;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32SamSsMSDTC; р%Ђ|x srv []
S2 COMSysAppPlugPlayWmdmPmSN;Системное приложение COM+ COMSysAppPlugPlayWmdmPmSN; р%Ђ|x srv []
S2 dmserverAudioSrv;Диспетчер логических дисков dmserverAudioSrv; р%Ђ|x srv []
S2 EventlogEventlog;Журнал событий EventlogEventlog; р%Ђ|x srv []
S2 FastUserSwitchingCompatibilityUPS;Совместимость быстрого переключения пользователей FastUserSwitchingCompatibilityUPS; р%Ђ|x srv []
S2 FontCache3.0.0.0Themes;Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0Themes; р%Ђ|x srv []
S2 HidServCiSvc;Доступ к HID-устройствам HidServCiSvc; р%Ђ|x srv []
S2 HTTPFilterupnphost;Протокол HTTP SSL HTTPFilterupnphost; р%Ђ|x srv []
S2 ImapiServiceNetmanwscsvc;Служба COM записи компакт-дисков IMAPI ImapiServiceNetmanwscsvc; р%Ђ|x srv []
S2 MessengerThemes;Служба сообщений MessengerThemes; р%Ђ|x srv []
S2 MessengerTlntSvr;Служба сообщений MessengerTlntSvr; р%Ђ|x srv []
S2 Netmanwscsvc;Сетевые подключения Netmanwscsvc; р%Ђ|x srv []
S2 NetmanwscsvcNVSvc;Сетевые подключения Netmanwscsvc NetmanwscsvcNVSvc; р%Ђ|x srv []
S2 NetmanwscsvcSwPrv;Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv; р%Ђ|x srv []
S2 NetmanwscsvcSwPrvmnmsrvc;Сетевые подключения Netmanwscsvc NetmanwscsvcSwPrv NetmanwscsvcSwPrvmnmsrvc; р%Ђ|x srv []
S2 NetTcpPortSharingLmHosts;Net.Tcp Port Sharing Service NetTcpPortSharingLmHosts; р%Ђ|x srv []
S2 NetTcpPortSharingNetDDE;Net.Tcp Port Sharing Service NetTcpPortSharingNetDDE; р%Ђ|x srv []
S2 NtLmSspRasAuto;Поставщик поддержки безопасности NT LM NtLmSspRasAuto; р%Ђ|x srv []
S2 NtLmSspRasAutoRDSessMgr;Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr; р%Ђ|x srv []
S2 NtLmSspRasAutoRDSessMgrdmserverAudioSrv;Поставщик поддержки безопасности NT LM NtLmSspRasAuto NtLmSspRasAutoRDSessMgr NtLmSspRasAutoRDSessMgrdmserverAudioSrv; р%Ђ|x srv []
S2 PlugPlayhelpsvc;Plug and Play PlugPlayhelpsvc; р%Ђ|x srv []
S2 PlugPlayWmdmPmSN;Plug and Play PlugPlayWmdmPmSN; р%Ђ|x srv []
S2 pr2ajtsc;Stalker (Pro) Drivers Auto Removal (pr2ajtsc); H:WINDOWSsystem32pr2ajtsc.exe [2007-03-23 407168]
S2 ProtectedStorageSENS;Защищенное хранилище ProtectedStorageSENS; р%Ђ|x srv []
S2 RasAutoSysmonLog;Диспетчер авто-подключений удаленного доступа RasAutoSysmonLog; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAE;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAESpooler;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler; р%Ђ|x srv []
S2 RemoteAccessStarWindServiceAESpoolerDcomLaunch;Маршрутизация и удаленный доступ RemoteAccessStarWindServiceAE RemoteAccessStarWindServiceAESpooler RemoteAccessStarWindServiceAESpoolerDcomLaunch; р%Ђ|x srv []
S2 RSVPMessengerTlntSvr;QoS RSVP RSVPMessengerTlntSvr; р%Ђ|x srv []
S2 RSVPMessengerTlntSvrDnscache;QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrDnscache; р%Ђ|x srv []
S2 RSVPMessengerTlntSvrSwPrv;QoS RSVP RSVPMessengerTlntSvr RSVPMessengerTlntSvrSwPrv; р%Ђ|x srv []
S2 SamSsMSDTC;Диспетчер учетных записей безопасности SamSsMSDTC; р%Ђ|x srv []
S2 SamSsNetTcpPortSharingLmHosts;Диспетчер учетных записей безопасности SamSsNetTcpPortSharingLmHosts; р%Ђ|x srv []
S2 Schedulesrservice;Планировщик заданий Schedulesrservice; р%Ђ|x srv []
S2 SENSSchedule;Уведомление о системных событиях SENSSchedule; р%Ђ|x srv []
S2 spidernt;SpIDer Guard for Windows NT; H:Program FilesDrWebSpiderNT.exe [2004-11-01 83968]
S2 StarWindServiceAE;StarWind AE Service; H:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
S2 StarWindServiceAEMSIServer;StarWind AE Service StarWindServiceAEMSIServer; р%Ђ|x srv []
S2 SwPrvRSVP;MS Software Shadow Copy Provider SwPrvRSVP; р%Ђ|x srv []
S2 SysmonLogBITS;Журналы и оповещения производительности SysmonLogBITS; р%Ђ|x srv []
S2 TapiSrvMessenger;Телефония TapiSrvMessenger; р%Ђ|x srv []
S2 ThemesAppMgmt;Темы ThemesAppMgmt; р%Ђ|x srv []
S2 ThemesFastUserSwitchingCompatibility;Темы ThemesFastUserSwitchingCompatibility; р%Ђ|x srv []
S2 ThemesRSVP;Темы ThemesRSVP; р%Ђ|x srv []
S2 TlntSvrSwPrv;Telnet TlntSvrSwPrv; р%Ђ|x srv []
S2 WmiApSrvRSVP;Адаптер производительности WMI WmiApSrvRSVP; р%Ђ|x srv []
S2 WmiApSrvRSVPTapiSrvMessenger;Адаптер производительности WMI WmiApSrvRSVP WmiApSrvRSVPTapiSrvMessenger; р%Ђ|x srv []
S2 wscsvcAppMgmt;Центр обеспечения безопасности wscsvcAppMgmt; р%Ђ|x srv []
S2 WZCSVClanmanserver;Беспроводная настройка WZCSVClanmanserver; р%Ђ|x srv []
S2 WZCSVCNetTcpPortSharing;Беспроводная настройка WZCSVCNetTcpPortSharing; р%Ђ|x srv []
S2 xmlprovAudioSrv;Служба обеспечения сети xmlprovAudioSrv; р%Ђ|x srv []
S3 aspnet_state;ASP.NET State Service; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; H:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S4 avast!WZCSVC;avast! Mail Scanner avast!WZCSVC; р%Ђ|x srv []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
info.txt logfile of random’s system information tool 1.04 2008-11-08 13:49:00
======Uninstall list======
—>H:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:WINDOWSINFPCHealth.inf
ABBYY Lingvo 10 Multilingual Dictionary—>MsiExec.exe /I{AA10000A-C75E-487C-88FC-37AA1AACFB60}
ACDSee Pro 2—>MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Flash Player 9 ActiveX—>H:WINDOWSsystem32MacromedFlashFlashUtil9d.exe -uninstallDelete
Adobe Flash Player 9 ActiveX—>MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player Plugin—>H:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Alcohol 120%—>MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AutoCAD 2009 — English—>H:Program FilesAutoCAD 2009SetupSetup.exe /P {5783F2D7-7001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
CCleaner (remove only)—>»H:Program FilesCCleaneruninst.exe»
DivX Codec—>H:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>H:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>H:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>H:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Dr.Web—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}setup.exe» -l0x19 -removeonly
Dream Aquarium—>»H:Program FilesDream AquariumUnInstall.exe»
free-downloads.net Toolbar—>H:PROGRA~1FREE-D~1.NETUNWISE.EXE H:PROGRA~1FREE-D~1.NETINSTALL.LOG
Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Планета Земля—>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2—>»H:Program Filestrend microHijackThis.exe» /uninstall
Java(TM) 6 Update 10—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.1.0—>»H:Program FilesK-Lite Codec Packunins000.exe»
Light Alloy 4.1—>H:Program FilesLight Alloyuninst.exe
Malwarebytes’ Anti-Malware—>»H:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 2.0—>H:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>H:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)—>H:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
Nero 6 Ultra Edition—>H:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
nnCron—>H:Program FilesnnCronUninstall.exe
NVIDIA Drivers—>H:WINDOWSsystem32nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0—>MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.26—>MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Opera 9.50—>MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
pMetro 1.26—>»H:Program FilespMetrounins000.exe»
PowerDVD—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
QIP 2005 Uninstall—>»H:Program FilesQIPunqip.exe»
Quintessential Media Player—>»H:Program FilesQuintessential Media Playeruninst.exe»
S.T.A.L.K.E.R.—>»J:Program FilesGSC World PublishingS.T.A.L.K.E.Runins000.exe»
Skype 3.0—>»H:Program FilesSkypePhoneunins000.exe»
Skype Plugin Manager—>MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoulSeek 157 NS 13c—>»H:Program FilesSoulseekNSuninstall.exe»
SoundMAX—>RunDll32 H:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «H:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
SUPERAntiSpyware Free Edition—>MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Commander 7.03 PowerPack—>»H:Program FilesTotal Commanderuninstall.exe»
VDOTool 6.1—>»H:Program FilesVDOToolunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»H:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xvid 1.1.3 final uninstall—>»H:Program FilesXvidunins000.exe»
Архиватор WinRAR (только удаление)—>H:Program FilesWinRARuninstall.exe
Пакет обновления 2 для клиента управления правами Windows с поддержкой прежних версий—>MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Пакет обновления 2 для клиента управления правами Windows—>MsiExec.exe /X{9350CD11-D3F0-4B6D-B18F-74E968D5770A}======Environment variables======
«DEVMGR_SHOW_DETAILS»=1
«ComSpec»=%SystemRoot%system32cmd.exe
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=4
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
«PROCESSOR_LEVEL»=6
«PROCESSOR_REVISION»=0f0b
«TEMP»=H:Temp
«TMP»=H:Temp
«windir»=%SystemRoot%
EOF
